Free Newsletters :

Articles in “March 2010” from Datamation Blog

Google vs. China: Cyber World War I

Thumbnail image for Thumbnail image for Thumbnail image for david-strom.jpg
by David Strom

Last week we witnessed the first Cyber War, but it didn't go down
quite as many of us expected. Instead of a group of anonymous hackers
trying to take over thousands of infected PCs or trying to cut off
access to critical infrastructure, we saw Google declare the first
salvo in its war against Chinese censorship by moving its servers to
Hong Kong.

The more I thought about this, the more I realized that this was war,
declared by a private company on a nation state. Just because Google
doesn't have its own army (yet), or that no actual physical weapons
were fired doesn't make it any less of a battle. And it is only going
to get worse for all of us as other private firms realize that they
need to take control over their servers and intellectual property.
What is curious is how few companies signed up for the cyber
equivalent of the coalition of the willing - GoDaddy was one of the
few. Not Microsoft. Not Intel. No PC manufacturer of any shape or
size.

Let's face it. No one wants to declare war on China, whatever form
that will take. Most of our PC hardware components are made there.
More people are using the Internet in China than the US total
population, and it is growing quickly, too. And while the breaches on
several Google accounts had Chinese origins, getting accountability
isn't easy.

Coincidentally, while all this was going down I was reading a preview
copy of Richard Clarke's new book called Cyber War. I highly recommend
pre-ordering a copy. Clarke was a national security advisor to several
presidents and teaches now at the Kennedy School at Harvard.

The book is chilling account of exactly what is wrong with our
government and how unprepared we are for Cyber World War I. How so?
Think of a Cyber War in terms of nuclear proliferation and the Cold
War preparation. But unlike what we did in the 1960s to defend
ourselves against possible nuclear annihilation, we are doing
everything wrong for a cyber defense. Instead, we have made America
more of a target, because so much of our infrastructure, our weapons,
our culture, and our PCs are out in the open, ripe for the picking.
Look at how easy it is to hijack the drone video feed as a starting
point (although the control systems are secured, for the moment.)
Clarke talks about various war game scenarios and at one he mentions:

"If you have a mental image of every interesting lab, company, and
research facility in the US being systematically vacuum cleaned by
some foreign entity, you've got it right. That is what has been going
on. Much of our intellectual property as a nation has been copied and
sent overseas. Our best hope is that whoever is doing this does not
have enough analysts to go through it all and find the gems, but that
is a faint hope, particularly if the country has, behind the
filtration, say, a billion people in it."

He mentions how there were times when computer professionals working
for the Hopkins Applied Physics Lab back in 2009 discovered a data
breach. The only way they could solve it was to disconnect their
entire organization from the Internet and clean each PC, one by one.
"If you are connected to the Internet in any way, it seems, your data
is already gone [overseas]."

The problem is that the best defense in a Cyber War isn't the best
offense. Nope: it is hardening your connections. Look at what China
has done with its "Great Firewall." Most of us think this is to keep
the porn and liberal thinking out of China. And yes, it does do that.
But what is really going on is that in the event of a Cyber War, China
can quickly pull the plug and disconnect from the world, to defend
itself. Trying asking AT&T or Level 3 to do that here. Ain't gonna
happen.

Another part of the problem is that there is no one actually "tasked,"
as they say in DoD-speak, with defending our power grid control
systems, transportation networks, and so forth. Where are the cyber
equivalents of nuclear strike forces in case someone hits one of these
targets? Nowhere. DoD has its own ships, planes, and troops to worry
about. Homeland Security is trying to keep shoe bombers and the like
out of our skies. What is left is up for grabs. Call it the cyber gap.
"Can a nation shut off its cyber connectivity to the rest of the
world, or spot cyber attacks coming from inside its geographical
boundaries and stop them?" China probably can. We can't.  In an odd
twist of irony, the less developed a nation is, say Afghanistan or
North Korea, the better defended it can be, because so little of that
country's resources are hackable. How many power grid control rooms
have VOIP phones, bringing the Internet literally to the right
desktop?

In the past, spies had a harder time of it. They had to physically
copy plans, or data, or compromise an actual human being. Now, they
can sit in their jammies and download entire manuals without anyone
noticing.

When Obama was elected in the fall of 2008, Clarke was an advisor to
the transition team. He asked everyone on the team to stop working on
their home PCs and even provided brand new Apple MacBooks that were
locked down so they couldn't connect to the public Internet. When the
users complained about this when they tried to access public Wifi
networks, he "tried to quietly point out that if you are a senior
member of the informal national security transition team, you probably
should not be planning the takeover of the White House from a
Starbucks."  Gulp.

That is the problem. We are too used to our connectivity, and have
gotten too complacent with our computers. A lot remains to be done.
You have been warned.

Digital Archives and Future Research

Thumbnail image for Thumbnail image for Thumbnail image for david-strom.jpg
by David Strom

My college experience was perhaps a bit different from many of you. I
was very lucky to be able to design my own curriculum around what
turned out to be an entire year's worth of independent study classes.
Perhaps that set the tone for my working life, where much of my day is
spent doing research and writing articles and designing my
presentations.

I thought about this during the past week when I read in the NY Times
about the digital archives of novelist Salman Rushdie that is being
curated at Emory University in Atlanta. Rushdie was fanatical about
keeping digital copies of all of his work product and donated his
older Macs to the university several years ago. Since then, a team of
computer programmers has been working on ways to make it more
accessible to researchers.
http://www.nytimes.com/2010/03/16/books/16archive.html?ref=technology

What does this have to do with my own education? One of my independent
classes was to research and create a series of photographs that
mimicked well-known photographers of the past. One of them was Lewis
Hine, who created a series of images of underage factory and mill
workers around 1910 before there were any child labor laws. Some of
his work is kept at the Library of Congress. As part of my independent
study, I went to DC and got to see his pictures firsthand.

It was fascinating to be able to walk into the archives and within a
few minutes have these old photos in front of me. And what was even
better was that for a small fee, I could have the government make
contemporary prints from some of the original negatives. I thought,
how cool can this be? It was then that I got interested in what
archivists do. And even cooler, I can link to it on the Web now:
http://www.loc.gov/rr/print/coll/207-b.html

Fast forward to today. Now we have to deal with what archivists call
born digital works. This means that instead of paper copies, we have
to deal with preserving computer files that were never or infrequently
printed out. My Hine negatives and prints aren't an issue - other than
their deteriorating condition, you can still take a 4x5 negative and
print it out on modern enlargers and so forth.

But there is a problem if we are trying to view the records of someone
who creates digital content so that later historians and even the
general public can go back and examine them. This is where it gets
tricky, and we run into issues.

As an IT person, you initially might say: this is simple, just make
bulk copies or image the hard drives and you are done. But wait. Some
of the programs are no longer available. Newer versions don't
necessarily read very old file formats. As an example, try buying a
version of a 1990s era software program today. And even if you can
find it on eBay or in your attic, it might be difficult to run it on
modern hardware.

That is the situation that the Emory archivists found themselves in
when they got Rushdie's old Macs. But through some hard work, they
have been able to reconstruct things and allow us to become immersed
in the complete environment that Rushdie was working in at the time he
was writing his books. You can view the same files, work through the
revisions and edits that he made, and be completely brought back to
the past, care of some very clever programming tricks.

You can read more about what the team of programmers and archivists
have done to set up this exhibit and what they are doing with all the
materials that Rushdie donated to the library here:
http://www.emory.edu/EMORY_MAGAZINE/2010/winter/authors.html

What struck me was that I doubt many of us could even attempt to
recreate the computing environments that we have had over our careers,
let alone last year. Granted, it isn't like some university is
knocking on my door wanting my Model 200 Radio Shack, not that I have
kept it or many of the other computers that I have used over the past
30 years. Nor would I want to turn over my old PCs and Macs, even if I
had them, to the world to see what is all on them. <shudder> But
still. I do have copies of many of my previous' years work on my hard
drive. Sometimes I actually do search for something that I wrote and
even find it, but most of the time these files remain untouched. I
took a quick look at what I have been carting around with me digitally
speaking and it is a real mess. I have presentations in software that
is no longer in my possession, documents in Xywrite (which for the
most part are text files that I can still open and read), and older
versions of accounting software (DOS QuickBooks, anyone). Speaking of
DOS, trying to decode an eight letter file name into a meaningful
article is an exercise in frustration. I can't imagine what an
archivist would have to deal with if I am having problems.

I will have more to say about this for an article I am writing for
Baseline magazine. In the meantime, I am enjoying look at Hine's
photos again, you can find many of them easily online. And I don't
have to leave my office either. This Web thing is pretty cool.

The Dangers of Wi-Fi on Airplanes

Thumbnail image for Thumbnail image for Thumbnail image for david-strom.jpg
by David Strom

I have been on a few planes in the past couple of weeks that are
Wifi-enabled. American has created an entirely new opportunity for
identity thieves here, and while the opportunity to surf and email at
30,000 feet is tempting, count me out for those that will become
frequent users.

The problem is that most people get lost in the wonderfulness of the
Web and tend to forget that their seatmates can watch every move, see
every keystroke (it doesn't take much to follow along, especially at
the speed that many people type), and collect all sorts of
information. By the end of one flight I was on, I had Larry (not his
real name) the HP sales rep's Amazon account, read several of his
emails, got to see his new sales presentations that HP corporate sales
office had sent him, figured out that he was a recent hire as he was
checking HP's Intranet to understand some corporate travel policies,
found out who his clients that he had just visited were, and more.

Now, I wasn't really paying that much attention. I was tired, and just
wanted to be left by myself for the trip. And I think we exchanged
maybe ten words between us all told. But if I really wanted to do some
damage, I could be all over Larry's accounts by now (he had some nice
taste from what I could see he was looking for on Amazon, too).

Yes, people have been using laptops on planes for years. I used to do
it all the time, back when the middle seat was rarely occupied and you
didn't have to almost disrobe to get to the gate. But those days are
almost as much part of history as calling the people that worked on
planes stews. The difference is now that we have Internet piped
directly to the seat, people are free to go anywhere and everywhere,
and where they go are places that are critical to their life. I
wouldn't be surprised if someone was doing their online banking
in-flight.

So people (and HP, you might want to consider this a corporate-wide
purchase) if you are going online up in the air, get a privacy filter
for your laptop so that no one else can see your screen. They cost
about $30. This isn't complex technology: it has been available almost
as long as Windows has been around. And while you are at it, dim your
screens to save on power anyway (Larry had one of those nifty
power-packs to boost his battery, too). Or better yet: don't work on
anything important on a crowded plane - and these days, what other
kinds of planes are there? Bring a book or watch a movie if you must
be immersed in your electronic cocoon.

I am reminded of a story from my early days as a reporter for PC Week,
back in the late 1980s. We were very scoop-oriented, and would always
try to get information from the vendors through all sorts of means,
some of them probably unethical or at least uncomfortable in the light
of the present day. One of our reporters was having dinner with her
boyfriend (now husband) at a quaint and cozy Cambridge Mass.
restaurant, and overhead two businessmen at the next table gossiping
about work. What was unusual was they were speaking rapid German, and
both were working for Lotus Development, at the time a powerhouse
spreadsheet player. They were in town to discuss the company's future
product plans. Trouble was, my colleague spoke German fluently, and
got a couple of scoops that were published the next week in the paper.
No one knew who the source of the leak was.

Remember loose lips sink ships, the World War 2 posters put up by the
government? We need something similar on Wifi-enabled planes. Be
careful out there people. You never know whom you are sitting next to.

Managing the Multi-Platform Web Mess

Thumbnail image for Thumbnail image for Thumbnail image for david-strom.jpg
by David Strom

I have been using Pandora's online stream music service off and on for
several years. What got me more interested lately was it being one of
the many services on my Roku video streaming box, which my wife and I
use mostly for watching movies from Netflix's "watch instantly" queue.

As I investigated the service more, I came to understand exactly the
challenge of what it takes to be truly multi-platform in the current
era. It isn't just about having both Web and mobile phone versions of
your service, but how you have to go deep into a lot of different
devices to appeal to your customers.

The cool thing about Pandora isn't that you can create your own custom
radio station that will try to find music based on a particular artist
or genre. But that once you set up your account on one platform, you
can access it in your car, in your home, and on the road in between.
All with the same collection of stations and music.  As you spend more
time with the service, it tries to figure out your likes and dislikes.

Let's look at all the various places you can get your Pandora fix as
an example of how hard it is to become this ubiquitous. First is the
Web browser: you have to work in a bunch of them properly, so there is
the usual testing in IE, Firefox, Chrome, Opera and Safari. Add Mac,
Windows and Linux versions of each browser, and that's 15 regression
tests right off the bat. 

But we have just gotten started. Add in the
newer brower versions, like IE8, the fact that Linux isn't a single
OS, and 64 bit Windows. Then stir in support for both Flash and HTML
v5, and you can easily get more than 200 different environments if you
want to support a wider base. Pandora, by the way, doesn't officially
support much beyond Flash on Firefox, IE, and Safari on Mac and
Windows.

Then we have separate apps for each of the five mobile phone platforms
(Blackberry, iPhone, Android, Palm Pre, and Windows Mobile) and four
cellular providers because their phones work differently on each
network. Never mind that each phone's ecosystem has different rules on
how an app can get posted for download and get itself updated. There
are at least twenty different tests there. The phone apps have to be
designed to work with the limited screen real estate available on each
phone, and yet still connect to your account in a way that you can
recognize without a lot of user training. 

Some of the phones have different screen and control button configurations, so just supporting
the Blackberry line, for example, isn't so simple. You also need to
get the development environment for the phone (typically these run on
PCs with simulators that show you what your phone user will end us
seeing) and probably a bunch of phones to test out too.

But wait, there is more. How about Facebook, My Space, and other
social networks? Don't you want to integrate with them and leverage
them to make your app viral? More code to write, more interfaces to
learn, more tests to run to make sure you new versions don't break
these links.

Then there is support for the home-based entertainment systems. While
each of these have some embedded Web browser in them (like the Roku or
the Samsung BluRay DVD players), you still have to test to make sure
that the pages load properly and the music keeps on playing and your
fancy navigation controls operate as intended. 

There are more than a dozen different devices, including the Ford Sync in-car service that
will be available later this year, to test out. The trouble here is
that these devices typically have older and less capable browsers that
don't get updated, unlike the PC world where users are trying out new
versions.

As you can see, it is easy to lose count of how many different
platforms you want your app to run on. And then if you have to make
choices and limit yourself, how do you do the triage? Do you drop
Andoid in favor of Roku? Bring up the new Ford Sync API and leave the
Pre to wither away? The user populations of each of these communities
is constantly changing, as sales wax and wane.

It is enough to make many of us long for the simple days of the 1990s,
when we just had to worry about Mac vs. Windows support.

I got the idea to look at Pandora from an article in today's NY Times.
And while the service can wreck havoc on corporate networks (lots of
folks start the audio stream and then walk away from their PCs), I
think they are doing exactly the right kind of things when it comes to
managing their multi-platform strategy.

How Much Does Google Know about You?

Thumbnail image for Thumbnail image for Thumbnail image for david-strom.jpg
by David Strom

The news last week that Italian authorities have convicted three
Google executives for criminal privacy violations got my attention
for two reasons. One, the charges are based on a video that shows an
autistic boy being bullied, a video that Google did not create or
post. It was filmed by cell cameras and posted more than three years
ago, and indeed one of the executives has since retired from Google.
Two, none of the three live or work in Italy, and a fourth executive -
a product manager - was acquitted.  We truly live in a global village,
and one in which the legal operations move slower and slower. As
someone who was bullied as a child, I get this, although not sure that
justice really was served here.

This case comes on top of the company's missteps with Buzz, where it
had to alter the default privacy settings after a rather embarrassing
launch and lots of fanfare.

Has Google become more evil, or is it just the contentious times we
live in that makes this sad state of affairs possible? One thing is
clear, though: Google is becoming bigger and buying more and more
companies that have products or services that I use. Picnik (online
photo editing) and Etherpad (online real time document collaboration)
are just two of the more recent acquisitions. The Etherpad acquisition
was also a bit troubling, where the company had first announced they
were turning off the service, then had to restore it after numerous
complaints.

I still think the vast majority of people at Google adhere to the
company's ten founding principles, which is more than I can say for my
dealings with Microsoft over the years. Certainly both companies are
hyper-competitive. But the very nature and pervasiveness of Google's
online services makes it more pernicious, and has a greater potential
for abuse, as the recent news indicates. But it also means that they
can turn more quickly when they make a mistake: the Etherpad issue was
resolved in a day or so. Imagine Microsoft trying to do that. Indeed,
try finding something similar to this document on Microsoft's Web
site: you will find a lot of corporate doublespeak, rather than the
plain spoken "Ten Things" that Google professes:
http://www.google.com/corporate/tenthings.html

While all this was going down in Italy, I was reviewing what
information Google has stored on me in Google Accounts. If you haven't
had a look at your "dashboard" lately, it is instructive to see
exactly what Google can track on you. In my case, I use a ton of
different Google products, and recorded for posterity include the
following:

-- My most posts to my Blogger blogs 
-- What items Google Alerts has located that mention my keywords
-- The three people I most often email in my contact list
-- The most recent Google Doc that I have edited and how many of them
have been supposedly "trashed" but are still accessible
-- My complete Google Chat history of more than 1500 conversations
-- The photos stored in Picasa, fans and favorites included
-- My history of calls made on my Google Voice account
-- My most recent Web browsing history, including search terms, images
downloaded, maps visited and news items read
-- And there are 12 other Google products that aren't yet tracked,
including AdSense, Knol, and Groups too.

You get the picture: there is a lot you can learn about me when you
scroll through all this data, and a lot that I would prefer remain
private. All it takes is someone to guess a single password, too. That
is scary, and I hope that "do no evil" thing is still very much in
force in the years to come.

I invite you to comment on this column on my strominator.com blog. Please also join me on Facebook.com/davidstrom, watch my video product reviews at webinformant.tv and follow me on Twitter @ dstrom. To view a few of my presentations and to find out more about my speaking business, go to http://strom.com.

Recent Entries

Search Datamation Blog