Tuesday, November 18, 2008

More cool technology

I want one - check this out. No student should be without one!

Tuesday, September 9, 2008

Connected Devices Phone Home

In the past few months I have heard several news stories about stolen connected devices helping to locate their captors. Very cool. The latest story was of a woman who had her camera stolen. Evidently, the woman had activated a service on the camera that would automatically upload the pictures to a personal site for the owner whenever the camera detected a wireless connection. Sure enough, a few days after the theft the victim noticed her pictures on her website - with a few additions. There were pictures of some men she didn't recognize. She took the pictures to the last place she remembered having the camera, which was a restaurant of some sort, and showed them to the manager there. As it turns out, the pictures were of the head cook. She got her camera back, and the cook no longer works there.

I also recall a story of a woman who had her Mac laptop stolen. A few days later a friend called her and asked if she got the laptop back. When she answered that she didn't get it back, the friend told her that it must be connected because she had just been logged into her IM client. With this knowledge, the woman got on the Internet, located her computer, activated the camera and took a picture of the person using it. She took the picture to the police, who knew the individual from prior illegal activities. They tracked him down, and the woman got her laptop back.

How cool is it that devices can "phone home", and can actually call for help? Who knew...

Friday, June 13, 2008


As we close in on the one-year anniversary of my cancer diagnosis, I find myself very reflective of the happenings over the last 12 months. I will have another CT scan next week to see if the cancer is still gone. Although we have not seen any sign of it for a few months, my doctor warns me to be only cautiously optimistic, as the cancer that I had is very slow to return. We need to keep watch for a while to be sure it isn't slowly making its comeback.

Honestly, it seems like years since I was diagnosed and sat (or slept) through my treatments. We were looking at family pictures the other evening, and I realized that there were several family activities that I was not able to participate in - there were many pictures of my kids and my wife, without me. As I mentioned in a prior post, I was in denial for a while, and didn't think I had "real" cancer - but now I realize how serious it was, and how those pictures without me could have been foreshadowing the future for my family.

I received the news this morning that a friend of mine who has been struggling with breast cancer passed away last evening. She has 3 young children, and her husband is my age (we were college friends and roommates). I am amazed at how quickly the end came for her. She began chemotherapy shortly after I completed mine, and things seemed to be going well for her. There were a few complications, and earlier this week her doctor informed her that the cancer was too aggressive, and they were going to stop treatments. Two days later, she passed away, leaving her husband to raise her three children.

Over the past year, I have met so many people who have suffered with this disease in one way or another. One of my neighbors survived breast cancer, and had just completed her treatments when I started mine. I have met several others who went through it many years ago, and are now living normal lives. Another neighbor had a close relative pass away from cancer just a couple of months ago.

One year ago, I didn't know anyone with cancer (or so I thought). Now, I don't go a day without thinking about the strange disease, and witness the different effects it has on different people.

Maybe I am just getting older, but my perspective has changed significantly this year. While my work is very satisfying, it no longer defines me - I am not as concerned about what I do, what title I have, how quickly I can climb the job ladder, etc. There is much more to life than work - that is just a way to provide for my family. I do hope that I can make some type of difference in what I do, but the real benefit of life is every day when I come home to my family.

I hope no potential future employers are reading this blog...but for me, I truly believe that there are two phases of my life: life before cancer, and life after. I am blessed to enjoy the latter, and will not ever take that for granted.

Friday, May 9, 2008

NIH and SOA - bad combination

I am continually amazed at the amount of time and effort (and money) that companies will put into writing code that is well outside of their core competencies for their business. The usual reasoning that I hear is that the technology they are building is foundational to their core business. In other words, no one does it "exactly" the way that they want, so they have to build it all themselves.


I very recently met with some representatives from a company that is taking this concept to the extreme, and has even created their own programming language to support the needs of their business. When I pushed them on this, they outlined the need and benefits of doing so with a straight face. I asked them why they invest so much in something that is ancillary to their core business, and the response was "this is our core business", to which I replied "your core business is writing programming languages?".

"Well, no - but our core business relies on it".

I see - what you mean is that your desire to develop a programming language has created a foundational dependency for your core business.

To me, this is akin to saying that because our delivery company relies on cars, we need to build and staff a factory to design and produce those cars.

Now, I am not picking on this one company - the "not invented here" (NIH) syndrome has plagued developers for many years. I used to teach an object oriented programming class at one of our local universities, and I would always start out the semester discussing the evils of what I called "developer reflex #4" - the overpowering desire to re-write any code that a developer reads, which he or she has not written themselves. Everyone seems to think "I could do that better", and it is almost painful to use something that someone else wrote - especially if you can actually read their code constructs and see how they implemented the functionality. The desire to build a better mousetrap is overwhelming for developers - even if they are not in the business of catching mice.

I was a very early adopter of component technology, and was a vocal proponent of such when I was a young developer. Where I was working at the time, we actually had some great success stories of re-usable code and sharing components between applications (I even co-authored an article on the subject). I now firmly believe that one of the keys to our success was that we shared binary components, where other developers had to consider the shared component as a black box - they couldn't see under the covers to know if they could implement it more efficiently or not. And in the end, it didn't matter - the components worked just fine for them.

I view the Service Oriented Architecture (SOA) hype today as simply an extension of this component-design approach. Rather than sharing components to build applications, we are now talking about sharing full applications in order to build systems. But, the danger still exists - developers have a "not invented here" syndrome that causes them to still feel that only they can build the right application to share - and if everyone else would just use their implementation, SOA would finally fulfill its destiny.

New technology, same old biases. And somehow, the technologists convince their business to invest in building these non-core technologies, assuring them that anything less would be a sacrifice that will ultimately take the business down due to its lack of competitiveness.

We need to stop trying to build everything ourselves, and start innovating around our own core business - stop re-inventing the wheel, and put some true SOA principles into action, making use of the best of what is out there, being built by those who specialize in that technology. Invest in the innovations around our core business competencies, and minimize our investment in anciliary technologies.

Then, companies will become more competitive through the use of technology.

Tuesday, April 29, 2008

PCI - the mess of security

Having spent some years in the computer forensics industry, I can tell you that criminals today are very smart. They look for the path of least resistance, they are very determined to find the data they want, and they have the tools to accomplish the task. In recent years the credit card industry has congealed around a set of standards for credit card security, called the PCI standard (i.e., Payment Card Industry). Prior to that, each credit card company maintained their own set of standards...making it very difficult for merchants to keep up. This new standard is still evolving, yet many of the merchants are still trying to meet the bare minimum. This is a tough problem, as we have a real war going on - the criminals getting smarter about how they steal data, and the industry trying desperately to put in place standards to stop them.

The reality is that we will never be able to stop these criminals. We can slow them down, and make them work much harder to find what they are looking for, but we will not be able to stop them completely. Even now, as merchants are becoming compliant with PCI standards, they are still suffering from data breaches. Take the story of Delhaize Group, who on the same day that they received notification of compliance with PCI also received notice that 4.2 million credit cards may have been stolen (as reported in todays Wall Street Journal). This breach was not a result of poor implementation of PCI standards, but rather was a result of the criminals understanding PCI as well as anyone in the industry, and finding a new access point for the data they wanted. Rather than attacking the data in-transit, or at the point-of-sale, they actually attacked the internal network of this company, where PCI has no rules regarding the safety of the data. Once the data is within the companies network, it was assumed that the data would be safe.

Criminals are very smart, and since security standards are open, they can keep up with them just like the rest of the industry can. PCI is not the silver-bullet to protecting our data: the real answer is that those who have our data need to start treating it as a precious commodity, and understand its real value. Security is not cheap - encryption slows down access to data, and key management is always problematic. Putting in place rules and regulations regarding who can access the data is a pain, and keeping anti-virus and anti-spyware applications updated and functioning on a network are difficult tasks - but these are all steps that must be taken to make it more difficult for criminals to find our data. Until companies view PCI as the minimum bar, and take steps to really protect our data from end-to-end, and view themselves as stewards of important data, the criminals will find the paths of least resistance around the security measures.

Securing our data is less about adhering to standards, and more about shifting the mind-set of corporations. Until that happens, our data will be vulnerable.

Saturday, April 12, 2008

Net Neutrality

The argument about Net Neutrality has been going on for a while now. I was first introduced to the topic when working at my last job, where our business success was tied to ensuring that our filter product didn't get in the way of anyone's fast internet connection, which they were paying good money for.

The Wall Street Journal recently reported that the 100 million streaming videos that are watched daily account for as much bandwidth as was used in an entire year in 2000. With the advent of sites like YouTube, and with TV networks posting full episodes of their shows, the pipeline into our home is again getting constrained, much like in the days of dial-up access, and will soon slow to a crawl again if Internet content and usage remains on the trajectory that it is on.

So, the providers of those pipes want to start charging on a "use more, pay more" model. And, congress wants to stop it by passing a law that the Internet must remain free (or at least that our flat-rate model needs to remain intact). Thus, the net-neutrality debate.

CIO magazine has posted this commentary, which I found quite interesting, on the topic. It is about 5 minutes, and certainly provides some food for thought on this topic.

Monday, April 7, 2008

The Futuristic CIO

I am attending the Gartner symposium this week, on the topic of "emerging technologies". After a full day of breakout sessions, it seems that there is a theme running through the track that I have chosen. It is that the futuristic CIO is going to be very different from the CIOs today. Many of the current CIOs could be CTO in another company - they are very technically-minded, understand technology in at least a broad sense, and some are even quite deep in some technical areas. They are concerned about uptime, managing risk and maintaining business continuity. They manage technology, and consider themselves to be a service organization to the business.

The CIO of tomorrow will be very different. They will be concerned about maintaining services, and providing good experiences for all consumers: both internal and external to their company. They will be an integral part of the business, not a service organization to the business. In fact, they will be part of business decisions, not looped in after the fact to simply enable a prior decision to be carried out. They will be concerned about managing information, not technology (these are very different things, incidentally). The CIO of tomorrow may not even have a technology background - they won't need to even understand technology very broadly at all.

Very interesting. And vaguely familiar...(I posted a blog entry last year on this topic). It will be fun to watch the CIO role evolve over the next few years...

Friday, April 4, 2008

Technology Projects: Thin line between Success and Failure

This article from today's edition of the Wall Street Journal really leaves me scratching my head. Here are the facts:

- The Census Bureau is scrapping the use of new, hand-held devices to complete the 2010 census, for which they paid $600 million to a high-tech company for development
- The cost of NOT using them will add an additional $3 billion to complete the census
- The effort to fix the devices so they can be used in the future will double the value of the contract to this high-tech company, raising it to $1.3 billion

But, here is what really makes me crazy. According to the contracted company,
the devices reportedly operated with 99.5% accuracy. The reason that they won't be used is reported as the lack of "comfort level" of using them by the census bureau. According to the census bureau, the reason for the failure boiled down to scope creep.

So, the bottom line is that as a result of spending $600 million to successfully complete a project (99.5% accuracy has to be considered a success), the government will now spend an additional $3 billion to complete the census, and will then tack on an additional $700 million to "fix" the successful project - all so that the agency can be more "comfortable" using the devices. All of which could have been resolved with better requirements management throughout the project.

So, who ends up footing the bill for the $3.7 billion cost of poor requirements management? The Project Manager? Nope - the U.S. taxpayers.


Personal Note - cancer update

It is hard to believe that it has been only 6 months since I completed my cancer treatments. To me, it really seems like much longer. I guess that is an indication of how quickly my life got back to "normal" - whatever that is. Many people have commented that they believe this is because of my positive attitude going through this process. I guess there might be something to that theory - but to me, I just can't imagine it being any other way.

I talked with some of the nurses in the treatment center yesterday, and they couldn't believe that it had already been 6 months...to them, it seemed much shorter. I am really quite impressed with all of those who work in the Central Utah Cancer Center. They all remember my name, as well as the specifics regarding my treatments, and they all make very kind comments each time I return for a check-up. With the number of patients that go through that facility, I am really surprised that they even remember my name.

I have been meeting with my oncologist every month since treatment ended, and have been on blood thinners for that entire time, since we have been trying to get rid of the blood clot caused by the PICC line which was inserted for my treatments. Yesterday I had another monthly visit, and we have now crossed another bridge in the recovery process. I am now off of the blood thinners, and my visits to the oncologist are reducing to once each three months. For now, I am in complete remission, and all is well. If we keep this up for 5 years, then I can be considered "cured".

I still find it strange that I am a cancer patient. I signed up for a blood drive last week, and my wife asked me if I really thought I would be able to donate. I couldn't figure out why she was asking me that question - then she gently reminded me that I am a cancer patient...sure enough, it will be between 5 and 10 years before I can donate blood again. This was not the first time that my wife had to remind me of my new health situation. I am not sure I will ever get used to it, but as of now my situation is not disruptive in the least - just the occasional CT scan and more frequent visits to the doctor than I have historically done.

I truly appreciate the notes, e-mails and comments from everyone as my family and I went through this process. Please know that all is well, and I am settling back into life as normal.

Monday, March 24, 2008

Free! Virus included.

An associated press article has recently been published regarding new, out-of-the-box gadgets from reputable stores that attempt to install a virus on your system when you plug them into your machine. The one documented case that they refer to is a particularly dangerous virus that attempts to steal your passwords. It is not clear whether this is a deliberate attempt to infect computers via a brand new gadget, or whether it is an honest mistake (i.e., one of the machines on the assembly line getting infected), but either way it is an ominous sign.

If it is indeed a deliberate attack, think of the consequences: hackers can pre-install viruses on the factory floor in China, then send any device (like digital picture frame, MP3 player, etc) to your home and infect your machine as soon as you plug it in and attempt to use it for the first time.

Many of you are aware that I am in the process of writing a book on Family Safety on the Internet. In that book, I talk about the reality of dangerous bits bombarding our home computers - pro actively coming at us from every angle. Pornographers, identity theives and hackers all attempting to gain access to our computers from the Internet. Now, we can
add a new attack method to the list - brand new, out of the box gadgets purchased from our favorite retail store.

Tuesday, March 18, 2008

Technology or Common Sense?

When I was in high school I accepted a job as a clerk at a souvenir shop on the beach in northern Fort Lauderdale. I loved that job, and kept it for many years while I completed school. I recall that one of the first things I learned was how to calculate and count back change for customers. It seems like a simple thing - just count up from the amount of the sale until you reach the number of the bill you were handed - then count it back in the same way to the customer, so they can rest assured that they were handed the correct change.

I am constantly saddened that today people who are more than twice the age that I was then cannot perform this simple task. They simply punch in the amount they were handed, and the register calculates the change, and even drops the coins automatically. All they have to do is hand you the money, without a word about how the change was calculated, nor whether it is correct or not. We all just assume that since the register calculated it, it must be correct.

Our reliance on technology has now risen to even greater heights. I have read several stories recently (like this one from the Wall Street Journal) about GPS systems and online mapping software sending people to the wrong place, or even into on-coming traffic, and yet they simply blindly follow the directions. We assume it to be correct.

I had a personal experience with this recently. I had to attend a funeral at a chapel that I had not been to, so I turned to Yahoo! maps to locate the address for me. While I had not been to this particular chapel, I also knew immediately that the directions were completely wrong - it would have sent me 20 blocks to the north of where I should have been. So, I turned to Google maps instead - with the same result. In the end, I just had to locate the address myself, using good old navigation techniques based on my knowledge of the area.

The sad thing is that I would bet that many of the cashiers today would not know how to calculate or count back change if their register made a mistake or stopped working. We simply put too much trust in our technical devices, and don't think twice about following its advice - even when Mapquest sends us to someone's driveway instead of the county courthouse, or up a mountain side to a dead-end instead of reconnecting us to the highway.

Somehow, we need to bring common sense back into the mix when dealing with technology. After all, no matter how good technology becomes, it is still based on human input.

Monday, March 10, 2008

Walking While Distracted?

I simply couldn't pass this up. According to this story, 1 in 10 pedestrians in London have been injured while - get this - texting. Evidently, people can't text and walk without getting hurt. So, the city of London has decided to do their part to prevent these accidents - by installing padding around the base of the street lights!

Crazy. I just wonder how those conversations go at the hospital. "I was just walking, minding my own business, and that street light just jumped right in front of me. Good thing I was texting my BFF , who was walking 3 feet behind me, or who knows how long I would have been laying on the sidewalk".

Wednesday, March 5, 2008

Did You Know

I found this to be a very interesting and thought-provoking video from YouTube.

And, here the author discusses the genesis of this video, and breaks down the sources for the statistics referenced. Very interesting reading, and a great case study for the viral nature of the web today.

Tuesday, February 26, 2008

YouTube's "butterfly effect"

I am sure you have heard of the "butterfly effect". This is the theory that states that the fluttering of a butterfly's wings in Africa could cause a tsunami in China (my geography may be off, but you get the point).

We have witnessed another butterfly effect this past weekend on the Internet, which has been just one more reminder that the Internet is global, and one person can truly affect the worldwide audience. It seems that a YouTube video from a Dutch film maker was thought to be so controversial in Pakistan that it might cause riots, so the Pakistan government decided to block access to YouTube in their country until the video was removed. Unfortunately, they did not configure their routers to appropriately handle this block message, and instead all Internet traffic intended for YouTube globally was re-routed to Pakistan, and promptly dropped. This caused a worlwide YouTube outage for several hours on Sunday.

Now, I am not of the opinion that an outage of YouTube is disastrous. Personally, I am not a big fan. I am also not in any way advocating censorship on the Internet. However, this incident certainly gives one pause, on multiple fronts.

Most importantly, it highlights the very real danger of one "loose cannon" individual posting something that could indeed cause riots elsewhere in the world. While I do not support what the Pakistani government was doing, I do believe that their concern was probably well-founded - one video or blog post could indeed cause riots. I hearken back to some e-mails that I have sent, which I later wished I hadn't...I thought it was funny, others didn't see the humor. Luckily, the message only went to a few thousand employees. It didn't cause a riot, but it also certainly didn't help build relationships in a newly-merged company that was trying to gel its employees into one happy family.

The other problem that this brings to light is the fragile Internet infrastructure upon which we are becoming more dependent. One person's mis-configuration can affect a much larger audience - and while the particular router problem that occurred in Pakistan this weekend was very rare, it proves that technology is not infallible.

The Internet community is growing, due to the popularity of blogs, social networking sites and other user-generated content websites. This brings with it an implied responsibility to be mindful of possible worldwide reaction - we need to be aware of the Internet Butterfly Effect.

Or, I suppose we could just keep the idiots off of the web...but if we did that, I would have to close down my blog.

Friday, February 22, 2008

Microsoft comes full circle

It is interesting how things have come full circle for Microsoft. I love the story of the early days of Apple and Microsoft, and how each company evolved based on a core set of almost diametrically opposed beliefs: Apple believed in maintaining tight control over its system by keeping a closed, proprietary system - thereby maintaining the integrity of their design and vision for the user experience. The PC, and Microsoft by association, instead embraced an open environment, where people were encouraged to mix and match components and software to build on the "group thought" and innovation of the masses.

Apple's course led to a tight-knit group with a very stable and consistent operating system, while the PC (and Microsoft) had a much wider audience, but too many cooks in the kitchen led to a group of unhappy people running unstable systems.

Of course, Microsoft only bought into the open environment as far as it was beneficial to them to do so, and kept their OS secrets close to the vest; which has been the source of many anti-trust allegations and lawsuits over the years.

Now, we have come full circle. The open system has now evolved to the open OS, led by Apple (well, technically, led by the open-source community via Linux, but we don't need to delve that deeply into the details here...). The Apple OS has been based on BSD for several years now, which (along with the advent of the iPod) has breathed new life into the company. Yesterday, Microsoft finally announced that they are releasing over 30,000 pages of technical documentation for their operating system. Documents, by the way, which Microsoft used to charge a fee to access.

The real question, though, is this: when can those developers who PAID for this documentation expect their refund? Don't hold your breath for that one.

Friday, February 15, 2008

Management and IT

I recall a recent dialog on one of the e-mail lists upon which I lurk, where people were hotly contesting the allegation that the manager needs to be able to do the job of the people who report to him/her in order to be a good manager. To substantiate this claim, the author cited a very well-known company, and stated that it was this practice that caused their high-quality output. This caused quite a bit of discussion, and obviously some tension on the list. The statement also turned out to be false...but I digress.

As I have been reflecting on that conversation, and thinking about some of the challenges facing me at my job today, I came to this rather startling realization: I don't consider myself the smartest person in the room - regardless of who I am in the room with. I am sure that if any of the developers or architects that I used to work with were to hear me say this, they would double over in laughter, as I used to be one of worst of the quintessential prima-dona developers that I have known in my career.

Somewhere along the way, I realized that I can learn something from just about everyone I meet. This was an epiphany to me. As I learn more about my job, it is becoming clear to me that my role is less about technology, and more about relationships. For an old developer like myself, this is a strange realization.

So, I have finally crossed the line. I used to think of myself as a technical guru who also had some management skills. Somewhere along the line I became a good manager who also happens to have some technical skills.

While some may see this as my "Anakin Skywalker becomes Darth Vader" story, this is really not such a bad thing. I actually enjoy managing people more than developing code - something which I never thought would happen to me. As I have been talking with several different people recently about some of my management philosophies, it has become clear to me that I am not your typical developer-turned-manager. Determining whether that is a good thing or not will be left as an exercise for the reader.

Tuesday, February 5, 2008

Microsoft, Yahoo and Google

There is a very thought-provoking article on the op-ed pages of the Wall Street Journal today, written by Michael Malone (those who have WSJ.com access can read the commentary here). Essentially, he compares the MS bid for Yahoo to the HP/Compaq deal, and paints MS as an "als0-been" who has not been successful in any other endeavor apart from the OS and Office product lines. As he states in the article, "most everything else is a flash".

He then goes on to discuss the troubles that Microsoft and Google both face today, as they both head for (or are already in the midst of) their mid-life crisis. He brings out some very interesting thoughts, and attributes the mostly unexpected success of the HP/Compaq deal more to Dell falling on its face than any inherent positive momentum created by the new HP - which should be a warning to Google if this merger goes through.

Overall, I tend to agree with his points. Google needs to view this as a wake-up call, and get back to its innovative roots. They need to stop trying to branch out into so many wacky frontiers (like their energy initiative - what is that about?) and re-focus on being the high-tech innovative company they are. As Michael puts it "Google...stop fooling around and get back to business".

It is a very good read.

Tuesday, January 29, 2008

Utah House Bill 139

Utah House Bill 139 is causing quite a bit of discussion in Utah this legislative session. Specifically, the area of concern surrounds the idea that an ISP would be held accountable if a minor who accesses the Internet via their service encounters material intended for adults. While I agree with the intent of this bill, I find it sad that it is so difficult to author legislation to protect our children on the Internet that will pass the first amendment bar. The main problem that this bill faces is the same problem that all other legislative efforts in this realm face: how to let those adults who want to access smut do it while not allowing our children to gain the same access. Most of the attempts to do this in the past have failed to be upheld in the court system.

First, let me state that personally I am of the opinion that it is more important to protect our children from unintentionally accessing this material than it is to keep it easy to access for adults. The first amendment doesn’t imply that adult material has to be “easy” to access. As adults, those who really want to view this material can jump through a hoop or two if it means preventing innocent children from accidental exposure. But, the courts don’t seem to see it that way.

In the physical world, this is not as difficult a problem, as we can put adult material in the back room and restrict access to it, or we can place covers on magazine racks so kids (or anyone else who doesn't want this forced on them) can be protected from inadvertent exposure to this material.

There is no real equivalent of magazine covers on the Internet. The closest thing was the attempt a few years ago to require a warning page with a link that said something like “only adults are allowed to see this. If you are an adult, click here to gain access”. While this does help prevent accidental exposure, it does nothing for the quizzical youth who is happy to lie about being an adult just to see what is behind the curtain. It also doesn't completely solve the inadvertent exposure problem, as the pages behind that "curtain" are still indexed and searched via the popular search engines. There is really no way to ensure that people have to click that link to get to the page - they can access the content directly from many other sources.

The current legal interpretation of the first amendment has left us in a situation where we now have to try and create legislation that protects children while allowing adults to get anything they want on the Internet without having to slow down for any virtual speed bumps we may want to put in the road. This seems backwards to me: protect the adults at the expense of the children, instead of the other way around.

The technical problems to be overcome are not small. For example, there is no way to accurately and definitively determine someone’s age over the Internet. Legislation requiring people to enter credit card information to access adult content was shot down because it made too many people nervous about entering their information. And, it left those without credit cards out of the "adult" community on the Internet. Besides, even with a credit card entry system, there is no guarantee that it was an adult who actually typed it in. My children could easily find my credit card number and enter it – or they could have a credit card themselves these days. Until we have a way to determine that the hands on the keyboard have been on this earth for more than 18 years, there will be no reliable method of age verification over the Internet.

While I support this bill, and others like it, I truly believe that this is not a legislative problem. Just like we need to teach abstinence in school rather than handing out condoms, likewise we need to instill our children with a moral compass that will help guide them as they wander the virtual world of the Internet. Occasionally they will experience something that we would rather they didn’t. Unfortunately, that is a fact of life. We can’t stop them from looking out the window of the car as we pass a bad accident on the freeway, and the bloody image they might see will remain with them for a long time. So it is with the Internet – but, if we teach them to use their moral compass, they will quickly be on their way, and will shun the filth that makes its way into our lives via the Internet.

Protecting our children on the Internet is founded on a societal and educational solution - not a technical or legislative one.

Sunday, January 27, 2008

Family Safety and P2P

In recent years the “peer-to-peer”, or P2P, file sharing technology has become quite popular. This has mainly been driven by the soaring popularity of digital music and video players. The concept behind a P2P application is that it allows one to easily share files with others via the Internet, making it very easy to obtain content for your digital player. There are several P2P applications on the market today, and most of them are free of charge.

From a security and safety standpoint, there are several areas of concern with regard to P2P applications. Of course, there are also the legal issues, since copyright laws can be easily ignored and bypassed by using these applications, but I do not want to focus on the legality of data shared via P2P applications in this post.

Apart from the legal issues surrounding P2P applications, there are some significant security concerns. In my opinion, these applications are the single most effective way to bypass the security measures that are put in place to protect both our computer and our family. These applications are architected to provide a direct pathway into your computer from any other computer in the world. The protocols that are used are not normally monitored by any of the security or filter applications, which means that by using a P2P application you are opening your computer, and your home, to complete strangers and allowing them to directly place anything they want on your system.

Installing a P2P application is just like opening a window and installing a conveyor belt that can bring content directly into our home. Worse yet, this virtual conveyor belt is connected to every home in the world. Anyone can simply place a package on that conveyor belt, and it is allowed into our home without inspection by any controlling entity – including our filter. To make thing even more concerning, there are no laws regarding the content of these video files. This means that people can create videos of extremely graphic nature, and place them on this conveyor belt, and the video is promptly delivered directly into your home.

People will put video files out on the P2P network that are intentionally mis-labeled, just to get the extremely graphic video into your home. As a parent, you would never know it unless you actually viewed the video yourself, since the name would be consistent with current, popular artists. You would think that it is just the artists latest video, rather than some inappropriate content that you would never allow your children to view.

Video files are also among the least secure formats, and can contain malicious code that can do just about anything to your computer, ranging anywhere from installing malware which could steal your personal information, to releasing a virus that will destroy your data. While you are entertained watching the video, any number of things could be going on in the background to steal or destroy your data. We should never watch a video on our computer from anyone that we don't know and trust.

Allowing our children to use a P2P application on our computer is, in this bloggers humble opinion, the virtual equivalent of sending them into a bar in the worst part of town to buy a soda while we wait in the car for them to return. We would never do this in the real world - why do we allow it in the virtual one?

I cannot think of a valid reason to have a P2P application installed on our computer. If you can, I would love to hear it.

Wednesday, January 9, 2008

The DVD Promise

My wife and I sat down the other night to watch a movie. As the DVD loaded, we were presented with a decision: do we want to watch the theatrical version, rated PG13, or do we want to watch the Unrated version?

Very interesting. I remember when DVDs first came out, and how cool it was going to be that we would be able to choose the version we wanted to see. We would be able to rent a movie, and decide whether we wanted to watch the PG, PG13 or R version. Depending on what your family was interested in, the DVD would provide the technology to allow you to choose what content you wanted in your home.

And now they have finally delivered on that promise. But of course, the Hollywood producers missed the point. Leave it to them to get it backwards.