Tuesday, March 21, 2017

Tennis, Pickleball, and Commas

 A few weeks ago, some very good friends of mine introduced me to something called pickleball. This is a game that's a sort of weird amalgamation of tennis and . . . well, maybe ping-pong or squash, I'm not sure, with perhaps some bastardized badminton thrown in for good measure. It's as if tennis and table tennis and squash and badminton all got together and had a particularly ugly baby. (Though I'm of the opinion that all babies are ugly. Except for mine. My babies were—and remain—beautiful.) I'm not sure I like pickleball very much, but I do like my friends quite a bit, and if I have to play such an odd game in order to spend some time with them and get a little exercise and fresh air, so be it.

A pickleball court. Oddly enough, the game was invented
in Washington state by a former state representative
named Joel Pritchard and a couple of his buddies. Mr.
Pritchard would eventually be elected to the U.S. House
of Representatives and later went on to become Lieutenant
Governor of the state of Washington. Go figure. (Image

licensed under the under the Creative Commons CC0 1.0
Universal Public Domain Dedication.)
I really prefer tennis, though, and naturally that got me thinking about commas. (Because when you're an English teacher, it doesn't take much to make you start thinking about commas.)

I was thinking about the fact that tennis is one of those "skill" games. It's not enough to be fast (I'm not), strong, (I'm definitely not), or athletic. (Hahahahah! Really?!) Those are enough to make you a somewhat decent handball or racquetball player, because even if the other guy is better than you (and almost anyone would be better than I), you might be able to simply out-athlete him. If you're in better shape and if you're quick, you might find that you can slap the ball hard enough, often enough, and quickly enough to eke out at least an occasional win. (Note: This will not work against a truly good racquetball player, but at least you'll probably avoid getting skunked. Maybe. You could always beg for mercy; once you've done it once or twice, it gets easier. Trust me, I know.)

Tennis, on the other hand,
You may be cool, but you will never
be as cool as Bill Tilden (1893 – 1953).
(Image in the public domain.)
requires serious practice before you can develop the basic skills you'll need just to keep the ball in play, never mind trying to be competitive. That's why a "tennis match" between two people who've never really learned the game quickly becomes a game of "let's hit the ball over the fence and into other people's courts and then chase it around until we get tired and then we can go have a beer." (Although that also sounds like fun.)

The key to enjoyable tennis (read: tennis that involves hitting the ball back and forth rather than over the fence and into a parking lot) is groundstrokes. You need a strong, consistent forehand and a solid backhand—those are the groundstrokes, and they’re the foundation of respectable tennis. Then you need a decent serve, which is not easy to develop. A strong, accurate overhand serve is made up of several moves, each one joined together and practiced and practiced and practiced until the whole thing becomes a seamless, smoothly choreographed ballet that ends with the server up on the toes of his left shoe (unless he's left-handed, in which case it'd be the toe of his right shoe) and a powerful downward stroke that imparts both velocity and spin to the ball and sends it careening toward your opponent. (A decent tennis player's serve could be as fast as 100 mph; some pros have been known to hit 160 mph or more. At that speed I wouldn't even be able to see the ball, but I might have a chance if I aimed my racket at the sound it made.)

To your serve and groundstrokes, add some agility and anticipation, and you have a skillset that will take a tennis player a long way. Tack on a basic understanding of strategy and court geometry, and you have what could be pretty decent tennis player—but one who will lose every match.

Why will our hypothetical player lose every match? Because, although she has some decent skills, she does not have an understanding of the rules of the game. We've taught her to hit the ball, but not when or where to hit it. She does not realize that she must serve from behind the baseline and is not allowed to step across that line until after the ball leaves the racket. (That would be a “foot fault.”) She does not know that her serve must land in the opposite forecourt. (To hit it elsewhere would be a “fault.”) She does not realize that the ball can only bounce once before she hits it, nor that she can only hit it once (no “double-taps” or “double-touches” allowed). She does not understand that when she hits the ball, it must land within the confines of the court itself, in front of the baseline and within the appropriate set of (doubles or singles) sidelines. She probably does not know that if her (first or second) serve hits the net but still lands in the appropriate forecourt, she gets to serve again, with no penalty. (That's a "let serve.") She does not understand that to fault twice (unsurprisingly, this is called a "double fault") is to lose the point. (Which wouldn't much matter to her, given that she also does not know how to keep score.)

I'm in no position to teach tennis, but I do teach writing, generally basic composition courses, and mainly to new or returning college students. (To those steeped in academe, that probably doesn't sound terribly exciting, but I must say that I enjoy it a great deal; we can't all teach Biblical Imagery in Proust or Victorian Prose & Poetry, and it's a pleasure to see students who had previously been unsuccessful in English courses discover that they actually can understand this stuff.)

You wouldn't think that someone could write an
entertaining, educational, and occasionally even
funny book about punctuation, but you would be
wrong. The title comes from, of all things, a joke
about a missing serial comma. Honestly, you
should buy this book.
I'm aware, of course, that the most important thing in a paper, essay, or article is the analysis and presentation of (and transition between) ideas and the synthesis of those ideas into something of your own. If you have no ideas or no understanding of someone else's ideas, there's no way in the world that you'll be able to craft a coherent, cohesive essay. It does no good to drill students in the intricacies of commas and semicolons if they are unable to articulate ideas—or if they simply have no ideas.

But I am after all old and curmudgeonly, so I don't like to gloss over the rules of grammar and usage. I think they're important. I'm not going to say to a student, "Oh, don't worry. It's OK that you have no idea when to capitalize or where to place a comma or how to make a subject agree with its predicate. After all, it's the ideas that are important."

Ideas are important, but as in tennis, so are those finicky little rules. It's just "custom," and customs do change, of course. But we can communicate with one another only because of those agreed-upon customs, and sometimes that stuff matters.

Take the serial comma, often called the Oxford or Harvard comma. This is the comma that, in a list of three or more items, precedes the coordinating conjunction used to connect those items. Consider the following sentence: We ate tofu, broccoli, and sauerkraut at Larry's house. (Remind me never to visit Larry at dinnertime. Remind me also to decline any offers of a sleepover.) In that sentence, "and" is the coordinating conjunction in the list, and the comma that precedes it is the serial comma.

The serial comma is sometimes considered optional, and indeed its absence often does not much matter; many sentences are perfectly clear without it. But the absence of the serial comma can occasionally lead to ambiguity, and recently that ambiguity cost a large Maine dairy company millions of dollars when a court ruled that a state law was itself ambiguous because such a comma was not present. The absence of the comma, said the Court, rendered unclear the meaning of a Maine statute relating to how overtime is calculated. In cases of ambiguity, the Court always rules in favor of the worker over the company, and thus the workers' suit prevailed, resulting in a $10 million payout to the dairy's 75 milk truck drivers. (There's a very nice write-up of the decision and its grammatical and legal ramifications in a recent issue of The New Yorker.) The absence of the comma, and the ambiguity that resulted from that absence, earned each of those drivers more than $133,000. That's a lot of money for a comma. For that much money, I would expect several commas and a semicolon, with perhaps an em dash or two thrown in for good measure.

So… As in tennis, also in writing. The rules do matter. Grammar, usage, spelling, and the rest all count because they provide clarity. Regardless of the importance of your ideas, regardless of the truth of your ideas, they will have no impact if a reader cannot make sense of the way you've presented them, simply because you've not mastered the rules that frame that presentation.

Sunday, March 05, 2017

The Sky Isn't Falling. Yet.

I really love the Internet. I get a kick out of technology in general, of course, but I'm crazy about the Internet in particular. When you think about what it's given us—communication, information, empowerment, and more—it's difficult to come up with too many other technologies that have had this great an impact. To a great extent, the Internet has truly democratized information.

And yet . . .  When I stop and think about it, I kind of freak out. I mean, I don't want to sound alarmist or anything, and I generally like to stay calm about the issues, but I THINK WE'RE ALL TOTALLY SCREWED!!

OK, there. I feel better now. I'm calm. But here's what I mean…
This is Hollywood Presbyterian Medical Center in East
Hollywood, CA. The hospital paid $17,000 to recover
its ransomed data files.
Let’s start with ransomware: This is malware that, when accidentally downloaded (generally by people who have ignored the basic security rules that tech people keep trying to get them to follow), encrypts your files, which it then holds for ransom. (The ransom varies, but $300 to $500 or so is a typical ballpark: enough to make it worthwhile for the bad guys, and just barely cheap enough for most of us to at least consider paying the ransom.) In most cases, the encryption is done very well and very quickly; you are not getting those files back unless you pay the ransom. (Or unless you have a good backup and know how to restore your files from that backup.)

Businesses and individuals have been getting hit with ransomware regularly, but more recently, the bad guys have discovered other tempting targets: municipal entities, law enforcement agencies, and hospitals, for instance. Think about it: A small police department or hospital has data that is very important, sometimes literally a matter of life and death, including such things as patient records, info from medical devices (sometimes from various implants), evidence stored for court cases, and more. This is critical stuff. The data should have been backed up and the organization should have a relatively bulletproof backup-and-restore process in place, but many such entities do not. That's why the combination is almost irresistible to bad guys: These organizations have critical data they cannot afford to lose, and crappy (or sometimes non-existent) IT departments. The result? These are big, juicy targets; crooks can easily mount an attack, and the payoff can be big.

How big? Last year, bad guys encrypted data from the Hollywood Presbyterian Medical Center, and demanded $3.4 million (in untraceable Bitcoin, a digital cryptocurrency) to give it back. Hospital executives declared a state of emergency and employees reverted to paper and faxes. (Ironically, it's sometimes possible to negotiate with the thieves; in this case, the hospital eventually paid about $17,000 to get its files back. Still, $17,000 is a pretty good chunk of change)

Of course, there are other attacks, and other types of attacks.

Last December 23rd, unknown intruders (possibly state-sponsored actors under Russian control, though this remains unproven) hacked into the computers of the Ukraine's (please do not ask me to pronounce this) Prykarpattyaoblenergo electrical control center. Operators watched, dumbfounded and helpless, as the intruder simply navigated through onscreen menus, shutting down some 30 electrical substations, one mouse-click at a time. The hacker then disabled backup power supplies in two of the region’s three electrical distribution centers, leaving all concerned literally and figuratively in the dark.

About 230,000 people were suddenly without electricity in an area where the temperature that evening dropped to around 14 degrees Fahrenheit. (Lest you think that the U.S. power grid is more secure and sophisticated than a control center in Ukraine, note that many experts said that the Ukrainian station was better secured than many U.S. stations.)
This is the first known hack of a power grid that resulted in a power outage of that size, but it's probably not the last. (For a sensational—some reviewers said sensationalist—read on the subject, see Ted Koppel's Lights Out.) The reality is that, as unsecure as our private infrastructures (see the hospitals and corporations mentioned above) are, many government and quasi-government infrastructures are even more disorganized and less secure. (If this surprises you, then you haven't been paying attention to news of the DNC—and now RNC and other—hacks. Also, you've never been in the Army.)

Here's the problem in a nutshell: We took an inherently unsecure technology, the Internet (which was created to share, not hide, information), and made it into the backbone of both our infrastructure and our economy. We've taken steps to make it more robust and mitigate its weaknesses, but the reality is that just about everything—from our power grid to our banking industry and from hospitals to law enforcement—now runs on what turns out to be a vulnerable and easily crippled technology.

And it's going to get worse as the Internet of Things takes hold. The IoT involves connecting literally billions of things to the Internet, everything from your toothbrush to your thermostat and from your doorbell to your dog’s water bowl. Those connections will, for the most part, make your life much easier. Until suddenly they don't.

Take baby monitors, for instance. It's comforting to know that your child is safe and snug in his bed; being able to hear the cooing sounds your toddler makes as he sleeps is soothing. Hearing the voice of some stranger speaking to your child through the monitor is definitely not soothing, but it has happened on occasion. Why? Well, the baby monitor is on your wireless network, and is probably not very well protected. Neither you nor the manufacturer took steps to secure that device.

This is just one of several brands of baby monitor
that has been hacked.
But the technology itself is not the only major problem. The other weakness is . . . well, us. Any security pro will tell you that the biggest vulnerability is human, the people standing between the palace door and the storeroom in which the crown jewels are held. Basically, people are not very good at security, because we're lazy, na├»ve, and entirely too nice. We really, really want to be helpful, so when we get an email asking for information, we're all too ready to part with that information. When someone claiming to be a hardware tech or copier repair person shows up at a place of business with a clipboard, a baseball cap with a company logo, and a good story, people are almost always willing to "help" him by parting with names, phone numbers, even passwords.

Almost without exception, we are the weak link in the security chain. We click links in phishing emails, visit sketchy websites, download suspicious files, and answer the (seemingly innocent) questions of people who wander into our places of business. We place all our very personal information on the Internet for anyone to see: between Facebook, LinkedIn, and Twitter, anyone looking for information about you or your business has all he needs. 

Chris Hadnagy is a security expert and a penetration tester; companies pay him to break into their networks in order to uncover flaws. Chris says that he can "social engineer" (read: schmooze, lie, or finagle) his way onto any corporate network well over 90% of the time. Years ago, says Chris, the difficult part of his job was uncovering enough information to be able to mount a convincing deception. Now, he says, with all the information floating around on the Internet, his biggest problem is sifting through the tons of data available to decide which pieces are most useful.

Still, a hacked baby monitor or an individual who’s fallen victim to ransomware is not what worries me. We can learn to protect ourselves; if we don't, then we have only ourselves to blame.

But state-sponsored attacks on infrastructure are another story. Weapons are rarely made without someone wanting to find an excuse to use them, and the Internet is, among other things, a weapon. It's simply too terrifyingly easy to conduct an attack that could turn into a full-blown cyber war. A digital attacker risks nothing, really. It's a form of warfare that, unlike all other forms, is cheap, fast, simple, and deniable. That’s a temptation too alluring to ignore. You can engage an enemy anonymously from half a world away, and there's absolutely no risk that you or any of your fellow "soldiers" will get hurt. You can cripple a region—or possibly an entire country—with just a few well-placed strikes. Whether the attacker is a state actor (or someone who operates at the behest of such actors) or an independent guerilla operator, the technology is too available, the risk is too small, and the payoff too big to ignore.

And that is what worries me. I do believe that we will eventually address many or even most of these security issues, but I suspect that our actions will be reactive in nature: nothing will be done until something very bad happens, and then suddenly security will be on everyone's mind, from our legislators to our law enforcement people, and from infrastructure developers to IoT manufacturers.


We should probably be thinking about such matters before the sky starts falling.