Security becoming life and death

When medical devices are hacked, is it finally time to get that security should be implicit as a requirement.

(Given many of my posts are second rate Gruber posts on the mac, this one is a second rate Schneier)

I like Chip+PIN. I don’t think EMV is perfect: it has the complexity of a committee driven standard created by competing companies, and it has flaws and oversights. I’ll still wager it’s more secure than someone looking at a signature, and since skimming attacks get immediately moved abroad (when the cloned cards are created from the legacy mag-stripe) behavioural analysis makes spotting fraud a bit easier.

I do not feel the same way about Verified By Visa which I continue to curse every time I use it.

Anyway I very much disliked the UK Cards Association’s response to the excellent Cambridge Computer Laboratory when they’ve published flaws and potential attacks, demanding they take the papers down. They played the near standard “oh it’s very hard to do right now, we don’t think anyone could really do that, please, they’re very clever and most people won’t be” line. The only problem is that with each new vulnerability, the Cambridge Team appear to be producing more plausible attacks. UK Cards were rightly told to go away.

It would have been nicer to hear:

“We thank the CCL for their work in exposing potential attacks in the EMV system. At the moment we think these are peripheral threats, but we will work with EMV partners to take the findings onboard, and resolve these as the standard evolves”

This is course blows the “Chip+PIN is a totally secure” line out the water – which matters because they’re trying to move the liability onto the consumer, admitting the system is even partially compromised lessens that.

At the end of the day, this is just money. There’s always been fraud, there always will be. Not life and death.

I used to work in Broadcast. Many of those systems were insecure relying on being in a partitioned network. DNS and Active Directory were frowned on, being seen as potential points of failure rather than useful configuration and security tool. The result was a known, but brittle system. Hardening of builds was an afterthought and the armadillo model of crunchy perimeter, soft centre, meant that much like the US Predator Drone control pods, once inside passage made easy.

Depressing, yes? Particularly because so many of these problems were solved before, and solved well. But it was just telly. Not life and death.

I mean, it’s not like you can remotely inject someone with a lethal dose of something.

Except it is: A few months back someone reversed engineered the protocol of their insulin pump, able to control it with the serial number. This was bad enough. Devices that inject things into humans shouldn’t be controllable without some of authentication beyond a 6 digit number.

At the time the familiar: “it’s too difficult, you still need the number, you’ve got to be nearby” response was provided.

Two months later, another security person has now managed to decode the magical number, and used a long distance aerial to be able to send commands to the pump.

I’m sure it’s still “too hard to be viable”: because the death of someone isn’t something that has major consequences that could have the kind of support that makes hard things viable…

Security is hard to do well, and we need to start embedding it in everything – it is now a matter of life and death. But it’s hard, and hard for the psychology just as much as a technical. You should really use an existing algorithm implementation because the chances are it’s better than yours: but that’s licensing and IPR, so just roll your own cipher believing your application is too trivial to be a target for hacking. Besides your proprietary wire-protocol is proprietary, it’s already secret. People aren’t going to bother to figure it out.

Security makes things harder: you can’t just wire-sniff your protocol anymore to debug stuff. Your test suites become more complicated because you can no longer play back the commands and expect the device to respond. That little embedded processor isn’t powerful enough to be doing crypto: it’s going to up the unit price, it’s going to increase power usage and latency.

Many programmers, still, belong to the “if I hit it and hit it until it works” school of coding. I don’t mean test-driven-development, I’m meaning those coders who think if it compiles, it ships. These people don’t really adapt well to working in a permissions based sandbox; it’s harder to split your processes up so that only the things that need the privileges have them (we’ve all done ‘chmod 777 *’ to get an application up and running).

Until everyone realises that every device with smarts is a vector, from Batteries, to APIs, to websites we’re increasingly at risk. I guess that massive solar flare could take things out for us.

The Problem Flickr Never Solved

Flickr never gave me a way to see the most relevant stuff of my friends, only the most recent. In today’s attention limited world, that wasn’t enough.

I use instagram lots now to take little snippets. They flow nicely into my Facebook or Twitter streams. I rarely use Flickr apart from for more “curated” photos. My usage of flickr is really dying off. And I think I know why

Flickr, has never provided a way to see the most relevant content from my contacts. I can see the top five, or a single photo on the friends page. That doesn’t provide me with completeness, so I used a friends API call to give me an RSS feed of all photos.

Services like Facebook have long treated completeness as being an impossible goal, so they prioritise what they show you. Granted this leads to some of my friends bitching about that prioritisation but they are starting from the pragmatic position that “You will never see everything because there is too much”.

I don’t think flickr ever really solved that problem. I get that it’s much harder than atomic things, because in many case a clump of eight photos is relevant, rather than any one of those, but I don’t have a meaningful way to dip into the stream and get the most interesting stuff, merely the most recent stuff.

It’s a problem that every online service needs to solve. If the user can’t see everything, how can we give them a chunk of relevant stuff.

(and uploading with instagram is “frictionless” to use the latest jargon, compared to the clunky flickr app)

In Praise of Policy

Policy is a dirty word, but it doesn’t have to be a prescriptive document running to three volumes.

When I hear “policy” I have a deep sense of dread that only working at the BBC for many years can give you. I fear opening the 40 page manual described in prescriptive detail what should, shouldn’t, must and can’t be done for every scenario. Well, invariably every scenario apart from the one that you’re facing at that moment: which could be one of two with contradictory advice.

I think we all share this healthy skepticism for excessive policy, but I realised when writing an article on Social Media and Business that policy was exactly what you needed. I started off talking about URLS, and tools like hoot suite, before realising the real thing to get right is the underlying policy: what are we trying to get done here.

It doesn’t need to be a massive tomb, it doesn’t need to have flowcharts. It could just be a list of 5 bullet-points that cover what you’re doing.

Once you can succinctly sum up what you’re trying to do, doing it is invariably much easier.

Siri and Boris Bikes

If Siri included bicycle hire status, that could make finding a dock much easier when you’re on the move.

I know it’s not launched yet but it would be great if Apple incorporates the TFL Barclays Cycle Hire feed into Siri. Siri is perfect for when you can’t use the screen, like when you’re cycling. It would be great to be able to ask:

“What cycle docks are available near home?”

“5 docks available at Oval Way, and 4 at Kennington Post Office”

I know it’s a market specific request, but there’s an XML feed they could parse – here’s hoping the “beta” label gives them the wiggle room to add this kind of thing. There are a number of bike-share schemes around the world so it might not be that bespoke.

It won’t happen; but I can dream of a voice-controlled Bicycle as a Service future.

aside: you could emulate this with a text message service

“Siri, send a message to bikes, ‘i’m coming home'” and siri could read the reply.

Computer Illiteracy is not a badge of honour

I can’t imagine someone being applauded for declaring illiteracy, so how come not understanding computers is seen a badge of honour.

I was at a conference a few weeks ago, and someone quite senior came on and declared, proudly, that “I’m computer illiterate”.

The crowd guffawed.

I can’t imagine that happening if someone came on and said, “I’m functionally illiterate”.

Computers are important now. They’re all-pervasive, not looking like computers, and vital to getting things done.

Let’s stop letting people revel that they don’t understand them.

Is Facebook Open Graph going to enable “proper” social TV

Facebook have given us a rich vocabulary to describe media consumption, have we just social TV better than the humble hash-tag?

A few months ago I blogged about hashtags, and how they were imperfect but mostly worked… One of my meaningless predictions was that “Services like Facebook, Twitter and Google+ will provide ways to embed this metadata in posts”.

Today Facebook unveiled Open Graph at f8. I didn’t really pay that much attention until someone linked to a way to get the new profile quicker, which involved signup up to develop an app using the Open Graph actions.

At which point I realised I was staring at a simplified RDF: you have Objects, and Verbs.

Defining Verbs and ObjectsClicking through to define the objects you can define custom fields: both visible and hidden. The channel people are watching a show on, the episode number, the internal identifier to link back to it on the website. Give Facebook the data to bubble up insights like “5 of your friends are watching the XFactor”, but driven from data and not term-extraction from statuses.

Facebook always had the social network. Now it’s defined ways to create these events that have never been worthy of statuses, but have always been ready for Facebook’s insight.

It will be very interesting to see what the likes of GetGlue, iPlayer, Zeebox make of this. We’ve just been given a sensible way to aggregate realtime viewing activity.

Who’s going to be the first to populate it easily?

On the Beta BBC Homepage

BBC unveiled beta version of its homepage, and the purpose and execution are really clear.

Standard “I used to work for the BBC” disclaimer applies.

Over at beta.bbc.co.uk you can see the new BBC homepage. The BBC have written a few articles about it.

My first impression is that this the first homepage that has done what the home-page needed to do, be a shop-front for across the BBC. Previous home-pages have always been very silo-structured. News had their bit, ditto Radio, Sport, Weather, etc.

It felt like representation of the org-chart rather than conveying the breadth of the site.

The new one feels both busier, and simpler. Without the excessive and technically unreliable customisation it’s lost that horrible of air of “is it a homepage or a BBC specific My-Yahoo?”.

I love the design, it’s a clean grid structure and I really hope that as the Ten Products are launched, they can all share this sharp-styling which is a great evolution of the GEL design guidelines.

The BBC has perhaps been through a few too many home-pages in previous years, but this one feels like it’s been given a really tight scope and done that – most people will still be browsing to bbc.co.uk/news or finding content via Google.

A gripe though, given they’re linking so much to iPlayer things, they really need to make the correct redirect to the TV/iPad “big screen” iPlayer version of a programme and not a link to the front-page. (Oh, and sort out an HTML5 player for News content)

Minor HP Advertising Fail

Advertising a product that isn’t on the sale seems a little bit of a mistake for an HP.

I’m going to apologise upfront for this post, it’s a bit Mac Fanboy.

There’s advert for HP laptops at the moment. In the smallprint on the advert: “Colour not available in the UK”.

Advertising a product that isn’t available the country seems a tad short-sighted.

Everyone should act like they are leaving…

Could embracing the spirit of leaving lead to people working better.

Perhaps a silly management suggestion, but I can’t help thinking organisations would be better if everyone could embrace the sense of de-mob happiness they get when leaving. But without actually leaving.

When you’re leaving you document, at least you try to. When “the person who knows everything” is leaving, you desperately try to stop the knowledge flying out the door asking endless questions.

This of course doesn’t work.

Asking questions only works when you know what to ask. We’ve all been in office until 8pm on the last day writing documentation, desperately trying to summarise three years in a large document. Later mutters of “if only he’d told us…” fly around the office, while the unloved document sit unread in an inbox.

Living documentation on the other hand does stand a chance of being used, but again is rarely updated. How often do you find yourself saying “if only I had the time?” when considering automating something with a script or a macro, or handing it over to an operational team. We never do though, the training might take a half a day, and it’s only 15 minutes to do the trivial operational task. 15 minutes every day. Forever.

Which is when we get to money-laundering legislation. Banks and other financial institutions enforce a two-week holiday for many stuff, in the hope that any illicit positions will become apparent in that time.

I think all companies can embrace this, if you have someone who can’t take two weeks leave without major ramifications then your company is at risk (once you’re more than a five-man band). Illness, family crises, geopolitical situations and ash-clouds don’t tend to arrive with as much notice as holiday does, and can easily last longer.

Instead of seeing it as headache, the ‘flexible organisation of the future’ should use handover to distribute work in a way that cross-pollinates and leaves the right people doing the right things at the right time; there is no reason to hand back the same work you were given. Even in the ‘rigid organisation of the past’, handover makes painfully clear where your weakness lie.

The final point that is most interesting, but dangerous to explore: the sense of freedom people often get when leaving. I’ve seen managers who were appalling up to the point that their “strategic exit” was negotiated, and even where they were pushed, for the final month their performance improved.

Was it their impending freedom, or the ability to ignore the latest “corporate update” emails about the new org-structure? Obviously you can’t ignore all future things, and ignoring the elephants is never a good idea, if nothing else they can be easier to deflect from a distance. Freed from all the potential faff of the future, people feel more able to perform in the present. Perhaps we just need to send less update emails?

If we can find a way to foster some of those leaving behaviours in an ongoing culture, and we can do it without diminishing commitment; we can build organisations that perform better. I don’t think the principles are hard:

  • When only you know it, document it
  • When the documentation is wrong, fix it
  • When you’re doing something repeatedly, automate it
  • There’s never a good time to take holiday, book it anyway

I’d like to think that would help create the kind of place good people would love to work.

Don’t launch your website without solving these

Seeing the same mistakes made again and again makes Gareth sad.

subtitle: It’s 2011, we can fix it

Sometimes it feels like we’re still failing to solve the basic problems time after time. Can I present my first list of things we really shouldn’t be launching without solving.

Further suggestions welcome.

Advertising

  • Be respectful of users who will accept they get content free because of it, but don’t be silly (e.g. don’t show me adverts then tell me I’m geo-blocked from the actual content)

Audio/Video

  • Don’t auto play any video unless the page is a destination page for audio/video
  • Make decent videos: owning Final Cut is not enough to make you a producer
  • Don’t play background music, and if you do remember if I press mute between sessions

Authentication & Registration

  • Let me skip registration until I really need to
  • Allow people to login with google/yahoo/facebook accounts. Do not make me create a full account and connect it to facebook/google, make an account with that identifier and ask for the bare minimum extra.
  • Don’t ask for more permissions than you need from Facebook and don’t ever post to my wall without permission
  • If someone needs to authenticate, take them to where they were and not the home page
  • Never store plaintext passwords (unbelievable this still deserves a mention)

Content ‘Protection’

  • Don’t install Javascript to stop me right clicking – it’s on the web, I can copy it regardless and you’re stopping me opening the site in a new tab

Content sharing & Social-Media

  • Give people tools to share, but stop nagging them: if it’s funny people will share. If they like it they will favourite or subscribe.
  • Don’t call a blog a blog unless you’re engaging with comments. If you’re not going to do that don’t allow comments and call it News
  • Don’t have a twitter account you’re not going to reply to people sending comments to but don’t reply to everyone mentioning something tangentially related to your brand name
  • If you say something stupid: retract & apologise. Don’t start saying “your account was hacked”
  • Don’t #obsessively #hash #tag

Dates & Times

  • Include the day: I know I want to fly out on Sunday and back on Saturday so make that the date 4 months in the future.
  • The web is international, so avoid 11/11/11: it’s perhaps wordy, but “Friday 11/Nov/2011” is unambiguous to english speakers.
  • Make time-zones clear

Flash

  • Avoid unless you have to, not just because of iOS users
  • Degrade well without it

Freshness

  • If you can’t keep it up to date don’t put it up there: sure it’s frustrating that information isn’t visible, but even more so to be told “that’s out of date”

Geo & Mapping

  • Accept partial postcodes or addresses in searches. Users are not always searching from a known address.

Retail

  • I care about your opening hours: I care less about your ethics and principles
  • Your address needs to be plaintext so i can copy the postcode into google maps
  • Menus and price lists should just be HTML, and at a minimum a well converted PDF that I can copy from

Sectors

  • I don’t know what sector I am, I just want to see what laptops you have. Forcing me to choose a sector upfront makes me think I’m only going to see a subset of models. Offer me “extra services for large companies” but I just want to see your products.

Search

  • Have decent search. If I use google to find your content then you’ve failed. (use a google site search if you can’t/don’t want to)

Servers

  • If you’re launching a new site is going to get any form of interest, turn the CDN on prior to launching. Have a scaling plan that means you bring up a load of Amazon instances. The cost of turning these on upfront is less than the press coverage that “the new Widget site that launched today fell over”
  • If you’re using WordPress use one of the caching plug-ins

URLs

  • Root level domain not working: example.com/stuff should work, even it’s a redirect to www.example.com/stuff
  • Avoid ambiguous addresses: but if you have catch example.com/walkforlife and redirect to the correct example.com/walk4life
  • If you provide a mobile version of your site at m.example.com, redirect me to the actual page I wanted and not the frontpage again.
  • I shouldn’t ever see the underlying technology in URLs: clean ones look nicer and will give you better SEO, example.com/about/services and not example.com/viewgen/page.asp?pageid=123