Why Your Toaster Has a Firewall

Presentations I have given over many years about cloud safety will reference the fact a ground fault circuit interrupt (GFCI) made toasters safe.

My point has been simply that virtual machines, containers, etc. have an abstraction layer that can benefit from a systemic approach to connectivity and platform safety, rather than pushing every instance to be armored.

The background to the toaster safety story is actually from a computer science (and EE) professor in the 1950s at Berkeley. He was researching physiological effects of electric shocks when applied to humans and animals to (pinpoint exactly what causes a heart to stop).

He narrowed the cause of death enough to patent an interrupt device for electric lines, which basically is a firewall at a connection point that blocks flow of current:

The first regulation requiring GFCI was for electricians working on swimming pools:

GFCIs are defined in Article 100 of the NEC as “A device intended for the protection of personnel that functions to de-energize a circuit or portion thereof within an established period of time when a current to ground exceeds the values established for a Class A device.” Class A GFCIs, which are the type required in and around swimming pools, trip when the current to ground is 6 mA or higher and do not trip when the current to ground is less than 4 mA.

Fast forward to cartoonists today and some obviously have completely missed the fact that selling consumers a firewall for connected toasters is a 50-year old topic with long-standing regulations.

Can’t See the Forest for the Trees? That’s Your Brain on Big Data

Red Necked Falcon by Rajbir Sunny Oberoi
Red Necked Falcon by Rajbir Sunny Oberoi

Quanta Magazine quotes a study that reveals how our brains process data, which seems to be both obvious yet also insightful.

The brain prioritizes the detection of objects that are more important for us to see, and those tend to be smaller. To a hawk hunting for its next meal, a mouse suddenly darting through a field matters more than the swaying motion of the grass and trees around it. As a result, Tadin and his team discovered, the brain suppresses information about the movement of the background — and as a side effect, it has more difficulty perceiving the movements of larger objects, because it treats them as a kind of background, too.

I easily can see why our brain would make a priority case for small moving objects against a distant background. Nobody likes getting hit in the head by a baseball.

David Hume famously warned however how this tends to make us prone to poor ethical decisions:

There is no quality in human nature which causes more fatal errors in our conduct than that which leads us to prefer whatever is present to the distant and remote

In the security industry we pour investment into bounties for people who overspecialize to the point of repeatedly finding tiny flaws (like the little bird scanning for their next mouse, the dog catching a ball), while claiming nobody can possibly afford to remain a generalist.

That’s a bad long-term investment strategy, because we become blind to bigger looming directions while we celebrate tiny movements. Admittedly I say this from the position of an inexpensively trained generalist.

Generalists have been proven to reliably predict future events, while specialists increasingly go blind as consequence of improving discovery only within an extremely narrow band.

Also I’m reminded of perception flaws proven by the Monkey Business Illusion. What do your eyes focus on?

“Jeff [Bezos] is a Very Smart Person”

This description of Jeff Bezos is…odd.

Jeff is a very smart person (recent infosec issues notwithstanding, he’s probably smarter than you are).

Why is it still allowed to call him very smart if there are infosec issues on shared infrastructure?

Are we seeing a case of Jeff has no clothes on yet his staff are too terrified of his emperor-like “bruising” management style to tell him?

“I’m starting to think Jeff knows he’s not wearing clothes and just wants us to see his penis.”

And which of the many infosec issues are they referring to? Amazon has built a reputation for playing dumb.

As far as I can tell, Amazon only even acknowledged the mistake because Zack Whittaker wrote an article on it. That pretty much forced Amazon’s hand to respond.

Would someone building and maintaining bridges over water that then collapse still be called smarter than you are “notwithstanding” the collapses? Seems unfair, as if to say you can be smart at engineering and yet do harm.

If you are smart enough to avoid a collapse doesn’t that make you smarter and in the most important way (abiding by core engineering ethic of do no harm)?

I’ll be teaching a CS course on ethics again this year and can’t wait to hear what students think of how smart it is for the CEO of a tech company to do harm and play dumb.

Secrecy and Machine-gun Tracer Rounds

A small pyrotechnic charge is ignited to “trace” fired rounds

Back in 2011 the US Army announced it was researching how to replace the high-visibility tracer rounds with something only they could see.

Tracer rounds today are used primarily with fully automatic firearms; they give off a “large flame behind them during flight allowing observers, including the target, to see where the tracer was fired from. With non-combustible tracers, only the rear of the bullet is emitting light directly at the shooter which greatly reduces the ability of others to determine the shooter’s location. This increases survivability of our forces,” explained Daniel De Bonis, a materials engineer in ARL’s Weapons and Materials Research Directorate.

He said creating a non-combustible, low observable tracer (LOT) round solution, would eliminate the pyrotechnic material that give traditional combustible rounds their ‘fireworks-like effect.’

Presumably this research has faded significantly because a new announcement just has been made that tracers should be replaced entirely.

USSOCOM is seeking 7.62mm x 51 NATO spotting rounds to replace tracers for adjusting machine gun fire, both day and night, producing a flash and /or smoke signature visible at 800m-1200m. Current tracers allow gunners to observe the trajectory of the rounds and make aiming corrections without observing the impact of the rounds fired and without using the sights of the weapon. However, these rounds give away the gunners position, burn out before the maximum range of the machine gun and draws enemy fire. Replacing tracers with marking or spotting pyrotechnic rounds enables the gunner to directly control the impact on to the target, shows target coverage, and does not disclose the shooters location. This will increase the accuracy of machine gun fire, save ammunition, and increase gunner survivability.

Survival is a trade-off. The shooter has to see, yet not reveal themselves. It’s a tall order to make targeting work from one side’s view only when we’re talking about high rate of powerful weapon fire. Disclosure of information about the position of a soldier, and their need to see where they are aiming, is tough to reconcile with the simple fact that a high power weapon firing at a fast rate will be oozing a lot of data into a dark night.

Image: Hensinger, April 1970: “An entire Army base versus a lone Viet Cong”