Category Archives: Energy

Energy, Security

How Google Will Destroy Stoplights

Leave a comment

I attended a strange meetup the other night. It is one of the amazing benefits of being in San Francisco. You can go in person to meet people on the cutting edge of technology and hear their vision (pun not intended) of the future. In this case I met someone from ski.org who was game for discussing my theories about the future focus being differently-abled, from Google maps to automated cars.

Unfortunately I lack time to blog in full our discussion. In brief, here’s some of what I’ve been speaking on lately, building upon my earlier posts, and what will be in my new book on Big Data security:

Stoplights are a stop-gap (pun not intended) measure that resulted from the inferiority of high-speed automobiles to anticipate danger. We used to be able to keep flow when traveling under 15mph. Adding a speed differential made stop-lights necessary to protect pedestrians and horses from cars, let alone protect cars from other cars; and it was a concept poorly interpreted from sailing.

We should get rid of them. But how do we do that? Automation. Once cars can anticipate other cars at speed, we don’t need to stop and sit at red lights. We’re smarter than the lights, but we can’t see risk fast enough at high speed to get rid of them. Automation can “see” faster.

Similarly, we should stop looking at maps. Look at race cars for the face of innovation. Rally cars do not have visual displays of directions, they have audio navigation. That’s what we should look towards. All we need to do is improve the confirmation or validation of automated navigation devices. Get rid of unnecessary information (e.g. no street-view, no satellite view until the last mile) and allow two-way dialog. Let’s not get stuck on big screens for navigation any more than we were stuck on stop-lights for predicting risk.

Google is leading the world in these areas, especially with Kurzweil on board, so I’m hopeful we can move towards eliminating the wasteful and poorly-thought out stop-light model.

Energy, Security

Red Means Go, Green Means Slow

Leave a comment

While riding in late night taxis in Brazil I noticed they hit the accelerator through red lights. When we approached a green light, they would slow down and look around for people running the reds.

I had to ask why. The drivers said this is a risk mitigation strategy.

Because of assault danger, Brazilian drive through red traffic lights during night, just as a warning.

Since stopping at a red light, especially late at night, makes you an easy victim for car-jacking or robbery…we didn’t stop.

And because everyone there knows drivers run red lights to stay safe, drivers with green lights slow down before crossing an intersection.

Just another example of why we should seriously reconsider stop-lights and their overall impact to risk (inefficiency of idling, yellow-light behavior, etc.)

Energy, Food, Sailing, Security

#HeavyD and the Evil Hostess Principle

Leave a comment

At this year’s ISACA-SF conference I will present how to stop malicious attacks against data mining and machine learning.

First, the title of the talk uses the tag #HeavyD. Let me explain why I think this is more than just a reference to the hiphop artist or nuclear physics.

HeavyD
The Late Great Heavy D

Credit for the term goes to @RSnake and @joshcorman. It came up as we were standing on a boat and bantering about the need for better terms than “Big Data”. At first it was a joke and then I realized we had come upon a more fun way to describe the weight of big data security.

What is weight?

Way back in 2006 Gill gave me a very tiny and light racing life-jacket. I noted it was not USCG Type III certified (65+ newtons). It seemed odd to get race equipment that wasn’t certified, since USCG certification is required to race in US Sailing events. Then I found out the Europeans believe survival of sailors requires about 5 fewer newtons than the US authorities.

Gill Buoyancy Aid
Awesome Race Equipment, but Not USCG Approved

That’s a tangent but perhaps it helps frame a new discussion. We think often about controls to protect data sets of a certain size, which implies a measure at rest. Collecting every DB we can and putting it in a central hadoop, that’s large.

If we think about protecting large amounts of data relative to movement then newton units come to mind. Think of measuring “large” in terms of a control or countermeasure — the force required to make one kilogram of mass go faster at a rate of one meter per second:

Newtons

Hold onto that thought for a minute.

Second, I will present on areas of security research related to improving data quality. I hinted at this on Jul 15 when I tweeted about a quote I saw in darkreading.

argh! no, no, no. GIGO… security researcher claims “the more data that you throw at [data security], the better”.

After a brief discussion with that researcher, @alexcpsec, he suggested instead of calling it a “Twinkies flaw” (my first reaction) we could call it the Hostess Principle. Great idea! I updated it to the Evil Hostess Principle — the more bad ingredients you throw at your stomach, the worse. You are prone to “bad failure” if you don’t watch what you eat.

I said “bad failure” because failure is not always bad. It is vital to understand the difference between a plain “more” approach versus a “healthy” approach to ingestion. Most “secrets of success” stories mention that reaction speed to failure is what differentiates winners from losers. That means our failures can actually have very positive results.

Professional athletes, for example are said to be the quickest at recovery. They learn and react far faster to failure than average. This Honda video interviews people about failure and they say things like: “I like to see the improvement and with racing it is very obvious…you can fail 100 times if you can succeed 1”

So (a) it is important to know the acceptable measure of failure. How much bad data are we able to ingest before we aren’t learning anymore — when do we stop floating? Why is 100:1 the right number?

And (b) an important consideration is how we define “improvement” versus just change. Adding ever more bad data (more weight), as we try to go faster and be lighter, could just be a recipe for disaster.

Given these two, #HeavyD is a presentation meant to explain and explore the many ways attackers are able to defeat highly-scalable systems that were designed to improve. It is a technical look at how we might setup positive failure paths (fail-safe countermeasures) if we intend to dig meaning out of data with untrusted origin.

Who do you trust?

Fast analysis of data could be hampered by slow processes to prepare the data. Using bad data could render analysis useless. Projects I’ve seen lately have added weeks to get source material ready for ingestion; decrease duplication, increase completeness and work towards some ground rule of accurate and present value. Already I’m seeing entire practices and consulting built around data normalization and cleaning.

Not only is this a losing proposition (e.g. we learned this already with SIEM), the very definition of big data makes this type of cleaning effort a curious goal. Access to unbounded volumes with unknown variety at increasing velocity…do you want to budget to “clean” it? Big data and the promise of ingesting raw source material seems antithetical to someone charging for complicated ground-rule routines and large cleaning projects.

So we are searching for a new approach. Better risk management perhaps should be based on finding a measure of data linked to improvement, like Newtons required for a life-jacket or healthy ingredients required from Hostess.

Look forward to seeing you there.

Energy, Security

Diesel = Winning

Leave a comment

The Economist in 2011 made a salient point about the future of gasoline vehicles:

For Toyota, taking BMW’s diesel engines is a tacit admission that its hybrid strategy does not cut it in Europe.

That means a gasoline-hybrid strategy is failing. A diesel-hybrid strategy, however, would have worked.

Two years later, today, the Economist admits the race is over. Diesel has won. Gasoline is dying.

The Toyota Prius hybrid? A lowly twentieth on the league table of the most economical fuel-sippers, with 4.2 litres/100km, along with higher emissions of carbon dioxide. The 19 cars having better fuel economy than the Prius hybrid are all clean diesels.

It really makes you wonder why we don’t have a hybid-diesel option instead of a hybrid-gasoline in America. At least GM has finally taken the lead domestically by releasing a passenger-car diesel option. It’s not the car they talked about in 2008, but it’s a start.

The Economist, however, is still thinking about the past. Instead of pointing out modern diesels already are available in America, they tell us diesels are on their way and Mazda is “leading”. This sounds like nonsense to me:

Later this year, Americans will get their first chance to experience what a really advanced diesel is like—and why Europeans opt for diesels over hybrids, plug-in electrics and even petrol-powered cars. [Mazda’s] diesel has 30% better fuel economy and provides oodles more pulling power. Good as the petrol version is, motorists who choose it over the diesel will miss out on a lot.

I’ll tell you why their “first chance” talk is nonsense. Look at the Economist analysis of what has changed.

“What marks this latest generation of diesel engines from even their ‘common-rail’ predecessors of the late 1990s…”

That’s a 20-year old reference — too far back to talk about predecessors. Several major generations of engine have hit American shores in-between the “late 1990s” and today. Why not compare current engines with those Americans have been driving in the 2000s?

Most notably was a major shift in 2004 when California regulated small passenger diesels out of the state (politics prevented regulation of the larger engines until later). Another major point was in 2008 when they re-appeared. This was no secret to the Economist. They wrote about it in an article called “Diesel’s second coming.”

America’s first chance to experience new diesel engine technology was around 2005 (when new VW TDIs were introduced) and then again in 2008 (when VW’s diesel won car of the year). I would call 2004 and 2008 models the predecessors, taking us into the late-2013 technology.

So much for America’s “first chance”.

Perhaps it is fair to say some people haven’t really been excited by diesel engines since the 1990s (the Economist gave Fiat Research an award) but who cares if those people have been asleep at their wheel since then. The Economist is not excused from doing research on the past decade of innovation.

It has been clear over the past ten years that diesel has achieved a pole position for increasing mpg while reducing emissions and providing performance and power. Combined with an electric motor, we’re talking over 100 mpg and a fun driving experience. Volvo sold-out every diesel-hybrid targeted for France before they even left the factory.

Still, some are confused. Editors at Forbes offer us this non-prediction:

…it’s not yet obvious whether electric vehicles, diesels, or even compressed natural gas vehicles (there are millions in countries such as Iran and Brazil) will ultimately take the checkered flag in the race for efficiency

Millions in Iran? Never thought I would hear Forbes suggest Iran as a model of efficiency. Experts on Iran seem to paint it in the opposite light, a study of waste and unsustainable inefficiency:

…poor resource management have contributed to rapidly growing energy consumption and high energy intensity for the past decades.

What Forbes is really saying is “let’s study engines in countries with domestic natural resources”. This is NOT a good equation. No wonder Forbes is confused.

To me there is no question. The race for efficiency is really a race for freedom from resource dependence, related to national security. Diesel = winning.

The answer is obviously diesel-hybrid, given American driver habits/needs. No other engine competes when it comes to sustainability. As I have written here since 2005, it is the safest, easiest to deploy, most-resilient and yet best performing of all. It is no coincidence the military prefers diesel.

Natural gas presents an interesting alternative to the pollution of coal plants but, as the Economist itself has written in the past, it fails miserably with a car engine. It gets about the same mpg as gasoline with far less performance. Same problem as ethanol. That means a significant cost added to manufacturing with marginal benefits.

Electric vehicles are great performers, perfect for urbanites, yet they lack range and cost far too much to enter the market at a broad base. They also have major additional costs to factor such as battery maintenance and replacement, not to mention the occasional unexplained explosion and fire (e.g. even Boeing claimed they didn’t see it coming).

Both natural gas and electric also require an overhaul to American infrastructure to enable vehicles with special engines. That’s a pipe-dream (pun intended) and about as likely as hydrogen. When you think about how long broadband has taken to be upgraded in America, and how inexpensive that infrastructure is compared to fuel lines…

I wouldn’t bet against diesel-hybrid.