Chaos Program

According to the Wall Street Journal, up until recently the United States Air Force was too stupid to encrypt the video feed from attack drones such as the predators used in Afghanistan and Iraq.

I know that sounds harsh. Maybe it’s even too harsh. Let’s look at the story (original report here) and see how it develops. The short version is that sometime “late last year” (apparently December 2008) the computer of a captured Shiite fighter in Iraq was found to contain video from U.S. aerial drones. In July, more of these intercepted videos were found. The WSJ report claims that the interception was done with (or with something like – the writing is unclear) Skygrabber, software advertised as intercepting satellite transmissions of various file types. The price on the website is $45.95 (apparently was $26.95 a few days ago. Did they raise the price to capitalize on increased demand due to the publicity?).

According to the WSJ report, the Air Force has understood that these feeds were vulnerable to interception since the 1990s but did not do anything to encrypt them because a) It costs a lot of money and b) This kind of interception is too hard for the primitives we fight against anyway. (Okay, I’m paraphrasing, but the gist seems accurate.)

In their defense, Skygrabber probably did not exist in the 1990s. The Internet was less developed in those days too. According to Defense Tech the Global Information Grid used by the U.S. military to transfer data is 25 years old. One consequence of this is that security measures that are considered basic today are completely lacking. Defense Tech estimates that upgrades needed could run to $65 billion over the next three years.

Hackers work faster than that.

read more »

Cyberwar and related issues have been in the news lately. Since the cyber attacks on Estonia during the Russian invasion of 2007 (see here and here) the topic is popular. Maybe even almost sexy.

Since there are lots of news articles lately (mostly without much substance, but there are a few links at the bottom of this post if anyone’s interested) I’ve been giving the subject some thought. The first thing I think about it is that fears are somewhat overblown. To date, I am not aware of even one confirmed case of a cyber attack actually killing anyone. That’s what war is about, remember. Even in Estonia, the cyber attacks were much less of an issue than the Russian tanks.

This doesn’t mean cyberwar can’t cause problems, including problems for the military. Cyber attacks can be used to target communications, to block (or alter) global positioning systems (see this report) and possibly change the behavior of critical infrastructure items like dams and nuclear power plants. In the near future it may be able to cause traffic jams or accidents, make hospital systems go haywire, redirect ships and planes and many other potentially devastating things. At least those are some of the potentials. Fortunately, none of that potential has yet been reached.

Yet.
read more »

Arguably the biggest buzzword in computing today is “cloud computing.” Other candidates include “real time web,” “social computing” and (my favorite) “monetization.” Briefly, cloud computing means deploying internet based applications and services in a way that abstracts hardware needs out so that dependence on any particular server is limited and adding more servers (or virtual servers) makes scaling relatively easy. The example of cloud computing I am personally most familiar with is Amazon Electronic Compute Cloud which hosts the web site I have been developing at my job (Trailmeme). There are numerous others.

A recent study reported at Dark Reading claims that adoption of cloud computing is being hampered by concerns about security. I think this at least somewhat misleading.

The article gives two numbers related to this. First, almost exactly half of companies are not using the cloud and do not plan to at this time. The second number is that half of those mention security as one of their reasons for not rushing to adopt cloud computing. The conclusion of the article is that security is a major concern in cloud computing. I wish this were true but I don’t believe it.

read more »

So someone thought it would be a good idea to remake Patrick McGoohan’s 1960s classic The Prisoner. Why? My current favorite candidate for a reason is that Hollywood hates creativity. They also remade V, after all and that was a show that was crying out to be forgotten (while the remake – which I’ve stopped watching – performed the amazing and unforgivable feat of making Morena Baccarin boring).

I could criticize the casting of The Prisoner but what would be the point? Jim Caviezel seems to be a competent enough actor but no where near Patrick McGoohan’s caliber. But then, who is there alive today who is of that caliber? But my problem with the show isn’t with the acting. It’s with the entire show.

Did I mention they’ve also canceled Dollhouse? (See here and here) This was a somewhat creative show that had all the interesting stuff leached out of most of the first season and all of the second season that had aired before its cancellation. The rumor is that the creator of the show, the brilliant and always interesting Joss Whedon, was not allowed by the network to do the show the way he wanted except for a few (brilliant) episodes in the first season. Whether this is true of not, the resulting show was dull. It’s a shame to lose a show with such an interesting premise (programmable people) but the execution was so poor, I guess it’s no great loss.

The Prisoner didn’t have the advantages of a brilliantly creative creator or an interesting new premise. It’s had a lot of hype, though, and of course Ian McKellen. And it has lots of feelings.
read more »

Here’s what I hope will be a special treat for people: You can now download the full text (as a pdf) of Tree of Bones, my first novel. It’s a fantasy adventure about family, friendship and hideous undead evil. Download it. Read it. Pass it on. No charge (though small donations will be accepted).

I tried a few times to get a traditional publisher interested in publishing it. After a few (maybe more than a few) rejections, I decided to just toss it out on my website and let people read it if they wanted. That website no longer exists, though and, anyway, PDFs are more portable.

In its current form, the book is available under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

That means, for one thing, that I allow people to reproduce and distribute it, or even change it to suit themselves, as long as the following conditions are met:

• Distribution must be non-commercial in nature.
• I must be credited as the original author (same as on the title page suits me: “Tree of Bones by David Vandervort”).
• The book and any derivative works you make must be distributed under this same license.

None of that means you can’t ask me for more permissions, by the way. Or better yet, pay me for more permissions. But the rights described here are yours without having to ask or pay me.

The official description of this license can be found here http://creativecommons.org/licenses/by-nc-sa/3.0/.

More information about Creative Commons licenses can be found at http://creativecommons.org/about/licenses.

Hope you enjoy the book. If you want to after you’ve read it, come back here and leave a comment. I’d like to know what you think.

Download it here: tree_of_bones

update 12/7/2009: added the link to the specific license.

Should doctors be more than medical technicians?

I’ve thought of this question several times in the last few years, most recently in connection with two emergency room visits for my mother. She complained of (among other things) a very bad headache. Early on, one doctor ordered a ct scan of her head to see if there was maybe a tumor or something to explain the headache. The ct scan showed nothing out of the ordinary.

Here’s the bit that made me start wondering about doctor education, or intelligence or something: When the ct scan came back clean, the doctors then proceeded to completely ignore the headache. It was as if, when the test showed nothing, the problem simply ceased to exist.

This is the way not-very-skilled technicians operate. People who, in the IT field (my field) would be level 1 help desk and who would probably never progress beyond that level. Example (a real one):

Me: “I have a problem with my internet connection.”
Tech support: “I’ll test the line.” (pause) “The line is fine.”
Me: “Okay but I keep losing my connection.”
Tech support: “Restart your modem and check that it’s plugged in correctly.”
Me: “I did that. The modem is fine. There’s something wrong with the connection.”
Tech support: “I’m sorry sir but the line is clean. You need to check your modem.”
Me: “Aaaaaaaaauuuugggggghhhh!”

read more »

One of the things that makes being a fan of science fiction a little difficult is the traditional absence of creativity in Hollywood products. That is, even on the rare occasions when Hollywood tries to do science fiction, they don’t generally try very hard to make it good or interesting. An even worse problem is the traditional ignorance of science in Hollywood and journalism. But that’s not what I want to talk about today. What I want to talk about is that staple of TV science fiction: The Genius.

Notice that the word is capitalized. Not mere genius but more like Super Genius. The person with an intellect so enormous that he (usually, though sometimes a she, as characters Amanda Tapping played very well in Stargate: SG1 and much less convincingly in the deeply inferior Sanctuary) is a master of every science and all technology. Often these people are so brilliant they not only understand everything, they go far beyond what the rest of the world knows, inventing whole new sciences and extending existing ones to unimagined new heights.

In stories, these people have two functions. Those are to explain what is going on to the audience (and incidentally to the folks around them) and to come up with the one great idea that can save the day, or save the world, or at least save the story from a depressing ending.

The third, often unintended function, is to annoy the living hell out of the audience, especially those of us who know that that’s just not the way things work.
read more »

In my current employment I’m a website programmer. And a technology researcher and system administrator and probably a couple other things. But that’s not important right now. It’s the programming stuff that matters tonight. I have a big deadline coming up in a couple days and I’ve been putting in some extra hours and I’ve had something of an epiphany. It’s probably nothing new to other programmers but it is to me.

We need more comment labels.

It’s like this: Programmer’s make notes in the code we write. They’re called comments. There are certain commonly accepted prefixes that can start a comment – so commonly accepted that certain IDEs (for people who don’t know what that means, think of it as a window you type programs into) recognize them. Some IDEs will apply special highlighting to the labels so they are easy to see. This makes it simple to look at a file and find places where improvements need to be made.

The most common of these labels are TODO and FIXME. Here’s an example from one of my current projects:

#TODO: Move this function to the observer

For the record, I use TODO  a lot more often than FIXME. It would be nice to never use FIXME but sometimes there are other considerations than making every piece of code perfect. Like lunch. Or the demo that’s coming up in 15 minutes and the code had better be working (even if it’s not very pretty).
read more »

I’ve discovered a new science. I’d like to say I founded it or invented it but there are already brilliant people doing interesting work in the field. They just don’t know they share a common field.

To begin, consider this story from Wired about a bizarre scientific paper on the development of a zombie plague. The paper itself (link) is a little dry, though it’s interesting if you can wade through the math. If not, read the Wired story. The basic idea is this: Some mathematicians (with quite a bit of time on their hands, apparently) developed the math to model the spread of a zombie infection. They concluded that, unless humans respond quickly with extremely large amounts of violence, the zombies win, civilization collapses and the human race is ultimately annihilated.

The paper assumes slow zombies, not fast or smart ones. It seems reasonable that both of those situations would make things harder for humanity, most likely. It also assumes that normal human replacement (birth and death) does not take place, since newborns eventually die and the newly dead are a perpetual source of zombies, which means the zombies win. The paper models multiple scenarios, including medical treatment for zombieism and the effect of quarantine procedures on the spread. Factors considered in developing their solutions include rates of transmission, the outcome of encounters (fights) and the effect on the spread of destroying zombies so that they can no longer spread the infection. In other words, despite the seemingly whimsical nature of the subject, this is real science.

read more »

A little while ago I saw a TV commercial that offered to pay people to make themselves targets for identity theft.

Oh, that wasn’t the intention. It was more a side effect of the campaign, which offered to pay people for referring friends to use the service. The part that made me start thinking about ID theft was the line that advised that, in order for you and your friend both to receive the cash the program offers, your friend must use your account number to sign up.

Have you seen the one? Sounds enticing, doesn’t it? It’s like free money!

Just as long as you trust your friends with access to your account. I have nightmares (well, not really, but play along with me on this) of greedy people putting their account number on a business card, or in an ad on Craig’s List, to get others to help them cash in on this program. So what if a complete stranger then hijacks their account? In a way, anyone that stupid deserves what happens to them.

I have an even worse nightmare that the company that ran the ad would say that their security is too good for someone to misuse an account just by knowing the account number. They have to also know something else, like a social security number! (For those folks who came in in the middle, SS number should never be used as a customer identifier because every use exposes it to possible theft).
read more »