If any of this piques your interest, I encourage you to invest in yourself and come to The Reckoning. Ticket prices are $399 + fees, and that includes great meals and drinks. (Don’t be too hungover – the content is that good.) I’m not going to high pressure anybody and imply you’re going to get a raise or a promotion because of the conference, but it will put you closer than if you re-binge-watched Mr. Robot that weekend looking for all the times nobody was quite looking at Christian Slater.
If finances are an issue, Angelo Luciani and Patrick Kelso have generously contributed towards one person’s travel stipend and I’ll throw in a free ticket. Email me if you (a) really want to come and (b) would be willing to accept our gift.
Internet of Hacked Things
So if we’re comfortable with the notion that our deadbolt mostly makes us more comfortable sitting on our couch but does little to secure our jewelry and iPhones, why on earth do we think anything electronic is secure?
We’re just past DEF CON and Black Hat, and we’ve had a series of 0-days and breaches in the headlines. After considerable research, I have come to the following conclusion:
The Internet of Things means that every object on the planet now is going to have a chip and an Internet connection, and they’re all going to be hacked, including medicine delivery pumps and running jeeps.
I read articles like this just like I look at pictures of spiders on reddit. Ten scary hacks I saw at Black Hat and DEF CON by Lucian Constantin at Network World. The ten hacks are:
- Hacking your car. See above. 1.4 million Chryslers recalled. Been talked about for 10 years. He doesn’t even mention the guy that implied he can do the same thing to airplanes. (Entertainment & control systems on the same network!?! It’s like they’re not even trying.). Oh, and if your insurance offers you a monitoring box? Can be hacked to take out your brakes. Lots of Uber drivers are using this.
- Rootkits on our CPUs. This one may not have been fixed in 2011. However, Intel is also doing something similar on purpose — OEM crapware in the firmware so that it survives a full clean Windows install. They broke it deliberately.
- Tons of Android exploits. There was a new one this month.
- Rifle scopes (it had Wi-Fi)
- Active Directory credentials being pulled off cloud servers by exploiting an SMB feature
- Car key and garage door opener replay attacks
- Safe cracking (said safe runs Windows, Flash, and has a USB port. OMG. It’s like they’re not even trying. I always thought the safecracking gadgets in the movies were fiction. Turns out, nope.)
- LTE modem rootkits. OMFG. Everything is going to have LTE unless it has Wi-Fi.
- Drones. Duh. (Wi-Fi with an open telnet port)
- Twenty-five different IoT zero-days, including fridges, scales, home automation devices, cameras, thermostats, baby monitors.
It’s not like we’ve got the regular Internet figured out either. Mary Ann Davison, Chief Security Officer of Oracle, posted a ranting blog post one recent night that was pulled down the next morning. It was dripping with condescension against security researchers and Oracle customers for doing any security testing or reporting, with the excuse that the customers were violating their EULA. Most security types immediately hooted and thew Twitter poop, which actually was the appropriate response, but Chris Wysopal from Veracode laid out the reasonable response at Recode: Software Security: On the Wrong Side of History. Oh, I can’t resist, just read some of the crazy stuff. I am a fan of execs being straight shooters in blog posts, but you do expose what you’re really thinking when you do that. “Don’t worry your pretty little head about security. We’ve got it covered.”
Q. Surely the bad guys and some nations do reverse engineer Oracle’s code and don’t care about your licensing agreement, so why wouldyou try to restrict the behavior of customers with good motives?
A. Oracle’s license agreement exists to protect our intellectual property. “Good motives” – and given the errata of third party attempts toscan code the quotation marks are quite apropos – are not an acceptable excuse for violating an agreement willingly entered into. Any more than “but everybody else is cheating on his or her spouse” is an acceptable excuse for violating “forsaking all others” if you said it in front of witnesses.At this point, I think I am beating a dead – or should I say, decompiled – horse. We ask that customers not reverse engineer our code to findsuspected security issues: we have source code, we run tools against the source code (as well as against executable code), it’s actually our job to do that, we don’t need or want a customer or random third party to reverse engineer our code to find security vulnerabilities. And last, but really first, the Oracle license agreement prohibits it. Please don’t go there.
Here’s a really interesting article on the hacking group that took out Xbox Live and the Playstation Network on Christmas a few years back. Turns out it was good business. The year of the Lizard Squad by William Turton at the Kernel.
“Microsoft and Sony are fucking retarded, literally monkeys behind computers,” Omari, who—contrary to previous reports—operates under his real name and serves primarily as the group’s spokesperson, told me shortly after the attack. “They would have better luck if they actually hired someone who knew what they were doing. Like, if they went around prisons and hired people who were convicted for stuff like this, they would have a better chance at preventing attacks.”
This, on the other hand, is basically unprecedented? Most leaks of this size don’t implicate people in anything aside from patronizing major companies. This is new territory in terms of personal cost. The Ashley Madison hack is in some ways the first large scale real hack, in the popular, your-secrets-are-now-public sense of the word. It is plausible—likely?—that you will know someone in or affected by this dump.
Amazon is a great? horrible? place to work?
There was a lot of pearl-clutching from other techie types, almost as if they thought the article was about them and the meritocracies they run. Silicon Valley Thinks Amazon Sounds Like a Great Place to Work by Peter Kafka at Recode.
This is one of those stories where this whole modern online/social thing works, because many places still have comments. I spent a few hours reading the comments, so you don’t have to (but feel free to skim: Hacker News, Seattle pub GeekWire, Jeff Jarvis’s BuzzMachine apologia, Scoble’s Werner-is-a-good-guy comment on Facebook, and a compilation of Amazon employees writing to Gawkerover the years.
From reading the comments, many from ex-employees and Seattle residents, and using Occam’s razor, I deduce:
- There are at least three Amazons — the engineering side, the retail/business side, and the warehouse side. Look critically at the personal experiences you hear, and where they’re coming from. The engineers seem to be treated well. The business side is a white collar high-pressure cooker, and the warehouse jobs seem right out of The Jungle.
- The high-pressure stuff is real. Anecdotes from former employees, their families, neighbors, landlords, and recruiters seem to be consistent, as are what stats we have on length of employee tenure. There are many people who will warn you away from working there, and many people burn out faster than they vest or even past their relo package payback period. It may have gotten better recently.
- The number of people who commented that they think Amazon is 100% evil based on a single article and 100% good based on the employee’s rebuttal is Too Damn High. People need a media literacy elf, who, like a Laputan servant in Gulliver’s Travels, would stand by their master with a bladder filled with small peas or pebbles, and smack them upside their head each time they read a one-sided media article to remind them to think critically.
- Let’s also not forget the warehouse situation is horrible, as is a lot of retail and warehouse work in the US right now. Scheduling your hours under full-time hours so you have no benefits, swing shifts, split shifts, keeping you mandatory extra hours that you’re not on the clock. Also the blue collar folks have a lot less mobility than the white collar folks. This is Amazon’s problem but it’s also a broader US problem.
- I don’t think I want to work there.
- Nutanix and Pure Storage sprinting at an IPO, and people signing up for 4 years of sprinting and IPO upside. (Disclaimer: VMW IPO helped us buy our house.)
- The work culture at big law, consulting firms and Wall Street, especially for junior people (up or out has been around for a long time there, but also associated with big paychecks).
- Amazon requiring the same sprint at 150,000 people (and a much lower comp package, even wtih RSUs)
- HP or Microsoft being made fun of for being slower and sleepier, despite having better work-life balance and benefits.
Worth A Click
Here is the net lesson. Having things that fail as the primary interface to cloud may have been an acceptable cloud strategy in 2005, but not anymore.
This just in; web still sucks; pundits are stating to say that it’s ok to turn on your ad blocker. The ethics of modern web ad-blocking from Marco Arment.
I’ve never been tempted to run ad-blocking software before — I make most of my living from ads, as do many of my friends and colleagues, and I’ve always wanted to support the free media I consume. But in the last few years, possibly due to the dominance of low-quality ad networks and the increased share of mobile browsing (which is far less lucrative for ads, and more sensitive to ad intrusiveness, than PC browsing), web ad quality and tolerability have plummeted, and annoyance, abuse, misdirection, and tracking have skyrocketed.
What The Ad Blocker Debate Reveals by Jean-Louis Gassée at Monday Note.
TechReckoner Michael White on why he likes his Apple Watch. A nice detailed list of what works and what doesn’t if you still wanted to drill down on this version one product. (BTW, Michael’s newsletter continues to be excellent for the vSphered amongst us. Recommended.)
Who is the Enterprise Perez Hilton?
Always Read The Comments
I have no idea. In fact, just the other day I was using Google Docs to make a spreadsheet and it occurred to me how functional that damn thing is. Why do I need excel, except for the whole passing docs back and forth thing? I don’t think I’ve ever seen an app on either Windows or OSX that allows live collaboration on a shared document. We’re living in the future and don’t even know it.
Catching Up with John
Recent Geek Whisperers: Bringing people together is Not Marketing with Amy Hermes – Ep 93 and We Need to Speak Differently – Technical Marketing with Tyler Hannan – Ep 94.
Just Hit Reply
The TechReckoning Dispatch. Archive. Subscribe. Email me. The Reckoning 2015. Thanks so much. Really appreciate all the kind words that get mailed to me, and I”m glad you like the newsletter. “These ambiguities, redundancies and deficiencies remind us of those which doctor Franz Kuhn attributes to a certain Chinese encyclopaedia entitled ‘Celestial Empire of benevolent Knowledge’. In its remote pages it is written that the animals are divided into: (a) belonging to the emperor, (b) embalmed, (c) tame, (d) sucking pigs, (e) sirens, (f) fabulous, (g) stray dogs, (h) included in the present classification, (i) frenzied, (j) innumerable, (k) drawn with a very fine camelhair brush, (l) et cetera, (m) having just broken the water pitcher, (n) that from a long way off look like flies.”