Short post today…
Hackers and the IoT
More of a link than a post. This Economist story from July 18, 2015, entitled, “Their own devices” is an excellent read for the non-technical person on the security implications of everything becoming a computer.
Here is the real issue says Graham Steel, the CEO of Cryptosense (Cryptosense twitter):
Part of the problem, says Dr Steel, is that many of the firms making these newly connected widgets have little experience with the arcane world of computer security. He describes talking to a big European maker of car components last year. “These guys are mechanical engineers by training,” he says. “They were saying, ‘suddenly we have to become security developers, cryptography experts and so on, and we have no experience of how to do all that’.”
The Page house caught a bug this past Christmas (2015). As a result, we didn’t get out of the house very much; instead we ended up getting extra value from our Netflix and iTunes Movies accounts.
One of the (many) movies we watched was Max (2015: IMDB).
Max Movie Poster Frame
From the IMDB entry for the movie:
A dog that helped US Marines in Afghanistan returns to the U.S. and is adopted by his handler’s family after suffering a traumatic experience.
I am a former Marine and everyone in the Page house is card-carrying Dog Person so the movie looked awesome. I won’t spoil it but the movie was very enjoyable and left everyone with good feelings (compulsory for any proper PG-rated dog-related movie!). If you have dogs in your family I recommend you add Max (iTunes, Amazon Video) to your Wish List.
On a recent trip I saw a boy watching the movie in the airport on the family iPad. It reminded me of this blog post I’d been wanting to write for a while.
Veterans (and Marines in particular) will at least notice, if not be annoyed by, the inaccuracies in the representation / portrayal of Marines.
- Ranks (i.e., Corporal, Sergeant, etc.)
- Misuse of words like “command”
- Salutes and “covers”
- Tactical behavior
- Uniform items
- Uniform presentation
- and, uh, haircuts
So, to the movie industry – if you need/want someone to help you accurately portray Marines and/or the Marine Corps – find an active duty Marine. They would be delighted to help; and probably for free.
If you can’t find one, email me and either I will find you one or help you myself.
Keywords: Candidate competence, Voter competence
Neither Republicans or Democrats have a lock on technical ignorance. I loved the term “staggering ignorance” in a December 2015 article on Venture Beat. “Loved” in terms of being vivid and accurate; not in terms of it being good that the candidates are so ignorant.
This issue of encryption isn’t tech versus security. It’s a case of people that understand versus those that don’t.
Maybe candidates for Leader of the Free World should have to pass an PAT (Presidential Aptitude Test) before they can run.
Duet lets you use your iPad as a second monitor on your Mac or Windows computer.
Subtitle: I carry a second monitor in my bag…
Every now and again you find a tool that is so useful you need to share. When that happens you OWE it to the manufacturer/service provider to share for two reasons:
- get off your butt – it’s the right thing to do, and
- it’s self-serving; candid and positive product endorsements are IMMENSELY valuable for growing companies!
Duet – Space if a Beautiful Thing
Space is a beautiful thing.
and I can’t get enough of it.
- I LOOVE my MacBook Air (MBA) ((still) gorgeous, small, crazy convenient, good battery life, great keyboard, more than powerful enough even for VMWare) – I could go on.
- I am a screen-space snob – the more screens and resolution the better.
Until Duet I was SOL. At my work- or home-desk I have multiple monitors. On travel / when mobile I endured the MBA’s small screen. I’ve tried to get into MacOS’s Spaces but never felt it work for me. I need to see a lot of stuff all at once not have a better way of hiding it.
In fairness there are wireless solutions that use WiFi to extend screens from one machine to another. I tried these but the flakiness of the networks on which I work routinely frustrated me.
Then I met Duet. ♥
and then I met Ten One Design‘s Mountie. ♥♥♥
What does Duet do?
Duet allows you to use your iPad as second (or third+) screen. Using Duet you can extend your desktop onto your iPad just like you would do with a second “real” monitor or projector.
If you add in the Ten One Design Mountie you get something that works / looks like this:
For a mobile worker this is really good stuff.
What do I need to use this?
- Download the Duet.app for iOS from the App Store. This costs $15.99. The one-time $15.99 price lets you use Duet on all of your iOS devices (that use the same iTunes account) and on as many Macs as you want.
- Download the Mac/Windows software from the Duet website.
- Find the cable (lightning or 30-pin) you need to connect your iPad to your computer. By the way, Duet works with your phone too!
- Connect iOS device to computer
- Launch Duet on the computer
- Launch Duet on the iOS device
- Wait for your computer to recognize the external display.
I’ve been using Duet + Mountie + iPad Mini for a while and it’s great. That said, an iPad Pro is on my list and when I get it I’ll be using Duet with it. The Mountie won’t hold the iPad Pro (at least not in its current incarnation) so I’ll end up with some sort of slim stand.
- Former Apple engineers developed this which leads me to believe that the mildly unnatural act of using an iPad as a display has been well optimized
- Past a certain angle the weight of the iPad Mini on the Mountie – attached to the MacBook Air “tips.” This causes the screen on the MacBook Air to want to open fully which, in turn, causes the MBA to want to tip backwards. If I had my druthers I’d like to adjust the screen hinge tension on my MBA. Since that’s not possible my practical usage is restricted to environments where I don’t need to look on the MBA screen at a downward angle (e.g., in airplanes).
- As a pleasant surprise Duet works with other USB display systems. I was recently in a customer’s conference room using a USB projector. Duet and the USB projector co-existed nicely. As far as OSX El Capitan was concerned they were both external monitors.
Note to my colleagues: this blog post is a reminder to myself that I need to stick to my guns.
Sticking to your guns
I’ve long believed there are interesting and non-obvious patterns in human behavior.
Uber recently shared their discovery that Uber passengers are willing to pay higher surge pricing when their phone battery is low.
That “makes sense” but Uber has DATA to show the correlation!
I can only imagine this discovery was made by crossing random variables in a scatter plot and seeing the correlation.
I’ve advocated for capturing as much data as possible during a customer encounter. Pushback from developers has always taken the form – what questions do you want to answer and we’ll collect that data.
The moral of the story is collect everything you can. In most cases you don’t KNOW what questions you want to ask or ever that a question could be asked.
I can’t imagine anyone at Uber told the development team they wanted to analyze surge pricing tolerance versus device battery levels
Collect it all; people always surprise.
BYOD and off-premise access to on-prem and/or behind-the-firewall resources is a huge problem for IT security.
Don’t feed the phish. Image credits to the University of Idaho.
Google has been testing new/different/alternative ways for their customers to authenticate (i.e., identify themselves). The addition of your phone into multi-factor authentication (MFA) is not new. What is slightly new is how the phone is used. Google authenticator (the “standard” way of adding your phone to MFA) is a pain – who wants to type in a number? There’s no password on Google Authenticator.
This new experiment relies on possession of the phone to enable access. An interesting concession to convenience.
Here’s my (free to use) suggestion for phone-based MFA:
- authentication request pushes notification to phone
- open alert takes you to the New and Improved Google Authenticator
- Fingerprint authentication required for the Google Authenticator app
- BIG BUTTON that reads “Do you want to login to Application X?”
- Tap yes
Dear Google – off you go to implement please.
Not sure how I missed this…
On Jul 21, 2015 Wired Magazine ran a story by Andy Greenberg titled “Hackers Remotely Kill a Jeep on the Highway—With Me in It.”
According to the story, hackers were able to remotely take control over only instrumentation and “dashboard functions” but operational components like steering, brakes, and the transmission.
An autonomous car
In response, Senators Ed Markey and Richard Blumenthal worked to introduce legislation designed to introduce standards to protect against digital attacks and privacy.
In danger of allowing a good point stand on its own Markey added, in a statement, “Drivers shouldn’t have to choose between being connected and being protected.” Nice alliteration, right?
The bill was going to call on the National Highway Safety and Transportation Administration and the Federal Trade Commission to keep us safe from the software in our cars.
Josh Corman, one of the cofounders of the security industry group I Am the Cavalry, which is focused on protecting things like medical devices and automobiles, was wary of a possible bill when he spoke with WIRED about the possibility earlier this month.
Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.
Corman worried that the ensuing law could be comparable to payment card industry rules that are widely seen as outmoded and ineffective.
Can anyone think of anything scarier than asking the NHSTA and/or FTC to create ANYTHING that would keep our connected cars safe from hackers?
Psst – Congress – government (and the legislative branch in particular) has no business in cybersecurity.