Saturday, October 22, 2016

Paradise ponders...

Paradise ponders...  On fireplace doors, masonry, physical therapy, computer reliability, the vulnerable “Internet of Things”, fruit yogurt, and maybe other whatnot...

After the mortar around our new fireplace door cured for 24 hours, it was time to remove the masking tape and see what it looked like!  I had a bit of a scare when I first pulled the tape off, as in several places I'd managed to squish mortar right under the tape.  In one place in particular (under the adjustable air inlet), quite a bit of mortar had wormed its way right into the works.  But the linseed oil finish on the door is amazingly mortar resistant – all of that errant mortar chipped off very easily, and one wipe with a damp rag removed all sign that it was ever there.  The end result is exactly the sort of look we wanted – we are thrilled with both the design and the overall quality of it.  We got this from Lazy K Wrought Iron, up in Kalispell, Montana.  We found the folks there (Kevin and Abigail Lipka, and their son Mack) great to work with – and obviously they know what they're doing!

Doing that masonry work was an interesting experience for me.  Overall I'm a bit surprised just how easy it was to do.  It makes me wonder what sorts of things I might be able to make using molds made of plywood and 2x4s.  Hmmm...

Yesterday Debbie had another physical therapy session, and she managed to surprise Reagan (her physical therapist) in a positive way.  She already has better, easier ranges of motions than she did two weeks ago before the incident where she tore through some scar tissue.  I'm beginning to dare to hope that that awful incident actually might have been a good thing (despite the pain for her)...

Four days ago I started my Raspberry Pi running with a little test program I wrote.  This program uses pulse-width modulation to blink a couple of LEDs, one of them on a triangle-wave brightness pattern, the other with an on-and-off pattern with exponential rise and fall (like an incandescent bulb).  This morning when I walked into my office, that program was still blinking those LEDs ... and that got me to thinking about the bad old days in the early '70s when I first started working with computers in the U.S. Navy.  On our ship we had 8 to 12 computers (more were added after I got aboard), all big “mainframe” computers.  If one of those computers worked continuously for 4 or 5 days, it was a nearly miraculous event.  Our average “uptime” was on the order of a day for any given computer.  For our main “network” of three computers, a few hours of system uptime was about par.  Sometimes it was a hardware or software glitch that took the system down, and we'd just reboot and start over.  Other times (maybe a third of the time) something would actually break, and we'd have to fix it before restarting.  We had many, many single points of failure that could take down the entire system until fixed, and I remember many occasions when I was under the gun, so to speak, to get something fixed during an exercise or when off the coast of North Vietnam (where we thought someone might actually attack us, though they never did).  Contrast that to the situation today, where an infinitely more powerful and complex computer, costing just $25 and fitting easily in the palm of my hand, routinely “just works” for months or years on end.  That's such an enormous advance that it's a bit challenging to wrap my head around it, even though I personally participated in it!

Yesterday the news was full of the DDoS attack on Dyn, which at least in part was enabled by a botnet of web cameras.  Reading about this reminded me a bit of the electrical network in the Philippines of the '70s, when I was stationed there for a while (I was in the U.S. Navy).  The electrical system there at the time was a free public utility – if you needed electrical power, you just hooked up to it.  The result was an absolute nightmare of unsafe installations.  I saw these every afternoon as I walked my shore patrol beat through the maze of bars and brothels – all of which had loud bands and bright lights.  There was an electrical fire or two nearly every day, and probably once a month some place of business would burn down completely – and the cause was always some incredibly stupid and risky electrical installation.  There was no code, no inspectors, and no liability (every business there was completely uninsured).  It was crazy time, the Wild West, and you could tell it was crazy just by looking at it.  The situation with security on the “Internet of Things” (IoT) is basically the same.  There is no regulation, and it's full of things that are obviously unsafe.  You can tell just by looking.  You don't even really need to be a hacker.  I'll give you just one silly example that I discovered myself: a little box I bought that enabled my garage door openers to be accessible from anywhere, through an app on my iPhone.  I opened the box up, just curious about what was in it.  There was a tiny little circuit board with a big chip on it; I looked up the part number and discovered it was a commonly used CPU for small embedded systems (which is exactly what that router was).  Normally, I read, it ran Linux.  Well that made me wonder if perhaps SSH or Telnet was enabled, or if it had a web server running.  Answer: yes on all counts.  So I tried logging in on Telnet, and my first guess on credentials ("admin" and "password") worked.  Oh, noes!  Even worse: the web site was completely unsecured - you could just browse to it and open or shut my garage doors.  I was able to change the SSH and Telnet passwords – but when I turned the router off and back on, the new passwords got overwritten by the old ones.  I disconnected that box and wrote the maker, but I never got a response.  It lies in the corner, collecting dust.  The IoT is full of crazy, unsafe things like this, and that's exactly what enabled the big attack yesterday.  What can be done about it?  The only thing I can think of is to shine sunlight on these things, by having a trusted agency (something like Underwriter's Laboratory) that is double-checked by another routinely testing these devices.  This would only work if the testing was demanded by consumers, though, and I'm really not sure if people would pay more to have their devices vetted.  I would happily pay a bit more, myself, but I'm not exactly a typical consumer of these things.  The engineering required to secure IoT devices is far from trivial, though a lot of it could be pre-packaged in a way that would make it easier for manufacturers to incorporate...

I made a discovery recently that I'm a bit embarrassed to admit to.  I love fruit yogurt, and I eat it quite often – nearly daily.  For years I've been buying the little containers of yogurt with the fruit at the bottom (Chobani is my current favorite), that you mix up before eating.  In most of these, the fruit part is mediocre at best.  A couple of weeks ago it occurred to me that I might be able to have yogurt with higher quality fruit mixture in it, just by buying plain yogurt and adding a teaspoon or two of top-notch fruit preserves.  Holy moley!  I can't believe how much better that is!  And now I feel really dense for not having thought of this, say, 50 years ago!!  If you like fruit yogurt, this is definitely the way to go...

No comments:

Post a Comment