Digital Minefield

Why The Machines Are Winning

Archive for the category “A Survival Guide”

OOTL


The other day I had yet another friend trying to “link” to me through Linkedin. I don’t do Linkedin. Or Facebook. Nor did I do MySpace. And I won’t do the next big social media thing.

I’m not anti-social. I always reply to email from people I know (and never from people I don’t). So when it comes to social media, my goal is to stay OOTL: Out Of The Loop. Why?

One very good reason to be OOTL is that it keeps me from even more contacts from people I don’t know. Unlike some out there, I’m not interested in collecting what Facebook calls “friends.”

That reason should be good enough, but of course I have many more. What I think of when I hear about social media is one to many. That is, it’s communication from one person to many people. Asymmetrical. Unequal. It’s form is, “I talk, you listen.”

It’s the form favored by dictators and others not interested in any response. It’s not structured for a response. Some businesses are run this way—but more aren’t. A business (or any organization) can function better as a team with equal rights and opinions.

Another example is the family. Social media is good for keeping family members in touch and up-to-date. The problem for businesses, teams, and families is that social media isn’t built as a private chat room. They’re on the Web and open to the World.

It’s that intrusive aspect that bugs me. All I need is one glance at the email address of the sender and the subject line and I delete it. Caller ID is even easier than email. But when the software is more sophisticated, it’s harder to know what to avoid.

I understand many people miss high school and are using social media to maintain (or resurrect) that experience. Some of us don’t and therefore won’t. Some of us have full lives without the need to attach needless people as an ersatz form of fulfillment.

Again, to restate: I am more than happy to hear from friends and communicate with them. I just refuse to do it via some medium that exposes me to people I don’t want to hear from and will not communicate with. For some examples, see Phish of the Month.

I’m toying with an idea to make this point more emphatically. Since I have no middle name (or initial), I’m thinking of adopting OOTL (rhymes with toodle). Maybe I’ll start a trend—of non-joiners. Or maybe just another blog.

Advertisements

Insecurity, Part Three


Last week’s post ended with three questions: Why are we under attack? Who will protect us? Is there no hope for privacy? Here’s three more: Why do I have to do this? How did this problem get so bad? Does my life have to be this complicated?

The most important piece of advice I can give is this: choose carefully. All the concerns in the previous paragraph can be minimized by making good choices. You can do more with less if you simply buy less, and that includes the “free” stuff.

Far too many people buy new technology as fast as it’s announced. They’ll stand in line all night and dive deeper into debt to have the next great thing. Until the next great thing.

The cost of new technology goes far beyond dollars. It burns up your time and punches new holes in what’s left of your security. No matter how dazzling new technology is, you must see past the fun. What are the risks? How much of your life is at stake?

Media extols new technology, but ads are only the good news. Who will tell you about the downside of using public WiFi—whether for email, selfies, or shopping. Sites won’t warn you. Convenience trumps safety when banks push mobile banking.

Saying your data on the Internet is on a Cloud doesn’t make it safer, or quicker, or easier to access, or anything different from what it was before. But calling it a Cloud sounds really cool.

Advertising is all about appearances. Buyer Beware won’t reveal reality. If you want reality, you’ll have work hard and dig deep, Reality is where the risks are. Appearances can hide the risks.

Clouds are as irrelevant as the speed of Google searches. Speed only counts if you get what you want and get out. Google searches aren’t fast if you don’t get what you need right away. Google wants you looking (at ads), not finding. That’s browsing.

Finding is what the Internet does. And tracking. If this was a game, you would be IT (pun intended). When you’re online, how many people are looking at you? Literally if you’re Skyping.

GPS or triangulation reveals where you are. Texting or email speaks your thoughts. A selfie will pick you out of today’s lineup. We have lost any possible expectation of privacy.

What technology doesn’t bother to tell you is what makes the hacker’s job easier. The less you’re aware of exactly how and to what extent you are at risk, the more likely you will be a loser.

Clearly, the best we can do is minimize our losses. Web sites won’t help us; software can’t be bothered; government only listens to lobbies. We have to protect ourselves—and each other.

Insecurity, Part Two


Last weeks post (“Insecurity, Part One”) was getting a little long, so I left a few things out. One was very simple: keep your security information on paper, or hard copy as we used to say.

Or you could use a flash drive or any other medium not ordinarily connected to your computer, and therefore portable. If it’s not connected, it can’t be hacked. If it’s paper, hide it well.

The other point I omitted was Two-Factor Authentication (or 2FA). This was recommended by all the experts interviewed in those news stories last week. Unfortunately, it confused the reporters.

It’s supposed to work like this. You sign on to the site and then the site takes a second step (like sending a code back to you). This is meant to ensure it’s actually you and not some computer.

But no one agrees on just how to do this. For example, Google wants to send it to your phone, regardless of what device you used to sign on. In effect, they want two-device authentication.

It makes sense for the site you just accessed to authenticate by sending you a query to the device you just used. This will work even if you sign on from someone else’s computer. Just carry your security information with you (flash drive, hard copy).

If 2FA is a good idea, why not always use it? Well, for one thing they have to offer it. Currently, I use over twenty sites requiring secure access, but only one offers 2FA. Hasn’t really caught on.

So far, these things I’ve discussed are more work for you and me. The bigger question, which no one—not even the experts on TV—ever mention, is, Why don’t these sites do more to help us?

First, and most obviously, is their lack of imagination in providing Security Questions. Most of them seem only to copy from each other. Very few are unique to a single site. Laziness?

As for passwords, why can’t these sites make sure we don’t use any real words? Why can’t they come up with a way to measure the randomness of passwords, to help us make better ones?

Not only that, why can’t they suggest changing our passwords when they’ve been in use too long? Same goes for Security Questions. They could do all these things, but then they’d have to write some code. Guess our security isn’t worth their time.

Next week, the really big questions. Why are we under attack? Who will protect us? Is there no hope for privacy?

Insecurity, Part One


The big story after Labor Day (in Entertainment) was hacking of celebrities. Because it involved Apple’s iCloud, it made all the news shows. All this coverage revealed the bigger problem.

It was apparent from their questions that many of the news people didn’t really understand the extent of the danger. I guess talking heads are really more celebrity than reporter.

High profile people are by definition too busy to bother with technical details or to seek a deeper understanding of the technology they depend on. But in the end their behavior is very much like any teenager or ordinary uninformed user.

When users want access to their data (including clouds) they’re faced with three barriers: User Name, Password, and Security Questions. These are not what they seem, e.g., passwords aren’t words.

A User Name, if you’re a celebrity, should never be your name. This makes hacking as easy as accessing you on Twitter or Facebook. Don’t use anything like a name, because you can only use it once. That’s right; one User Name for each account.

Here’s your first clue: Whatever you use to get past these three barriers at one site, don’t use the same information at any other site. Ever. Each site must have its own set of security keys.

“Wait a minute!” I hear you shouting, “How am I going to remember all that?” You shouldn’t. None of these, User Name, Password, or Security Questions, belong in your memory.

There was a time way back when all we had was one email account. Today, everybody has too many online accounts to try to remember all the access codes. Clue number two: You have a computer. It has a better memory than you do. Why not use it​?

How? You can create a file with the access codes for each account. Protect it with a password (e.g., Zip files can do this). Don’t give it an obvious name or put it in an obvious place. Yes, this means every time you want access you must open this file.

Another method is to get a program that does all this for you. Such programs also generate random passwords. Speaking of passwords, never use a real (or disguised) word. Hackers can automatically run dictionaries comparing everything like a word.

They can, that is, if the site lets them. Apparently Apple did. Instead of adhering to the three tries and you’re out that’s been an industry standard for many decades, they allowed multiple attempts. Apple made a big deal of saying they’ve now fixed this.

My question is, How did they allow it in the first place? If the guardians of our data are going to be this careless in protecting our data, why trust their services? I wonder who else ignores the three-strike rule? We should go to all our sites and test each one.

Another question, the one that drives me nuts is when their Security Question asks for my mother’s maiden name. Clue number three: never give an answer someone could look up.

Why bother with real answers, anyway? Since you need your security file for User Name and Password, it also has the answers to your Security Questions. So as long as you give the same answer—any crazy answer—it’s valid. Clue number four: Lie.

Next week’s Part Two will give you even more to worry about. And more helpful clues.

Programming’s Three Tasks


Recently, an old programming friend in Florida sent me a link to an online book about JavaScript. I don’t do much with Java, but it did get me thinking about all those books on how to program.

There are scores of such books (particularly now that we use so many languages), but there are also a great many books on how to program User Interfaces. That is, how to make the user’s interaction with the program transparent (some say intuitive).

Unfortunately, there’s a disconnect in the code created by these two approaches. The concerns of good style don’t overlap those of good user interfaces. Should users even care about style?

Non-programmers don’t realize that even the simplest program can be written a million different ways. Of these, a hundred are probably flawless. Of the hundred, a dozen could be perfect in every aspect of their construction and execution. There is no best.

However, perfect code can still be opaque to the user. Clearly, the answer is to write clean code, then make it easy to use. Finally, improve the style without changing its functionality.

Regrettably, the programmer’s job is still not done. The concerns of style and user ignore the future of “finished” software. This is maintenance—and its usually eighty percent of the total effort.

When the first completed version (1.0) is released to the world, the responsibilities of maintenance begin. Whether it’s quick fixes, like typos, or major revisions and upgrades, the job usually goes to programmers who did not develop the program.

So, even after writing code that is kind to users and has excellent style, there are still the needs of the maintenance programmers. To meet these, software developers must write readable code.

In a recent search, I found exactly three books on writing readable code. Still, that’s three more than existed when I wrote a paper on this topic some twenty-five years ago.

Without readable code, maintenance is more than difficult, it’s nigh impossible. But readability cannot be another step, nor an afterthought. Doing it as you write aligns code with concepts.

Six months after a program is complete, you may be the one who has to fix it. After that long, you may be a stranger to your own code. If you made it readable, you will appreciate the effort.

Unequal Internet Power


As our digital lives expand, we think less and less about how it all works. The more we use The Cloud, the less we concern ourselves with its details. Whether smart phone or computer, social media or Internet, we take too much for granted.

The digital universe is a complex amalgam of hardware and software, supported by millions of techies from electricians to systems designers. This post focuses on a tiny but essential piece of hardware we’re all using right this second.

You and this blog are connected to the Internet at different locations. At your end is a device similar to the one at the blog’s end. They’re called modems (for reasons no longer relevant).

Modems translate your Internet requests into tiny packets of information that travel (in non-trivial ways) across the world (or across town) to the specific modem linking the Internet to the information you’ve requested.

The modem at your end could be hiding inside your smart phone or sitting atop your computer. The modem at the other end, whether at this blog or somewhere in the bowels of the Google planetiod, is constantly talking to your modem over the Internet.

Your modem is only part of your Internet connection. In addition is your Internet Service Provider (ISP) with its hookups (cable, DSL, 4G). And your modem may have routers for Ethernet and WiFi. Whatever the combination, they all need power.

Some modems run on batteries and some have battery backup. A modem in a smart phone uses its battery. Google modems probably have their own electric company. Many other hundreds of millions of modems rely an AC plug in a wall socket.

These computers depend on the same power we used a hundred years ago. Better protected now, this power is still vulnerable to lightning strikes, terrorists, cars crashing into power poles (it happened here), solar flares, and other vagaries of the universe.

Power simply does not exist everywhere, at all times, and with perfect uniformity. But when it’s interrupted or raised (surges) or lowered (brownouts), it’s much more likely to be at your end than anywhere on the Internet or the big servers you access.

Are our digital lives ascending to the clouds or are we only falling further into the rabbit hole? Either way, when your power goes out you may be sitting in the dark, wondering where everyone went. They’re still there; it’s you who’s disappeared.

A Survival Guide


A Survival Guide is the second book in the Digital Minefield series. You can find all the related posts by clicking on the Category “A Survival Guide.”

What Programmers Can Learn From Writers


As a beginning programmer, I listened to everything my peers said. The strangest was programmers couldn’t write English. I didn’t believe it until I saw it for myself—again and again.

I didn’t understand how this could be, since I didn’t have any problems writing. And then I did. When immersed in a large complex program, I had trouble switching from code to words.

Over time, I realized programming and writing used the same creative area of the subconscious. When that part of the brain is preoccupied with one, there’s no room for the other.

Writing and programming have much in common. Most notable is the advice given to novices by many great writers: steal from the best. And keep stealing until you find your own voice.

Beginning programmers need to steal for a practical reason: it solves problems quickly. Since the code you steal is never exactly what you need, you learn how it works by modifying it.

But there’s a more important reason for both writers and programmers to steal from the best. It refines the ability to discern quality. It’s how we climb onto the shoulders of giants.

Another tip from writers is to kill your darlings. Don’t be enamoured of a clever phrase (or line of code) if it detracts from the whole. Don’t put your ego above the integrity of the work.

As I said last week, programming and writing are both practical arts. How do you become more skilled in the practical? The same way you get to Carnegie Hall: practice, practice, practice.

The worst mistake beginning programmers (and writers) can make is not to admit when they don’t know. Look it up. Ask. Use validation software (and grammar and spell checkers).

The big difference between writing and programming is in the pudding. You know when a program works, when it does what you intended—and when it doesn’t. Writing, not so much.

Beyond Literacy


If you’re not familiar with code.org, you should be. It’s a vast nonprofit initiative to make computer science part of the core curriculum in all US schools. Digital jobs are the future of our economy, and code.org wants everyone to be code literate.

Universal code literacy is a laudable goal, but it’s just the first step for our economic recovery. While it is only an initial opportunity, it does open the door to many possible career paths.

Not everyone who acquires code literacy can become a programmer. However, being code literate helps you understand the intentions and methods behind the software you use.

As for programming jobs, code literacy is minimal entry level. Employers, as always, will prefer experience. Hence, beyond literacy the goal is experience, just as the goal beyond experience is competence, and beyond competence, excellence.

Understanding the syntax of a programming language will not make you a programmer any more than understanding the syntax of a written language makes you a writer. In both disciplines, you learn by doing, especially from your mistakes.

One thing coding is not, is an academic discipline. Like writing, it is a practical art. Unlike writing, it requires continual learning to keep up with the ongoing development of new programming languages and state-of-the-art equipment.

Programmers are not so much hired on what they know as their ability to learn. Becoming code literate is the first step in demonstrating that capability. Afterwards, learning on the job is usually informal, requiring both initiative and self-discipline.

Code literacy opens many doors. Career paths beyond are challenging because they are unlimited and always changing. Yet, insights are available to ease the journey. See the next post.

The Wellness Machine


Most tech writers speak of the computer as being in the forefront of the blossoming Digital Age. They are only partially right; many of the most impressive advances can be identified as computers.

However, it is the less visible uses of computers that will be the full-flowering of the Digital Age. We need to think of computers as more of the font, the wellspring of this Digital revolution in all modern technologies and services.

Hospitals are one example of an expanding Digital future business that is not, per se, computers. Hospitals will not be defined by their applications of medicine, but by their control of medical information.

In fact, hospitals are already so far removed from what they once were, they lend themselves as fit study for anthropologists. But before we look, let’s listen.

The first thing you notice are the myriad alarms within the system in a constant struggle for hierarchical supremacy. “My warning is more important, and therefore more annoying, louder, and more insistent than yours.”

Forget the old jokes about who really runs hospitals—it’s the alarm systems. And the joke is no longer funny. Just spend a night in a hospital and see for yourself. Before you have to.

Hospitals, as with all future enterprises, will be Big Businesses. Not so much in size as in their number of partners. Support services, like rehab, will come from a conglomerate, just as hospital foods will be supplied by the food conglomerates, and of course will all data and communications services.

The Hospital of the Digital Future will be an economic creature distinguished more by its bedfellows than by its patients.

Post Navigation