Reflections on Technology and Society

A week or two ago I took the plunge and ordered a pair of Intel NUC systems. Here's what happened next as I worked to build a pair of Ubuntu servers out of the hardware: I ordered the components for two Linux servers from Amazon: Intel NUC D54250WYK [$364.99 each] Crucial M500 240 GB mSATA [$119.99 each] Crucial 16GB Kit [$134.99 each] Cables Unlimited 6-Foot Mickey Mouse Power Cord [$5.99 each] for a total of $625.96 per machine. Because I have a structured wiring system in my apartment I didn't bother with the wifi card. ... Assembly was fast, taking ten or fifteen minutes to open the bottom cover, snap in the RAM and the SSD, and button the machine up again. Getting Ubuntu installed was rather more work (on an iMac): Download the Ubuntu image from the Ubuntu site. Prepare a bootable USB with the server image (used diskutil to learn that my USB stick was on /dev/disk4): hdiutil convert -format UDRW -o ubuntu-14.04-server-amd64.img ubuntu-14.04-server-amd64.iso diskutil un...

The Five Borough Bike Tour is an annual event in which tens of thousands of New Yorkers ride 40 or 50 miles from lower Manhattan up through the Bronx, Queens, Brooklyn, and over the Verrazano Narrows Bridge to Staten Island.  For the last three years I've supported a wonderful organization called Bronxworks ( http://bronxworks.org/ ) that helps families in need in The Bronx.  I ride with a number of friends, some of whom live in the Bronx, and all of whom have adopted this wonderful group. I rode with the Bronxworks team in 2011 and 2012 but a conflict prevented me from riding in 2013, though I donated to support the rest of the team.  Fortunately for me I will be riding again this year.  If you want to contribute to Bronxworks in support of my ride you may visit my fundraising page  http://www.crowdrise.com/BronxWorks2014BikeTour/fundraiser/marcdonner .  If you do so, I will be eternally grateful!  

[Originally published in the November/December 2011 issue (Volume 9 number 6) of IEEE Security & Privacy magazine.] Just over a decade ago, shortly before we launched IEEE Security & Privacy, MIT Press published Donald Norman 's book The Invisible Computer . At the time, conversations about the book focused on the opportunities exposed by his powerful analogies between computers and small electric motors as system components. Today, almost everything we use has one or more computers, and a surprising number have so many that they require internal networks. For instance, a new automobile has so many computers in it that it has at least two local area networks, separated by a firewall, to connect them, along with interconnects to external systems. There's probably even a computer in the key! Medical device makers have also embraced computers as components. Implantable defibrillators and pacemakers have computers and control APIs. If it's a computer, it must have so...

[Originally published in the March/April 2011 issue (Volume 9 number 2) of IEEE Security & Privacy magazine.] Engineering long-lived systems is hard, and adding privacy considerations to such systems makes the work harder. Who may look at private data that I put online? Certainly I may look at it, plus any person I explicitly authorize. When may the online system's operators look at it? Certainly when customer service representatives are assisting me in resolving a problem, they might look at the data, though I would expect them to get my permission before doing so. I would also expect my permission to extend only for the duration of the support transaction and to cover just enough data elements to allow the problem's analysis and resolution. When may developers responsible for the software's evolution and maintenance look at my data? Well, pretty much never. The exception is when they're called in during escalation of a customer service transaction. Yes, that'...

[Originally published in the March/April 2010 issue (Volume 8 number 2) of IEEE Security & Privacy magazine.] Let us reflect on the evolution of malware as our industry has progressed during the 30-plus years since computers moved out of the mainframe datacenter cathedrals and into the personal computer bazaars. We might be moving back to cathedrals these days with the expansion of cloud computing, but the personal computer is here to stay in one form or another -- whether it's desktop or laptop or PDA or smartphone, and whether it's a stand-alone system with fat client software or a network device with thinner clients. In the early days of computing, malware was transmitted by infected floppy disks. Authors were amateurs, virulence was low, and the risk was relatively minor—mostly an inconvenience. Later, the computing universe got larger and more densely connected as PCs became cheaper and the Internet and the Web made distributing software cheaper and easier. The sof...

[Originally published in the March/April 2010 issue (Volume 8 number 2) of IEEE Security & Privacy magazine.] IEEE Security & Privacy could be a lot more international in its focus and content. Reflecting on its content and tone over the past seven years, it's hard to tell that we think of either privacy or security in a broad international context. There are examples of taking a broader view, but they're more notable as exceptions than as standards. This is bad for several reasons. First, privacy and security have different levels of importance in different places in the world. Second, by largely ignoring the non-Western world, we risk dangerous blind spots. Third, we might be failing to take simple steps that would make our magazine more valuable worldwide. Although the purely technical aspects of our work are universal and generic, engineering is all about making trade-offs informed by economic and cultural judgments. Moreover, our subject matter firmly straddles t...

[Originally published in the July/August 2009 issue (Volume 7 number 4) of IEEE Security & Privacy magazine.] When faced with a new thing, human beings do something very sensible. They try to harness previous experience and intuition in service of the new thing. How is this new thing like something that I already know and understand? Trying to model the new thing on some old thing can be efficient, making it easier to reason about the new thing by using analogies adopted from previous experience. The late Claude Shannon did this at least twice in his illustrious career. The 1930s were an intense time in digital circuits, with engineers busily designing and building ever more complex machines out of electromechanical relays. Design principles for relay systems were vague and imprecise, with engineers employing rules of thumb and heuristics whose efficacy were limited. The result was a world in which tremendous potential was hampered by a real lack of powerful tools for reasoning a...