I.T. Erudio

Author: Les

  • Security, “cyber security”, system administration

    “Enough”
    During the “lost decade” of my “20’s” I had a LOT of different jobs. PC repair, high school wrestling coach, security guard, and a lot of “student” time in general.

    The (pre 9/11) “security guard” time was nice because I was usually left alone all night. I was there to be visible and act as a deterrent – not perform heroic acts – which since I was looking for a paycheck and not an adrenaline rush was exactly what I wanted.

    Of course there are also “private security personnel” that are highly trained professionals. Obviously the “highly trained professional” is going to demand a larger paycheck than the employee that did the “1 day orientation/computer training.”

    From an “organizational” point of view – security is similar to “insurance.” Both deal with “risk management” – as in “you can’t eliminate ‘risks’ but you can minimize your vulnerability/exposure”.

    SO the best practice with security and insurance is to have “enough” to cover you needs.

    “Sales”
    Then the question becomes “just how much is enough?”

    Have you seen the commercials for “home security system” where a masked intruder breaks a window (in what looks like a nice suburban home) in the middle of the day?

    Then cut to a frightened child and woman clutching each other in a state of panic – followed by the phone ringing and a reassuring voice saying “We have detected a break in at your premises. Authorities have been notified. Do you require assistance?”

    The relieved/grateful woman picks up the phone and says something like “Thank you security system! I don’t know what we would have done without you.” — and then you get the sales pitch from the security monitoring company (e.g. for less than $ a day you can protect your family…)

    Now, I’m not dismissing the need for/utility of these systems – I’m pointing out that the scenario used is “unlikely” at best and designed to manipulate your emotions. After all – can you put a price on “protecting your family?”

    On a less emotionally charged front – the answer to “can you put a price on the security of your business” is “yes.” In a nutshell – you don’t want to pay more for security than the value of the object being secured.

    SO that storage facility housing spare parts for your “commodity widget” making factory PROBABLY doesn’t need as much security as the distribution center that processes orders from customers for your “commodity widget.”

    Now that sales person working on commission might try to convince the “commodity widget maker upper management” that they need the top end security everywhere – and maybe they do – but obviously the “sales person” is biased.

    SO when the widget making enterprise gets past a certain size – they will probably hire a “director of security” or something to evaluate the needs of the company.

    “Cyber”
    That same process/concept applies to “computer network security.” Q. How much “cyber security” do you need? A. “enough”

    As a long time “I.T. professional” my view of “cyber security” is that it is a marketing term. Obviously I am NOT saying that “computer network security” is irrelevant – just that “good system administration” has ALWAYS included “network security.”

    Consider “automobile security” – how much should someone spend to “secure” their car?

    Well, if you have a beat up Ford Pinto with 500,000 miles on it that starts shaking if you go over 65 miles per hour and you only keep to haul garbage to the landfill – then maybe you are comfortable leaving the keys on the dashboard with the windows rolled down. If someone steals the car they might be doing you a favor.

    BUT if you have “new luxury SUV” you might invest in a car alarm, and some form of remote monitoring. If you live in “big city” you might pay for “off street” parking. In any case you certainly aren’t leaving the keys on the dashboard with the windows rolled down.

    Getting back to “computer network security” – MOST networks probably fall into the “nice four door sedan” category. They need to be secured – and they will be compromised if left un-secured – but they aren’t a specific target.

    e.g. roll up the windows, lock the doors, don’t leave valuables in plain sight – and your “family sedan” is probably secure enough. Adhere to “good system administration practices” and your computer network is “probably” secure enough.

    I also like the idea of a Magnificent Seven approach to security – NOT that you need to hire hackers to protect yourself from hackers, but that you need to secure your network enough to make the “casual attacker” go somewhere else.

    IF someone is intentionally targeting your network AND they are willing to spend money and time THEN they will probably be able to compromise your network. Your goals should be to not “make it easy” for them and also to detect and respond to the intrusion when it happens.

    For individuals your small home network probably is more valuable to the bad actors as a resource for “zombie”/spam activity – but still, don’t make it easy on them.

    If you REALLY want to worry about something – more important than the network itself is the data moving on that network – so the biggest threat to the “average network” is the people using the network. Which is a slightly different subject …

    TL;DR
    Yes, there are needs for “security specific” computer professionals – things like penetration testing and security auditing come immediately to mind. The concept of a security “baked in“/first approach to application development is also obvious. I’m just tired of hearing “cyber security” presented as something new and novel …

    e.g. A combination of good backups, sensible user management, and applying encryption to both file storage and network traffic probably protects 90% of “computer networks”

  • The “regulation” thing

    First Principles
    At a “first principles” point of view – USUALLY the best thing for the U.S. Congress to do is “nothing.”

    Arguably the “Founders” believed the same thing. Which is why the U.S. has the system of gov’ment that we have. Just from a practical “organizational behavior” the larger the group of people – the less likely you are to agree on anything.

    The “wheels of gov’ment” are supposed to be slow moving and inefficient – remember the Founders’ goal was the preservation of individual liberty via the limiting of “gov’ment.”

    SO anything that the gov’ment does do, shouldn’t be fast or drastic – again, just in general “government is best which governs least”

    But then …
    Of course the gov’ment isn’t just window dressing – they are supposed to do SOMETHING. e.g. In times of war trying to rule by committee is a recipe for disaster – which is why the POTUS is “Commander in Chief.”

    In the Ancient Roman Republic – traditionally two “Consuls” were elected to “run” the Republic. The Consuls had full executive power, but each also had veto power over the other. This meant legislative stalemate was the norm and preservation of the status quo was achieved – which was kinda what the “powers that be” wanted.

    BUT in times of emergency/war – i.e. when things needed to “get done” – a single person would be put in charge.

    Fans of Ancient History will be familiar with the story of CIncinnatus – but I’ll move on – after pointing out that in peacetime it is always worth taking the time to examine the issue and “get it right” as opposed to “doing it fast.”

    If it moves regulate it …
    Ronald Reagan described the “government’s” view of the economy as: “If it moves, tax it. If it keeps moving, regulate it. And if it stops moving, subsidize it.”

    Which is a great line – but hits on several big issues. The purpose of taxation tends to get “complicated” but isn’t important right now. However, REGULATION should be easier to agree about as far as “purpose” goes. (and subsidizing something is probably just another form of taxation)

    In general “gov’ment regulation” should NEVER be punitory – i.e. protecting the consumer/individual SHOULD always be the purpose of regulation – NOT simply punishing a specific company/industry because it is politically expedient to do so.

    From a practical point of view – that means government should do what individuals can’t do for themselves. SO things like controlling access to a limited resource (e.g. the old radio/television broadcast spectrum), or ensuring that drivers are not a danger to themselves or others (e.g. physical checkup requirements for CDL, or vision tests for driver licenses) are obvious candidates for regulation.

    The form that regulation takes is up for debate – but regulating interstate commerce is obviously one of those functions the Feds are supposed to handle — but one more time “regulation” should not be “political punishment”, it should always serve the consumer.

    Internet/Web/Walled gardens/Facebook…
    The story of the “internet” can be told numerous ways – some of which are interesting, but not important right now.

    (no matter how you choose to tell the “Internet story” – it didn’t just spontaneously appear, but it also wasn’t created by government bureaucrats.)

    If we accept that “sharing information” (to one degree or another) is the point of ANY “network” then the “Internet” has been a great success story.

    BUT you needed affordable personal computers AND the “world wide web” to make it useful to the average person.

    (btw if the “internet” is the “highway” then the “web” is one type of vehicle using that highway – but not the ONLY type of vehicle)

    For a lot of folks back in the early 1990’s “America Online” (AOL) was their first “information service.” AOL charged a monthly fee for access to their network – and bombarded the nation with 3.5″ disks and then CD-ROMs offering monthly free trials.

    Then when the “web” happened – AOL started offering unlimited “Internet” access through their network. AOL still had a lot of “AOL network” content, so people might login to AOL and never leave AOL – this was kind of the “Walled Garden” internet (or if you logged into a local ISP – that homepage might have been your concept of the “web” in general).

    (btw the AOL merger with Time Warner is probably one of the worst mergers of all time from a “combined value” view – i.e. the perception of AOL’s value was much greater than what they actually possessed)

    Maybe the 1990’s could be called the “era of the portal.” The web may have offered access to vast amounts of knowledge – but finding anything was difficult. So “web directories” (like Yahoo! ) ruled the day. Then Google happened in the late 1998 – which is also another story …

    Facebook is just another version of the “walled garden” – and they continue to add services trying to keep users on their platform. Of course the more users accept Facebook as “walled garden” the more Facebook can earn in advertising $$ – which once again, is neither good or bad, just good business

    The important thing to remember is that Facebook is NOT the “Internet.”

    Regulation, but how?
    I’ve seen Facebook running ads (on Facebook) advocating changing the “Internet regulations.” This always comes across as self-serving as well as slightly pernicious – just because the regulations are older than Facebook doesn’t mean they need to be changed JUST for the sake of changing them.

    The problem with “regulation for the sake of regulation” is that it tends to be counter productive. “Big business” actually benefits from “increased regulatory requirements” because it tends to cut down on innovation/disruptive competition.

    “Bad regulation” simply reinforces the status quo and/or cements things in place preventing change. “Good regulation” will protect the consumer while encouraging growth/competition.

    My personal preference would be to apply “newspaper”/media conglomerate standards to Facebook. Hold them accountable for “censorship”, create a truly independent “arbitration board” (not one bought and paid for by Facebook) – but don’t cement them in place as the status quo.

    Regulation should not stifle whatever the “next big thing” may be …

  • Simplicity and Beauty vs Elegance

    Consider the fact that a hammer is “simple” – and in the hands of a killed craftsman might be used in an elegant manner. However, if someone has never seen a nail – what would they think a “claw hammer” does?

    If someone had spent their entire life living in buildings made of stone, they might look at a sledge hammer and assume it is used for breaking stones – but then what if someone has never seen a “stone.”

    The sledge hammer is “simpler” than the claw hammer – but neither qualifies as “elegant.”

    e.g. the hypothetical person that has lived in stone buildings but never seen a sledge hammer used MIGHT assume that the way you use a sledge hammer is to drop it onto the stone, rather than swing the hammer by its handle.

    In the “world if I.T.” the “command line interface” (CLI) is “simple” but not elegant. In much the same way that a keyboard might be considered a “simple” device but a vast amount of “prior knowledge” is required to USE the keyboard to enter commands in a CLI.

    Wait, wait, wait, surely the mouse is “elegant” – nope, sorry. James Doohan in Star Trek IV comes to mind (i.e. the scene with “Scotty” using the 1980’s style personal computer)

    A “graphical user interface” (GUI) can easily be “beautiful” – but again a vast amount of prior knowledge is required e.g. Microsoft famously claimed that the purpose of including solitaire as part of “Microsoft Windows” was so that users could practice using the mouse and interacting with the user interface. As a “long time I.T. professional” it is easy to forget that things like “double clicking, click and drag, etc” have to be learned at some point – so for the novice user, playing Solitaire can actually be a “training exercise.”

    BTW “form follows function” in “computer terms” might be expressed as “software runs on hardware.” The most beautifully designed 2021 GUI quickly becomes unusable if you try to run it on “old” hardware.

    Ten+ years ago I was fond of pointing out that the real difference between Apple, Inc and Microsoft, Inc was that Apple sold high end hardware and included an operating system, while Microsoft sold an operating system that could be installed on the hardware of your choice.

    Of course Apple devices “just worked” but the operating system and hardware were designed to work together – which is a much different than trying to sell an operating system that runs well on unknown hardware configurations.

    Of course in 2021 Apple, Inc is really a cell phone company and Microsoft has become a “software as a subscription” and “cloud services” company (ten+ years ago, I would have called Apple a “consumer electronics” company and Microsoft was still an “operating system” company – and we are moving on)

    The relationship between “simplicity, beauty, elegance” and human beings is probably a “two-drinks” question (i.e. the type of thing best discussed while having a friendly conversation over drinks of your choice).

    Since I’ve been “job interviewing” a lot recently (without much success) – it has occurred to me that I (probably) come across as “arrogant” to the average “job search committee.”

    Am I arrogant – well, obviously I don’t think so – BUT I can understand others perceiving me as arrogant. Being self-confident and sure of your skills does not make you “arrogant” – thinking that you are “superior” makes you arrogant (and I am only a humble servant – maybe my “manner” is perceived as arrogant).

    But here the issue is about “perception and reality” – i.e. simplicity of character that has been acquired from “self examination/introspection” might be beautiful AND therefore a form of “elegance of character” but is easily misunderstood/misinterpreted.

    Maybe this is the difference between “eccentric soul vs crazy old man” – but ANYWAY …

    George Harrison had three #1 hits as a solo artist on the Billboard Hot 100 chart and 5 top ten hits overall – “What Is Life” (mentioned in another post) peaked at #10 in 1971 then 10 years later “All Those Years Ago” peaked at #2

    (other shoe dropping: the #1’s were Got My Mind Set on You” in 1988 – which was a “cover” song. “Give Me Love” – 1973, and finally “My Sweet Lord” – 1970)

    “All Those Years Ago” is obviously about John Lennon – the rumor is that Mr Harrison had written the song before John Lennon was shot (December 8, 1980 – obviously with different lyrics) then reworked the lyrics to become a “tribute” song.

    Tribute songs can be tricky – “George Harrison songwriter” always had an “upbeat” sound (that used to be called “pop rock”) – “George Harrison human being” was the “quiet one” of the “Fab Four.” SO this “tribute” song doesn’t mourn John Lennon’s untimely death but celebrates his life (which is its own form of “elegance”) …

  • User interfaces

    Making a product “easy to use” is never “easy.”

    “Elegant” products are few and far between. Merriam-Webster tells us that “elegant” means “marked by elegance” – which then requires another click for “elegance” and we get “dignified gracefulness or restrained beauty of style”

    An “elegant product” becomes an example of “beautiful simplicity.”

    Under Steve Jobs leadership Apple was known for “striving for elegance.” When he was alive Mr Jobs liked to say that they (i.e. Apple) didn’t do a lot of “product research” – which I believe, BUT we have to distinguish between “product research” as in “asking users what new products they want” and “product testing” as in “testing and improving the user experience with existing products.”

    e.g. Apple did not invent the “mobile music player” but they perfected the “mobile music device” with the iPod. The first couple generations of the iPod become a case study in the “search for elegance.”

    I have had several “iPods” – but I distinctly remember not being able to figure out how to change the volume of an “earlier” release. The product had a “rocker dial” which I assumed if I held down on one side the volume would go up, and if I held down on the other side the volume would go down.

    ANYWAY – It turned out the the volume was controlled by “sliding” and not “rocking” – and once I was shown how it worked it was obvious (and I admit “better”) – so early iPods were beautiful and easy to use, but not “elegant”

    Of course the first step in designing an “elegant” product is that the product does what it is supposed to do (i.e. form still follows function) – this tends to require “high end components”. SO Apple has never sold “cheap” products.

    The number of products that exhibit “pure elegance” is probably zero – i.e. “pure elegance” is (probably) unattainable.

    This becomes an interesting thought experiment: e.g. There are a great number of products that are “easy to use” once you have been shown how to use them. However the number of products that “announce how they work through their design” is very small if not zero.

    Remember that we have to start with a “user” that has no exposure to the product – e.g. if you’ve seen “Demolition Man” (1993) (a “not bad” Sylvester Stallone/Wesley Snipes vehicle) you might remember the “three seashells” joke.

    If you haven’t seen the movie (it is fun, you can probably find it with little effort) – Sylvester Stallone gets brought out of “suspended animation prison” to catch super villain Wesley Snipes – but the plot isn’t important. Mr. Stallone plays the comedic “fish out of water” that doesn’t understand the simplest aspects of “modern civilization” one of which is the “modern” bathroom facilities that consists of “three seashells.”

    The point (if I have one) is that in the movie the “three seashells” are a great example of “un-elegance” (which was used for comedic effect – and no, they never explain how the seashells are used, BUT they make it clear that EVERYONE knows how to use the seashells).

    SO in “modern times” the best we can hope for are products that are obvious to use for those that have experience using similar products.

    The “web design” gold standard has been (some form of) “don’t make the user think” (probably) as long as there have been “web design suggestions.”

    From a “software design” point of view “elegant user interfaces” are also few and far between. “Functional” interfaces are a dime a dozen – but systems that are actually “pleasant to use” are numbered in single digits.

    Combine “functionality” and “ease of use” is never easy BUT if you get it right and have a little bit of luck – you might be the next Google or Facebook …

    This song (“Something” by the Beatles) came to mind as I was composing this post. Beatles fans will recognize this as a “George” song – the song would peak at #3 on the Billboard Hot 100 in November 1969.

    George Harrison was the youngest of the Beatles – which really doesn’t mean anything in the “big picture” (i.e. it isn’t like the age difference was a big deal – they were all within three years of each other) – but becomes significant when we talk about “song writing development”.

    e.g. three years difference is like the difference between “high school seniors” and “high school sophomores” – fwiw: Mr Harrison admitted that he always “looked up” to John Lennon.

    SO “George Harrison songwriter” had the benefit of seeing two of the all time greats become two of the all time greats (“Lennon and McCartney”) but also developed his own distinct “elegant” style.

    (the disadvantage to being a Beatle for “developing song writer” Mr Harrison was that some of his “early” work ends up being compared to “Lennon and McCartney” unfavorably – not that his early work was “bad” so much as “not as good”)

    “Something” becomes a compact “mature love story” – Mr Harrison was in his late 20’s when he wrote the lyrics, so he is writing about the experience of “falling in love” with the realization that what he is feeling might not last.

    Compare that with the “more mature” view in “What is Life” from George Harrison’s first solo album (1970) – and we see why “George was the spiritual one”

  • Competing with Facebook

    A federal Judge recently dismissed “anti-competitive”/monopoly charges against Facebook

    The problem is that just being a very popular platform doesn’t make you a monopoly – e.g. Walmart is not a monopoly simply because a lot of people shop there and they are hard to compete against
    FB allows people to easily connect with each other and share information – which is not monopolistic in any form.
    from a business standpoint FB is selling access to those peoples information. SO FB isn’t doing anything different (from a legal standpoint) than what a popular tv network does – which again is functionally “build an audience” and then sell advertising to that audience.

    Google and Facebook allow “targeted advertising” – which ends up being very cost effective for “business users”

    BUT if you are a “content producer” you need to remember that FB is not your friend or partner. The wise content producer is NOT going to use FB as their primary platform

    i.e. FB is a great platform to acquire/build an audience (at a price) – but then the first step for the “wise FB business user” should be to connect with that audience OUTSIDE of FB – after all FB can cut off your access to THEIR platform as they wish.

    from an “anti-trust” issue FB (probably) isn’t a “monopoly” – as in they are not actively being “anti competitive” — their moderation is questionable, and they are obviously biased and they might be engaging in “illegal discrimination” – but that is a different legal argument …

    btw: how you “successfully compete with FB” is similar to “how a small retailer successfully competes with Walmart (or Amazon)” – step 1 is to understand that you (probably) aren’t in the same business

    Walmart is a logistics company that specializes in “low costs” – the “core business” for Amazon is (probably) “I.T. services” (in the form of AWS), but they are also a logistics company

    While the local hardware store is in the business of “selling service” – which means “individual attention” and/or “high level of customer interaction.” … sure that local hardware store charges a little more, but they are nice to deal with

    Remember FB is not selling a unique product – they are selling access to an “audience.” FB provides services to that audience BUT the “audience” is the product not FB

    Quick how does “local newspaper” compete with the NY TImes? well, NOT by trying to do better national news coverage – “local newspaper” needs to concentrate on having “local news” – and a lot of pictures of “local people” doing “local stuff”


    oh, and WHEN something better comes along – users can leave FB with minimal effort. Of course Mr Zuckerberg et al realize all of the above and that is why they make an effort to make people “FB dependent”

  • An Introduction To Shakespeare

    A pdf version of what was probably used in college classes 100 years ago: An Introduction to Shakespeare:

    This little volume aims to present what may be
    necessary for the majority of classes, as a background upon
    which may be begun the study and reading of the plays.

    IntroductionToShakespeareDownload

  • Quote app

    The quote app is at https://quotes.iterudio.com/