Reflections on Technology and Society

Well, I now have four different UNIX machines and I've been doing sysadmin tasks on all of them.  As a result I now have four home directories that are out of sync. How annoying. Ultimately I plan to create a file server on one of my machines and provide the same home directory on all of them, but I haven't done that yet, so I need some temporary crutches to tide me over until I get the file server built. In particular, I need to find out what is where. The first thing I did was establish trust among the machines, making flapjack, the oldest, into the 'master' trusted by the others.  This I did by creating an SSH private key using ssh-keygen  on the master and putting the matching public key in .ssh/authorized_keys on the other machines. Then I decided to automate the discovery of what directories were on which machine.  This is made easier because of my personal trick for organizing files, namely to have a set of top level subdirectories named org/ , people/ , and pr...

A week or two ago I took the plunge and ordered a pair of Intel NUC systems. Here's what happened next as I worked to build a pair of Ubuntu servers out of the hardware: I ordered the components for two Linux servers from Amazon: Intel NUC D54250WYK [$364.99 each] Crucial M500 240 GB mSATA [$119.99 each] Crucial 16GB Kit [$134.99 each] Cables Unlimited 6-Foot Mickey Mouse Power Cord [$5.99 each] for a total of $625.96 per machine. Because I have a structured wiring system in my apartment I didn't bother with the wifi card. ... Assembly was fast, taking ten or fifteen minutes to open the bottom cover, snap in the RAM and the SSD, and button the machine up again. Getting Ubuntu installed was rather more work (on an iMac): Download the Ubuntu image from the Ubuntu site. Prepare a bootable USB with the server image (used diskutil to learn that my USB stick was on /dev/disk4): hdiutil convert -format UDRW -o ubuntu-14.04-server-amd64.img ubuntu-14.04-server-amd64.iso diskutil un...

The Five Borough Bike Tour is an annual event in which tens of thousands of New Yorkers ride 40 or 50 miles from lower Manhattan up through the Bronx, Queens, Brooklyn, and over the Verrazano Narrows Bridge to Staten Island.  For the last three years I've supported a wonderful organization called Bronxworks ( http://bronxworks.org/ ) that helps families in need in The Bronx.  I ride with a number of friends, some of whom live in the Bronx, and all of whom have adopted this wonderful group. I rode with the Bronxworks team in 2011 and 2012 but a conflict prevented me from riding in 2013, though I donated to support the rest of the team.  Fortunately for me I will be riding again this year.  If you want to contribute to Bronxworks in support of my ride you may visit my fundraising page  http://www.crowdrise.com/BronxWorks2014BikeTour/fundraiser/marcdonner .  If you do so, I will be eternally grateful!  

[Originally published in the November/December 2011 issue (Volume 9 number 6) of IEEE Security & Privacy magazine.] Just over a decade ago, shortly before we launched IEEE Security & Privacy, MIT Press published Donald Norman 's book The Invisible Computer . At the time, conversations about the book focused on the opportunities exposed by his powerful analogies between computers and small electric motors as system components. Today, almost everything we use has one or more computers, and a surprising number have so many that they require internal networks. For instance, a new automobile has so many computers in it that it has at least two local area networks, separated by a firewall, to connect them, along with interconnects to external systems. There's probably even a computer in the key! Medical device makers have also embraced computers as components. Implantable defibrillators and pacemakers have computers and control APIs. If it's a computer, it must have so...

[Originally published in the March/April 2011 issue (Volume 9 number 2) of IEEE Security & Privacy magazine.] Engineering long-lived systems is hard, and adding privacy considerations to such systems makes the work harder. Who may look at private data that I put online? Certainly I may look at it, plus any person I explicitly authorize. When may the online system's operators look at it? Certainly when customer service representatives are assisting me in resolving a problem, they might look at the data, though I would expect them to get my permission before doing so. I would also expect my permission to extend only for the duration of the support transaction and to cover just enough data elements to allow the problem's analysis and resolution. When may developers responsible for the software's evolution and maintenance look at my data? Well, pretty much never. The exception is when they're called in during escalation of a customer service transaction. Yes, that'...

[Originally published in the March/April 2010 issue (Volume 8 number 2) of IEEE Security & Privacy magazine.] Let us reflect on the evolution of malware as our industry has progressed during the 30-plus years since computers moved out of the mainframe datacenter cathedrals and into the personal computer bazaars. We might be moving back to cathedrals these days with the expansion of cloud computing, but the personal computer is here to stay in one form or another -- whether it's desktop or laptop or PDA or smartphone, and whether it's a stand-alone system with fat client software or a network device with thinner clients. In the early days of computing, malware was transmitted by infected floppy disks. Authors were amateurs, virulence was low, and the risk was relatively minor—mostly an inconvenience. Later, the computing universe got larger and more densely connected as PCs became cheaper and the Internet and the Web made distributing software cheaper and easier. The sof...

[Originally published in the March/April 2010 issue (Volume 8 number 2) of IEEE Security & Privacy magazine.] IEEE Security & Privacy could be a lot more international in its focus and content. Reflecting on its content and tone over the past seven years, it's hard to tell that we think of either privacy or security in a broad international context. There are examples of taking a broader view, but they're more notable as exceptions than as standards. This is bad for several reasons. First, privacy and security have different levels of importance in different places in the world. Second, by largely ignoring the non-Western world, we risk dangerous blind spots. Third, we might be failing to take simple steps that would make our magazine more valuable worldwide. Although the purely technical aspects of our work are universal and generic, engineering is all about making trade-offs informed by economic and cultural judgments. Moreover, our subject matter firmly straddles t...