jump to navigation

Formula 1 spreads innovation 8 Aug 2014

Posted by Tony Law in Innovation, Innovation, ITasITis, Tech Watch, Technorati.
Tags:
add a comment

Travelling home yesterday evening, I was unusually listening to the BBC’s Radio 4. Unusually because we usually drive to classical music, but the Prom wasn’t to my taste and we did need the radio on a BBC station to ensure we collected the traffic reports as we travelled.

So we heard a report on the In Business programme about McLaren’s Formula 1 racing team, and a new venture called Maclaren Applied Technologies (MAT) which is creating a spin-off business by applying the F1 team’s approaches to help other businesses innovate. It’s grown rapidly from a handful of individuals to around 250 people. It’s worth a look (or in this case a listen).

F1 lives by innovation. Racing cars develop significantly between races, to short timescales of one to two weeks. Not only that, but there is significant process expertise too. A pit stop will lift a car, change all four wheels on a car, put it back on the road and have it accelerate away in less time than it takes to read this: perhaps two seconds. All down to well practised team work: each person ready, in place with the right equipment, and knowing exactly what to do.

Now MAT is helping other businesses. They offer their experience in areas like advanced sensor technology, and large scale real time data handling. Not Big Data for the sake of Big Data, but identifying what’s needed to resolve a problem or monitor and improve a process: and then having the technology and the expertise to gather the data, and to analyse and report on the necessary timeline. Not forgetting the teamwork, process-based innovation which gets their cars through their pit stop.

Examples cited included other sports, of course: GB Cycling, and rugby, working on the performance of athletes and their equipment. It’s perhaps a natural development of that to equip individuals tackling their weight problems, so that they can be made aware of their “energy burn” during different physical activities from walking to house cleaning: this in partnership with a doctor’s practice (about 11 minutes into the broadcast).

And (at about 14 minutes) the conversation moves to my old company, GlaxoSmithKline (GSK). GSK have had an established partnership with McLaren for around three years now.

Clinical trials are a large scale and, of course, critical element of drug development. GSK is moving this data gathering from retrospective (trial participants’ records being mediated by a clinical partner and reported perhaps monthly) to real-time, using MAT sensor technology. Not only does this provide more complete and more robust data; it can of course speed the process of getting a valuable treatment to market. Crucially, too, it helps failures to be spotted sooner – hence reducing overall costs to the company, costs which can only be recouped through successful products.

And then, still in GSK but in consumer-health manufacturing, McLaren’s pit stop expertise (remember?) comes back. GSK makes several toothpaste brands. No, they’re not all the same inside the tube and the line has to be changed over for a different batch. For McLaren, the speed of the pit stop changeover wins races. Applying this to manufacturing changeover has, it seems, created operator pride in the speed with which it can be achieved – and saving time, quite simply, gets more toothpaste to market.

Of course, conventional management consultants might tackle some of the same problems. McLaren see their differentiator as this: theirs is engineering-led innovation rather than analysis-led innovation. They come at things from a doing angle, not a thinking-about angle.

The broadcast is available as a podcast or download, not the usual time-expiring iPlayer replay. It’s worth half an hour of your time.

Now, how about applying pit stop thinking to the process of software release and upgrade?

Links:
• Fast and Furious, BBC podcast from Peter Day’s World of Business, 7 Aug 2014 from BBC Podcasts and Downloads
• Maclaren Applied Technologies
• MAT In the News features some of the examples cited in the BBC programme, including obesity monitoring and toothpaste manufacturing
GSK McLaren partnership, from GSK.com

SAPphire and Supernova: two reasons for a visit to Constellation 18 Jun 2014

Posted by Tony Law in Impact of IT, Insight services, IT marketplace, ITasITis, Tech Watch, Technorati.
Tags: , ,
add a comment

R “Ray” Wang’s Constellation group is worth watching anyway. But just now there are a couple of good reasons.

First, if you’re a SAP user, they have coverage of the recent SAPphire conference. Remember that Ray’s primary expertise, from his days at Forrester, is in ERP. Just go to Constellation and search for “Sapphire 2014″ for pre- and post-event analysis. There are of course also replays and other notes on the SAP website, if you want to go back to the originals.

Secondly, they are launching the call for this year’s Supernova innovation awards. Again, worth watching if your focus includes the what, how and who of innovation in business. As I’ve commented before, I’m not clear on the relationship between this Supernova event and the one formerly hosted by Kevin Wehrbach of the Wharton Business School (University of Pennsylvania) but Wehrbach’s Supernova hasn’t happened since 2010 and was described by him in 2012 as “on hold”.

Note, by the way, that their URL has changed from constellationrg.com to just constellationr.com.

Links:
• Constellation: search for Sapphire 2014
• Call for Applications: SuperNova Awards for leaders in disruptive technology, Courtney Sato, Constellation, 17 Jun 2014
• SAPPHIRE NOW 2014 (SAP Events)

It’s so easy to get drawn in … 17 Jun 2014

Posted by Tony Law in ITasITis, Social issues, Social media, Tech Watch.
Tags: ,
add a comment

A friend recently posted on Facebook an observation that several friends had “Liked” a posting relating to the case of the war veteran who went missing from his Hove care home in order to attend the D-Day celebrations. What concerned my friend wasn’t the underlying story; it was that that the posting in question had been placed by an organisation which is an offshoot of the BNP. No, I’m not going to add to their publicity by naming it, but you can find some discussion by following the Costa Connected link below.

My friend has a strong antipathy to the message of spurious British-ness, not least because of having a marriage partner whose family were recent immigrants – from what used to be referred to with pride as a Commonwealth country. Having lived in east London for over twenty years, and enjoyed the variety and splendour of a multi-cultural society, so do I. But that’s not the point of this post.

The point is one I’ve made before: when one assesses a piece of content, especially online, be careful. Especially especially [read that carefully, it's not a mistake] if one proposes to share or Like it. It’s important in serious or academic reporting, which is why ITasITis postings always look behind the news reports. Media often do little more than repeat the press release, or they contain unintentional inaccuracies. Go back to the original source, look for other independent reports of the work.

But this highlights that it’s equally important in the easy world of social media.

It’s so easy to Like a Facebook posting, especially now that FB drops a lot of things into your stream that have nothing to do with your friends. It’s easy to re-tweet something without really looking. But the organisation that made the initial post, in this case, gets to count those Likes and give itself an air of unwanted respectability.

Oh and incidentally: the media reports were way over hyped. It was made out that Bernard Jordan had had to “escape” from his care home. Yes, there are people who are diagnosed as EMI (Elderly and Mentally Incompetent) who have to be protected by not being told the code for the door to the outside world. But not in this case. What actually went on was that Mr Jordan was too late to join any of the organised travel parties. So he decided to make his own way. He simply forgot to tell the home he was going and, quite rightly, they got worried when they realised he’d disappeared. Thanks to media (social and conventional) he was quickly located, but there was no suggestion that he wasn’t then safe. BBC reporting, especially locally here, was more balanced: see the links. Escapade, yes: escape, no. Another case of going behind the high-profile headlines.

But to return to the main theme: Look carefully at what you’re Liking, and equally carefully at who.

Links:
• What It Really Means When You Like or Share Content from [name deleted], Costa Connected, 7 Jun 2014 (thanks to my Facebook friend for this link)
• Disappeared D-Day veteran back in UK, BBC News, 7 Jun 2014, featuring an interview with the Chief Exec of the care home
• Bernard Jordan: City honour for veteran’s ‘heroic escapade’, BBC News Sussex, 10 Jun 2014

Growth, Innovation and Leadership: Frost & Sullivan 11 Jun 2014

Posted by Tony Law in Impact of IT, IT is business, ITasITis, Managing IT, Tech Watch, Technorati.
Tags: , ,
add a comment

I’m on a Frost and Sullivan webinar: Growth, Innovation and Leadership (GIL: a major Frost theme). It’s a half-hour panel to discuss successful types of innovation and examples of future innovative technologies with Roberta Gamble, Partner, Energy & Environmental Markets, and Jeff Cotrupe, Director, Stratecast. David Frigstad, Frost’s Chairman, is leading. The event recording will be available in due course.

Frigstad asserts that most industries are undergoing a cycle of disrupt, collapse, transform (or die: Disrupt or Die is an old theme of mine). We start with a concept called the Serendipity Innovation Engine. It’s based on tracking nine technology clusters; major trends; industry sectors; and the “application labs” undertaking development (which includes real labs and also standards bodies and others). And all of this is in the context of seven global challenges: education, security, environment,  economic development, healthcare, infrastructure, and human rights.

Handover to Gamble. This is a thread on industry convergence in energy and environment, seen as a single sector. Urbanisation, and the growth of upcoming economies, are major influences here in demand growth.

We do move to an IT element: innovation in smart homes and smart cities, with integration between sensor/actuator technology and social/cloud media: emphasising this, Google has just bought a smart home company (Nest Labs). City CIOs and City Managers are mentioned as key people – a very US-centric view when most urbanisation is not occurring in the developed world … we do return to implications for developing economies, where the message is that foundations for Smart (which includes effective, clean energy use) should be laid now while there is a relatively uncluttered base to start from.

Frigstad poses a question based on the idea that Big Data is one of the most disruptive trends in this market. Gamble suggests that parking is an example. Apps to find a parking spot, based on data from road sensors or connected parking meters, are not though only being piloted in San Francisco. Similar developments in the UK were mentioned at a Corporate IT Forum event I supported earlier this year.

It’s a segue into the next section: an introduction for Cotrupe, whose field is Big Data and Analytics. Examples of disruption around here include the Google car: who would have thought Google would be an automotive manufacturer? Is your competitor someone you wouldn’t expect? An old question, of course. The UK’s canal companies competed with each other and perhaps with the turnpike roads; they mainly didn’t foresee the railways.

Cotrupe’s main question is: What is Big Data really? He posits it as an element of data management, together with Analytics and BI. I’d want to think about that equation; it’s not intuitively the right way round. But high volume, rapidly moving data does have to be managed effectively for its benefit to be realised – delivering the data users need, when they need it, but not in to overwhelm them. And this means near real-time. It’s IT plus Data Science.

Frost suggest they are more conservative than some, because they see growth of the BD market held back by the sheer cost of large scale facilities.

We’re on the promised half hour for the primary conversations, but still going strong, basically talking with Cotrupe about various industry sectors where Big Data has potential: to support, for example, a move from branch based banking to personal service in an online environment. There’s some discussion of Big Data in government: how will this affect the style of government in perhaps the next 20 years? Cotrupe mentions a transformation in the speed of US immigration in recent years, where data is pre-fetched and the process takes minutes instead of hours. He’s advocating opening up, sharing of information: in other industries too, for example not being frozen by HIPAA requirements in (US) healthcare or, perhaps, EU data protection requirements. I have personal experience of obstructive customer service people trying to hide behind those, and in fact parading their lack of actual knowledge.

Cotrupe talks about privacy, not least in the wake of Snowden and what’s been learned about sharing between NSA and the UK agencies. Cotrupe would like to see theis ease of sharing brought to bear in other areas: but asks how we manage privacy here? There are companies which are leading the way in data collection in consumer-sensitive ways, and this needs to become standard practice. In any case, not collecting data you don’t need will reduce your data centre (should that be Data Center?) footprint.

As we come to a close, with a commercial for the September event in Silicon Valley, I have to say I’m not convinced this webinar was wholly coherent.

If you call something a Serendipity Innovation Engine I want to know how it relates to serendipity: that is, the chance identification of novel discoveries.

If you present a layered model, I expect the layers to relate (probably hierarchically) to one another. It would be more valuable to talk about the four elements of this model separately and be clearer about what each represents. For example, “Health and Wellness” occurs as a Technology Cluster (why?). It’s also a Mega Trend in a layer where Social Trends also sits; surely people’s concern about Health and Wellness is a social trend? Each layer seems to mix social, technical and other concerns.

I learned a  more useful framework when teaching the OU’s Personal Development course. This really is layered. The two internal layers (this is for personal development) are one’s immediate environment, and other elements of your working organisation. Then Zone 3 (near external) encompasses competitors, customers/clients, suppliers and local influences. Zone 4 (far external) includes national and international influences: social, technological, economic, environmental and political (STEEP). On this framework you can chart all the changes discussed in today’s webinar and, I think, more easily draw conclusions!

Links:
• Frost & Sullivan Growth Innovation & Leadership
• Google buys Nest Labs for $3.2bn …, The Guardian, 13 Jan 2014
• STEEP framework: Sheila Tyler, The Manager’s Good Study Guide (third edition, 2007). The Open University. Pages 198-202

Privacy is a three-way relationship … or is it four+? 30 May 2014

Posted by Tony Law in Impact of IT, ITasITis, Social issues, Social media, Tech Watch, Technorati.
Tags:
add a comment

I’ve been reading, and I recommend, Eben Moglen’s two-part essay in The Guardian about Edward Snowden. Not the first comment but probably one of the most extensive and authoritative. Moglen is professor of law and legal history at Columbia University, and is the founder and leader of the Software Freedom Law Center (SFLC). He’s entitled to say “I told you so” since his Guardian bio lists an earlier article for the paper some three years ago. The SFLC itself is approaching its tenth birthday; it was founded by Moglen and others in February 2005.

This extended essay covers three full pages in each of two days’ papers so it’s not short reading. The consensus among those who broadly support Snowden’s action is that he has revealed a security industry operating beyond democratic control and subverting the very nature of democratic government. It exposes a supposed elite group who believe that the population at large is, or shelters, “the enemy” (terrorists is the current hate-word) and therefore, in a world where universal surveillance and analysis is possible, such surveillance is to be fully deployed. It’s a bit like The Section in Stieg Larsson’s Millennium trilogy, but at a much higher level and operating with the full power of the subverted state.

And it’s not just the American NSA, though that’s Snowden’s origin. It’s not even just the major western allies of the US. China takes the same attitude: and though politically on the opposite side to the US, on this issue it lines up behind the same attitudes.

Moglen makes a powerful point which ought to be obvious but isn’t. Privacy is not a two-way relationship (between me and Facebook, or me and Gmail, or me and Twitter, or whoever).

If I send or receive email via Google (as an example only, but they are probably the biggest) then the person to whom I send, or from whom I receive mail also falls within Google’s all-encompassing range. They have not signed an agreement with Google, but Google knows about them. Facebook knows who I post to, whose postings I read, which non-friends I look up from time to time. Twitter knows … and so on. What does WordPress know about this blog and you, my readers?

Which is ok so far as these and other providers are trustable. But Snowden avers that, with or without their consent, they are not.

There is much more analysis in the article, but let’s stick just to this one point. The privacy relationship inherent in email is at least three way: myself, my service provider and my correspondent. But there is no relationship of explicit trust or consent between my correspondent and my provider.

Moglen asserts that we have been diverted into believing that privacy is a two way relationship. It’s not.

And of course where governments step in, either by court order or by extra-legal surveillance, this relationship becomes at least four way with the fourth partner, in all probability, unrecognised and unknown.

As a lawyer, Moglen analyses two broad threads to bring the situation under control.

First: user action. This does include community development of encryption software, for example, to which governments have not either sub-poena’d or stolen the keys, or built-in back doors. But it also include major commercial interests: the security (privacy) of their online commercial transactions is a fig-leaf. They must have people who realise this; it’s been pointed out often enough in the press. But it will probably take a disaster to galvanise enough pressure to force action.

Second: legal action. The US, in particular, is prone to expensive litigation and extensive damages settlements. Let’s open up one or two of these based on breach of trust. I hope I’m not misrepresenting Moglen’s argument here, but certainly he – as a lawyer – sees scope for lawyerly involvement.

I’ve scratched the surface. If these are issues that concern you, read Moglen’s essay in the Guardian online. Then go, as I myself have not yet done, to Moglen’s own SFLC archive where the longer version is held: four presentations given last autumn at Columbia and given their own URL. Read and think and, if you’re in a position to do so, act.

And yes, this blog post will be flagged on both Facebook and Twitter …

Links:
• Privacy under attack: the NSA files revealed new threats to democracy, Guardian, 27 May 2014
• Eben Moglen: Guardian contributor bio, with links to the 2011 article<
• Snowden and the Future, Eben Moglen, Columbia, Oct-Dec 2013
• Software Freedom Law Center
• Stieg Larsson’s Millennium trilogy (Wikipedia)

Technology in concert 6 May 2014

Posted by Tony Law in Impact of IT, ITasITis, Tech Watch, Technorati.
Tags: , , , ,
add a comment

Two posts in one day … This one very brief.

We had the great pleasure, a couple of days ago, of hearing the great Canadian pianist Angela Hewitt perform in Glyndebourne as part of the Brighton Festival. J S Bach’s Art of Fugue appeals to the geek: it is strongly rooted in the systematic mathematical patterns of music, at which Bach excelled. Hewitt started with a short talk, and added enormously to our enjoyment of the music which she then settled to play, continuously, for almost two hours. A tour de force indeed.

OK, I get to do a very brief music review which isn’t a chance I get often. But like today’s other post (the Lego one), there’s a double link from something at first sight very non-IT into the world of technology.

Not just the structure of the music. But on the music stand of the piano I could clearly see an iPad or something quite like it. Printed music has been the same for around seven centuries, and has considerable advantages. Performers scribble on their scores to assist with performance, whether it’s members of an amateur choir such as the one we sing in, or high-end professional soloists who normally commit their music to memory before going on stage. But it has a big disadvantage in performance: someone has to turn the pages and this normally means an amanuensis sitting alongside in the concert hall.

I’ve wondered occasionally whether there exists performer’s software which could display music to play from, and turn pages automatically. Well, now I know. There is. It was just waiting for decent tablet computers to come along, which could be placed on the music stand instead of a paper copy.

And Angela Hewitt uses it. Why am I sure? Because I found a reference to it, with a picture, in a review of a concert she gave in Australia six months ago.

Only one development still needed. The performer needs a pedal to move the pages on. How about sound recognition so it would know when to move on without intervention? Though it would be difficult to handle repeats and so on.

Links:
• Angela Hewitt
• Canadian pianist Angela Hewitt performs at Glyndebourne as part of Brighton Festival, Duncan Hall, Brighton Argus, 2 May 2014 (prior to performance, not a review)
• Angela Hewitt: Masterly performance in Melbourne, Musica Viva Australa, 25 Sep 2013
• forScore music reader for iPad (no doubt other software is available.This is the first one I found, and most search results are for creating music, not for playing from)

 

Lego as social media 6 May 2014

Posted by Tony Law in Cloud, Impact of IT, ITasITis, Social issues, Social media, Tech Watch.
Tags: , , , ,
add a comment

Yes you did read that correctly.

I caught up, a day or two ago, on a programme put out on the BBC Culture Show on 4th March about Lego.

The programme comments on the characteristics of Lego. It charts its evolution from a very simple kit of highly standard basic blocks. Today’s typical box contains the parts for a specific model, which are no way generic: many of the individual parts are of use for that model and that one only.

But what caught my attention towards the end of the programme was the description of how Lego has been used to enable communities to contribute to their own architectural evolution.

Bjarke Ingels, a contemporary leading architect, has used Lego to design architecture from a standard kit of parts: but far more imaginatively than the square tower blocks of the 1960s.

More striking still was Icelandic artist Olafur Eliasson whose Collectivity project took three tonnes of Lego to the citizens of Tirana, Albania in 2005. The bricks were just dumped in a heap in the town square and, within a short time, groups of people were creating, building, and re-imagining their city. The Lego acted as a medium through which they could express their ideas – not individually, but together. Not mentioned in the programme is that this is one of a range of similar projects; I’ve found others in Oslo (2011) and Copenhagen (2008).

At the end of the programme, there’s a move into actual social media and a look at Minecraft which, if you haven’t heard of it (I hadn’t!) is a cult computer game. Minecraft may be set to transform the cities of the future: like Tirana’s Lego, but in the virtual online world. It’s worth a look at the video on Minecraft’s home page. As Minecraft’s website says: “At first, people built structures to protect against nocturnal monsters, but as the game grew players worked together to create wonderful, imaginative things”.

Isn’t that what our social media, at their best, aim to do? Not for people to create individually, for their own gratification, but to share and create together. And like early Lego, the best social platforms are the ones which offer a simple kit of parts from which sophisticated collaborative spaces can be created.

Links:
• Lego – The Building Blocks of Architecture: BBC, 4 Mar 2014. The programme itself is not available here; this is just a short outline. It is available on YouTube: I don’t know if this is a legit copy!
• Lego Towers project from the Bjarke Ingels Group (BIG), which showcases many projects on its website. Ingels comes into the programme about 15 minutes in.
• Collectivity Project from Olafur Eliasson. The Tirana project is covered in the programme from about 19 minutes.
The Collectivity Project (Olafur Eliasson), OpenIDEO (contribution by Anne Kjaer Riechert), 17 Nov 2011.
• Olafur Eliasson’s LEGO for public tower building 2008
, YouTube, 13 Oct 2008 (Copenhagen: linked from a comment to the OpenIDEO posting)
• Minecraft

Why I hate the new Google Maps 17 Apr 2014

Posted by Tony Law in Impact of IT, IT marketplace, ITasITis, Social issues, Tech Watch, Technorati, Uncategorized.
Tags: , , ,
add a comment

I finally allowed myself to be pushed into using the new Google Maps instead of the old familiar one.

Here are all the things that I cannot do as easily as previously.

1 – have it open by default with my own location rather than the blanket map of the USA

2 – immediately find my own list of custom maps. It’s an extra click and I have to know that it appears as a drop down from the search bar. Custom maps have become a lot more complicated to create and manage, too, with “layers” and so on. And there’s a different set of marker icons, differently styled from the old ones. So modifying an existing map, such as the one I maintain for Brighton Early Music Festival, won’t be straightforward if I want to maintain consistent styling.

3 – sharing has changed. It used to be simple: create a map, and embed the HTML provided. Now, for example, the Brighton Early Music Festival map doesn’t properly display the venue markers. Never had a problem before. Still working on this one!

4 – “search nearby” was a simple click from the pin marker on the old version. These pin markers have got “smart” which means that if I search for Victoria Coach Station, when I click or hover on the pin what I get is a list of all the coach services which leave from there. If I right click, I get three options: Directions to here; Directions from here; and What’s here, which doesn’t seem to do anything. If I search for Ebury Street (essentially the same location) I get a pin with no smart hover at all. But the marker does not now pop up nearby information, Directions, Save and Search Nearby options.

5 – no accessible help without going out to separate web pages; and even then the instructions don’t make sense. For example, Google says that “Search nearby” is on a drop down you find by clicking the search box. No, it doesn’t. Not in Firefox. It does, though, appear to work in Chrome. I don’t like being pushed to a different browser.

6 – having found Search nearby, I get given (of course) a set of strange, supposedly related, links. Well I suppose this is what Google does. But for me, it gets in the way.

7 – extra panels and drop-downs obscure parts of the map I’m trying to look at

Now all this, and more, is partly the natural response to changing a familiar application. Let’s assume that overall the product is fuller-featured and more flexible than the old version, and its links to the rest of Google’s information are more capable. But software vendors in general are not always good at user-oriented upgrades. Keep the backward compatibility unless there’s a really, really good reason not to. Icon redesigns, and added complexity in the user interface, are not good reasons.

I’m exploring alternatives. Apple’s new map application doesn’t have near the same level of functionality, and older offerings such as Streetmap haven’t really moved on either. But for (UK) route planning, for example, I’m now using either AA or RAC route planner – which still have the simple, straightforward A-to-B interface.

Links:
• Google Maps (new version)
• How to search “nearby” in new Google Maps? Google Forum, 11 Jun 2013
• Google Removes “Search Nearby” Function From Updated Google Maps, contributor to Slashdot, 16 Jan 2014
• Route planners from the AA and RAC
Streetmap (UK)

Link: Heartbleed update 15 Apr 2014

Posted by Tony Law in Impact of IT, ITasITis, Managing IT, Tech Watch, Technorati, Uncategorized.
Tags: , ,
add a comment

A quick follow up, back from a few days away.

Huffington Post have a recent update which notes that the Open SSL vulnerability applies in major products from Cisco and Juniper Networks. They also repeat what’s becoming the consensus on passwords: change your passwords for services which you know were vulnerable but have now been patched. There’s no point in changing a password which might still be at risk.

They reference the Mashable resource on what’s been patched a,md copy the patchable list: Google (and Gmail), Yahoo (and Yahoo Mail), Facebook, Pinterest, Instagram, Tumblr, Etsy, GoDaddy, Intuit, USAA, Box, Dropbox, GitHub, IFTTT, Minecraft, OKCupid, SoundCloud and Wunderlist.  A quick look, though, suggests that the Mashable article was a one-off and the list is not being kept updated.

The article also recommends turning off external access to your home network: the sort of capability, for example, that you might use for remote access through LogMeIn, TeamViewer or similar. If you’re not using this kind of facility, disable it. Your firewall should already be holding the line on this.

And check what your Internet provider is doing and the status of your wireless router. Being a BT user. with a BT Home Hub, I tried searching the bt.com website for information on Heartbleed but nothing surfaced. It would be nice to know.

Huffington suggests that, at the moment, public WiFi has to be treated as an unknown quantity since you can’t tell what infrastructure they use or whether it’s been patched. BT again doesn’t have any information on the impact of Heartbleed on BT Wifi (Openzone, as was) but it does say that user details are encrypted when you log in to their service. It’s perhaps ironic that they offer free Cisco VPN software, which you can download when connected to one of their hotspots. I didn’t know this. I’ll take it up for my laptop.

I also have an O2 Wifi locator app on my phone. There’s nothing about security on their website. Anyone with other Wifi-finder apps? Please check their sites and post a comment here about what you find.

Links:
• The Heartbleed Bug Goes Even Deeper Than We Realized – Here’s What You Should Do, Alexis Kleinman, The Huffington Post, 11 Apr 2014
• Security when using BT’s Wi-fi hotspots, BTWifi.com, with link to the Cisco offer
• The Heartbleed Hit List, Mashable, 9 Apr 2014
• What to make of Heartbleed? ITasITis, 4 Apr 2014

What to make of Heartbleed? 10 Apr 2014

Posted by Tony Law in Impact of IT, IT is business, IT marketplace, ITasITis, Social media, Tech Watch, Technorati.
Tags: ,
1 comment so far

I watched the BBC News report last night about the security hole in Open SSL. With its conclusion that everyone should change all their passwords, now … and the old chestnut that you should keep separate passwords for every service you use, never write them down, and so on. Thankfully by this morning common sense is beginning to prevail. The Guardian passes on advice to check if services have been patched first; and offer a link to a tool that will check a site for you.

First, as they say, other Secure Socket Layer implementations are available. While a lot of secure web connections do rely on Open SSL, it’s not by any means universal.

Second, as always, dig behind the news. As Techcrunch did. This is the first vulnerability to have its own website and “cool logo”; this was launched by Codenomicon in Finland which started by creating notes for its own internal use and then took what it calls a “Bugs 2.0″ approach to put their information out there. I remember doing something similar way back in Year 2000 days. Incidentally, the Open SSL report (very brief) credits Google Security for discovering the bug. It also identifies the versions which are vulnerable. (There’s a note there that says that if users can’t upgrade to the fixed version, they can recompile Open SSL with -DOPENSSL_NO_HEARTBEATS which, I’m guessing, gives a clue as to the naming of the bug.)

If you want real information, then, go to Heartbleed.com. The Codenomicon Q&A is posted there. In brief: this is not a problem with the specification of SSL/TLS; it’s an implementation bug in OpenSSL. It has been around a long time, but there’s no evidence of significant exploitation. A fix is already available, but needs to be rolled out.

What was clear, too, is that the BBC reporter (and some others) don’t understand the Open Source process. The Guardian asserts that “anyone can update” the code, and leads readers to suppose that someone can maliciously insert a vulnerability. Conspiracy theories suggest that this might even be part of the NSA’s attack on internet security. But of course that ain’t the case. Yes, anyone can join an Open Source project: but code updates don’t automatically get put out there. Bugs can get through, just as they can in commercial software: but testing and versioning is a pretty rigorous process.

Also, this is a server-side problem not an end-user issue. So yes, change your passwords on key services that handle your critical resources  if you’re worried but it might be worth, first, checking whether they’re likely to be using Open SSL. Your bank probably isn’t. There’s a useful list of possibly vulnerable services on Mashable (Facebook: change it; LinkedIn: no need; and so on)

And what do you do about passwords? We use so many online services and accounts that unless you have a systematic approach to passwords you’ll never cope. Personally, I have a standard, hopefully unguessable password I use for all low-criticality services; another, much stronger, for a small handful of critical and really personal ones; and a system which makes it fairly easy to recover passwords for a range of intermediate sites (rely on their Reset Password facility and keep a record of when this has been last used). But also, for online purchases, I use a separate credit card with a deliberately low credit limit. Don’t just rely on technology!

Links:
• Heartbleed, The First Security Bug With A Cool Logo, TechCrunch, 9 Apr 2014
• Heartbleed bug, website from Codenomicon (Finland) – use this site for onward references to official vulnerability reports and other sources
• OpenSSL project
• The Heartbleed Hit List, Mashable, 9 Apr 2014
Heartbleed: don’t rush to update passwords, security experts warn, Alex Hearn, The Guardian, 9 Apr 2014
• Heartbleed bug: Public urged to reset all passwords, Rory Cellan-Jones (main report), BBC, 9 Apr 2014
Test (your) server for Heartbleed, service from Filippo Valsorda as referenced in The Guardian. I’m unclear why this service is registered in the British Indian Ocean Territory (.io domain) since Filippo’s bio says he is currently attending “hacker school in NYC”. On your own head be it.

Follow

Get every new post delivered to your Inbox.

Join 118 other followers