Loose cyber-lips can sink real ship. According to separate reports published by the British government and the cruise ship industry, large cargo and passenger vessels could be damaged by cyberattacks – and potentially even sent to the bottom of the ocean.

The foreword pulls no punches. “Code of Practice: Cyber Security for Ships” was commissioned by the U.K. Department of Transport, and published by the Institution of Engineering and Technology (IET) in London.

Poor security could lead to significant loss of customer and/or industry confidence, reputational damage, potentially severe financial losses or penalties, and litigation affecting the companies involved. The compromise of ship systems may also lead to unwanted outcomes, for example:

(a) physical harm to the system or the shipboard personnel or cargo – in the worst case scenario this could lead to a risk to life and/or the loss of the ship;

(b) disruptions caused by the ship no longer functioning or sailing as intended;

(c) loss of sensitive information, including commercially sensitive or personal data;

and

(d) permitting criminal activity, including kidnap, piracy, fraud, theft of cargo, imposition of ransomware.

The above scenarios may occur at an individual ship level or at fleet level; the latter is likely to be much worse and could severely disrupt fleet operations.

Cargo and Passenger Systems

The report goes into considerable detail about the need to protect confidential information, including intellectual property, cargo manifests, passenger lists, and financial documents. Beyond that, the document warns about dangers from activist groups (or “hackivism”) where actors might work to prevent the handling of specific cargoes, or even disrupt the operation of the ship. The target may be the ship itself, the ship’s owner or operator, or the supplier or recipient of the cargo.

The types of damage could be as simple as the disruption of ship-to-shore communications through a DDoS attack. It might be as dangerous as the corruption or feeding false sensor data that could cause the vessel to flounder or head off course. What can done? The reports several important steps to maintain the security of critical systems including:

(a) Confidentiality – the control of access and prevention of unauthorised access to ship data, which might be sensitive in isolation or in aggregate. The ship systems and associated processes should be designed, implemented, operated and maintained so as to prevent unauthorised access to, for example, sensitive financial, security, commercial or personal data. All personal data should be handled in accordance with the Data Protection Act and additional measures may be required to protect privacy due to the aggregation of data, information or metadata.

(b) Possession and/or control – the design, implementation, operation and maintenance of ship systems and associated processes so as to prevent unauthorised control, manipulation or interference. The ship systems and associated processes should be designed, implemented, operated and maintained so as to prevent unauthorised control, manipulation or interference. An example would be the loss of an encrypted storage device – there is no loss of confidentiality as the information is inaccessible without the encryption key, but the owner or user is deprived of its contents.

(c) Integrity – maintaining the consistency, coherence and configuration of information and systems, and preventing unauthorised changes to them. The ship systems and associated processes should be designed, implemented, operated and maintained so as to prevent unauthorised changes being made to assets, processes, system state or the configuration of the system itself. A loss of system integrity could occur through physical changes to a system, such as the unauthorised connection of a Wi-Fi access point to a secure network, or through a fault such as the corruption of a database or file due to media storage errors.

(d) Authenticity – ensuring that inputs to, and outputs from, ship systems, the state of the systems and any associated processes and ship data, are genuine and have not been tampered with or modified. It should also be possible to verify the authenticity of components, software and data within the systems and any associated processes. Authenticity issues could relate to data such as a forged security certificate or to hardware such as a cloned device.

With passenger vessels, the report points for the need for modular controls and hardened IT infrastructure. That stops unauthorized people from gaining access to online booking, point-of-sales, passenger management, and other critical ships systems by tapping into wiring cabinets, cable junctions, and maintenance areas. Like we said, scary stuff.

The Industry Weighs In

A similar report was produced for the shipping industry by seven organizations, including the International Maritime Organization and the International Chamber of Shipping. The “Guidelines on Cyber Security Onboard Ships” warns that that incident can arise as the result of,

  • A cyber security incident, which affects the availability and integrity of OT, for example corruption of chart data held in an Electronic Chart Display and Information System (ECDIS)
  • A failure occurring during software maintenance and patching
  • Loss of or manipulation of external sensor data, critical for the operation of a ship. This includes but is not limited to Global Navigation Satellite Systems (GNSS).

This report discusses the role of activists (including disgruntles employees), as well as criminals, opportunists, terrorists, and state-sponsored organizations. There are many potentially vulnerable areas, including cargo management systems, bridge systems, propulsion and other machinery, access control, passenger management systems — and communications. As the report says,

Modern technologies can add vulnerabilities to the ships especially if there are insecure designs of networks and uncontrolled access to the internet. Additionally, shoreside and onboard personnel may be unaware how some equipment producers maintain remote access to shipboard equipment and its network system. The risks of misunderstood, unknown, and uncoordinated remote access to an operating ship should be taken into consideration as an important part of the risk assessment.

The stakes are high. The loss of operational technology (OT) systems “may have a significant and immediate impact on the safe operation of the ship. Should a cyber incident result in the loss or malfunctioning of OT systems, it will be essential that effective actions are taken to ensure the immediate safety of the crew, ship and protection of the marine environment.”

Sobering words for any maritime operator.

My Benchmade Bugout Axis knife arrived last week. I’ve been using it as an everyday carry (EDC) knife, instead of my usual Benchmade Griptilian or Mini Griptilian.

Summary: The Bugout is very nice and light, with an excellent blade. The handle’s too thin for a sturdy grip, so I wouldn’t want it in a knife fight. It could be easily knocked out of my hand. Easier to drop, I think, than the Griptilian or Mini Grip. Still, the Bugout nice and practical for a pocket knife, and the Axis is my favorite locking mechanism.

Benchmade describes the Bugout as “designed for the modern outdoor adventurer, incorporating the lightest, best performing materials in an extremely slim yet ergonomic package.” Well, that’s not me: I’m an urban work-at-home adventurer who likes having a knife in my pocket whenever I got out, whether it’s to the store, a technical conference, or for a walk around the neighborhood. (Sadly, I can’t take a knife when I fly. Sniff.)

What’s good about the Bugout: Light (1.85 ounces, says Benchmade), blade length (3.24”) steel (S30V), pretty blue handle, thin (0.42”). The blade is thin (0.09”).

Compare to the Griptilian, seen here with a black handle and silver blade. Slightly longer and thicker blade than the Bugout (3.45” and 0.11”), much thicker handle (0.64”) and twice the weight (3.79 ounces). Many choices of steel.

Compare to the Mini Grip, seen here with a black handle and black blade. Shorter but thicker blade compared to the Bugout, (2.91” and 0.10”), thicker handle (0.51”), and greater weight (2.68 ounces). Many choices of steel.

What’s not so good about the Bugout: Beyond the slightly hard-to-grasp handle, it’s the lack of essential options. With the Griptilian and Mini Grip, you can choose the steel. You can choose the blade shape. You can choose the colors. Not so with the Bugout, at least not yet, so I’m stuck with the drop-point and blue.

With the Grip and Mini Grip, I’ve chosen knives with the sheepsfoot point. I like the flip-out hole, even though it makes the knives bulkier. The only real option on the Bugout, at least at present, is a plain or serrated drop-point blade. (I would buy another Bugout if it came with sheepsfoot, and give this one to my son.)

Oh, you can do custom engraving on the Bugout blades. Nice if you’re giving one as a gift.

Bottom line: The Bugout is a very nice, very civilized EDC. I’m happy to wear it with nice trousers, or at any time where slimness or light weight are paramount. (Those are the scenarios that Benchmade touts, especially for packing into a backpack or other “bugout” gear.) The big loser here is the Mini Grip, which has been supplanted by a lighter knife with a longer blade.

Go ahead, bring on the apple, bring on the wrapped package, bring on the rope/cord. The Bugout has it covered.

That said: For going out on walks, or other outings with jeans or cargo pants, when weight is not an issue, the Griptilian will still be my #1 EDC.

HP-35 slide rule calculatorAt the current rate of rainfall, when will your local reservoir overflow its banks? If you shoot a rocket at an angle of 60 degrees into a headwind, how far will it fly with 40 pounds of propellant and a 5-pound payload? Assuming a 100-month loan for $75,000 at 5.11 percent, what will the payoff balance be after four years? If a lab culture is doubling every 14 hours, how many viruses will there be in a week?

Those sorts of questions aren’t asked by mathematicians, who are the people who derive equations to solve problems in a general way. Rather, they are asked by working engineers, technicians, military ballistics officers, and financiers, all of whom need an actual number: Given this set of inputs, tell me the answer.

Before the modern era (say, the 1970s), these problems could be hard to solve. They required a lot of pencils and paper, a book of tables, or a slide rule. Mathematicians never carried slide rules, but astronauts did, as their backup computers.

However, slide rules had limitations. They were good to about three digits of accuracy, no more, in the hands of a skilled operator. Three digits was fine for real-world engineering, but not enough for finance. With slide rules, you had to keep track of the decimal point yourself: The slide rule might tell you the answer is 641, but you had to know if that was 64.1 or 0.641 or 641.0. And if you were chaining calculations (needed in all but the simplest problems), accuracy dropped with each successive operation.

Everything the slide rule could do, a so-called slide-rule calculator could do better—and more accurately. Slide rules are really good at few things. Multiplication and division? Easy. Exponents, like 613? Easy. Doing trig, like sines, cosines, and tangents? Easy. Logarithms? Easy.

Hewlett-Packard unleashed a monster when it created the HP-9100A desktop calculator, released in 1968 at a price of about $5,000. The HP-9100A did everything a slide rule could do, and more—such as trig, polar/rectangular conversions, and exponents and roots. However, it was big and it was expensive—about $35,900 in 2017 dollars, or the price of a nice car! HP had a market for the HP-9100A, since it already sold test equipment into many labs. However, something better was needed, something affordable, something that could become a mass-market item. And that became the pocket slide-rule calculator revolution, starting off with the amazing HP-35.

If you look at the HP-35 today, it seems laughably simplistic. The calculator app in your smartphone is much more powerful. However, back in 1972, and at a price of only $395 ($2,350 in 2017 dollars), the HP-35 changed the world. Companies like General Electric ordered tens of thousands of units. It was crazy, especially for a device that had a few minor math bugs in its first shipping batch (HP gave everyone a free replacement).

Read more about early slide-rule calculators — and the more advanced card-programmable models like the HP-65 and HP-67, in my story, “The early history of HP calculators.”

HP-65 and HP-67 card-programmable calculators

To think, the U.S. Secretary of State wants to send me money! Interesting that he’s using a gmail.com address for outgoing mail, a German email address for replies, and a phone number in the African country of Benin.

Obviously, this is spam. Delete such messages; don’t reply to them.

From: “Mr. Rex W. Tillerson” email hidden; JavaScript is required

Subject: Federal Bureau of Investigation (FBI)

To: undisclosed recipients: ;

Reply-To: “Mr. Rex W. Tillerson” _____________

U.S Department of State 2201 C Street NWmWashington, DC 20520.

Dear Beneficiary

Your ATM Visa Card will be shipped through DHL to your address. I am Mr. Rex W. Tillerson, United States Secretary of State by profession. This is to inform you officially that after our investigations with the Federal Bureau of Investigation (FBI), Central Intelligence Agency (CIA) and other Security Agencies in the Country for the year 2016 and 2017, we discovered that you have not yet received your over due fund.

I have made it my first point of call since taking office to settle all Outstanding Payments accrued to Individuals or Corporations with respect to local and overseas contract payment, Debt Rescheduling and Outstanding Compensation payment.

This is to make sure all Outstanding payments are settled beginning of this fiscal year 2017. On Behalf of the entire staff of the U.S. Department of State and the United Nations in collaboration with World Bank, we apologize for the delay of your contract payment, Winning or Inheritance funds from most of African Countries and all the inconveniences you encountered while pursuing this payment.

However, from the records of outstanding beneficiaries due for payment with the U.S Secretary of State, your name was discovered as next on the list of the outstanding payment who has not yet received their payments.

Note that from the record in my file, your outstanding contract payment is $5,5,000.00 USD (Five Million, Five Hundred Thousand United States Dollars) loaded in an ATM Visa Card that allows you to make a daily maximum withdrawal limit of $5,000 Five Thousand Dollars) YOUR ATM PIN CODE (7250).

I have your file here in my office and it says that you are yet to receive your fund valued at $5,5,000.00 USD (Five Million, Five Hundred Thousand United States Dollars). This Funds will now be delivered to your designated address or your preferred payment option.

We have perfected all modules on how to bring this fund to your house without any problem, but be aware that United Nations and the United States Government has only authorised my office to release the Sum of $5,5,000.00 USD to you as true beneficiary of the Fund.

Note that your loaded ATM Visa Card will be mailed to you through Priority Mail Express (DHL) to your designated address immediately you admit full compliance to this email. Due to my busy schedules You are advised to kindly get in contact with our correspondent Mr Brian Voge with the below details enclosed to help ensure safe mailing of your ATM Visa Card:

Your Full Name:

Your Contact House Address:

Name of City of Residence:

Country of Residence:

Direct Mobile Telephone Number:

ID Card, DL or Passport Copy:

Age and Occupation:

Contact Mr Brian Voge immediately by replying to this email or emailing the address below:

Name: Mr Brian Voge

TELEPHONE: ____________

He is obliged to treat your case with utmost urgency as soon as you contact him and fill out your correct details including all reachable phone numbers for him to get in touch with you via phone and email.

NOTE: Every documentation proof for your fund have been packaged and sealed to be mailed together with your Visa Card to your address. Therefore, the only obligation required of you by the laws of the Government of United States and the financial Monetary Policy of the Supreme Court, states that; you as a beneficiary must officially obtain the irrevocable LEGAL STAY OF PROCEED from the Supreme Court of USA, as a means to justify the legitimacy, transparency and clean bill of funds from USA so that by the time your funds gets to you, no authority will question the funds as it has been legally certified free from all financial Malpractices and facets. The LEGAL STAY OF PROCEED is valued at a cost of just ($150) please take note of that.

As soon as the above mentioned $150 is received, The LEGAL STAY OF PROCEED will be secured on your behalf immediately. I need all the compliance that I can get from you to ensure we get this project accomplished. Personally, I am very sorry for the delay you have gone through in the past years. Thanks for adhering to this instructions which are meant for your sole benefit, once again accept my congratulations in advance.

Thanks for your cooperation as your quick response to this email notice with adherence to the above instructions is highly anticipated.

Yours Sincerely,

Mr. Rex W. Tillerson.

The water is rising up over your desktops, your servers, and your data center. Glug, glug, gurgle.

You’d better hope that the disaster recovery plans included the word “offsite.” Hope the backup IT site wasn’t another local business that’s also destroyed by the hurricane, the flood, the tornado, the fire, or the earthquake.

Disasters are real, as August’s Hurricane Harvey and immense floods in Southeast Asia have taught us all. With tens of thousands of people displaced, it’s hard to rebuild a business. Even with a smaller disaster, like a power outage that lasts a couple of days, the business impact can be tremendous.

I once worked for a company in New York that was hit by a blizzard that snapped the power and telephone lines to the office building. Down went the PBX, down went the phone system and the email servers. Remote workers (I was in in California) were massively impaired. Worse, incoming phone calls simply rang and rang; incoming email messages bounced back to the sender.

With that storm, electricity was gone for more than a week, and broadband took an additional time to be restored. You’d better believe our first order of business, once we began the recovery phase, was to move our internal Microsoft Exchange Server to a colocation facility with redundant T1 lines, and move our internal PBX to a hosted solution from the phone company. We didn’t like the cost, but we simply couldn’t afford to be shut down again the next time a storm struck.

These days, the answer lies within the cloud, either for primary data center operations, or for the source of a backup. (Forget trying to salvage anything from a submerged server rack or storage system.)

Be very prepared

Are you ready for a disaster? In a February 2017 study conducted by the Disaster Recovery Journal and Forrester Research, “The State Of Disaster Recovery Preparedness 2017,” only 18% of disaster recovery decision makers said they were “very prepared” to recover their data center in the event of a site failure or disaster event. Another 37% were prepared, 34% were somewhat prepared, and 11% not prepared at all.

That’s not good enough if you’re in Houston or Bangladesh or even New York during a blizzard. And that’s clear even among the survey respondents, 43% of whom said there was a business requirement to stay online and competitive 24×7. The cloud is considered to be one option for disaster recovery (DR) planning, but it’s not the only one. Says the study:

DR in the cloud has been a hot topic that has garnered a significant amount of attention during the past few years. Adoption is increasing but at a slow rate. According to the latest survey, 18 percent of companies are now using the cloud in some way as a recovery site – an increase of 3 percent. This includes 10 percent who use a fully packaged DR-as-a-Service (DRaaS) offering and 8 percent who use Infrastructure-as-a-Service (IaaS) to configure their own DR in the cloud configuration. Use of colocation for recovery sites is remains consistent at 37 percent (roughly the same as the prior study). However, the most common method of sourcing recovery sites is still in-house at 43 percent.

The study shows that 43% own their site and IT infrastructure. Also, 37% use a colocation site with their own infrastructure, 20% used a shared, fix-site IT IaaS provider, 10% use DRaaS offering in the cloud, and only 8% use public cloud IaaS as a recovery site.

For the very largest companies, the public cloud, or even a DRaaS provider, may not be the way to go. If the organization is still maintaining a significant data center (or multiple data centers), the cost and risks of moving to the cloud are significant. Unless a data center is heavily virtualized, it will be difficult to replicate the environment – including servers, storage, networking, and security – at a cloud provider.

For smaller businesses, however, moving to a cloud system is becoming increasingly cost-effective. It’s attractive for scalability and OpEx reasons, and agile for deploying new applications. This month’s hurricanes offer an urgent reason to move away from on-prem or hybrid to a full cloud environment — or at least explore DRaaS. With the right service provider, offering redundancy and portability, the cloud could be the only real hope in a significant disaster.

The more advanced the military technology, the greater the opportunities for intentional or unintentional failure in a cyberwar. As Scotty says in Star Trek III: The Search for Spock, “The more they overthink the plumbing, the easier it is to stop up the drain.”

In the case of a couple of recent accidents involving the U.S. Navy, the plumbing might actually be the computer systems that control navigation. In mid-August, the destroyer U.S.S. John S. McCain rammed into an oil tanker near Singapore. A month or so earlier, a container ship hit the nearly identical U.S.S. Fitzgerald off Japan. Why didn’t those hugely sophisticated ships see the much-larger merchant vessels, and move out of the way?

There has been speculation, and only speculation, that both ships might have been victims of cyber foul play, perhaps as a test of offensive capabilities by a hostile state actor. The U.S. Navy has not given a high rating to that possibility, and let’s admit, the odds are against it.

Even so, the military hasn’t dismissed the idea, writes Bill Gertz in the Washington Free Beacon:

On the possibility that China may have triggered the collision, Chinese military writings indicate there are plans to use cyber attacks to “weaken, sabotage, or destroy enemy computer network systems or to degrade their operating effectiveness.” The Chinese military intends to use electronic, cyber, and military influence operations for attacks against military computer systems and networks, and for jamming American precision-guided munitions and the GPS satellites that guide them, according to one Chinese military report.

The datac enters of those ships are hardened and well protected. Still, given the sophistication of today’s warfare, what if systems are hacked?

Imagine what would happen if, say, foreign powers were able to break into drones or cruise missiles. This might cause them to crash prematurely, self-destruct, or hit a friendly target, or perhaps even “land” and become captured. What about disruptions to fighter aircraft, such as jets or helicopters? Radar systems? Gear carried by troops?

It’s a chilling thought. It reminds me that many gun owners in the United States, including law enforcement officers, don’t like so-called “smart” pistols that require fingerprint matching before they can fire – because those systems might fail in a crisis, or if the weapon is dropped or becomes wet, leaving the police officer effectively unarmed.

The Council on Foreign Relations published a blog by David P. Fidler, “A Cyber Norms Hypothetical: What If the USS John S. McCain Was Hacked? In the post, Fidler says, “The Fitzgerald and McCain accidents resulted in significant damage to naval vessels and deaths and injuries to sailors. If done by a foreign nation, then hacking the navigation systems would be an illegal use of force under international law.”

Fidler believes this could lead to a real shooting war:

In this scenario, the targets were naval vessels not merchant ships, which means the hacking threatened and damaged core national security interests and military assets of the United States. In the peacetime circumstances of these incidents, no nation could argue that such a use of force had a plausible justification under international law. And every country knows the United States reserves the right to use force in self-defense if it is the victim of an illegal use of force.

There is precedent. In May and June 2017, two Sukhoi 30 fighter jets belonging to the Indian Air Force crashed – and there was speculation that these were caused by China. In one case, reports Naveen Goud in Cybersecurity Insiders,

The inquiry made by IAF led to the discovery of a fact that the flying aircraft was cyber attacked when it was airborne which led to the death of the two IAF officers- squadron leader D Pankaj and Flight Lieutenant Achudev who were flying the aircraft. The death was caused due to the failure in initiating the ejection process of the pilot’s seat due to a cyber interference caused in the air.

Let us hope that we’re not entering a hot phase of active cyberwarfare.

The late, great science fiction writer Isaac Asimov frequently referred to the “Frankenstein Complex,” That was deep-seated and irrational phobia that robots (i.e, artificial intelligence) would rise up and destroy their creators. Whether it’s HAL in “2001: A Space Odyssey,” or the mainframe in “Colossus: The Forbin Project,” or Arnold Schwarzenegger in “Terminator,” or even the classic Star Trek episode “The Ultimate Computer,” sci-fi carries the message that AI will soon render us obsolescent… or obsolete… or extinct. Many people are worried this fantasy will become reality.

No, Facebook didn’t have to kill creepy bots 

To listen to the breathless news reports, Facebook created some chatbots that were out of control. The bots, designed to test AI’s ability to negotiate, had created their own language – and scientists were alarmed that they could no longer understand what those devious rogues were up to. So, the plug had to be pulled before Armageddon. Said Poulami Nag in the International Business Times:

Facebook may have just created something, which may cause the end of a whole Homo sapien species in the hand of artificial intelligence. You think I am being over dramatic? Not really. These little baby Terminators that we’re breeding could start talking about us behind our backs! They could use this language to plot against us, and the worst part is that we won’t even understand.

Well, no. Not even close. The development of an optimized negotiating language was no surprise, and had little to do with the conclusion of Facebook’s experiment, explain the engineers at FAIR – Facebook Artificial Intelligence Research.

The program’s goal was to create dialog agents (i.e., chatbots) that would negotiate with people. To quote a Facebook blog,

Similar to how people have differing goals, run into conflicts, and then negotiate to come to an agreed-upon compromise, the researchers have shown that it’s possible for dialog agents with differing goals (implemented as end-to-end-trained neural networks) to engage in start-to-finish negotiations with other bots or people while arriving at common decisions or outcomes.

And then,

To go beyond simply trying to imitate people, the FAIR researchers instead allowed the model to achieve the goals of the negotiation. To train the model to achieve its goals, the researchers had the model practice thousands of negotiations against itself, and used reinforcement learning to reward the model when it achieved a good outcome. To prevent the algorithm from developing its own language, it was simultaneously trained to produce humanlike language.

The language produced by the chatbots was indeed humanlike – but they didn’t talk like humans. Instead they used English words, but in a way that was slightly different than human speakers would use. For example, explains tech journalist Wayne Rash in eWeek,

The blog discussed how researchers were teaching an AI program how to negotiate by having two AI agents, one named Bob and the other Alice, negotiate with each other to divide a set of objects, which consisted a hats, books and balls. Each AI agent was assigned a value to each item, with the value not known to the other ‘bot. Then the chatbots were allowed to talk to each other to divide up the objects.

The goal of the negotiation was for each chatbot to accumulate the most points. While the ‘bots started out talking to each other in English, that quickly changed to a series of words that reflected meaning to the bots, but not to the humans doing the research. Here’s a typical exchange between the ‘bots, using English words but with different meaning:

Bob: “I can i i everything else.”

Alice responds: “Balls have zero to me to me to me to me to me to me to me to me to,”

The conversation continues with variations of the number of the times Bob said “i” and the number of times Alice said “to me” in the discussion.

A natural evolution of natural language

Those aren’t glitches; those repetitions have meaning to the chatbots. The experiment showed that some parameters needed to be changed – after all, FAIR wanted chatbots that could negotiate with humans, and these programs weren’t accomplishing that goal. According to Gizmodo’s Tom McKay,

When Facebook directed two of these semi-intelligent bots to talk to each other, FastCo reported, the programmers realized they had made an error by not incentivizing the chatbots to communicate according to human-comprehensible rules of the English language. In their attempts to learn from each other, the bots thus began chatting back and forth in a derived shorthand—but while it might look creepy, that’s all it was.

“Agents will drift off understandable language and invent codewords for themselves,” FAIR visiting researcher Dhruv Batra said. “Like if I say ‘the’ five times, you interpret that to mean I want five copies of this item. This isn’t so different from the way communities of humans create shorthands.”

Facebook did indeed shut down the conversation, but not because they were panicked they had untethered a potential Skynet. FAIR researcher Mike Lewis told FastCo they had simply decided “our interest was having bots who could talk to people,” not efficiently to each other, and thus opted to require them to write to each other legibly.

No panic, fingers on the missiles, no mushroom clouds. Whew, humanity dodged certain death yet again! Must click “like” so the killer robots like me.

We saw “Valerian and the City of a Thousand Planets” and thoroughly enjoyed it. It was far better than the professional reviews; yes, the plot was a bit convoluted, and the yes, the romance between the major and the sergeant seemed forced and cheesy… but it was good fun. (And the romance was far less cheesy […]

People Queue Magazine has a fascinating new article, “No more queuing at the ladies’ room.” You’ll want to read the whole thing, because it has some fascinating mathematics (this is a scientific article, not a sociological one). Here’s a teaser:

Although it’s a well-documented fact that women have to wait longer at the bathroom stall, so far the mathematical perspective seems to be lacking in literature. This is in spite of the decennia-long existence of the field of queuing theory, which has traditionally been applied most to problems of technology and decent people, rather than to such inescapable habits as the act of excreting.

Nevertheless, mathematics is what you need to analyze queues because of the inherent random nature of queuing phenomena, turning simple lines of people into complex nonlinear systems with numerous parameters, whereby a small deviation can lead to excessive additional waiting. This is as opposed to good old linear systems, which see linear changes of parameters translated in proportional variations at their output.

Nonlinear systems are common in everyday life and nature. A virus for example will result in a pandemic much faster if it is just slightly more infectious. And just a few extra cars make for a traffic jam appearing out of thin air. Similarly, toilet queues, or any queue for that matter, pose nonlinear problems in which the fragile balance between capacity and demand can be disrupted by subtle tweaks.

A first factor explaining why women wait longer is that the net number of toilets for women is smaller than that for men. The toilet sections for men and women are often of equal size, as is the surface dedicated to each of them. What appears to be “fair” at first sight, is quite unreasonable knowing that a toilet cabin inevitably takes up more space than a urinal. Overall, an average toilet area can accommodate 20 to 30% more toilets for men (urinals + cabins) than for women.

The major impact of the number of toilets on the average waiting time can be understood from the Erlang-C queuing model. This model allows to calculate the average waiting time when the number of available toilets, the average time spent on the toilet and the average arrival intensity are known. Where λ stands for the average arrival intensity expressed in number of arrivals per minute, μ for the inverse of the average time spent on the toilet, and t for the number of toilets, the average waiting time is obtained from following formulas:

Read the whole article — and there’s no waiting, whether you are male or female.

We added a new friend to our back yard bird list, the Gilded Flicker, a type of woodpecker. We already knew about our Gila Woodpeckers, and also the more common Northern Flicker, but the Gilded Flicker really stood out. See those beautiful yellow/gold feathers? And the little patches of red on the cheeks? Gorgeous.

Here’s the current list of our backyard birds, in alphabetical order by scientific name, as of July 2017. (Cactus Wren wins the contest for best name.) We live in the Moon Valley neighborhood of Phoenix, in the north-central part of the city.

  • Accipiter cooperii – Cooper’s Hawk
  • Agapornis roseicollis – Rosy-Faced / Peach-Faced Lovebirds
  • Archilochus alexandri – Black-Chinned Hummingbird
  • Auriparus flaviceps) – Verdin
  • Bubo virginianus – Great Horned Owl
  • Buteo jamaicensis – Red-Tailed Hawk
  • Callipepla gambelii – Gambel’s Quail
  • Calypte anna – Anna’s Hummingbird
  • Calypte costae – Costa’s Hummingbird
  • Campylorhynchus brunneicapillus – Cactus Wren
  • Cardinalis cardinalis – Northern Cardinal
  • Colaptes auratus – Northern Flicker
  • Colaptes chrysoides – Gilded Flicker
  • Columbina inca – Inca Dove
  • Columba livia – Common Pigeon / Rock Dove
  • Geococcyx californianus – Greater Roadrunner
  • Haemorhous mexicanus – House Finch
  • Melanerpes uropygialis – Gila Woodpecker
  • Mimus polyglottos – Northern Mockingbird
  • Passer domesticus – House Sparrow
  • Pipilo aberti – Abert’s Towhee
  • Spinus psaltria – Lesser Goldfinch
  • Spinus tristis – American Goldfinch
  • Sturnus vulgaris – Common Starling
  • Toxostoma curvirostre – Curve-Billed Thrasher
  • Zenaida asiatica – White-Winged Dove
  • Zenaida macroura – Mourning Dove
  • Zonotrichia atricapilla – Gold-Crowned Sparrow
  • Zonotrichia leucophrys – White-Crowned Sparrow

“Thou shalt not refer winkingly to my taking off my robe after worship as disrobing.” A powerful new essay by Pastor Melissa Florer-Bixler, “10 commandments for male clergy,” highlights the challenges that female clergy endure in a patriarchal tradition — and one in which they are still seen as interlopers to church/synagogue power.

In my life and volunteer work, I have the honor to work with many clergy. Many, but not all, are rabbis and cantors who come from the traditions of Reform Judaism. Many of them are women. I also work with female Conservative and Reconstructionist rabbis and cantors, as well as female pastors and ministers. And of course, there are lots of male clergy, from those traditions as well as the male-only Orthodox Jewish and Roman Catholic domains.

Congregations, schools, seminaries, communities, and non-profits enjoy abundant blessings when employing and engaging with female clergy. That doesn’t mean that women clergy are always seen as first-class clergy, and treated with the same respect as their male counterparts.

There are too many assumptions, writes Pastor Florer-Bixler, who ministers at the Raleigh Mennonite Church. Too many jokes. Too many subtle sexist put-downs. I’ve heard those myself. To be honest, there are some jokes and patronizing assumptions that I’ve made myself. While always meant kindly, my own words and attitude contributed to the problem.

In her essay, Pastor Florer-Bixler writes about mansplaining, stereotypes, and the unspoken notion that religious institutions are essentially masculine:

In her recent lecture-essay “Women in Power: From Medusa to Merkel,” Mary Beard describes the pervasiveness of the cultural stereotype that power — from the halls of ancient Greece to the modern parliament — is masculine.

She cites a January 2017 article in The London Times about women front-runners for the positions of bishop of London, commissioner of the Metropolitan Police and chair of the BBC governing board. The headline read: “Women prepare for a power grab in church, police and BBC.”

Beard points out that “probably thousands upon thousands of readers didn’t bat an eyelid” at the suggestion that those seats of power were the property of men — possessions being “grabbed,” that is, taken away, by women.

Straight-forward sexism

Pastor Florer-Bixler writes about sexism, and I cringe at having seen all of these behaviors, and not speaking out.

Drawing attention to pregnancy, making sexualizing comments about “disrobing,” suggesting that a clergywoman should smile more, describing a female pastor’s voice as “shrill” — all expose the discomfort that men feel about women in “their” profession.

Masculine assumptions about gender were evident in the young clergywomen’s proposed commandments:

Thou shalt invite me into budget and financial conversations instead of assuming I won’t be interested.

Thou shalt not ask or expect me to take notes in a meeting, make copies or serve coffee.

Thou shalt not assume, based on my sex, that I’m better at working with children, youth or women than you are.

Thou shalt not call me “Sweetie,” “Kiddo” or “Girl.”

More than just ridiculous humiliations, these stereotypes affect the ministries and careers of women in church leadership. One colleague discovered that a pastor search committee was told that for the salary they were offering, they should expect only women to be willing to serve. The committee was livid — not at the pay gap but at the idea that they would have to consider only women.

We must do better

Pastor Florer-Bixler offers some suggestions for making systemic improvements in how we — male clergy, lay leaders, everyone — work with female clergy. The way forward will unquestioningly be slow, but we must do what we can to be part of the solution, and not part of the problem.

Men have all-male theological traditions and ministerial roles to which they can retreat. Not so female pastors.

If a woman stands up to this patriarchal tradition, she faces the accusation of intolerance. Women should not be expected to “get along” with sexist individuals, theologies, practices and institutions as if this were a price to be paid for church unity.

What is the way forward? For one, men must do better. When male pastors co-opt ideas that have come from female colleagues, they must reassign the insights. When they learn of pay gaps, they must address them.

When female clergy are outtalked or overtalked, male pastors must name the imbalance. They must read the sermons, theology and books of women. And decline to purchase books written by men who exclude women from the pulpit.

Women are addressing this as we always have: through constant negotiation between getting the job done and speaking out against what is intolerable. In the meantime, we create spaces where women can begin to speak the truth of our power to one another. For now, this is what we have.

This is what Daffy Duck would describe as “dethpicable.” Absolutely deplorable.

We can now read emails exchanged last year between Don Trump Jr. (the president’s son) and Rob Goldstein, an intermediary with Russia. According to Mr. Trump, who released the emails today, the point of the discussion was the Magnitsky Act, which related to sanctions placed on Russian officials by the U.S. Congress in 2012.

Repealing the act and lifting its sanctions is widely known to be a high priority for the Russian government. The only plausible reason why Russian agents would want to discuss the Magnitsky Act with the Trump campaign, during the election, would be to lobby for repeating the act.

You can read and download the whole email exchange here (released by Mr. Trump). The very earliest messages in the thread had Mr. Goldstein saying, quite explicitly, that the meeting’s purpose was to reveal allegedly incriminating information about Hillary Clinton, for the purposes for helping Donald Trump’s campaign. And, “This is obviously very high level and sensitive information but is part of Russia and its government’s support for Mr. Trump.”

Don Trump Jr. did not push back on or question Mr. Goldstein’s assertion that the Russian government was actively seeking to help his father. In fact, he said, “… if it’s what you say I love it.”

Meanwhile, President Donald Trump continues to insist that any connection between his campaign and the Russian government is “fake news.” Despicable.

General Erich Ludendorff, one of the top German generals during World War I, was a prominent character in the recent “Wonder Woman” movie. In the movie, General Ludendorff was killed by Diana Prince. In reality, the general survived the war, helped Adolf Hitler with his “Beer Hall Putsch,” ran for president of Germany in 1925, fell out of favor, and died in 1937.

I have a “2 degrees of separation” link to the general. My father-in-law, Joe, served in the Royal Navy during World War II. Quoting from Joe’s memoir, he wrote about early 1945:

… I joined a sloop HMS “Alacrity” at Dumbarton, where she was built at Denny’s yard. A Sloop was a small anti-submarine convoy escort vessel. We did our running-in trials in the Scottish Western Isles. At Mull, there were about 6 or 7 ships and we had an intership walking race, 10 miles, from Tobermory to Salen. I came in second, wearing out a pair of boots in the process. We were taken back to Tobermory in the yacht “Philante”, which had once belonged to a German general (von Ludendorff, I think). In the Atlantic we made contact with a U-Boat (U 764) and depth-charged it until it came to the surface. With our guns trained on it, we escorted it up to Loch Eriboll in the North of Scotland.

There’s my two degrees: Alan -> Joe -> Ludendorff’s yacht -> Ludendorff.

About that unterseeboot

According to the Wikipedia,

U-764 surrendered on 14 May 1945 at Loch Eriboll, Scotland. She was sunk as a target in position 56°06′N 09°00′W as part of Operation Deadlight on 2 February 1946.

Here’s my father-in-law’s picture of U-764:

 

It’s almost painful to see an issue of SD Times without my name printed in the masthead. From Editor-in-Chief to Editorial Director to Founding Editor to… nothing. However, it’s all good!

My company, BZ Media, is selling our flagship print publication, SD Times, to a startup, D2 Emerge LLC. The deal shall formally close in a few weeks. If you’ve been following SD Times, you’ll recognize the two principals of the startup, David Lyman and David Rubinstein. (Thus, the “D2” part of the name.)

BZ Media co-founder Ted Bahr and I wish David, and David, and SD Times, and its staff, readers, and advertisers, nothing but success. (I retired from BZ Media mid-2013, becoming a silent partner with no involvement in day-to-day operations.)

D2 Emerge is ready to roll. Here’s what David Rubinstein wrote in the July 2017 issue (download it here):

The Times, it is a-changin’

There’s a saying that goes ‘when one chapter closes, another one begins.’

This issue of SD Times marks the close of the BZ Media chapter of this publication’s history and opens the chapter on D2 Emerge LLC, a new-age publishing and marketing company founded by two long-time members of the SD Times team: the publisher, David Lyman, and the editor-in-chief … me!

We will work hard to maintain the quality of SD Times and build on the solid foundation that has been built over the past 17 years. Wherever we go, we hear from readers who tell us they look forward to each issue, and they say they’re learning about things they didn’t know they needed to know. And we’re proud of that.

The accolades are certainly nice — and always welcome. Yet, there is nothing more important to us than the stories we tell. Whether putting a spotlight on new trends in the industry and analyzing what they mean, profiling the amazing, brilliant people behind the innovation in our industry, or helping software providers tell their unique stories to the industry, our mission is to inform, enlighten and even entertain.

But, as much as things will stay the same, there will be some changes. We will look to introduce you to different voices and perspectives from the industry, inviting subject matter experts to share their knowledge and vision of changes in our industry. The exchange of ideas and free flow of information are the bedrock of our publishing philosophy.

We will somewhat broaden the scope of our coverage to include topics that might once have been thought of as ancillary to software development but are now important areas for you to follow as silos explode and walls come tumbling down in IT shops around the world.

We will work to improve our already excellent digital offerings by bettering the user experience and the way in which we deliver content to you. So, whether you’re reading SD Times on a desktop at work, or on a tablet at a coffee shop, or even on your cellphone at the beach, we want you have the same wonderful experience.

For our advertisers, we will help guide you toward the best way to reach our readers, whether through white papers, webinars, or strategic ad placement across our platforms. And, we will look

to add to an already robust list of services we can provide to help you tailor your messages in a way that best suits our readers.

BZ Media was a traditional publishing company, with a print-first attitude (only because there weren’t any viable digital platforms back in 2000). D2 Emerge offers an opportunity to strike the right balance between a digital-first posture and all that is good about print publishing.

I would be remiss if I didn’t acknowledge BZ Media founders Ted Bahr and Alan Zeichick, who took a cynical, grizzled daily newspaperman and turned him into a cynical, grizzled technology editor. But as I often say, covering this space is never dull. Years ago, I covered sports for a few newspapers, and after a while, I saw that I had basically seen every outcome there was: A walk-off home run, a last-second touchdown, a five-goal hockey game. The only thing that seemed to change were the players. Sure, once in a while a once-in-a-lifetime player comes along, and we all enjoy his feats. But mostly sports do not change.

Technology, on the other hand, changes at breakneck speed. As we worked to acquire SD Times, I had a chance to look back at the first issues we published, and realized just how far we’ve come. Who could have known in 2000, when we were writing about messaging middleware and Enterprise JavaBeans that one day we’d be writing about microservices architectures and augmented reality?

Back then, we covered companies such as Sun Microsystems, Metrowerks, IONA, Rational Software, BEA Systems, Allaire Corp, Bluestone Software and many more that were either acquired or couldn’t keep up with changes in the industry.

The big news at the JavaOne conference in 2000 was extreme clustering of multiple JVMs on a single server, while elsewhere, the creation of an XML Signature specification looked to unify authentication, and Corel Corp. was looking for cash to stay alive after a proposed merger with Borland Corp. (then Inprise) fell apart.

So now, we’re excited to begin the next chapter in the storied (pardon the pun) history of SD Times, and we’re glad you’re coming along with us as OUR story unfolds.

Here are a few excerpts from one of the most important articles on leadership ever published.Management Time: Who’s Got the Monkey?,” from Harvard Business Review in 1974, equally applies to the business and non-profit worlds.

The premise of the article, by William Oncken Jr. and Donald L. Wass, is that leaders too often take over responsibility for tasks that should be owned by their employees or volunteers. The authors refer to this as “subordinate-imposed time.” This not only harms the organization, but overloads the leaders. The manager’s objective should be to guide, to mentor, to advise, to set objectives, to define success, to help secure resources – but not take on the work!

What’s essential to remember is that the task — the monkey — can only be on one person’s back at a time. Should it be on yours? (Or as I put it when doing management training, should the ball be in your court, or in someone else’s court?)

Excerpt 1: A common scenario

Let us imagine that a manager is walking down the hall and that he notices one of his subordinates, Jones, coming his way. When the two meet, Jones greets the manager with, “Good morning. By the way, we’ve got a problem. You see….” As Jones continues, the manager recognizes in this problem the two characteristics common to all the problems his subordinates gratuitously bring to his attention. Namely, the manager knows (a) enough to get involved, but (b) not enough to make the on-the-spot decision expected of him. Eventually, the manager says, “So glad you brought this up. I’m in a rush right now. Meanwhile, let me think about it, and I’ll let you know.” Then he and Jones part company.

Let us analyze what just happened. Before the two of them met, on whose back was the “monkey”? The subordinate’s. After they parted, on whose back was it? The manager’s. Subordinate-imposed time begins the moment a monkey successfully leaps from the back of a subordinate to the back of his or her superior and does not end until the monkey is returned to its proper owner for care and feeding. In accepting the monkey, the manager has voluntarily assumed a position subordinate to his subordinate. That is, he has allowed Jones to make him her subordinate by doing two things a subordinate is generally expected to do for a boss—the manager has accepted a responsibility from his subordinate, and the manager has promised her a progress report.

The subordinate, to make sure the manager does not miss this point, will later stick her head in the manager’s office and cheerily query, “How’s it coming?” (This is called supervision.)

Excerpt 2: Who owns the initiative?

What we have been driving at in this monkey-on-the-back analogy is that managers can transfer initiative back to their subordinates and keep it there. We have tried to highlight a truism as obvious as it is subtle: namely, before developing initiative in subordinates, the manager must see to it that they have the initiative. Once the manager takes it back, he will no longer have it and he can kiss his discretionary time good-bye. It will all revert to subordinate-imposed time.

It’s not a long article. Read it!

“The wheels on the Prius go flop flop flop….”

Sunday’s travels in our trusty 2005 Toyota Prius were marred only by a flat tire. I wish to share two hard-earned bits of wisdom with other Prius owners, and potentially with owners of other front-wheel drive vehicles.

1. Don’t trust the included tire-changing jack.

The crappy screw jack included with the Prius is useless. Literally. With the car on level ground, and with the parking brake set, the jack quickly tilted — and the car fell off the jack. Yes, the jack was set at the correct life point. On a second attempt, the car would have fallen again if we didn’t let it down quickly. In any case, the jack was extremely difficult to turn.

Fortunately, someone gave us a ride to an auto-parts store, where we purchased an inexpensive hydraulic floor jack. That made quick work of the task, and the new jack will live in back of the car from now on. If you have a flimsy screw jack with your car, you may wish to upgrade to something more solid.

2. Don’t put compact spares onto the front.

The flat was the front driver corner. Once the car was jacked up, it only took a few minutes to mount the compact donut spare. However, the car simply wouldn’t drive properly — the vehicle not only pulled to the left, but there were error lights flashing on the screen. Even with the pedal to the metal, the vehicle wouldn’t go over 30 mph, slowing to 15 mph going uphill. Uh oh!

Thinking the problem through, we realized that the donut was throwing off the traction control system (which can’t be switched off with that model year). So we pulled over, swapped the donut to the rear, and put the rear’s full-size wheel/tire on front. (Thank you, hydraulic jack!) The car immediately drove correctly, plenty of pep, no pulling, and no error lights. The lesson: On front-wheel drive cars, always put the donut on the rear, even if that makes the wheel-changing process a bit more complicated.

Note: There is nothing written about optimal placement of the compact spare in the car’s owners manual. So consider yourself advised on both fronts.

The good news is that we made it home just fine. The bad news is the tire has a cracked sidewall. Time to go tire shopping!

Everyone loves bugs — at least, everyone loves beautiful bugs. Right? Here are a few photographed in Phoenix over the past couple of days. The desert here is full of life, from insects to birds to reptiles to plants.

Sure, the temperatures may be hot. The forecast is for 117° F next week (47° C) but never forget, it’s a dry heat. I’d rather be in Phoenix at 117° than, say, Houston or Miami at 95°.

Twenty years ago, my friend Philippe Kahn introduced the first camera-phone. You may know Philippe as the founder of Borland, and as an entrepreneur who has started many companies, and who has accomplished many things. He’s also a sailor, jazz musician, and, well, a fun guy to hang out with.

About camera phones: At first, I was a skeptic. Twenty years ago I was still shooting film, and then made the transition to digital SLR platforms. Today, I shoot with big Canon DSLRs for birding and general stuff, Leica digital rangefinders when want to be artistic, and with pocket-sized digital cameras when I travel. Yet most of my pictures, especially those posted to social media, come from the built-in camera in my smartphone.

Philippe has blogged about this special anniversary – which also marks the birth of his daughter Sophie. To excerpt from his post, The Creation of the Camera-Phone and Instant-Picture-Mail:

Twenty years ago on June 11th 1997, I shared instantly the first camera-phone photo of the birth of my daughter Sophie. Today she is a university student and over 2 trillion photos will be instantly shared this year alone. Every smartphone is a camera-phone. Here is how it all happened in 1997, when the web was only 4 years old and cellular phones were analog with ultra limited wireless bandwidth.

First step 1996/1997: Building the server service infrastructure: For a whole year before June 1997 I had been working on a web/notification system that was capable of uploading a picture and text annotations securely and reliably and sending link-backs through email notifications to a stored list on a server and allowing list members to comment.

Remember it was 1996/97, the web was very young and nothing like this existed. The server architecture that I had designed and deployed is in general the blueprint for all social media today: Store once, broadcast notifications and let people link back on demand and comment. That’s how Instagram, Twitter, Facebook, LinkedIn and many others are function. In 1997 this architecture was key to scalability because bandwidth was limited and it was prohibitive, for example, to send the same picture to 500 friends. Today the same architecture is essential because while there is bandwidth, we are working with millions of views and potential viral phenomena. Therefore the same smart “frugal architecture” makes sense. I called this “Instant-Picture-Mail” at the time.

He adds:

What about other claims of inventions: Many companies put photo-sensors in phones or wireless modules in cameras, including Kodak, Polaroid, Motorola. None of them understood that the success of the camera-phone is all about instantly sharing pictures with the cloud-based Instant-Picture-Mail software/server/service-infrastructure. In fact, it’s even amusing to think that none of these projects was interesting enough that anyone has kept shared pictures. You’d think that if you’d created something new and exciting like the camera-phone you’d share a picture or two or at least keep some!

Read more about the fascinating story here — he goes into a lot of technical detail. Thank you, Philippe, for your amazing invention!

Hacking can kill. To take the most obvious example, take ransomware. One might argue that hackers demanding about US$300 (£230) to unlock some files is simply petty crime – unless those files were crucial to hospitals. If doctors can’t access medical files because of the WannaCry ransomware, or must postpone surgery, people can die.

It gets worse: Two Indian Air Force pilots are dead, possibly because of a cyberattack on their Sukhoi 30 fighter jet. According to the Economic Times of India,

Squadron leader D Pankaj and Flight Lieutenant S Achudev, the pilots of the Su-30 aircraft, had sustained fatal injuries when the aircraft crashed approximately 60 km from Tezpur Airbase on May 23. A court of Inquiry has already been ordered to investigate the cause of the accident.

According to defence spokesperson S Ghosh, analysis of the Flight Data Recorder of the aircraft and certain other articles recovered from the crash site revealed that the pilots could not initiate ejection before crash. The wreckage of the aircraft was located on May 26.

What does that have to do with hackers? Well, the aircraft was flying close to India’s border with China, and according to reports, the Sukhoi’s two pilots were possibly victims of cyberwarfare. Says the Indian Defense News,

Analysts based in the vicinity of New York and St Petersburg warn that the loss, days ago, of an advanced and mechanically certified as safe, Sukhoi 30 fighter aircraft, close to the border with China may be the result of “cyber-interference with the onboard computers” in the cockpit. This may explain why even the pilots may have found it difficult to activate safety ejection mechanisms, once it became obvious that the aircraft was in serious trouble, as such mechanisms too could have been crippled by computer malfunctions induced from an outside source.

Trouble in the Middle East

The political situation going on this week in Qatar might lead to a shooting war. In mid-May, stories were published on the Qatar News Agency that outraged its Arab neighbors. According to CNN,

The Qatari government has said a May 23 news report on its Qatar News Agency attributed false remarks to the nation’s ruler that appeared friendly to Iran and Israel and questioned whether President Donald Trump would last in office.

Soon thereafter, three Arab countries cut off ties and boycotted the country, which borders Saudi Arabia on the Persian Gulf. It’s now believed that those stories were “fake news” planted by hackers. Were they state-sponsored agents? It’s too soon to tell. However, given how quickly Bahrain, Saudi Arabia, and the United Arab Emirates reacted — and given how hard Saudi Arabia is fighting in Yemen — this is troubling. Could keystrokes from hackers lead to the drumbeat of war?

As a possibly related follow-up, Qatar-based Al-Jazeera reported on June 8 it was under cyberattack:

The websites and digital platforms of Al Jazeera Media Network are undergoing systematic and continual hacking attempts.

These attempts are gaining intensity and taking various forms. However, the platforms have not been compromised.

In the First World War, the feared new weapon was the unstoppable main battle tank. In the Second World War, it was the powerful aircraft carrier. During the Cold War, we worried about ICBMs raining destruction from the skies. Today… it’s cyberwarfare that keeps us awake at night. Sadly, we can’t hide under our desks in the event of a malware attack.

March 2003: The U.S. International Trade Commission released a 32-page paper called, “Protecting U.S. Intellectual Property Rights and the Challenge of Digital Piracy.” The authors, Christopher Johnson and Daniel J. Walworth, cited an article I wrote for the Red Herring in 1999.

Here’s the abstract of the ITC’s paper:

ABSTRACT: According to U.S. industry and government officials, intellectual property rights (IPR) infringement has reached critical levels in the United States as well as abroad. The speed and ease with which the duplication of products protected by IPR can occur has created an urgent need for industries and governments alike to address the protection of IPR in order to keep markets open to trade in the affected goods. Copyrighted products such as software, movies, music and video recordings, and other media products have been particularly affected by inadequate IPR protection. New tools, such as writable compact discs (CDs) and, of course, the Internet have made duplication not only effortless and low-cost, but anonymous as well. This paper discusses the merits of IPR protection and its importance to the U.S. economy. It then provides background on various technical, legal, and trade policy methods that have been employed to control the infringement of IPR domestically and internationally. This is followed by an analysis of current and future challenges facing U.S. industry with regard to IPR protection, particularly the challenges presented by the Internet and digital piracy.

Here’s where they cited yours truly:

To improve upon the basic encryption strategy, several methods have evolved that fall under the classification of “watermarks” and “digital fingerprints” (also known as steganography). Watermarks have been considered extensively by record labels in order to protect their content.44 However, some argue that “watermarking” is better suited to tracking content than it is to protecting against reproduction. This technology is based on a set of rules embedded in the content itself that define the conditions under which one can legally access the data. For example, a digital music file can be manipulated to have a secret pattern of noise, undetectable to the ear, but recorded such that different versions of the file distributed along different channels can be uniquely identified.45 Unlike encryption, which scrambles a file unless someone has a ‘key’ to unlock the process, watermarking does not intrinsically prevent use of a file. Instead it requires a player–a DVD machine or MP3 player, for example–to have instructions built in that can read watermarks and accept only correctly marked files.”46

Reference 45 goes to

Alan Zeichick, “Digital Watermarks Explained,” Red Herring, Dec. 1999

Another paper that referenced that Red Herring article is “Information Technology and the Increasing Efficacy of Non-Legal Sanctions in Financing Transactions.” It was written by Ronald J. Mann of the the University of Michigan Law School.

Sadly, my digital watermarks article is no longer available online.

According to a depressing story in Harvard Business Review, venture capitalists consider female entrepreneurs to be quite different than males. The perceived difference is not good. According to the May 17, 2017, story, “We Recorded VCs’ Conversations and Analyzed How Differently They Talk About Female Entrepreneurs”:

Aside from a few exceptions, the financiers rhetorically produce stereotypical images of women as having qualities opposite to those considered important to being an entrepreneur, with VCs questioning their credibility, trustworthiness, experience, and knowledge.

This research was done in Sweden in 2009-2010, and used transcribed discussions by a diverse panel of VCs considering 125 venture applications. The story continues,

Men were characterized as having entrepreneurial potential, while the entrepreneurial potential for women was diminished. Many of the young men and women were described as being young, though youth for men was viewed as promising, while young women were considered inexperienced. Men were praised for being viewed as aggressive or arrogant, while women’s experience and excitement were tempered by discussions of their emotional shortcomings. Similarly, cautiousness was viewed very differently depending on the gender of the entrepreneur.

The results were what you would expect:

Women entrepreneurs were only awarded, on average, 25% of the applied-for amount, whereas men received, on average, 52% of what they asked for. Women were also denied financing to a greater extent than men, with close to 53% of women having their applications dismissed, compared with 38% of men.

Read the HBR paper, you’ll be unhappy with what you see. Credit for the research goes to Malin Malmstrom, professor of Entrepreneurship and Innovation at Luleå University of Technology; Jeaneth Johansson, professor of Accounting and Control at Halmstad University and Luleå University of Technology; and Joakim Wincent, professor of Entrepreneurship and Innovation at Luleå University of Technology and Hanken School of Economics.

From eWeek’s story, “Proposed Laptop Travel Ban Would Wreak Havoc on Business Travelers,” by Wayne Rash:

A current proposal from the Department of Homeland Security to mandate that large electronic devices be relegated to checked luggage is facing stiff resistance from airlines and business travelers.

Under the proposal, travelers with electronic devices larger than a cell phone would be required to carry them as checked luggage. Depending on the airline, those devices may either be placed in each passenger’s luggage, or the airline may offer secure containers at the gate.

While the proposed ban is still in the proposal stage, it could go into effect at any time. U.S. officials have begun meeting with European Union representatives in Brussels on May 17, and will continue their meetings in Washington the following week.

The proposed ban is similar to one that began in March that prohibited laptops and other large electronics from passenger cabins between certain airports in the Middle East and North Africa.

That ban has resulted in a significant reduction in travel between those countries and the U.S., according to a report by Emirates Airlines. That airline has already cut back on its flights to the U.S. because of the laptop ban.

The new laptop ban would work like the current one from the Middle East, except that it would affect all flights from Europe to the U.S.

The ban raises a series of concerns that so far have not been addressed by the Department of Homeland Security, most notably large lithium-ion batteries that are currently not allowed in cargo holds by many airlines because of their propensity to catch fire.

The story continues going into detail about the pros and cons – and includes some thoughtful analysis by yours truly.

Our beautiful little echinopsis has a second flower. Here you can see it opening wide over a 22-hour period. Sad to think that it’s nearly finished. Thursday or Friday the closed-up blossom will drop off the cactus.

Tuesday, 5:20pm

Tuesday, 6:37pm

Wednesday, 7:10pm

Wednesday, noon.

Wednesday, 3:10pm

Some recent photos from our garden here in Phoenix. Enjoy!

 

In the United States, Sunday, May 14, is Mother’s Day. (Mothering Sunday was March 27 this year in the United Kingdom.) This is a good time to reflect on the status of women of all marital status and family situations in information technology. The results continue to disappoint.

According to the Unites States Department of Labor, 57.2% of all women participate in the labor force in the United States. 46.9% of the people employed in all occupations are women. So far, so good. Yet when it comes to information technology, women lag far, far behind. Based on 2014 stats:

  • Web developers – 35.2% women
  • Computer systems analysts – 34.2% women
  • Database administrators – 28.0%
  • Computer and information systems managers – 26.7%
  • Computer support specialists – 26.6%
  • Computer programmers – 21.4%
  • Software developers, applications and systems software – 19.8%
  • Network and computer systems administrators – 19.1%
  • Information security analysts – 18.1%
  • Computer network architects – 12.4%

The job area with the highest projected growth rate over the next few years will be information security analysts, says Labor. A question is, will women continue to be underrepresented in this high-paying, fast-growing field? Or will the demand for analysts provide new opportunities for women to enter into the security profession? Impossible to say, really.

The U.S. Equal Employment Opportunity Commission (EEOC) shows that the biggest high tech companies lag behind in diversity. That’s something that anyone working in Silicon Valley can sense intuitively, in large part due to the bro culture (and brogrammer culture) there. Says the EEOC’s extensive report, “Diversity in High Tech,”

Modern manufacturing requires a computer literate worker capable of dealing with highly specialized machines and tools that require advanced skills (STEM Education Coalition).

However, other sources note that stereotyping and bias, often implicit and unconscious, has led to underutilization of the available workforce. The result is an overwhelming dominance of white men and scant participation of African Americans and other racial minorities, Hispanics, and women in STEM and high tech related occupations. The Athena Factor: Reversing the Brain Drain in Science, Engineering, and Technology, published data in 2008 showing that while the female talent pipeline in STEM was surprisingly robust, women were dropping out of the field large numbers. Other accounts emphasize the importance of stereotypes and implicit bias in limiting the perceived labor pool (see discussion below).

Moughari et al., 2012 noted that men comprise at least 70 percent of graduates in engineering, mathematics, and computer science, while women dominate in the lower paying fields. Others point out that in this is not uniformly the case in all science and math occupations and that, while underrepresented among those educated for the industry, women and minorities are more underrepresented among those actually employed in the industry. It has been shown, for example, that men are twice as likely as women to be hired for a job in mathematics when the only difference between candidates is gender.

and

Women account for relatively small percentages of degree recipients in certain STEM fields: only 18.5 percent of bachelor’s degrees in engineering went to women in 2008.

Women Heading for the Exit

The EEOC report is very discouraging in its section on Existing Tech & Related Fields:

Over time, over half of highly qualified women working in science, engineering and technology companies quit their jobs. In 2013, just 26 percent of computing jobs in the U.S. were held by women, down from 35 percent in 1990, according to a study by the American Association of University Women. Although 80 percent of U.S. women working in STEM fields say they love their work, 32 percent also say they feel stalled and are likely to quit within a year. Research by The Center for Work-Life Policy shows that 41 percent of qualified scientists, engineers and technologists are women at the lower rungs of corporate ladders but more than half quit their jobs.

This loss appears attributable to the following: 1) inhospitable work cultures; 2) isolation; 3) conflict between women’s preferred work rhythms and the “firefighting” work style generally rewarded; 4) long hours and travel schedules conflict with women’s heavy household management workload; and 5) women’s lack of advancement in the professions and corporate ladders. If corporate initiatives to stem the brain drain reduced attrition by just 25 percent, there would be 220,000 additional highly qualified female STEM workers.

Based on a survey and in-depth interviews of female scientists, the report observes:

  • Two-thirds of women report having to prove themselves over and over; their success discounted and their expertise questioned.
  • Three-fourths of Black women reported this phenomenon.
  • Thirty-four percent reported pressure to play a traditionally feminine role, including 41 percent of Asian women.
  • Fifty-three percent reported backlash from speaking their minds directly or being outspoken or decisive.
  • Women, particularly Black and Latina women, are seen as angry when they fail to conform to female stereotypes
  • Almost two thirds of women with children say their commitment and competence were questioned and opportunities decreased after having children.

The EEOC report adds that in tech, only 20.44% of executives, senior officials and managers are women – compared to 28.81% in all private industries in the U.S. Women certainly are succeeding in tech, and there are some high-profile women executives in the field —think Meg Whitman at HP, Marissa Mayer at Yahoo (now heading for the exit herself with a huge payout), Sheryl Sandberg at Facebook, Susan Wojcicki at YouTube, Virginia Rometty at IBM, Safra Catz at Oracle, and Ursula Burns at Xerox. That’s still a very short list. The opportunities for and presence of women in tech remain sadly underwhelming.

To those who run or serve on corporate, local government or non-profit boards:

Your board members are at risk, and this places your organizations at risk. Your board members could be targeted by spearphishing (that is, directed personalized attacks) or other hacking because

  • They are often not technologically sophisticated
  • They have access to valuable information
  • If they are breached, you may not know
  • Their email accounts and devices are not locked down using the enterprise-grade cybersecurity technology used to protect employees

In other words, they have a lot of the same information and access as executive employees, but don’t share in their protections. Even if you give them a corporate email address, their laptops, desktops, phone, and tablets are not covered by your IT cybersecurity systems.

Here’s an overview article I read today. It’s a bit vague but it does raise the alarm (and prompted this post). For the sake of the organization, it might be worth spending some small time at a board meeting on this topic, to raise the issue. But that’s not enough.

What can you do, beyond raising the issue?

  • Provide offline resources and training to board members about how to protect themselves from spearphishing
  • Teach them to use unique strong passwords on all their devices
  • Encourage them to use anti-malware solutions on their devices
  • Provide resources for them to call if they suspect they’ve been hacked

Perhaps your IT provider can prepare a presentation, and make themselves available to assist. Consider this issue in the same light as board liability insurance: Protecting your board members is the good for the organization.

In 2016, Carnival Cruises was alleged to have laid off its entire 200-person IT department – and forced its workers to train foreign replacements. The same year, about 80 IT workers at the University of California San Francisco were laid off, and forced to trained replacements, lower-paid tech workers from an Indian outsourcing firm. And according to the Daily Mail:

Walt Disney Parks and Resorts is being sued by 30 former IT staff from its Florida offices who claim they were unfairly replaced by foreign workers— but only after being forced to train them up.

The suit, filed Monday in an Orlando court, alleges that Disney laid off 250 of its US IT staff because it wanted to replace them with staff from India, who were hired in on H-1B foreign employee visas.

On one hand, these organizations were presumably quite successful with hiring American tech workers… but such workers are expensive. Thanks to a type of U.S. visa, called the H-1B, outsource contractors can bring in foreign workers, place them with those same corporations, and pay them a lot less than American workers. The U.S. organization, like Carnival Cruises, saves money. The outsource contractor, which might be a high-profile organization like the Indian firm Infosys, makes money. The low-cost offshore talent gets decent jobs and a chance to live in the U.S. Everyone wins, right? Except the laid-off American tech workers.

This type of bargain outsourcing is not what the H-1B was designed for. It wasn’t for laying off expensive U.S. workers and hiring or contracting with lower-paid foreign workers. It was intended to help companies bring in overseas experts when they can’t fill the job with qualified local applicants. Clearly that’s not what’s happening here.

It’s Not Supposed to Be About Cheap Labor

Also, the goal was definitely not to let companies reduce their payroll costs. To quote from the U.S. Citizenship & Immigration Services website about H-1B requirements:

Requirement 4— You must be paid at least the actual or prevailing wage for your occupation, whichever is higher.

The prevailing wage is determined based on the position in which you will be employed and the geographic location where you will be working (among other factors).

The challenge is the way that H-1B visas are allocated – which is in a lottery system, based on the number of applications. There’s a cap of only 65,000 visas each year. Outsourcing companies flood the system with hundreds of thousands of applications, whereas the companies that truly need a few specialized tech experts ask for a relative handful. (There are separate rules for educational institutions, like universities, and for those hiring workers with advanced post-graduate degrees.)

H-1B visas have been in the news for decades, as tech companies lobby to increase the quota. Everyone, remember, likes the H-1B visa, except for American tech workers whose jobs are displaced.

Most recently, the U.S. government has warned about a crackdown on H-1B abuses. According to CNN,

While H-1B visas are used to fill the U.S. skills gap, the Trump administration has voiced concerns about abuse of the program. In some cases, outsourcing firms flood the system with applicants, obtaining visas for foreign workers and then contracting them out to tech companies. American jobs are sometimes replaced in the process, critics say.

In response, Infosys, the Indian outsourcing giant, has revealed plans to hire U.S. workers. Says Computerworld,

IT offshore outsourcing giant Infosys — a firm in the Trump administration’s H-1B reform bulls eye — said Tuesday it plans to hire 10,000 “American workers” over the next two years.

The India-based Infosys will hire those employees in four separate locations in the U.S., first in Indiana, which offered the company more than $30 million in tax credits. The other locations weren’t announced.

Look for the H-1B visa issue to remain in the U.S. news spotlight all year during the battle over immigration, employment, and the power of Silicon Valley.