Weak Interface
When the computer people meet the other side

Your typical “computer person”  if they have 5 minutes in the industry or 5 years, ends up being first line tech support for their family, friends, and even friends of friends.  That is if they let it get there.  Unfortunately this can be a “damned if you do damned if you don’t situation”.  If I say no I am mean because I can help but won’t if I say yes I am working for free for a long time.  Niether is fair to me but that’s how it gets seen.Now because of the diversity of my friends I will reply, “Hey can I have hours of free legal advice?”  or “You’re a dentist I’ll trade you the perfect smile for a virus free machine.”  That usually gets folks to an understanding of what they are asking.So before you ask anyone for computer help remember they are doing you a hug favor….There’s a who thread on it at Reddit- http://www.reddit.com/r/technology/comments/ards1/why_i_dont_fix_computers_for_free_and_you_can_too/Read through that it’s TOO TRUE!Until next time.

I was critical about DRM in a previous post.  Worse than failed DRM is the means of enforcing it.  This involved lawsuits and a lot of hurt feeling.  Well now there’s good news and bad news:

The Good news:

The Recording Industry Association of America(RIAA) has decided to stop suing people.
If you don’t know the RIAA are the ones who have dragged people into court for downloading music.  They don’t know what they are doing.  This is classic weak interface issue.  The ones who are downloading know how to use the internet but the group chasing them has no idea how to find them.  Instead of intelligently asking a person who knows how the internet and downloading work they decided to sue anyone they thought they could find.

Suing everyone they could find included:
- a teenager
(src: http://www.1010wins.com/pages/193237.php?contentType=4&contentId=298727)
- an 83 year old DEAD woman
(src: http://www.theregister.co.uk/2005/02/05/riaa_sues_the_dead/)
- even XM radio!
(src: http://yro.slashdot.org/article.pl?sid=06/05/17/0250238&from=rss)

There’s even a blog of lawyer who specifically deals with the RIAA nonsense I suggest you give it a read: http://recordingindustryvspeople.blogspot.com/

Even if you win a RIAA lawsuit, as almost everyone has, the time, money, and energy you put into it are irreplacable.

So the idea that they are going to stop suing people is great.  After millions of dollars waste and countless hours of the judicial system down the drain they have stopped.  Yeah.

Why am I not more excited well be cause of…

The Bad News:

The Recording Industry Association of America(RIAA) has decided to conspire with internet service providers(ISP).
Your ISP, the folks you pay for internet access are going to police you.  I don’t know how this will play into privacy but you should know that the RIAA has asked them to watch you.  Here’s why it is bad.  VERY BAD.

“The new plan circumvents the law, and puts the power directly into RIAA’s hands, which means that more innocent people than ever will get harassed by the RIAA.”
(src: http://techgossip.net/2008/12/riaas-new-piracy-plan-cuts-off-people-without-a-fair-trial/)

In the near future the intrnet you pay for will now be watched for what “looks like” illegal activity.
Knowing how computers work I suspect some of the speed you pay for will go towards watching you.  As for me if I pay for it I should own it.  If you cut my speed to watch me you better charge a lot less.
And who knows what they will flag as suspicious?  What about get large emails from friends who send pictures? (this happens often) Or what about large files I send my self from my job?  The very subjective standard of “suspicious activity” is a slippery slope towards controlling what you are allowed to see and do online.

Think about all this and let me know what you think.

Till next time….

Technology moves lightning fast these days. Experts are becoming more knowledgeable faster than ever before, which leads to new technology becoming available faster. The problem is that some institutions we rely on are unable to cope with the new speeds. This is especially worrisome because criminals are abusing this part of the weak interface.

It is relatively easy to defeat a security CCTV with commercially available parts (no, I am not going to tell you how to do it so no links). The RFID chip in everything from bank cards to passports has been beaten
(http://www.schneier.com/blog/archives/2006/08/hackers_clone_r.html),
and the list goes on. Neither the law or law enforcement is able to cope no matter how sure they are because they fail to employ or listen to the experts.  In the case of RFID even before there was RFID in passports experts said it could be hacked
(http://money.cnn.com/2006/07/13/pf/rfid_passports/index.htm?cnn=yes)
now an expert hacked it in 2 weeks. Please, please, please listen when experts talk. The actually know something. Even wiretapping can be defeated easily with off the shelf parts. This was posted in a major engineering publication, including examples and experimental results but law enforcement has not yet deployed a solution.
(http://www.crypto.com/papers/wiretapping/)

I really can’t say it enough, when a subject matter expert tells you that technology has advanced too a point of concern, please listen. Talk to them and do what needs done.

Until next time.

   I’ve previously stated that the ‘war’ is on between those with knowledge and those without.  Some are using the weak interface for abuse. 

   The abused (you) may not even know they are being abused.  At least when a presentation or demo tricks someone into believing lies, you can see who is lying to you.  In this case, dear reader,it’s possible that what you see on the screen  was interfered with and you’ll had no clue about it! 

   Your ISP may already be doing this to you without your knowledge.  I could explain but someone has explained it better than I could.  he has written to a company who makes the tools of abuse you should really check it out here: http://www.ka9q.net/perfidy.html

Keep your ear to the ground and check out your ISP

  I’ve mentioned demos and presentation before but now I’m going to focus on them a bit more as I recently had a few colleagues view this blog a they contributed their analogies an stories.  A younger more naive version of myself once asked while preparing for a demo,

  “Why are we working so hard on power point slides and pictures when the code is what matters?”  The answer was that no mater how god the actual code was it was boring and would likely get the project killed.  One older engineer shared with me this quote:    ‘A good plan with a bad presentation is doomed immediately, a bad plan with a good presentation is doomed EVENTUALLY…’ - source unknown  I have since seen that played out over and over again.  The group with the best demo/presentation often wins NOT the one with the best product.  Another person chimed in that since the only thing most users ever see is the graphic user interface  to them that IS the software, kinda like seeing the steering wheel of a car and thinking that IS the car, the engine, the brakes, everything!  As a guy on the ‘mechanic’ side of building the rest of the software it was a revelation that that’s the perspective of the user and most of the decision makers.  It let me understand why people are fooled by demos and pretty pictures.

  It’s like the movies or even a good magic trick only the difference being that in those situations you know it’s not real.  Think about if you convinced someone that the movie ‘Hackers’ was really a documentary?  Completely false impressions and ideas would be conveyed.  In the software world this is what happens at demonstrations/presentations.  Some honest people will give you a documentary of the software while others will give you a movie, but both will tell you it’s real. 

The solution and my advice:
Assume you are being lied to and get a software developer on your payroll with no stake in the project to let you know if you are seeing a real system or a clever trick.
Until next time

I’m back. Sorry for the break in service but I decided it was time to get sick so I did. Feeling better and now it’s back to reporting about the Weak Interface!
(I’ll give you several posts this weekend to make it up to you)

I like it when anyone contributes their own experiences. A valued reader at http://www.anthonydamasco.com (check him out!) sent this. Read and enjoy, my comments in ‘[]’ and after.

—————

.. there a lot of things that are messed up about our industry [which is why this blog exists]. I’ll start with telling you about tech schools that rush you through a course and then give you a certification that means nothing in the real world.

Alright so I went to school about 5 years ago for website development, I pretty much knew html and stuff because I had made a lot of websites on my own. So I paid 15k for this 9 month course, and they told me that I would be earning college credits so that If I wanted to go to college later I could earn a degree using them.

To keep it short, the staff sucked, I constantly corrected the instructors, the courses were straight out of the adobe guide books, and I learned absolutely nothing useful. Oh and no college credits (they told be my last month there) I graduated from school and went on a few job interviews for web design and I was pretty much laughed at when I told them where I went to school. So I had to load trucks for UPS at night and do free web projects during the day to build a portfolio good enough to compete with people that had 4 years of school + a portfolio that they had built the entire time they went to school[We all need to be more like him, he wanted something and did what he had to to get it, can you tell I’m a fan?].

Schools like Lincoln tech, Chubb institute, Cittone institute, totally screwed everyone that I went to school with. Even to this day I see fresh out of tech school web developers working at restaurants and producing really crappy work that they were told, was acceptable.

One of the biggest problems with the schools are they are always 4 years behind, I talked to this guy who just graduated a month ago from the chubb institute, and he didn’t even know what “Web 2.0″ meant, or SEO, not even ajax, or that there is an actionscript 3.0 [if you don’t know these terms you shouldn’t be in the industry].

—————

Sadly this story rings too true. Countless hopefuls have burned money on useless schools. The truth is, in any industry, performance matters more than credentials. The normal idea is that you look at credentials and can infer how the person will perform. Unfortunately since these schools do not necessarily have to meet the academic standards that a University does, and the fact that no matter how inept the graduates are more will still sign up, there is no real motivations to deliver value. If you talk a big game in commercials, media, etc, enough people will mistake it for a real school and give you money.

I can’t say it enough: Ask professionals.
Universities work with industry to prep students with what they need for the industry. These schools don’t need to work with industry cuz they know how to “sell” the idea of a degree without actually producing anything.
Be careful. Be skeptical. Ask the pros

Until next time
.

   I’ve worked with a mix of people.  Varying levels of the weak interface.  I work with a guy who has built 3 national computer networks and been involved with computers since the 80s, another who was an old IBM mainframe computer programmer and knows the industry better than I, he was in computers before most knew what they were.  Both of whom have earned my respect with their knowledge and willingness to defer to mine when they don’t know something.  At the same time I’ve worked with a few business types who don’t know much but unfortunately think they do. More infuriating is that they  don’t realize the limits of their knowledge or when to shut up so they could at least hide their gross ignorance.  This post is  about the business type and our dealings.  First you should know that after years of frustration I went ahead and got my MBA so I could speak their language but I have yet to meet a single one who’s done the same in reverse.

   The affair started when I was explaining why in certain accounting the precision is carried out to the ten-thousands place as, x.xxxx , the business guy said it made no sense and was cumbersome.  I explained to him the old trick of ’salami slicing’(http://en.wikipedia.org/wiki/Salami_slicing#Film_.26_television)  as a way to steal fractions of cents from a company.  His answer was that he’d just track all transactions into or out of an account.  I then had the horrible task of explaining to him how the computer can be made to lie.  For example, stealth viruses pull some tricks to make the computer lie to users.  The website Computer Knowledge describes this better than I do

“A stealth virus hides the modifications it makes. It does this by taking over the system functions which read files or system sectors and, when some other program requests information from portions of the disk the virus has changed, the virus reports back the correct (unchanged) information instead of what’s really there (the virus).”

 - http://www.cknow.com/vtutor/StealthVirusesandRootkits.html)

   Another way to say it is when you try to track something by a system report to you, that report can be doctored and the information changed before you even see it.  You won’t know it and if you trust the machine you are open to all sorts of fraud.  It would only take  a person able to manipulate the system the right way.  This problem always exists when a person uses a technology without understanding it.  Any time I get my car fixed I know the mechanic can lie to me because I only know a little about cars and can’t detect a well crafted lie.  So I ask my car savvy friend to let me know the truth.  Unfortunately the tech ignorant tend not to ask the computer savvy and/or don’t listen when they speak. 

   Another example of this is in many different tech demos I’ve seen.  There’s an easy trick you can pull if the demo of a system is for the non-savvy.  Instead of actually having a working system you can just have screen shots of what’s supposed to happen all displayed in different windows. Then when you fake a ‘click’ on some item you can quickly switch to the right screen shot as if the system actually worked that way.  This is like having very convincing cardboard cut outs of cars and putting those on the showroom floor as if the cars were there.  I am amazed at how well it works.  Many of the systems I’ve seen promoted but never working have been paid for on the strength of a false demo.  This has cost the government, and by extension tax payers, millions.

So please listen when I say:

If you are going to do anything with software - Be careful, Be paranoid and get a guy you trust who knows something to evaluate all software for you because computers can be made to lie…