A few years ago my refrigerator crashed. Some poorly written code put it in an unfortunate condition that forced a failure and the loss of quite a bit of food, and days without refrigeration. . The product was out of warranty by a few months and I had to cough up $600. The explanation was the computer controllers had a bug. The current version of the product can connect to the Internet via Wifi. Hopefully the code is tighter, but I have my doubts.
My 16 year old Audi has four wheels, an engine and about a dozen mostly isolated computers. These days new cars are networks of about one hundred computers that happen to include an engine and four wheels. Thermostats are computers that regulate your indoor climate, TVs are computers that show video, refrigerators are computers that cool your food, ATMs are computers with money inside ... you get the idea.
We're moving towards computers with deeper communications where commands to do something physical are sent back and in some cases towards autonomy based on local information from other machines. We have sensing devices connected to some kind of "intelligence" that sends commands to do something in the physical world. The world is becoming a robot of sorts. One with a distributed intelligence working on distributed tasks and it happens to be evolving rather quickly.
This is a fundamental change... the notion of software eating the world is out of date.. it's much more complex. Some of the computation will occur in the cloud, but where realtime interactions are necessary - think autonomous vehicles - a good deal will take place locally. Beyond the current notions of the web and the cloud. This is the greatest change we've seen in the Internet and it comes with enormous challenges along with it's rewards.
Pick up your smartphone. Although far from perfect, it's probably the most secure (particularly if it's an iPhone) network connected device you own. Microsoft, Google and Apple spend an enormous amount of effort and money attempting to make these things secure and robust, but it's difficult. In the early days software was enormously expensive to develop, but it often was very high quality. The current model of software development is to develop rapidly with semi-skilled programmers and fix the bugs that turn up later. Certain core elements may be high quality, but they're generally smallish in scale and very expensive. The current known bugs list in OS X is in the thousands. Windows is said to be in the tens of thousands. Those are known bugs and many are too difficult to justify fixing. They're often obscure and only turn up in unusual circumstances, but they can be exploited by smart people and, thanks to the scaling available on the Internet, major impacts can occur. The big guys address this with regular software updates, but that's largely for modern operating systems on PCs and smartphones.
How often have you updated the software on your router? I've done it at least a dozen times in the past ten years. The patches are not well publicized and tricky for inexperienced people to deal with. Moving down to other objects... how about your DVR? Many of them can't be patched by users yet they can become security risks. You may own a DVR that was part of the Mirai botnet attack against the DNS provider DYN last October. There is no market incentive for a device manufacturer like XiongMai to spend the money designing quality software and maintaining it when no one else is. Typically these guys have some semi-skilled person take some code they found on a server and hammer it into the required configuration for the device. The malware will be online until the devices are physically replaced - ten years maybe. You're not responsible for your part in the attack ... each individual bit is small and makes no difference on your connection and isn't degrading the performance of your DVR. No one is responsible for providing a convenient platform that can cause serious damage and we're moving towards a world where damage takes on a new meaning.
Imagine this on devices that physically manipulate the world around you. Some, like cars, are moving towards autonomy a bit at a time. In theory this should save a lot of lives. Even if they are only half as good as human drivers, at scale they'd save about 15,000 lives a year and a huge number of injuries (although it isn't clear how the legal system is going to assign fault .. the automakers want a no-fault determination). But what happens if someone or some organization decides to have a few hundred cars throttle up to 100 mph and point themselves at each other, pedestrians and bridges? What about drones? Or shutting off a million heating systems in the Winter while demanding ransom in Bitcoin? It would be nice to imagine you can design around this, but we're talking about complex systems far beyond anything we've built and our ability to test hasn't exactly kept pace.
The security folks talk about three components of security - confidentiality, integrity and availability. We worry mostly about the first one these days. With scale and direct connection to the real world the later two become even more important. Think about the implanted medical device metering out insulin when it comes to integrity and availability when it comes to directed kinetic energy devices otherwise know as cars...
There are two models of how to deal with this... the first is conventional certification and testing .. what cars, aircraft, medical devices - anything that can physically effect you - go through. The operating system on the MRI machine I used last time is Windows 98 -- no security patches at this point, but it can't be upgraded as that would change the configuration of the machine when it was certified and the process of certification is long and expensive. The second is the patch it quick model, but that has big holes in it too and small/cheap devices - those that add less than ten cents to the cost of a device - will probably be left out. Furthermore the patches aren't exactly robust... it is a game of wack a mole. Both of these models are inadequate.
On September 11, 2001 three airplanes successfully flew into buildings. A shrink-the-government administration was motivated by fear and hacked together a huge new piece of government in under two months. It was haphazard kludge, but fear is a huge motivator for the political class and voters. At some point we'll see attacks on this emerging robotic computational layer that covers the globe. Ideally something smart needs to be done. This is a great opportunity space.
Notice that I've largely avoided talking about the confidentiality piece. It's still huge but demands a long separate discussion. We're learning that data can be a toxic asset. If we're smart we'll be much more careful about what we store and what we connect. This isn't something that can be fixed with just technology. Perhaps we'll see peak connection in the next decade or so - peak connection in the sense that every new thing is not necessarily connected even though it could be.
In short we're moving beyond software is eating the world to our computational objects are becoming part of our physical world. Perhaps we're beginning to understand the purpose of data rather than just believing in it 'because'.. There are great possibilities, but also lurking dragons.
___________
Recipe Corner
Making cream soups without cream - or any dairy
No recipe ... this is experimentation
Something I've sampled in a few vegetarian restaurants and have been trying to recreate... The trick is to get the stock to vegetable ratio right - about five cups of stock per two pounds of veggies (carrots, celeriac, sweet potatoes, ...). Cut the veggies into small pieces for quick cooking. Heat with aromatics (onion, leeks, and garlic) in olive oil. Add the veggies sweat for a few minutes. Add the stock, bring to a boil then cut the heat and simmer until veggies are tender. Now puree .. I use a stick blender... you could transfer to a blender if you like. If that's not creamy enough add some rice or oats .. about a quarter cup .. to the veggies when you add the stock.
At least it's a jumping off point for experimentation. I've had a few really nice successes and cooking soup in the Winter is approximately the right thing to do.
Comments