cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

The Actuator – November 7th

Level 17

This version of the Actuator comes to you from Barcelona, where I am attending VMworld. This is one of my favorite events of the year. And I’m not just saying that because in Barcelona I can buy a plate of meat and it’s called “salad.” OK, maybe I am.

As always, here are some links from the Intertubz that I hope will hold your interest. Enjoy!

The Cybersecurity Hiring Gap is Due to The Lack of Entry-level Positions

Yes, the hiring process is broken. This post helps break it down. You could replace cybersecurity with other tech roles, and see the issues exist everywhere.

Directions

Brilliant post from Leon where he helps break down a better way to conduct an interview. This is something near and dear to my heart, having written more than a few times about DBA jobs and interviews.

That sign telling you how fast you’re driving may be spying on you

It’s one thing to collect the data, it’s another to use the data. I think the collection is fine, but you need a warrant to search that database. And this is also a case where you can’t allow someone to be given SysAdmin access “just because.”

Who Is Agent Tesla?

Is it a monitoring agent? Is it malware? Why can’t it be both? Folks, if your “monitoring software” is asking for payment in Bitcoin, then you are asking for trouble when you install.

Lyft speeds ahead with its autonomous initiatives

Because I haven’t been including enough autonomous car stories lately, I felt the need to share this one. And when I am at AWS re:Invent later this month, I hope to use one.

Inside Europe’s quest to build an unhackable quantum internet

I don’t know why, but I’m more bullish about quantum computing than I am Blockchain. The quantum internet sounds cool, but the reality is most data breaches happen when Adam in Accounting leaves a laptop on a bus.

Apple Reportedly Blocked Police iPhone Hacking Tool and Nobody Knows How

Score one for the good guys! Wait. When did Apple become the good guys again?

I love the salad bars here in Barcelona:

meat_salad_cp.JPG

34 Comments
Level 14

Thanks for the links. 

Level 14

Hiring gap.  Yes yes yes.  I've been banging on about this for years.  I don't interview people and ask them in depth technical questions.  I ask them how would they approach dealing with a problem.  The technical stuff they can learn or Google.  The methodical thought process required to diagnose a problem is a skill that is very hard to teach.  It is also completely misunderstood by management because a) they don't possess it and b) they don't need it.

Level 14

Signs spying on you.  I've long thought this.  I the sign can sense how fast you are going and can read your number plate (and possibly take a picture of your face then it could also automatically send you the fine or track your whereabouts.  I know this happens in the UK as I used to look after systems that processed bus lane infringements and send out fines.

Level 14

Lyft.  I wouldn't want to see that in my rear view mirror.  It looks too much like a police car.

Level 13

The link on embedding LPRs in road signs is an interesting read.  Way too much opportunity for misuse there, and if it can be misused you can pretty much guarantee it will be.

Level 13

I second your comments on adatole​'s post on directions.  Brilliant, and has all sorts of applications.  I've re-read it three or four times and keep getting more out of it each time.

Level 14

Quantum internet.  Nowhere nearly there yet but probably will be exactly what we need when we start colonising other planets.  Another example of real life following science fiction.

Level 14

Not sure where I sit with the police or security services accessing private data.  I can see both sides of the argument and agree to a certain extent with both.  I guess with the correct checks and balances in place it would be OK but I know the politicians will really mess it all up as usual.

Level 14

Mmmmmnnnnn.  Meat.  I was in France when a vegetarian friend ordered a salad suitable for a vegetarian in a restaurant.  When it arrived there was a beefburger sitting on top.  The waiter's response was "Well, there's not much meat on it".  Maybe he was a Monty Python fan (Spam sketch).

My impression about the gap in Cyber Security hiring reflects poorly on Management's investment in training.  I'd suggest training internal staff to become SME's for every need instead of waiting for someone to come out of CISSP school with the necessary certifications.  Your internal staff will be better able to understand your networks' needs better than an outsider; who better to train to become your go-to people for doing what's right for your company?

Assuming internal staff cannot be as well educated, as well trained, as someone from an outside agency is a self-fulfilling prophecy--a negative loop that will spiral a company or department downward instead of improving internal resources to solve the needs.

Train your people to fill your needs, don't just try to hire outsiders who may be temporary experts about an issue, while letting your internal resources go stale.  You'll find it more cost effective in the long run.

I always enjoy Leon's written word.  His "Directions" is a classic from which we can all learn.

When the signs may be spying . . .

It's not been enough to:

  • Tell people to obey every law--they don't do it.  They WON'T do it until they find it more inconvenient to NOT break the laws than to break them.
  • Ask government to provide enough police to enforce all laws.  Tax payers continually vote for people who run on a platform of tax cutting, and that means cutting services (like law enforcement).  The results are obvious--more law breakers, fewer law enforcers, more unhappy citizens--many of whom feel it's OK to break laws.
  • Rely on good behavior "when no one's watching".  There's insufficient incentive.

OK, it's a slippery slope, but I'll stand at least part ways on it.  If a person's breaking the law, let's say they're speeding, they're breaking the law no matter whether an officer with a radar is present or not.  It's an absolute.  A driver provides their signature on their license as a promise to obey the laws.  Not only the convenient laws, but ALL the laws, including speed limits.  The unpleasant realization is that the person who speeds proves they have broken their promise . . . which makes them a representative of an unpleasant descriptor:  they are liars. 

Who wants that tag associated with themselves?  No one (I hope!).  It's ugly, it's something that can keep a person from being hired, or even from dating someone new, or getting a credit card.

So.  We want safe roads filled with rational and safe drivers, who obey the laws created to improve our safety.  If we wanted to afford more officers with radar units we'd pay the extra taxes.  We won't do that, but we still want compliant drivers.  Some drivers won't all comply without more incentive, such as increased detection resulting in higher fines, higher insurance rates, perhaps jail time, perhaps loss of license . . .

So, I drive the speed limit.  Unapologetically.  It's the law, I signed my name and promised to obey the law.  I've no problem driving the posted speed limit, or slower if the conditions require.

It's no unAmerican to obey the law.  In fact, it's often unAmerican to break the law. 

Getting caught and paying the penalty is the risk.  A speed sign that catches a speeder through LPR is equivalent in my eyes to an officer with a radar detector and eyes.  I'm OK with fines resulting from this technology.

Better still, if the information gathered can protect children and prevent another Amber Alert, all the better!  If a person were to break a more stringent rule (hold up a bank?  participate in road rage?  hurt someone?)  and their path and actions be witnessed by an LPR that results in quickly finding them, they're that much less likely to break those more stringent rules.  Or, if the do break the rules, the person is more likely to be apprehended more quickly, preventing them from increasing the risk of harm to others.

I see it as a good thing.  Even while others have determined that stop lights with cameras that automatically report and fine those who run red lights are inappropriate uses of technology--the lights don't determine who was driving, only that a vehicle broke a law.

Will someone try to leverage LPR tech to prove someone else is cheating on a spouse?  If so, it's not much different than hiring a P.I. to do the same; simply more efficient and cost effective.

I'm not "for" a Police State, but I am for safer drivers.  I see LPR's as a path towards that goal.  If they can be used to prove WHO broke the speed laws, not simply whose vehicle was used.

Agent Tesla. 

OK, if you haven't figure out by now that BitCoin and its peers are used by organized crime, wake up & smell the roses.  Talk about a red flag--"your monitoring software asks for payment in Bitcoin . . ."

Sheesh!

I see the many benefits of autonomous vehicles.  I'm not sure Lyft or others have the right solutions in mind, and I suspect making the world safe for all when autonomous vehicles are in use will be many orders of magnitude more expensive than their advocates admit.

I like your thoughts on Quantum Computing being a better solution to certain problems than BitCoin or BlockChain may be.  I'm with you in this.

Uh oh.  Now we disagree with each other when you (effectively) say "Apple is good because it prevents the police from helping solve crimes."

That's actually a definition of a "bad guy" in my books.

Yes, I enjoy my privacy.  No, I don't think keeping the police out of my phone falls into that definition of privacy.  I'd be happier if cell phone makers and ISPs and advertisers and web sites were kept out of my cookies & product searches, if audio-based IoT tools were prohibited from hearing me, etc.

I WANT the police in a phone if it can help them solve a crime.  Even if I'm the criminal.

I think folks are taking the ideas of privacy and freedom in the wrong direction if they stand on principle by saying they're allowed to do anything they want without the ability for someone to catch them through using the same tools used to commit or record a crime.

Let's get the cart back behind the horse, OK?  Lawful use of tools by law enforcement agents to access a cell phone is OK in my book.  Of course, I've nothing to hide.

Level 16

"That sign telling you how fast you’re driving may be spying on you"

Where I live (Michigan) the same cameras are on the patrol cars as well and I believe they alert the officer under specific conditions.

If you google "Norton Speed Camera" you will find stories like this:

Norton speed camera busts 9,352 drivers in two months, generating up to $1.1 million - News 5 Clevel...

A few years back the police put one of those speed signs on our street, we used it to see how fast we could bike, skateboard and rollerblade

Level 16

""Apple Reportedly Blocked Police iPhone Hacking Tool and Nobody Knows How"

I found an alternate method very effective at permanently locking my phone - older Iphone + water.

Last time I was in Jamaica I took mine swimming in what was supposed to be a waterproof case, well it wasn't and the phone was toast.

Level 20

It's true that most decent cybersecurity jobs demand a LOT of experience.  There are some entry level positions to a degree but it usually still means get your security+ at least first which I'll say isn't something most people can't do fairly easily.  If you really want to take it to the next level then target getting a CISSP cert.  Those both can open a lot of doors.

Level 20

You're the only one I really recognize well in Barcelona sqlrockstar​!

ScreenHunter_05 Nov. 08 05.19.jpg

I think I've seen the guy with glasses and woman on his left before somewhere but I'm not 100% sure.  I do get around to some tech events so maybe if they've been in the US before.

Level 20

I liked Leons take on directions... I often try to get a gage on whether people I'm interviewing are open to doing things they don't normally do or haven't done before because, from my experience, the job ends up being a lot more than the job posting description.

Level 20

They make the spy speed signs right near where I work here in Arizona.  There's a LOT that goes on behind the scenes that most people don't know.

Level 20

I love Brian Kreb... his website is amazing.

Level 20

One of my long distance GF that lives in DC is an Amazon executive.  The big hype this week is the leaking of info about the HQ2 being in Northern VA.

Level 20

I 100% agree sqlrockstar​ quantum is way way way more important right now than any blockchain tech... Quantum cryptography will change the way we secure our networks in an order of magnitude way.  The chinese have already put a quantum test node on orbit.

China Shatters "Spooky Action at a Distance" Record, Preps for Quantum Internet - Scientific America...

From the researchers:

"We have demonstrated the distribution of two entangled photons from a satellite to two ground stations that are physically separated by 1203 km and have observed the survival of entanglement and violation of Bell inequality. The distributed entangled photons are readily useful for entanglement-based quantum key distribution (7), which, so far, is the only way that has been demonstrated to establish secure keys between two distant locations with a separation of thousands of kilometers on Earth without relying on trustful relay. Another immediate application is to exploit the distributed entanglement to perform a variant of the quantum teleportation protocol (32) for remote preparation and control of quantum states, which can be a useful ingredient in distributed quantum networks. The satellite-based technology that we developed opens up a new avenue to both practical quantum communications and fundamental quantum optics experiments at distances previously inaccessible on the ground (33, 34)."

Scary stuff indeed... let's hope our scientists and engineers are keeping up... quantum key distribution is going to totally change crypto forever.

Level 20

I like how the Agent Tesla developer took down and updated his website... I think the walls are closing in on this dude and good!

Level 20

A lot of people don't want to admit it but the research on autonomous cars is really a prelude to new forms of warfare... I know I know some people don't want to admit that but it's a fact.

Level 20

I'm not sure I agree it's good that Apple is trying to circumvent the law enforcement agencies.  So all the crooks will use iPhones then...

MVP
MVP

Yup that speed sign probably is spying on you. With a little research you'll find that many of the "systems" along the roadways are also "pinging" against your bluetooth devices. I'm not exactly sure how and what they are doing, but they are definitely hitting against you bluetooth devices to watch you in traffic.

The link to the "Directions" article is broken. Well, at least for me. I will keep trying later because I am very interested in that article. Interviewing is not my strongsuit and I recognize that I need improvement.

Level 13

The car in the Lyft article reminds me of Deckard's car in the original Blade Runner.

The article mentions an interesting problem that reveals a bit of how they approach the problem.  They mention they need really good maps.  That pretty much tells you they aren't going for full autonomy but rather figuring out where they are in a stored map.  So what happens when the map changes unexpectedly?  Road work, random detours, shifted lanes, that sort of stuff.  I'm sure they're dealling with it but the challenges may make a practical solution further out than they anticipate.

Level 9

Wow, the links are very helpful. Thx for this.

MVP
MVP

Cool article

I agree, and when I talk to someone we might hire I try to find out what they are learning and how they use it, and I try to find out about a problem they took ownership of and ensured it was fixed. Ideally they worked through the details to solve the issue, but I want to hear that they stayed with it to the end and didn't walk away when some one else got involved.

About the Author
Thomas LaRock is a Head Geek at SolarWinds and a Microsoft® Certified Master, SQL Server® MVP, VMware® vExpert, and a Microsoft Certified Trainer. He has over 20 years experience in the IT industry in roles including programmer, developer, analyst, and database administrator.