Tuesday, April 18, 2017

Are We Hyper-Technologized?

I love technology. After all, it's how I make a living, and I truly enjoy taking advantage of cleverly engineered, well-built tools. (And for me, "tool" could mean anything from a smartphone to a well-made crescent wrench.) I'm old enough that I still feel a bit of a thrill when I power up a computer or realize that, with modern tech, I can do things that in previous years would have been difficult, expensive, or simply impossible. Technology continues to amaze and enthrall me: drones, GPS, digital assistants, desktop publishing…. For me, all of these things bring to mind Arthur C. Clarke's famous dictum (now a bit over-used, I suppose): "Any sufficiently advanced technology is indistinguishable from magic." Much of this stuff still seems magical to me, even though I know something about how it's done.

This is an Oregon Scientific weather station much like the
one that Lesley and I have in our home and which only
one of us has learned to use.

For example, Lesley and I have the world's most awesome weather station. Among other things, it includes an electronic rain gauge that sends a very precise rainfall measurement to a central display unit that's kept in the house. Any time we want, we can simply look at the display and know that we have received exactly 2.736" of rain over the past 24 hours. (Technically speaking, we cannot do this. Lesley can do this. I have not mastered the rigorous calculus that's apparently necessary to tell the display that we want to see the rainfall totals. So I just randomly push buttons until something happens. Sometimes Lesley comes and rescues me, but most often, I end up with a display of temperature or wind direction, or possibly a readout of my next door neighbor's teenage son's digital music collection or my pickup truck's current gas mileage. Both of the last two are kind of depressing.)

The thing is that this rain gauge doesn't even really measure rainfall—not directly, anyway. It's engineered such that a small catchment collects rainwater through a funnel arrangement. That small container is attached to an arm, and once it has collected the appropriate amount of rain, based on weight, the arm swings down and dumps the rainwater out the bottom of the device. And every time that happens, a counter is incremented. Since we know how much water weighs (if you're curious, it's about 8.3 lbs. per gallon, though rainfall in Los Angeles—being full of various poisonous particulates—tends to weigh more) and how much the catchment holds, the machine can be calibrated to convert the number of times the counter has incremented into accurate measurements of rainfall.

That's pretty damned clever, isn't it? There's a lot of math and machining and electronics and manufacturing know-how in that little rain gauge.

Mind you, we also have an old fashioned, clear plastic cylindrical rain gauge in a holder attached to the side of our deck about two feet away from the digital rain gauge. It was manufactured right here in Lincoln, Nebraska by Garner Industries, and it probably cost about $7 a few years back. If Lesley's not around to rescue me, and if I get tired of randomly pushing buttons on our fancy weather station display, I can always just glance over at the plastic "analog" rain gauge and see how much rain we got. And then . . . well, actually, that's it. I'm done. If I need to start a new countdown, I can "reset" the gauge by picking it up and turning it over so that the rainwater dumps out onto our . . . um, whatever those plants are off to the side of the deck. (Plants and weeds all look alike to me, which is how I've gotten out of weeding for the past several years.)

Or one could use a simple, inexpensive plastic rain
gauge, such as this one.
So, although I think it's kinda fun, it would be a stretch to say that we actually need a digital weather station. I like it, but I can't say there aren't other (often easier, almost always less expensive) ways to get the same information.

Sometimes we end up with technology that was created simply because it could be created or because someone thought it would be cool or because we're determined to improve on the old way of solving a problem. Much of the time, we don't really need it, and there may even be times when it's more trouble than it's worth.

Take bomb-detecting. Surely this seems like a worthwhile endeavor and something worth spending money on. So the U.S. armed services (and researchers in their employ) have spent millions on various types of metal detectors, special cameras, and chemical sniffers. This has resulted in about a 50% success rate in Afghanistan and Iraq.

Of course, being able to locate half of the IEDs (improvised explosive devices) scattered along a roadside or in a field is nothing to sneeze at. But you know what's proven to be much, much more effective? A dog. When dogs are used to patrol, that 50% jumps to 80% or more. And the thing is that DARPA (the Defense Advanced Research Projects Agency) has been trying to come up with something that's better than a dog since 1997. Can't do it. Apparently, there is nothing better than a dog. A well-trained dog is very, very good at detecting bombs. (Or hard drives, or dope, or people, or just about anything else you care to train a dog to detect.) There is simply nothing trainable on the planet that's better at literally sniffing things out. (Which makes sense. Consider that the typical human has about 5 million olfactory receptors in his or her nose, while a dog has more than 220 million such sensors. To be a dog is to inhabit a world much richer, more fragrant, and probably much more interesting than the drab one in which you and I live. Also, they get tummy rubs.)

Training and provisioning a dog costs money, of course. Some sources say that a trained bomb-sniffing dog can cost between $5,000 and $25,000 or more. (That's a rather large variance, of course. Perhaps a bomb-sniffing Bichon, being more . . . uh, portable, is worth more than a bomb-sniffing Doberman?) But even at the high end, that's much less than the cost of most hi-tech bomb-detection tools, and the dog is easy to operate and also serves other functions. And in the end, the dog simply works better than the hi-tech tools.

Bichons are SO cute that they look a bit like they
escaped from a comic strip. (Photo licensed under
the Creative Commons Attribution 3.0 Unported
license by user Rocktendo.)
Altogether, the Pentagon has, since 2004, spent about $19 billion on bomb-detecting gadgets and other hi-tech mechanisms meant to deal with insurgent networks and the IEDs they plant. (Even if a trained dog cost $20K, that means that our $19 billion would buy about 950,000 dogs. That's a lot of dogs. I'm pretty sure that if you simply let 950,000 trained dogs loose in Afghanistan, the war would be over in days. Although I'm not sure who will have to clean up the place afterward.) One of these hi-tech gadgets is VaDER (am I the only one who reads a certain evil malevolence into that acronym?), which DARPA would like us to believe stands for Vehicle and Dismount Exploitation Radar, but which is obviously just an excuse to come up with a Star Wars-themed anti-insurgency device. VaDER is a $138 million aircraft-mounted sensor that tracks moving targets from an aircraft. We don't really know how well VaDER works, because a spokesperson said only that it and related tools were "enormously useful." So, that's good; wouldn't want to spend that kind of money on something that was only "mildly useful" or "somewhat useful."

I like clever stuff, but we seem to have a facility for over-engineering solutions, is what I'm saying here. Do we really need a toilet seat that automatically closes when the user (a man, one assumes) walks away? Can't the guy just put the seat down? Or couldn't the next person to use the toilet simply put the lid down? How hard is it, really? Or maybe you need a connected weight-loss fork that vibrates when you've eaten too much! Or possibly some air-conditioned shoes? (These look suspiciously like . . . well, shoes with holes in them. Say, I guess I already have some air-conditioned shoes down in the basement! I would be willing to sell those to you for, oh, $30 each. That's $48 off!) How about a mug that lights up to indicate the temperature of its contents? So you can tell if your tea is too hot, I guess. Just take a sip, dammit! If it burns, it's too hot; go take a walk in your air conditioned shoes for a few minutes while your tea cools off a bit.

Tuesday, April 04, 2017

Your Car May Decide to Kill You. Or Not. It Depends.

I spent some time writing software and running the development side of StudyWare, a small software company based in San Diego, CA. And after our company grew large enough that we could afford to hire programmers and analysts who actually knew what they were doing, I spent several years managing those who wrote both the software and the content to be used with that software. (I can't tell you how nice it was when we got to the point where we could afford to hire real programmers. I truly enjoyed programming, and I think I did some clever stuff; but compared to the talented, experienced developers we hired, my efforts were laughably inelegant, unsophisticated, and clumsy. But hey, at least I was also slow.)

An early StudyWare software package. The
packaging and the software eventually
became much more sophisticated.
At any rate, the point is that I have been in the trenches, and I've worked with others who've been in the trenches even longer than I. So, I have indeed ridden the software dev dragon and I have tamed (or occasionally been tamed by) the beast.

In other words, when it comes to building and delivering software, I speak from experience. Thus, I can say with some confidence that software behavior is largely about decision-making: Your code does a particular thing until something happens, at which point it does something else. It's a very strict, Boolean environment; the code always behaves according to some very exacting logic. (Not always the logic you had intended, mind you, but that's a subject for a different post.) Essentially, a huge part of the functionality of software hinges on decisions made about whether something is true or false. If X has happened (that is, if it's true), then do Y.  For example, if the system's internal clock has counted out X number of seconds or minutes, then Y should now occur. (In this case, perhaps Y is that a bell should chime to let you know that it's time to go turn off the stove, call your mother, or move your laundry into the dryer.) Or, if the user has entered a particular word into a textbox, find and highlight all occurrences of that word in a document. That sort of thing.

It's a very pragmatic and ruthlessly logical approach. There's not a lot of room for . . . well, heart. Software doesn't feel.

And yet, programmers do have hearts. They do feel. They do have consciences. (I know a programmer who once worked for a defense contractor that built missiles. After several years of doing that, he was looking for a graceful way out for a number of reasons. One of those reasons had to do with the products he was designing. He said, "If I do my job well, somebody dies. If I do my job poorly, somebody else dies.") So, while software may be said to have no heart, we can definitely see examples of software that has to have, for lack of a better term, a conscience of sorts. Or more accurately, it can sometimes come to represent the programmer's or designer's conscience.

One increasingly obvious example of this has to do with the design of autonomous cars. You wouldn't think that conscience or morality would enter into something so utilitarian, but it turns out that programmers working on such devices are having to make decisions that are essentially moral. They involve not math but ethics. (Or more accurately—and much more interestingly—a combination of math and ethics.)

The S60, an experimental autonomous car from
Volvo. The S60 is classed as a Level 3
autonomous vehicle: the driver must be prepared
to take control if/when necessary. (Image used
under the Creative Commons Attribution-Share
Alike 4.0 International license.)
Part of the designer's job is to anticipate certain scenarios, and to program the automobile (in this case, it's truly an automobile) to respond appropriately to certain scenarios. Thus, the car watches for pedestrians who may step in front of the vehicle, vehicles that may run a red light and enter an intersection unexpectedly, traffic signals that are about to change, etc. It's actually very impressive that these systems can almost flawlessly respond to changes in the environment and that they usually render a decision that keeps drivers, passengers, and nearby pedestrians safe. (Of course, usually is not the same as always, so we have seen accidents, some of them fatal. This is dangerous stuff, after all, and we are on the bleeding edge of tech here.)

But imagine a scenario such as this: Bob is in an autonomous vehicle that's proceeding along a one-way, one-lane street, when suddenly a pickup truck enters from a side street on his right. Bob (well, in this scenario, Bob's car) has three options: the car can veer left, veer right, or plow straight ahead. (We'll assume for now that things are happening too quickly for braking to be effective.)

Nothing good can come from any of these options. Perhaps Bob veers left, up onto the sidewalk, where an older couple is slowly making their way over to a nearby vehicle. One possible result? Two dead elderly citizens. The car could veer right, but what if on the sidewalk to the right was a group of schoolchildren being led by a teacher at the front of the line and an adult aide at the end? Possible result? Dead or injured children, along with possible harm to the adult leaders. If the car continues straight ahead, it will T-bone the truck, and the impact will almost certainly harm or even kill the driver of the truck and his passenger; the crash might also harm or kill Bob himself.

You’re probably thinking that this is far-fetched, simplistic, and unrealistic. But it (or something like it) can occur; I would bet that this sort of thing happens at least weekly in every major city. (In 2016, there were 55,350 traffic accidents in Los Angeles, and 260 people were killed in those accidents. About 229 people died in New York City accidents that year.) Of course, when a person is driving the car, that person is responsible for the split-second decision he or she is about to make. Someone is going to get hurt, no matter what. And there often isn't time for a driver to consciously think about that decision; he simply reacts. Hopefully, no one is hurt.

But the programmers and designers and analysts who build autonomous vehicles have to consider such scenarios; they do have time to think, and they have to program into the system what they feel is an appropriate response. They must tell the vehicle, "When faced with this scenario, do this." Those programmers just made a life-or-death decision. They had no choice. They have to tell the car to do something, after all. (Keep in mind that opting not to do anything is also a decision.) They have to encode the system, the "brain" of the car, to behave in a certain fashion in response to certain inputs.

So, what should they decide? Assuming that the technology has advanced to the point that the car can tell what it's about to hit (and I think that is or soon will be the case), does Bob's autonomous vehicle veer left or right? Does it put Bob at risk, or some schoolkids? Or do we aim the car at the elderly couple? Are the schoolkids' lives worth more than the lives of the two older people? Or does the car determine that Bob must sacrifice himself?

It's interesting to talk about this kind of decision-making, of course, and I have had some enjoyable discussions (and even arguments) with students about this sort of thing. (And similar logic/ethic puzzles have been around since long before the advent of autonomous vehicles.) But for the purpose of this discussion, which decision the programmers should make isn't even the main point; the important thing is that we've reached a point at which such decisions have to be (and are being) made.

Technology and morality or ethics have always been connected, of course. After all, technology is used (and misused) by people, and people are moral animals. (Or, depending on your perspective, perhaps you feel they are amoral or even immoral animals.) So how we decide to use a technology, and for what purpose, may have always been a decision that has had an ethical component. (After all, I can use a handgun to protect my family, or I can use it to rob a bank or mug that elderly couple we were discussing a moment ago. Even a lowly hammer can be used to build a home or repair a fence, harm a person or destroy the display window of a downtown shop.)

So, having to consider an ethical component in a technology is certainly nothing new. But having to program an ethical component, having to make those sorts of decisions ahead of time and at a remove, is something that many of us have not considered until now. We (or the car's designers, at least) find ourselves in an uncomfortable position: how do we decide which lives are more valuable than other lives?

That's not a decision I would want to be forced to make.

Tuesday, March 21, 2017

Tennis, Pickleball, and Commas

 A few weeks ago, some very good friends of mine introduced me to something called pickleball. This is a game that's a sort of weird amalgamation of tennis and . . . well, maybe ping-pong or squash, I'm not sure, with perhaps some bastardized badminton thrown in for good measure. It's as if tennis and table tennis and squash and badminton all got together and had a particularly ugly baby. (Though I'm of the opinion that all babies are ugly. Except for mine. My babies were—and remain—beautiful.) I'm not sure I like pickleball very much, but I do like my friends quite a bit, and if I have to play such an odd game in order to spend some time with them and get a little exercise and fresh air, so be it.

A pickleball court. Oddly enough, the game was invented
in Washington state by a former state representative
named Joel Pritchard and a couple of his buddies. Mr.
Pritchard would eventually be elected to the U.S. House
of Representatives and later went on to become Lieutenant
Governor of the state of Washington. Go figure. (Image

licensed under the under the Creative Commons CC0 1.0
Universal Public Domain Dedication.)
I really prefer tennis, though, and naturally that got me thinking about commas. (Because when you're an English teacher, it doesn't take much to make you start thinking about commas.)

I was thinking about the fact that tennis is one of those "skill" games. It's not enough to be fast (I'm not), strong, (I'm definitely not), or athletic. (Hahahahah! Really?!) Those are enough to make you a somewhat decent handball or racquetball player, because even if the other guy is better than you (and almost anyone would be better than I), you might be able to simply out-athlete him. If you're in better shape and if you're quick, you might find that you can slap the ball hard enough, often enough, and quickly enough to eke out at least an occasional win. (Note: This will not work against a truly good racquetball player, but at least you'll probably avoid getting skunked. Maybe. You could always beg for mercy; once you've done it once or twice, it gets easier. Trust me, I know.)

Tennis, on the other hand,
You may be cool, but you will never
be as cool as Bill Tilden (1893 – 1953).
(Image in the public domain.)
requires serious practice before you can develop the basic skills you'll need just to keep the ball in play, never mind trying to be competitive. That's why a "tennis match" between two people who've never really learned the game quickly becomes a game of "let's hit the ball over the fence and into other people's courts and then chase it around until we get tired and then we can go have a beer." (Although that also sounds like fun.)

The key to enjoyable tennis (read: tennis that involves hitting the ball back and forth rather than over the fence and into a parking lot) is groundstrokes. You need a strong, consistent forehand and a solid backhand—those are the groundstrokes, and they’re the foundation of respectable tennis. Then you need a decent serve, which is not easy to develop. A strong, accurate overhand serve is made up of several moves, each one joined together and practiced and practiced and practiced until the whole thing becomes a seamless, smoothly choreographed ballet that ends with the server up on the toes of his left shoe (unless he's left-handed, in which case it'd be the toe of his right shoe) and a powerful downward stroke that imparts both velocity and spin to the ball and sends it careening toward your opponent. (A decent tennis player's serve could be as fast as 100 mph; some pros have been known to hit 160 mph or more. At that speed I wouldn't even be able to see the ball, but I might have a chance if I aimed my racket at the sound it made.)

To your serve and groundstrokes, add some agility and anticipation, and you have a skillset that will take a tennis player a long way. Tack on a basic understanding of strategy and court geometry, and you have what could be pretty decent tennis player—but one who will lose every match.

Why will our hypothetical player lose every match? Because, although she has some decent skills, she does not have an understanding of the rules of the game. We've taught her to hit the ball, but not when or where to hit it. She does not realize that she must serve from behind the baseline and is not allowed to step across that line until after the ball leaves the racket. (That would be a “foot fault.”) She does not know that her serve must land in the opposite forecourt. (To hit it elsewhere would be a “fault.”) She does not realize that the ball can only bounce once before she hits it, nor that she can only hit it once (no “double-taps” or “double-touches” allowed). She does not understand that when she hits the ball, it must land within the confines of the court itself, in front of the baseline and within the appropriate set of (doubles or singles) sidelines. She probably does not know that if her (first or second) serve hits the net but still lands in the appropriate forecourt, she gets to serve again, with no penalty. (That's a "let serve.") She does not understand that to fault twice (unsurprisingly, this is called a "double fault") is to lose the point. (Which wouldn't much matter to her, given that she also does not know how to keep score.)

I'm in no position to teach tennis, but I do teach writing, generally basic composition courses, and mainly to new or returning college students. (To those steeped in academe, that probably doesn't sound terribly exciting, but I must say that I enjoy it a great deal; we can't all teach Biblical Imagery in Proust or Victorian Prose & Poetry, and it's a pleasure to see students who had previously been unsuccessful in English courses discover that they actually can understand this stuff.)

You wouldn't think that someone could write an
entertaining, educational, and occasionally even
funny book about punctuation, but you would be
wrong. The title comes from, of all things, a joke
about a missing serial comma. Honestly, you
should buy this book.
I'm aware, of course, that the most important thing in a paper, essay, or article is the analysis and presentation of (and transition between) ideas and the synthesis of those ideas into something of your own. If you have no ideas or no understanding of someone else's ideas, there's no way in the world that you'll be able to craft a coherent, cohesive essay. It does no good to drill students in the intricacies of commas and semicolons if they are unable to articulate ideas—or if they simply have no ideas.

But I am after all old and curmudgeonly, so I don't like to gloss over the rules of grammar and usage. I think they're important. I'm not going to say to a student, "Oh, don't worry. It's OK that you have no idea when to capitalize or where to place a comma or how to make a subject agree with its predicate. After all, it's the ideas that are important."

Ideas are important, but as in tennis, so are those finicky little rules. It's just "custom," and customs do change, of course. But we can communicate with one another only because of those agreed-upon customs, and sometimes that stuff matters.

Take the serial comma, often called the Oxford or Harvard comma. This is the comma that, in a list of three or more items, precedes the coordinating conjunction used to connect those items. Consider the following sentence: We ate tofu, broccoli, and sauerkraut at Larry's house. (Remind me never to visit Larry at dinnertime. Remind me also to decline any offers of a sleepover.) In that sentence, "and" is the coordinating conjunction in the list, and the comma that precedes it is the serial comma.

The serial comma is sometimes considered optional, and indeed its absence often does not much matter; many sentences are perfectly clear without it. But the absence of the serial comma can occasionally lead to ambiguity, and recently that ambiguity cost a large Maine dairy company millions of dollars when a court ruled that a state law was itself ambiguous because such a comma was not present. The absence of the comma, said the Court, rendered unclear the meaning of a Maine statute relating to how overtime is calculated. In cases of ambiguity, the Court always rules in favor of the worker over the company, and thus the workers' suit prevailed, resulting in a $10 million payout to the dairy's 75 milk truck drivers. (There's a very nice write-up of the decision and its grammatical and legal ramifications in a recent issue of The New Yorker.) The absence of the comma, and the ambiguity that resulted from that absence, earned each of those drivers more than $133,000. That's a lot of money for a comma. For that much money, I would expect several commas and a semicolon, with perhaps an em dash or two thrown in for good measure.

So… As in tennis, also in writing. The rules do matter. Grammar, usage, spelling, and the rest all count because they provide clarity. Regardless of the importance of your ideas, regardless of the truth of your ideas, they will have no impact if a reader cannot make sense of the way you've presented them, simply because you've not mastered the rules that frame that presentation.

Sunday, March 05, 2017

The Sky Isn't Falling. Yet.

I really love the Internet. I get a kick out of technology in general, of course, but I'm crazy about the Internet in particular. When you think about what it's given us—communication, information, empowerment, and more—it's difficult to come up with too many other technologies that have had this great an impact. To a great extent, the Internet has truly democratized information.

And yet . . .  When I stop and think about it, I kind of freak out. I mean, I don't want to sound alarmist or anything, and I generally like to stay calm about the issues, but I THINK WE'RE ALL TOTALLY SCREWED!!

OK, there. I feel better now. I'm calm. But here's what I mean…
This is Hollywood Presbyterian Medical Center in East
Hollywood, CA. The hospital paid $17,000 to recover
its ransomed data files.
Let’s start with ransomware: This is malware that, when accidentally downloaded (generally by people who have ignored the basic security rules that tech people keep trying to get them to follow), encrypts your files, which it then holds for ransom. (The ransom varies, but $300 to $500 or so is a typical ballpark: enough to make it worthwhile for the bad guys, and just barely cheap enough for most of us to at least consider paying the ransom.) In most cases, the encryption is done very well and very quickly; you are not getting those files back unless you pay the ransom. (Or unless you have a good backup and know how to restore your files from that backup.)

Businesses and individuals have been getting hit with ransomware regularly, but more recently, the bad guys have discovered other tempting targets: municipal entities, law enforcement agencies, and hospitals, for instance. Think about it: A small police department or hospital has data that is very important, sometimes literally a matter of life and death, including such things as patient records, info from medical devices (sometimes from various implants), evidence stored for court cases, and more. This is critical stuff. The data should have been backed up and the organization should have a relatively bulletproof backup-and-restore process in place, but many such entities do not. That's why the combination is almost irresistible to bad guys: These organizations have critical data they cannot afford to lose, and crappy (or sometimes non-existent) IT departments. The result? These are big, juicy targets; crooks can easily mount an attack, and the payoff can be big.

How big? Last year, bad guys encrypted data from the Hollywood Presbyterian Medical Center, and demanded $3.4 million (in untraceable Bitcoin, a digital cryptocurrency) to give it back. Hospital executives declared a state of emergency and employees reverted to paper and faxes. (Ironically, it's sometimes possible to negotiate with the thieves; in this case, the hospital eventually paid about $17,000 to get its files back. Still, $17,000 is a pretty good chunk of change)

Of course, there are other attacks, and other types of attacks.

Last December 23rd, unknown intruders (possibly state-sponsored actors under Russian control, though this remains unproven) hacked into the computers of the Ukraine's (please do not ask me to pronounce this) Prykarpattyaoblenergo electrical control center. Operators watched, dumbfounded and helpless, as the intruder simply navigated through onscreen menus, shutting down some 30 electrical substations, one mouse-click at a time. The hacker then disabled backup power supplies in two of the region’s three electrical distribution centers, leaving all concerned literally and figuratively in the dark.

About 230,000 people were suddenly without electricity in an area where the temperature that evening dropped to around 14 degrees Fahrenheit. (Lest you think that the U.S. power grid is more secure and sophisticated than a control center in Ukraine, note that many experts said that the Ukrainian station was better secured than many U.S. stations.)
This is the first known hack of a power grid that resulted in a power outage of that size, but it's probably not the last. (For a sensational—some reviewers said sensationalist—read on the subject, see Ted Koppel's Lights Out.) The reality is that, as unsecure as our private infrastructures (see the hospitals and corporations mentioned above) are, many government and quasi-government infrastructures are even more disorganized and less secure. (If this surprises you, then you haven't been paying attention to news of the DNC—and now RNC and other—hacks. Also, you've never been in the Army.)

Here's the problem in a nutshell: We took an inherently unsecure technology, the Internet (which was created to share, not hide, information), and made it into the backbone of both our infrastructure and our economy. We've taken steps to make it more robust and mitigate its weaknesses, but the reality is that just about everything—from our power grid to our banking industry and from hospitals to law enforcement—now runs on what turns out to be a vulnerable and easily crippled technology.

And it's going to get worse as the Internet of Things takes hold. The IoT involves connecting literally billions of things to the Internet, everything from your toothbrush to your thermostat and from your doorbell to your dog’s water bowl. Those connections will, for the most part, make your life much easier. Until suddenly they don't.

Take baby monitors, for instance. It's comforting to know that your child is safe and snug in his bed; being able to hear the cooing sounds your toddler makes as he sleeps is soothing. Hearing the voice of some stranger speaking to your child through the monitor is definitely not soothing, but it has happened on occasion. Why? Well, the baby monitor is on your wireless network, and is probably not very well protected. Neither you nor the manufacturer took steps to secure that device.

This is just one of several brands of baby monitor
that has been hacked.
But the technology itself is not the only major problem. The other weakness is . . . well, us. Any security pro will tell you that the biggest vulnerability is human, the people standing between the palace door and the storeroom in which the crown jewels are held. Basically, people are not very good at security, because we're lazy, na├»ve, and entirely too nice. We really, really want to be helpful, so when we get an email asking for information, we're all too ready to part with that information. When someone claiming to be a hardware tech or copier repair person shows up at a place of business with a clipboard, a baseball cap with a company logo, and a good story, people are almost always willing to "help" him by parting with names, phone numbers, even passwords.

Almost without exception, we are the weak link in the security chain. We click links in phishing emails, visit sketchy websites, download suspicious files, and answer the (seemingly innocent) questions of people who wander into our places of business. We place all our very personal information on the Internet for anyone to see: between Facebook, LinkedIn, and Twitter, anyone looking for information about you or your business has all he needs. 

Chris Hadnagy is a security expert and a penetration tester; companies pay him to break into their networks in order to uncover flaws. Chris says that he can "social engineer" (read: schmooze, lie, or finagle) his way onto any corporate network well over 90% of the time. Years ago, says Chris, the difficult part of his job was uncovering enough information to be able to mount a convincing deception. Now, he says, with all the information floating around on the Internet, his biggest problem is sifting through the tons of data available to decide which pieces are most useful.

Still, a hacked baby monitor or an individual who’s fallen victim to ransomware is not what worries me. We can learn to protect ourselves; if we don't, then we have only ourselves to blame.

But state-sponsored attacks on infrastructure are another story. Weapons are rarely made without someone wanting to find an excuse to use them, and the Internet is, among other things, a weapon. It's simply too terrifyingly easy to conduct an attack that could turn into a full-blown cyber war. A digital attacker risks nothing, really. It's a form of warfare that, unlike all other forms, is cheap, fast, simple, and deniable. That’s a temptation too alluring to ignore. You can engage an enemy anonymously from half a world away, and there's absolutely no risk that you or any of your fellow "soldiers" will get hurt. You can cripple a region—or possibly an entire country—with just a few well-placed strikes. Whether the attacker is a state actor (or someone who operates at the behest of such actors) or an independent guerilla operator, the technology is too available, the risk is too small, and the payoff too big to ignore.

And that is what worries me. I do believe that we will eventually address many or even most of these security issues, but I suspect that our actions will be reactive in nature: nothing will be done until something very bad happens, and then suddenly security will be on everyone's mind, from our legislators to our law enforcement people, and from infrastructure developers to IoT manufacturers.

We should probably be thinking about such matters before the sky starts falling.

Monday, February 20, 2017

Dancing Marmots & Book Contracts

I'm often asked how I "got a book contract."  It usually comes out as, "How did you get a book contract?!" With the "you" italicized and the sentence concluded with a stunned interrobang. As if the idea were as unfathomable as watching a troupe of dancing marmots sing opera.

And I have to admit that I occasionally feel the same way.

A marmot. This marmot is not singing and dancing, but it was, just
before this photo was taken. Now it is resting, in preparation for its
next performance. [Image licensed under the Creative Commons
Attribution-Share Alike 3.0 Unported license. Contributed by user
Often the people who ask this question are writers themselves, or possibly wannabe-writers. They're looking for some "secret," some arcane knowledge that would allow them to make the same leap. And why not? Many are in fact excellent writers who deserve the opportunity to publish, to get their work out in front of as many eyes as possible. (Though, keep in mind that publishing is only one part of the equation. The thing that really sells books, apart from word-of-mouth, is marketing. That's a completely different set of skills, an undertaking at which many of us writerly-types are woefully deficient. I would like to think that I'm a decent writer, but I know I am a terrible marketer.)

In any case, and not at all surprisingly, it turns out that there is no single, simple route to getting your book published. I kind of fell into it. But it was a very long fall, lasting some 35 years or so.

I like to think that there's some skill involved, something that is both art and craft, and often both at once. I had years of experience: I had written newspaper articles and radio news pieces for media outlets in Oregon as far back as 1979, and my first published magazine piece was in 1984, for a (now-defunct) magazine called Electronic Learning. (I'm almost positive that the publication of my article had nothing to do with the mag's swift decline and sudden demise soon afterward.) This writing was what I think of as "craftwork." It was journeyman stuff, deadline-driven pieces that filled a specific number of column inches, and done on deadline. The editor would say that he needed 6 1/2 column inches on that night's school board meeting and he needed it by 11:30 p.m. And that's what a responsible, skilled journalist would deliver: exactly 6 1/2 column inches, no more and no less, at or before 11:30 p.m. (Editors were fond of saying that the only reason they needed my copy at all was to "keep the ads from bumping into each other." Editors were not big on patting you on the back.)
Yes, I actually still have a copy of that very
first article.
This sort of environment did not lend itself to agonizing over one's muse, or waiting for inspiration. One did not wait; one wrote. Quickly, and on command. It was good training.

Years later I spent some time writing freelance articles for a family of computer magazines, after which I was offered a position as editor of one of those magazines. That was truly a learning experience. I worked with a number of very good writers and learned a great deal about production, creating editorial calendars, dealing with advertisers, scheduling, working with other editors, and the like. It was like going to school all over again, except that this time they paid me.

So I went into this with some background, but mainly . . . Well, I got lucky.

One day, Lesley and I were in Barnes & Noble when I happened upon a B&N edition of Joshua Slocum's Sailing Alone Around the World. As someone who loves boats and sailing, I had read that book before, so I was enjoying flipping through it. As we stood there, I said to Lesley that it was kind of a shame that the book was probably not going to be read by many outside the nautical fraternity: The language and what had once been contemporary historical references were obsolete, and much of the book was filled with specialized nautical jargon, some of which was also archaic. I commented that it would be nice to see an annotated version of the book so that it could draw a wider audience. At that point, Lesley called my bluff and suggested that I write an annotated version.

And so I did. Actually, I annotated one sample chapter, wrote up a pitch, and sent it off to a group of six publishers with a history of publishing books with nautical content. I received back a couple of TNT (thanks-but-no-thanks) letters, and that was about it. Then, several weeks later, I heard from Sheridan House Publishing, a (very) small publisher that specialized in boating books of various sorts. After some back-and-forth negotiation (at first, they wanted me to annotate the entire book and then they would think about a contract, but I asked for a contract beforehand, since annotating the entire book would take many months), we came to an agreement, and they sent out a contract and a small advance. The annotated version of Sailing Alone was published in the early spring of 2009.

Soon after, I pitched the idea of another annotation, this one of Richard Henry Dana's classic, Two Years Before the Mast. Sheridan House said yes, sent out another contract and another advance, and we were off to the races.

Except that as I was finishing up the Dana book, the publishing company was sold to another publisher, a much larger company with dozens of imprints.

I wasn't sure whether this was good or bad for me, to be honest, but it ended up being an excellent development. The new publisher, Rowman & Littlefield, had more resources (not that a no-name author such as myself would have much access to those resources). More importantly, because it actually runs a large group of smaller publishers, that meant that when I pitched R&L another book, there was every possibility that there would be a fit someplace in the organization. And because I was pitching to the editor who oversaw all of those imprints, that meant that I was actually pitching to dozens of smaller publishers at once. It was very efficient.

And, as luck would have it, the R&L acquisitions editor thought that my idea for a book called Leveling the Playing Field was a good one, and he was willing to publish it. Almost two years later, Leveling was published by one of those imprints, Lyons Press.

And that's how I came to be in charge of a troupe of dancing, singing marmots.

Sunday, February 05, 2017

A New Addition to Our Home

Lesley has a new BFF. I wouldn't mind this, really, except that without even asking me, she has invited her new friend to move in with us! Admittedly, the new addition's not a lot of trouble. She's small and stays out of the way; she's quiet most of the time, eats almost nothing, and occasionally even proves herself helpful around the house. I suppose I should just be glad that she's low-key and doesn't cause problems.

Her name is Alexa. She's an Echo Dot, a gift from Amy and Karl this past Christmas. And honestly, she's pretty cool. I mean, for a little hockey puck-sized block of plastic and metal. I can walk past the table on which she sits and say, "Alexa, what is the temperature?" and she'll reel off the local temps and the forecast for the rest of the day. I can also ask her who wrote a particular song or who is the current Secretary of Education (Really, Rod? Did you go there?!), and she'll give the correct answersand without any snarky political asides, too. (Which is more than I can say for my friends. Or me, for that matter.) Lesley likes to have Alexa read her a summary of the news (via NPR, I think) in the morning, but I can't stand to have inanimate objects yammering at me first thing in the morning. I'm not a whole lot better with animate objects yammering at me, actually. What I like early in the morning is quiet. And coffee. And puppies. Puppies would be good.

You can acquire additional "skills" (read: apps) for Alexa, some of which are free, and many of which integrate Alexa with various appliances or utilities, including smart thermostats ("Alexa, please turn the temperature up 2 degrees."), smart lights ("Alexa, please turn off the lights in the upstairs hallway."), and smart sewing machines ("Alexa, please repair the tear in my orange suit jacket."). OK, I made that last one up. I don't really have an orange suit. I mean, c'mon, who would wear an orange suit?!

So Alexa is actually very cool. I can see us getting sucked into an Amazon Prime membership any day now, since her abilities are greatly enhanced if you're a Prime member. (Hey, wait a minute… You don't suppose that was the idea, do you?)

Now, if you love overpriced coffee (and who doesn't?), you'll be happy to hear that there's a new smartphone app coming from Starbucks that will allow you to order, build, and pay for your pumpkin spice latte, triple shot espresso, Frappuccino, or whatever. The app will also be integrated with Alexa, so that once you tell the app your "usual" Starbucks order, you can just say, "Alexa, order my Starbucks" and head out the door. By the time you get to Starbucks, your order should be made, bagged, and paid for, with your name already conveniently misspelled on the cup.

Alexa will also be integrating with products from various other companies, including GE, Ford, and Mattel, and that worries me a little bit. It sounds like fun, and I'm sure that some of these integrations will prove useful, but still, I wonder.

For instance, in 2015 Mattel introduced a talking Barbie. It was not a big hit, because an Internet-connected doll that could carry on a conversation with your small child was perceived as more than a little creepy. It was also thought to be a possible security/privacy risk. (And, at $74.99, it was a bit expensive, too.) Nonetheless, in spite of the predictable (and quite possibly justified) hue and cry that followed the release of Hello Barbie, the toy is still available at various outlets. (Including Kohl's and Amazon.)

But back to Alexa. So, what happens if Hello Barbie and Alexa end up in the same household? What if Barbie's chatter triggers Alexa? Could your child's new doll use Alexa to order something from Amazon? If so, I hope it's something expensive. Maybe a nice watch. Currently the most expensive wristwatch I've found on Amazon is the Arnold & Son GMT II Tourbillon in 18K white gold. It will set you back a cool $186,912. Now, I know that seems like a lot of money for a watch, but keep in mind that it's self-winding. (Also, don't forget to add the $4.49 shipping. Seriously. Because you wouldn't want to skimp on shipping that baby. Honestly, I was going to order this for myself, but then I saw the $4.49 shipping charge and I thought, "Dang! Well, that's kind of a deal-breaker, right there!) 

Perhaps one could hack into a Hello Barbie and get her to have Alexa order this watch. Wouldn't Dad be surprised?! For that matter, what if we just stood outside someone's house, possibly near a picture window or a mail slot, and shouted, "Alexa! Order this watch for me!" Sooner or later we'd hit a house with an Amazon Echo or Echo Dot sitting close enough for this to work, right?

Now, if you do happen to order that watch using my Amazon Associate link, you will have just paid for my trailer and possibly a new Honda Rebel motorcycle. Just something for you to keep in mind. Not that I'm begging. Begging would probably be . . . unseemly. Heck, I'll bet I could even afford a shiny new orange suit.

Tuesday, January 24, 2017

Stuff I Don't Want

As Lesley and I count down toward retirement and the move to Oregon, we've begun making decisions about what to take, what to sell, and all like that. In other words, since we'll need very little in Oregon, at least for the time being, we're divesting ourselves of as much as possible. After all, why pay to ship stuff to Oregon and then pay to store it once we get there?
I'm told by people who should know (e.g., people
whom I am married) that I buy entirely too many
cars. Which is ridiculous, of course. This is "Winnie,"
a 1957 MG.
This exercise has made it apparent that I have too much stuff. The thing is, I like stuff; always have. Books, for instance. I love books, and getting rid of them is difficult, almost painful. Of course, books are very heavy and take up a lot of space. The ones I really need, I'll keep, and I can buy (or check out from the library) digital versions of other books as they come along. I love books, I truly do—their heft and smell and feel, even the sound they make when you turn a page. But there are ecological and economic imperatives at work here; as wonderful as printed books are, it doesn't make a whole lot of sense to attach weight (in the form of paper) to a weightless commodity (information) and then pay to ship that information all over the world. At least, not all the time, and not when you have other alternatives.

And a 1969 VW bug. Because look at it! How could
I pass it up?
But it's not just books; there are other things, too. I guess I've always been somewhat acquisitive. Like a crow. I need new things. Shiny things. And even if I don't need them, well, I need them, you know? So over time, I have collected stuff: I have tools and guns and guitars and computers and . . .  well, lots of things that I really, really wanted at the time. (Cars, too, but I purposely didn't mention that. No need to remind Lesley of how many cars I've had over the course of our marriage. On the other hand, we've been married almost 30 years, and I'm almost positive that I haven't had 30 cars during that time, so really, I'm doing pretty well. Not an issue. A non-problem. Completely under control. You know, in case she should happen to mention it.)

And a '69 Ford Bronco that I might have accidentally
On the other hand, in spite of my love of technology, I keep encountering techie things for which I have absolutely no desire. They strike me as either silly, overpriced, useless, or (perhaps worst of all) as potential security/privacy risks.

Here's a list of "cool tech stuff" that I don't want:  

  1. Smart watches. I really like watches, but I like analog watches that don't try to do anything except tell the time—and maybe the date, although that's getting awfully fancy. I don't really need a watch that buzzes to tell me that I just received an email on my smartphone, which is right there in my pocket and which already buzzed anyway to tell me the same thing. Actually, I have a bunch of watches; I should probably get rid of some once I retire. I mean, one of my retirement goals is to not give a damn what time it is, so who needs a bunch of watches? Especially when at any given time at least half of my watches are sitting in a forlorn little pile, awaiting a trip to the store for new batteries.
  2. Smart TVs. I really just want a TV that works well and to which I can connect Web-enabled goodies (Roku, Chromecast, etc.) when—and only when—I choose to. (Because, after all, life without Netflix would not be worth living.) That way, when the Roku (or whatever such unit) dies, I still have a TV.
  3. Autonomous cars, trains, planes, skateboards, unicycles, etc. Yeah, count me out. I know too much about software to feel comfortable in two tons of remote-controlled steel and plastic and glass careening down the highway at 70 mph under the control of a bunch of programmers who may or may not have gotten enough sleep before writing the "avoid accident" subroutine. (And Lesley could never handle being in an autonomous car; she can't stand not to be the one driving. She'll only grudgingly let me drive; she's certainly not going to allow a computer program to drive.)
  4. Foldable phones, computers, and screens. If it's small enough to drop into a pocket, it's at risk of being sent through the wash, and I have enough trouble with Kleenex, flash drives, business cards, and packets of gum. I definitely can't risk a $600 foldable phone. Anything that folds up to fit in a pocket would either go through the wash or get lost. 
  5. Laptops with touchscreens. I can see the need if you're an artist, say, working on a larger system (maybe an all-in-one) and you're actually drawing on the screen, but what I really want is a very thin, very light laptop. And if it's that light, it'll tip every time I attempt to poke at the screen with my clumsy finger. And besides, a mouse and trackpad was good enough for Grandma and Grandpa, right?!
  6. Fitness trackers. Not for me. I don’t need a machine watching over my caloric intake and exercise levels; I'm married, after all. Also, I'm not fit enough—and don’t plan to get fit enough—to require tracking.
  7. Web-enabled toothbrushes. Or forks, kitchen scales, or vacuum cleaners. Yes, all of these things exist. The Internet of Things (IoT) is pretty amazing and, in many cases, very useful. But there seems to be this rush to connect everything to the Web, largely as a way for one to differentiate one's product from one's competitor's products. Not a smart move, security-wise; keep in mind that everything is hackable, and then think about the potential security risks inherent in even practical-sounding IoT gadgets such as thermostats, toaster ovens, fire alarms, baby monitors, etc. In any event, sometimes it seems a little silly. A Web-enabled coffee pot? Really? A connected trashcan that posts to Facebook? An IoT egg tray? Internet-connected diapers? A connected dog treat dispenser—with video chat, no less? (Speaking of which, there's also a dog fitness tracker.) Yes, all of these things really do exist, and many more, besides, and I neither have nor want any of them. (Although Annie-The-Dog might vote for the Web-enabled treat dispenser. Then again, she's pretty smart. She'd probably figure out a way to hack into it, and then we'd wonder why we were going through 12 lbs. of dog treats every week. And why she can no longer make it around the block without being carried—not that we could lift her.)

Actually, I guess I kinda like "dumb" stuff. I like having a device that is dedicated to doing one thing and which does it very well. Having a tool that's mediocre at half a dozen things doesn't do much for me. (It is possible to create a multifunction device that does several things very well, of course. Our computers and smartphones are proof of that. But it's fairly rare, and almost never on the first iteration of a technology.)
My current vehicle. We needed something to pull
the trailer, after all.
Come to think of it, when Lesley and I were first thinking about getting an RV, that's why we decided to buy a trailer instead of a motorhome. Motorhomes are awesome for full-timers (or almost full-timers), of course, but they're full of the sorts of compromises that are unavoidable when you want something to fulfill more than one function. Our biggest objection to a motorhome, though, was that we'd be paying for an engine and running gear that would end up sitting in storage for several months out of the year. Since we already have (and are paying for) an engine and running gear in the form of a very nice pickup truck, why buy another vehicle that's going to sit underutilized while we continue to pay for it?

This does not even count. It only has two wheels, right?
So... Maybe half a car?
Similarly, I'm not crazy about paying for an Internet-enabled toaster oven that I can control from my office when I would only do that once in a great while. Even when I'm not communicating with it over the Internet, I'm still paying for the ability to control it from my office. And I especially don't like the idea that some other person might figure out how to control it from his office.