You Shouldn't Have To Read This

Engineers are scientists and, as such, I have always insisted that we should not meddle in politics because such an entanglement makes for bad science and worse politics.

However, as the Al Pacino character in Godfather II said, "just when I thought I was out... they pull me back in." -- "I"meaning all of us technical people and "they" meaning the Congress of the United States, or politicians.

We went through something like this with the DMCA and then with "Net Neutrality." Now SOPA (the Stop Only Privacy Act) is the soup of the day -- actually it is more like the human waste that is produced when someone ingests spoiled soup.

America is truly an amazing country. Our Congress, whenever their incompetence is most apparent -- just look at the economy for Heaven's sake! -- they tend to dabble in the most inconsequential things such as baseball or, unfortunately for us, the Internet.

In the midst of a floundering economy the sector that is most promising and actually thriving is having cold water thrown at it. This is like a drowning person deciding that drinking large amounts of seawater would be good idea on since the salt in the water is a natural source of sodium.

So what is this SOPA thing all about? If you don't mind legalese terms such as "in personam" and language so thick it puts mud to shame, you may access the full text here. For the rest of you who prefer plain English here is a brief summary.

SOPA puts the burden of protecting intellectual property on ISPS and search engines. Sounds like China's great firewall to you? I am afraid you are right.

Apart from the twin facts that China is a dictatorship (hardly the country America should be modeling its laws after) and that China's catch-all censorship has proven more annoying than effective (at least to power users), this sort of legislation will stifle technology, drain ISPS of cash via huge fines and make search engines virtually useless if not illegal. It places the burden of blocking sites that violate IP laws on the aforementioned.

Google, which had to leave China because of their anti-free speech rules, may also end up facing the same choice in the US. This is insane. Will Americans seeking unfiltered search result have to turn to China's Baidu.com?

And there is an even greater moral hazard here. SOPA's proponents claim that it's sole purpose is to protect intellectual property. Even if we were to overlook the spotty record of IP policing and prosecution in the years since DMCA (including innocent victims and companies issuing notices for material they did not in fact own the rights for), given the fluidity with which IP violations have been redefined to suit certain agendas, this law is an open invitation for fascist politicians to initiate IP violation notices against sites that espouse political views with which they disagree. Even more slyly, these rats could attack the advertising networks --yes the law does address advertising networks -- that support the sites they dislike.

In the same way in which Soviet Russia labelled dissidents "reactionaries" rogue politicians could label the bloggers they dislike "IP-violators!" If you are not alarmed yet, you are probably a bot incapable of passing a Turin test.

Let me reiterate that I do believe in protecting intellectual property rights -- online and off. The courts have been enforcing the law for the past 20 years of public Internet with existing laws. SOPA is not needed --plus it's harmful. We even had a teenager extradited to the US for 16 lines of code because IP holders felt threatened by. What more to these people want?

I hope sense prevails among legislators and that those whose will is steeled by campaign contributions will be in the minority. As the closing screen of an old public service ad once proclaimed: "God, bless America, please."

To read more and do your part in combatting this anti-technology, anti-freedon piece of drivel that passes for law, click on the links below. I urge especially to click the online petition:

• House Judiciary Committee SOPA Hearings Stacked 5 To 1 In Favor Of Censoring The Internet


• Open Letter to House Judiciary Committee


• Stop Online Piracy Act [Wikipedia Article]


• SOPA Bill Turns Competing Tech Giants into Unlikely Allies


• Infographic: Effects of the Internet Blacklist Bill (SOPA)


• ►► Online Petition◀◀

_________________________________________________________

The Day The Music Died

I am still recovering from the shock at the headline announcing the death of Steve Jobs. Beside being the face in front and the heart inside Apple for almost 30 years, Steve was a visionary the likes of which are hard to come by.

Steve Jobs was not just an innovator he was a leader in creating new paradigms, new cultures, new worlds. Its not that he invented gadgets; he showed us the way to a universe we had never seen before and made us feel a home there.

He was a great man and will sorely be missed.

Give Hydro-Engineering A Chance

As with all challenges faced by engineers, these days of record heat should help spur innovation.

The field of geo-engineering, especially because it involves lofty projects that wow visitors and investors alike, gets a lot of press these days. And, I will not belittle its usefulness.

However, the often neglected field of hydro-engineering holds a lot of promise as well as challenges that have yet to be met.

Water, although not the best heat exchanger (hardly anything beats Freon gas) is abundant cheap and safe. I think there is a lot of room for devising systems that combine water and air to cool large spaces effectively, efficiently and perhaps even more cost-effectively that is done nowadays.

In the same way that lakes and rivers help to temper environmental heat, water-based heat exchange technology could be used to boost existing climate control systems.

Another area where hydro-engineering could help improve quality of life on this planet would be through easily deployed light pipelines that would combine flood control with irrigation. It's a fortuitous coincidence and somewhat of an irony that flooded areas are often just a few hundred miles removed from drought-stricken regions.

Imagine if we could move water from the flood-prone Mississippi delta to the scorching Nevada desert, or from Monsoon drenched Bangladesh to the scorched Sahara desert. Water, young man!

The Shifting Sands Of Social Networking

As Google+ debuted with much fanfare and as it was revealed that Facebook creator Mark Zuckerberg pretty much endorsed his competition by both admitting that he had a Googled+ profile and commending the service, I realized that social networking is quite a unique field in which to operate.

Like with the MTV series The Real World where season is likely to bring a new cast and story line, Social Networking's wagons seem not very amenable to longtime commitments. Those who had hitched their wagons to MySpace can easily understand where I am coming from.

I don't think Facebook is going anywhere anytime soon, but I think there is a real possibility that it might be at least partially eclipsed by the big G.

Social networking has a lot in common with cellphones except that, not being physical and not requiring two year contracts (or money for that matter), the players fortunes are a lot less secure that one might presume.

I say this not for Zuckerberg's sake as I am sure his financial advisor's are taking care of that end, but I want to warn developers who might find their Facebook allegiance unfruitful should their target demographic decide to move on.

As I have always warned my colleagues, those who refuse to design and plan independently of platform will find their work becoming irrelevant soon enough —Foxpro developers know this all too well.

A clearly designed game or application can be conceivable ported if its features follow a platform-agnostic design. There is a difference between maximizing the strengths of a port's platform and designing around it.

It also goes without saying, that we should choose our platforms like we chose our tools: the right one for the right circumstance. It doesn't hurt to ask the hypothetical question how could we go about moving our cash cow if we needed to?

Engineers and Politics

Writing as I am on the morning after the President's State of the Union address, as much as I feel tempted to, I will still resist the temptation to comment on it. My main reason is that this is not a political blog. and the speech was a political event with mostly political implications. Some of its ramifications may affect the technology world down the road. Then would be a great time to comment on them.

However, I do want to use the momentum of the Speech to warn my fellow technologists of the pitfalls they might encounter on the road to Washington. Honestly, I think good engineers serve the nation better by developing the technologies that improve the quality of life of our fellow citizens than by going into politics.

Yet, since politics has a way of insinuating itself into every aspect of life, it might be useful to try to flesh out some principles that those of us in the world of zeroes and ones can follow in order not to support political agendas that will hurt our work.

(1)Fuzzy is as Fuzzy Does
Precision in implementation, measurements and language are staples of the engineering world. Ambiguity in technology is not just frowned upon; it has no place. In politics, however, ambiguity is often sought and frequently used.

This translates many times into politicians drafting members of the digital economy into fighting against their own interests.

So how can we protect ourselves from shooting ourselves in the proverbial foot? In the same way in which we harden our applications for use in the real world: know the environment. In other words, do your homework and fully understand the issues before committing.

Int their book, Freakonomics, Levitt and Dubner, warn us to always remember that experts have their own self-interest in mind even as they make recommendations. This applies infinitely more to politicians.

(2)Neutrality, It's Not Just Good For The Net
One of the advantages of being an engineer is that one is excused if one chooses not to take a position in political or otherwise extraneous matters.

It turns out that this is a very good idea. This course of action is especially advisable when the issues being discussed or the way in which they are being discussed are murky. Take, for example, net neutrality.

I have read and heard so many a definitions —at times conflicting, at times too imprecise— of the term "net neutrality" to render it useless for engineering purposes. The situation has gotten so bad that should Congress pass a law that says "let there be net neutrality," no one would have any idea how to implement it.

Once upon a time, net neutrality used to be defined as all data packets on the internet being given the same priority regardless of content or origination. Not one of the positions currently being debated involves this simple definition, therefore the discussion is really about something else nowadays.

In times like these, it would serve the technology world best if many of us were to remain neutral until the concepts are properly clarified. Otherwise, we might end up actively promoting policies that hurt our our principles, our livelihoods, or both.

(3)Don't Be Evil
This applies not just to large Google-like corporations with valuations in the billions of dollars. We all have some measure of power to affect how the lives of others will be governed. From voting at ballot station to serving in some advisory panel.

It is vitally important that you remember that with power comes responsibility, that good law is measured not by its intentions but by its effects, that freedom is self-correcting while coercion self-multiplying, that the moral hazards of a policy can nullify its laudable objectives. Above all impress in your mind that there is such a thing as the law of unintended consequences; it is as pervasive as Murphy's and neither may be safely ignored.

Wether you are worth a few hundred dollars or a few hundred billion, please, for the sake of the rest of us and your own, don't be evil — and do not support the causes of evil people either.

Not Another Year In Tech Blog Post

So many publications attempt to summarize the year in technology news that I think It would be better for me to focus instead on what we can gather from what happened once the dust has settled.

2010 was an interesting year on many accounts, especially on how wrong the pundits and "consultants" were.

This was supposed to be the year that the Android OS overtakes iOS (the iPhone OS) as the preferred mobile platform. Hasn't happened. In fact, I would venture to say, that despite the stellar debut of the iPad tablet, the iPhone was the star of the year.

From the debut of the iPhone 4, to the ever expanding AppStore repertoire, to rumours of a Verizon iPhone. The iPhone has been on everyone's lips and remains fixed in the publics consciousness.

I will not dispute that there might be more Android phones out there than there are iPhones. The latter's edge however is that its owners usually replace their iPhones with another and that newcomers to the smartphone market ask for it by name. The Android phones seem to be the generic alternative that people get when the can't think of what to ask for. I recall hearing a PC Magazine commentator saying that the Android platform's biggest weakness is its inconsistency and lack of uniformity.

Having written what could be interpreted as paean to the iPhone, I will refrain from committing the same mistake I rail against so-called experts for. I will not predict which platform will come out on top in 2011, but I will say that the Android is not the shoo-in that many claim it will be.

I will venture to predict though that the iPad may experience a resurgence in the next 12 months. Apple deserves credit not only for giving tablets new life but for insuating it into more areas of life thant any other company that has marketed them before.

"Honored more in the breach than in the observance," the PC must be mentioned for its near absence from techology news. I say this to point out how subtly specialized devices called computeres are being replaced by devices with similar computing power but different designations. I think 2011 will mark the continuation of that trend.

Google, Windows and Security

The Financial Times reported toward the end of last month that Google was going to stop issuing computers running a Microsoft Windows operating system to their employees, with very few exceptions.

The story has caused some furor in IT circles with many opinion columnists warning about the "consequences" of such a sweeping decision. It's hard to understand how anyone could be surprised by this move given Google's Chinese operation being
hacked due to vulnerabilities in their Windows computers.

In fact, I was surprised the search giant was still using Internet Explorer internally given the very warnings published on Googles own site. Yet, the attack did exploit vulnerabilities even Google had not documented.

It is interesting though how so many are now taking on the role of advisors to Google on their OS decision. PC World columnist Tony Bradley, for example, criticized the move while using the oft-cited platitude that Windows has more viruses because it has more users.

Mathematical modeling might suggest that the most used OS will be the one most targeted by by hackers, and the concept cannot be proven to be totally false. However, this alone is not a valid argument nor does it comport with other realities of computing.

Although most users access the Internet using a Microsoft OS, the majority of servers run a Unix-based OS. Given the greater documentation and source code available for the various *NIX operating systems, these servers should be an easier target for exploits. After all, it is much easier to get the fixed IP address of an unpatched server than the transient IP of a broadband subscriber. Yet, it is the latter that gets hit most often, but only if he or she is running a certain browser/OS combination.

Some of the arguments I have been reading from Widows advocates quote the famous yearly Pwn to Own contest as proof that OS X is insecure. However, some of these same people eschew the very same result set and quote Secunia advisories instead to prove that Linux is insecure.

Two things become clear from such truncated arguments:
1) neither result set can be used by itself as a determinant of OS security, especially given real world evidence, and
2) the tap-dancing betrays a lack of seriousness and intellectual honesty.

Moreover, from the comments by Windows users that I have read in which they explain how much better Microsoft security is, I gather they do not understand how UNIX security works.

Let's begin by admitting freely that all operating systems have vulnerabilities.

Even when there isn't an OS-borne vulnerability, plugins and applications such as Adobe Flash, Acrobat Reader or Microsoft Windows Help And Support Center may introduce one — as of today, these three are at the top of Secunia's list interestingly enough, but lets move on.

While Windows OSes are built on the NT base which is based on the old VMS model. All Linux distros and Mac OS X, are based on a UNIX architecture to one degree or another.

There are fundamental differences in how these two OS families are structured. Without judging just yet, let's examine the key differences between security models.

In the UNIX world security is based on ownership. Ownership determines access and access determines privilege. All files are owned and all objects are treated as files. There is a superuser who initially owns everything and can dole out privileges and ownership to other users.

In Windows machines the security model is access based. There are user access controls (UACs) and access control lists (ACLs). A file's owner is more of an attribute that is mapped to the an ACL. Unlike UNIX there is a "system" that owns processes and files. This "system" is not a login user (and is not subject to any UAC or ACL) but plays the role of owner of last resort, not necessarily subject to the "Admin" or most privileged login user. Such splitting of the superuser's powers is baffling to UNIXheads.

The merits of each system versus those of the other could be debated ad nauseam. In fact, I think many pubs owe their livelihood to throngs of UNIX and windows sysadmins imbibing enormous amounts of libation while deliberating on these differences.

In the real world, however, the UNIX system has consistently proven to be a lot more resistant to outside attacks. Day after day millions of windows machines get exploited and controlled the world over, while their nearby Linux and Mac counterparts (even on the same networks) are untouched.

I think the main reason for this is that, in Windows, the elusive "system" user can be easily manipulated or impersonated by a hacker. I remember a particular vulnerability I witnessed where a rogue website operator could open a command window and perform system tasks without the local user even seeing what was going on.

The worse part is that, since "System" has a higher rank than "Admin" in the Windows hierarchy, even an alert administrator can only counteract such attacks by pulling the power plug or the network cable. Is it any wonder how so many trojan horses, worms and malware can get installed so fast on so many systems?

To achieve comparable access on a UNIX-type system, a hacker would have had to steal a root or superuser password. Or the superuser would have had to have opened up too many doors to guest users. The only ways for the former to happen is for the hacker to pry the information from sysad or physically break into the data center.

Another weakness in Windows systems is the Registry, which no version of windows seems to ever check for integrity or validity before loading the values it contains. However, the Registry controls just about every aspect of the system's operations.

Many of the infections I have had to clean from Windows computers have taken advantage of various Registry hacks. The irony of this [and I faced this not long ago when dealing with a particular virus] is that, although a user can be prevented from accessing RegEdit, the Registry editing tool, the hacker's script can freely modify it because the malware runs with System privileges!

Another Windows weakness is Internet Explorer. Although Microsoft has been improving on it's flagship browser over the years, the nexus between Windows Explorer (its Window Manager) and IE provides a handy backdoor for mischief. To make matters worse, the same scripting engine used for local shell tasks is used by the browser to control web pages. ActiveX (a binary execution layer and plug-in container) and VBScript are probably the two biggest holes in IE, and JScript is not far behind.

Despite all these issues, most IT departments do not have the options that Google's has. For reasons of culture, convenience or necessity, they must support machines running one or more versions of Windows operating systems. Also, despite the proven security of competing operating systems, "social engineering" — hackers fooling users into cooperating with them— remains a big vulnerability in any shop.

The bottom line is that, having honestly assessed what the risks are — without spin, sophistry or FUD— IT departments need to proceed with caution and remain vigilant to keep their systems uncompromised. As an old US Army slogan went, "OPSEC is 24/7."