Monday, January 27, 2014

Under the Cloud


The business world is almost as fad-ridden as the education world, and one of the hot words in the last few years is "cloud" as in "I'll get it from the cloud," or "We put all our data on the cloud."  In this sense, the word means a set of Internet servers where your important data is archived so that it is accessible from anywhere that has an Internet connection.  The concept is increasingly vital to commercial and institutional users worldwide, and makes sense in that context.  But as Scientific American columnist David Pogue warns in the February issue, Apple and Microsoft are taking not-so-subtle steps to force many individual users of their products onto the cloud.  And I doubt that anyone reading this column can avoid using Apple and Microsoft products without a lot of inconvenience. 

The situation, as I understand it, is basically this:  suppose you have data that needs continual updating on your portable gizmo (which can be an iPad, an iPhone, a BlackBerry, one of those Android things, or you name it), and you'd also like the same version of the same data on your laptop.  In the old days, whenever you made changes on your calendar, for example, you would then physically plug your portable device through a USB cable or whatnot into your laptop and tell it to sync.  That way, your laptop calendar would agree with your handheld thingy's calendar and vice versa, and you wouldn't find yourself at Aunt Mimi's when you were supposed to be having your teeth cleaned.  So far, so good.

Then the number of handheld devices proliferated, and so did their operating systems, and so did the ways you can have laptops and towers talk with portable systems (wireless, IR, Bluetooth, etc.), and at least according to the manufacturers and their unofficial representatives, it just got to be too hard to come up with proprietary software to sync absolutely every portable thingamajig with each operating system for all the popular computers.  So they just said forget it:  the real data will sit on the cloud, where we can keep track of it, and then all we have to do is make sure that every piece of hardware (portable or not) can keep in touch with the cloud.  And that solved the problem. . . .

But if you were used to firing up your old laptop and plugging it into your BlackBerry that you've had since 2003, and you are dead-set against keeping your data in a place that you know not where and you know not when it might go down, you are now out in the cold and under the cloud, so to speak.  According to Mr. Pogue, the latest operating systems from both Apple and Microsoft either don't allow you to do hard-wired transfers without involving the cloud, or make it so hard to do that you almost have to get a networking certificate from Microsoft to know how to do it. A discussion thread on an Apple forum on exactly this topic has been going on since last October, and has accumulated 150 pages of comments.  So there are more than a few people upset about this.

Call me Amish, but it doesn't affect me because my form of a BlackBerry is a three-by-five card.  Or rather, many three-by-five cards.  I suppose if you took all the three-by-five cards I've used in the last decade and piled them up, they would make a stack high enough to fall over and form the kind of mess my desk looks like some days.  In fact, that may be why. . . anyway, somehow I have survived thirty years of an occasionally intense professional life with nothing more advanced than a laptop or two and a mobile phone that you still have to use the numeric keypad for to send a text.  It's so annoying to do it that way that I hardly ever send texts, which is all right by me. 

But seriously, this specific issue is an example of a more general trend that organizations are following: a move toward exerting increasing control of any computer that is connected to one of their networks.  For example, I spend some time at the University of Texas at Austin.  If I was using a University-provided laptop (which I'm not, as it turns out), I would now have to make sure that all the data on it was encrypted in accordance with a University-provided type of encryption software so that if it happens to get stolen, the thieves can't run off with University data.  That makes sense from a liability and security point of view—I have blogged on numerous scandals and crimes that happened when someone took home a laptop full of supposedly secure data—but it represents another intrusion, if you will, into a space that was formerly rather private. 

Of course, if the University owns the laptop, they get to say what you can and can't do with it.  Privately owned computers connected to privately rented networks are another matter, but then you still have to deal with Apple or Microsoft, and their pressure to keep your stuff on the cloud will prove irresistible.  The Star Trek Borg, a race of cybernetic beings, liked to say "resistance is futile," but that was only a TV show.   

Personally, I don't see any real harm in letting Microsoft know the details of my next dental appointment.  And yes, those massive servers go down from time to time, but then so does your laptop.  I admit that I would feel a certain kind of existential queasiness in entrusting the only record of my professional schedule to some ethereal system that is everywhere and nowhere, rather than having it in a tangible, solid form on pieces of paper in my appointment calendar in my briefcase.  (Yes, I do that the old-fashioned way too.)  Maybe people living in the 1850s felt the same way about the newfangled electromagnetic telegrams, and didn't really trust them on an instinctive level as much as they would trust a letter written by the hand of a friend they knew.  But they got used to trusting telegrams, and I suppose we will get used to trusting the cloud, as long as our trust is not abused. 

Sources:  The online version of David Pogue's article "The Curse of the Cloud" can be found at http://www.scientificamerican.com/article/were-forced-to-use-cloud-services-but-at-what-cost/.  I also referred to Wikipedia articles on BlackBerry and Borg (Star Trek). 

Monday, January 20, 2014

Wearing a Mask on the Web


There are lots of reasons to wear a mask, some good and some not so good.  On Halloween, kids have mostly harmless fun by donning masks and dressing up as their favorite cartoon characters, or anything else their imagination (and their parents) can come up with.  But criminals also wear masks to conceal identity for nefarious purposes.  At least in Western countries, I'm not aware of any law against simply wearing a mask, although you have to choose your circumstances carefully.  Outside of Halloween or a costume party, a person walking around in a mask may be suspected of either serious eccentricity or illegal doings.

When you go online these days, your identity is as obvious to websites you visit as it is in person.  Cookies and easily purchased commercial databases make it easy for both individuals and companies to identify you and figure out things about you that you may not even be aware of yourself.  So wouldn't it be convenient if there was some way to wear a mask on the Internet?  It turns out that there is:  a type of freeware called Tor, which was developed with support by, believe it or not, the U. S. Naval Research Laboratory, and still largely supported financially by the U. S. government.  Tor has recently been used for a lot of underhanded doings, most prominently the Silk Road affair.

A fellow going by the online name of Dread Pirate Roberts (a character who always wears a mask in the cult-classic movie The Princess Bride) designed a clandestine website called Silk Road to deal in illegal drugs and other illicit material.  To protect both his own identity and those of his customers, he required users to communicate with him using Tor, which virtually guarantees anonymity on the Web.  The medium of exchange on Silk Road was bitcoin, a virtual currency that is also (virtually) untraceable and often used for illegal transactions.

Dread Pirate Roberts, whose real name was Ross William Ulbricht, eventually made enough mistakes online, such as using his real email address on occasion, to allow the FBI to catch up with him last October.  He is now awaiting trial on numerous charges, and may wish that he'd never heard of Tor.  So why is the government supporting software used by criminals?

Just as kids at Halloween usually don't mean any harm by wearing masks, there are legitimate reasons to be anonymous on the Web.  Suppose you are a dissident in a country run by a nasty dictatorship.  Using Tor can allow you to communicate over the Internet with fellow dissidents or supporters outside your country.  Law enforcement agencies do not care to have their confidential online activities viewable or traceable by all and sundry, and I'm sure that domestic and international security issues were an important driving force behind the Naval Research Lab's support of Tor.  But because it's cross-platform freeware, just about anybody with a computer and enough knowhow to install a Web browser can don a Tor mask online and instantly become very hard to trace.  It's a little like a digital invisibility cloak, and we all know what happened to the Invisible Man:  nothing good.

That is not to say that anyone using Tor will inevitably develop bad habits of flaming websites anonymously and dealing in child porn or crystal meth, payable in bitcoin.  But the developers who decided to make Tor widely available as freeware were making a decision that they may not have explored the full implications of.  Just to move the situation in imagination to the physical world, suppose Wal-Mart came up with a good, cheap invisibility drug and decided to make it free for everybody, and the Wal-Mart greeters handed it out as you walked in the door.  I'm sure there are legitimate reasons to be invisible, but my guess is that the vast majority of people who decided to take advantage of the offer would do things that are inadvisable at best, and more probably illegal, immoral, and maybe even fattening.  (Don't like the way you look?  Become invisible and who can tell?) I'm not liking where that fantasy is going, so I think I'll stop here.

No one I have read on this subject is saying that defects in Tor led to Ulbricht's arrest, or that we should rethink whether Tor ought to be freely available.  The fact that it's not that well known makes it unlikely that we'll see a rash of online crimes committed by newly invisible Internet users.  But Tor enables the existence of what various news articles on the Silk Road incident have referred to as the Deep Web or the Dark Web, because Tor renders a website invisible to the usual search engines and so on.  For most commercial websites, their problem is increasing their visibility, not the other way around, so they have no incentive to use Tor.  But for sites dealing with unpopular, persecuted, or illegal activities, Tor is still available.

Ulbricht is awaiting trial, so I should refer to him as the "alleged" mastermind of Silk Road, although the evidence pointing to him is pretty convincing.  Whatever the other facts of the case may be, Ulbricht's use of Tor did make it harder for the FBI to catch him, just as masks make it more difficult to identify a guy who knocks over the convenience store down the street.  But there are other ways to catch crooks, and it looks like we will all just have to get used to a world where you can wear a mask on the Internet as well as in real life.

Sources:  I referred to articles on the Silk Road affair published in the online version of Time magazine at http://nation.time.com/2013/10/04/a-simple-guide-to-silk-road-the-online-black-market-raided-by-the-fbi/ and by the website Verge at http://www.theverge.com/2013/10/2/4795502/the-fbi-busted-silk-road-but-not-the-dark-web-behind-it, as well as the Wikipedia articles "Tor (anonymity network)" and "The Princess Bride."  My blog "Bitcoin:  Currency of the Future?" appeared on Oct. 16, 2011.


Monday, January 13, 2014

Don't Drink the Water In Charleston, West Virginia


Charleston is the capital of West Virginia and its largest city, although its population barely exceeds 50,000.  It's a safe bet that nearly all 50,000 residents were in various states of annoyance ranging from ticked to furious as they learned last Friday, January 10, that the water supply for not only their city, but nine surrounding counties as well, was unsuitable for anything except flushing toilets.  How come?  A little-known industrial chemical used for washing coal had leaked into the Elk River just above the main intake pipe for the city's water supply.  Exactly how this happened, and whether it's a cause for serious concern or only a transient inconvenience, are questions that we don't have answers to yet.  But the incident has already revealed problems ranging from inadequate protection from leaking storage tanks to inadequate knowledge about obscure chemicals.

Large tanks of stuff have been rupturing and spreading death and destruction ever since engineers learned how to build large tanks.  Perhaps the most famous disaster involving an industrial storage tank rupture was the Boston Molasses Disaster of 1919.  A two-million-gallon tank filled with molasses for the manufacture of alcohol used in munitions gave way, and sent a 25-foot-high wave of goo at speeds up to 35 miles an hour racing through downtown Boston, killing 21 and injuring 150.  It was such incidents that inspired the practice of surrounding large tanks with containment dikes, which can be seen at most tank farms around the country.  The idea of a containment dike is that if the tank lets go, the contents will at least be slowed down by the dike, if not contained altogether.  I am not familiar enough with the regulations governing tank construction to know whether containment dikes have to be sealed with impervious layers of rubber or tar, a precaution often taken in landfill construction.  But it is obvious that the containment dike at Freedom Industries failed to stop about 5,000 gallons of 4-methylcyclohexane methanol (MCHM) from getting into the Elk River and thus into the West Virginia American Water Company's pipes.  Once that happened, the whole water system had to be flushed, which could take days.  In the meantime, you will have trouble finding bottled water in Charleston, because it vanished from the shelves as soon as the water company announced the problem. 

The chemical, which reportedly smells like licorice (its strong smell was how the leak was originally found), is not known to be hazardous, but on the other hand, no extensive toxicity tests have apparently been made on it either.  Determining toxicity to humans in a way that would satisfy the U. S. Food and Drug Administration is a costly business, and so for chemicals that will probably not end up in food or otherwise in close contact with humans, chemical companies don't bother to investigate it unless there are obvious hazards.  Every chemical sold has to have a Material Safety Data Sheet (MSDS), but the information on these sheets comes from various places and is not up to the FDA standard.  Because washing coal is clearly not a consumer-type application, nobody has done a study on whether the licorice-smelling compound in question can harm humans.  Probably the best data we can get will come from future demographic studies in the area served by the Charleston water supply utility.  In the meantime, it is worth considering whether the old Toxic Substances Control Act of 1976 should be updated.  Right now, all a chemical company has to do to legally sell a new chemical is to notify the U. S. Environmental Protection Agency of the chemical's composition.  The EPA resorts to computer modeling to guess whether the new compound is hazardous, and either lets it go or regulates it, depending on the result.  No actual safety tests are required.  Certainly there is food for legislative thought here, but Congress seems to have other things on its collective mind recently.

The West Virginia American Water Company did the right thing in promptly notifying its customers not to use the contaminated water.  Similar precautions are called for on a smaller scale quite frequently when supply-line breaks result in contamination with ground water.  In those cases, residents can safely use water for drinking purposes after boiling it, but boiling wouldn't get rid of MCHM, so bottled water is the only alternative for a few days. 

Another lesson to be learned is how a system with no backup water source can be especially vulnerable.  Apparently the water utility had only one set of intake pipes, and no wells or other sources.  At the least, this situation would call for heightened scrutiny of any chemical plants a few miles upriver from the intake pipes, with perhaps added safety precautions above and beyond the usual ones required for plants that could leak into the river just above the intake site.

Monday-morning quarterbacking is easy, and I'm not having to go out and hunt down the last gallon of bottled water on the shelves until the water coming out of my kitchen faucet no longer smells like licorice.  (I predict a steep decline in licorice sales in West Virginia, by the way.)  But given the unfortunate circumstances, the authorities in West Virginia's capital appear to have handled the situation reasonably well, and hopefully there won't be any consequences worse than the inconvenience of using bottled water for a while. 

Sources:  I referred to an article by Deborah Blum at http://www.wired.com/wiredscience/2014/01/chemical-guesswork-in-west-virginia/
and a New York Times article by Trip Gabriel on the accident at http://www.nytimes.com/2014/01/11/us/west-virginia-chemical-spill.html.  I also used Wikipedia articles on Charleston, West Virginia, and the Boston Molasses Disaster.

Monday, January 06, 2014

Doing Good Versus Making Good: Engineers and Charitable Works


A reader recently called my attention to some of the inventions sponsored by the Bill and Melinda Gates Foundation, an organization that funds things like new vaccines and other technologies that can save lives.  I will confess that I wasn't that interested in condoms made with graphene and toilets that turn solid waste into electricity, but one item did catch my eye:  Bill Gates is a founder of something called the Giving Pledge.  And it got me to thinking about the question of how to do good with an engineering career, if such is your intention.

First, the Giving Pledge.  It's not for everybody; you have to be a billionaire to join.  But once you qualify, membership is simple:  you simply pledge to give away half your wealth, either in your lifetime or in your will.  Some members you may have heard of who made their money in techie ways include Craig McCaw (cellphones), Larry Ellison (co-founder of Oracle Computers), Steve Case (America OnLine), Mark Zuckerberg (Facebook), and Elon Musk (you name it, he's tried it, but most lately Tesla Motors).  The Giving Pledge simply codifies in a somewhat more palatable form what famed nineteenth-century American steel industrialist Andrew Carnegie said he would try to do:  give away all his wealth before he died.  Putting it off till post mortem is more attractive to some, but all of these folks deserve credit for publicly devoting half their wealth to charity, whether they will be here to enjoy the results or not.

That is certainly one way to try to make the world a better place with an engineering career:  first get filthy rich and then give some of your money away.  For those with the talent and good fortune to do such a thing, this is certainly one path.  But another approach is simply to create and grow a profit-making engineering-based enterprise in the first place, as long as you choose the right one. 

Founding a chain of meth labs, for instance, is both technical and highly profitable, but nobody would suggest that it helps the world's net well-being, even if you turn around and make the Giving Pledge with your ill-gotten gains.  No, the engineering enterprise you profit from must be beneficial, at least on balance.  In my experience, certain types of engineering work tend to be more benign than others.  Take communications technologies, for example: cellphones (mobile phones, as they are known through most of the world) are a case in point.  Helping people talk to other people they want to talk with is a good thing the vast majority of the time.  Yes, it can lead to abusive telephone solicitation, but for people who have never before had access to a cellphone, the occasional advertising call they may get is worth the value of being able to get in touch with the rest of the world.  This explains why cell networks spread so fast even in relatively poor countries:  the infrastructure is much cheaper than the old landline phones, and the technology is easy to use and inexpensive to the user.  And simply by growing their business model and trying to make a profit, cellphone companies have brought the blessings of telecommunications to millions who otherwise would remain in isolation.

What if, like myself, you have the entrepreneurial abilities of a snail and couldn't make a lemonade stand turn a profit, but would still like to benefit the world somehow in an engineering capacity?  There are many non-profit organizations that can use engineers as both volunteers and paid employees to do good works of various kinds.  Some of them have religious affiliations, while others are simply dedicated to serving populations that otherwise could not afford technical solutions to problems that for-profit organizations could provide.  Two such organizations I have had some dealings with personally are Engineers Without Borders and JAARS.  Engineers Without Borders, which has many chapters worldwide, engages students and other engineering specialists to do development work in areas such as water supplies and sanitation, solar power to rural areas, and communications in remote regions.  JAARS (an acronym which originally derived from "Jungle Aviation and Radio Service") is a service branch of Wycliffe Bible Translators, and recruits computer geeks, telecomm specialists, aviation pilots, mechanics, and others with technical skills to support teams of Bible translators around the world, who often deal with obscure isolated tribes that need basic technical services as well.

So there are at least three distinct paths to doing good by doing engineering:  become a techie billionaire and give away your wealth, start or contribute to an engineering enterprise or industry that is more benign than malign, and find an engineering organization explicitly dedicated to doing good rather than just making money.  I find that this list leaves out what I do, namely, educating future engineers.  To find out whether this is a good work, you'd have to ask my students.  In general, though, conveying knowledge is a benefit to humanity, and so I find I can sleep most nights and look myself in the mirror in the morning, as long as I don't mind looking at a sleepy old man.

While there are exceptions, I think most engineering careers do more good than harm.  The exceptions are what we usually think about when engineering ethics comes to mind:  the explosions, accidents, and other disasters that can happen when people try to do something good with technology, and slip up.  But such problems should not blind us to the fact that even if you don't become a billionaire and make the Giving Pledge, or join a nonprofit engineering organization, your work in engineering can make the world a better place.  But don't just assume it does:  pay enough attention to find out whether it does, and if it doesn't, maybe you should do something about it.

Sources:  The website http://www.mphonline.org/gates-foundation/ has information on inventions sponsored by the Gates Foundation and on the Giving Pledge.  The Giving Pledge website is http://givingpledge.org/, and has a list of all public pledgers.  The USA umbrella organization of Engineers Without Borders is at http://www.ewb-usa.org, and the JAARS website is https://www.jaars.org.