FFI Roundup: Technology + Common Sense + Unethical Research, Drones, Injustice, Mars, North Korea, and No One Wants to Go Back to the Office! (April 25, 2021)
Franklin Faraday Insights
Editor’s Note: We are still experimenting with delivery times as we prepare to launch additional content in the near future.
If you use gmail, remember to add email@example.com to your address book. This prevents the newsletter from filing in the promotions or spam folders.
Let us know your opinion on this or any other topic in the comments!
Welcome to Our Weekly Roundup of Actionable and Interesting Things!
In this issue:
— Academics get caught in a software supply chain attack… sort of
— New drone rules from the FAA
— The wood pellet industry illustrates climate policy tradeoffs
— A UK computer error sent a LOT of people to jail
— Tracing the development of efficient solar energy
— Delegate and get out of the way
— NO ONE wants to go back to the office
— The Mars helicopter’s third successful flight
— The Hermit Kingdom of cyber crime
— How big is Africa, really?
Don’t forget to subscribe and follow us on Twitter @FranklinFaraday!
Taking a break from news about foreign hackers and new vulnerabilities, we noted a very curious cyber security development.
The number one rule in successful penetration testing is: don't get caught. Unfortunately some University of Minnesota researchers did. Sort of.
This week the Linux Foundation banned the University of Minnesota from contributing to the Linux kernel (the “core” of the operating system) because the university’s researchers had been intentionally submitting code with known security holes. It turns out this was research to demonstrate vulnerabilities in the code review and approval process.
The story, however, gets even more confusing:
— On April 21st, Greg Kroah-Hartman, one of the core developers, accused Aditya Pakki, a graduate student at the University of Minnesota, of intentionally submitting vulnerable code. Kroah-Hartman said that the nearly 200 patches submitted by the University of Minnesota would all be removed.
— The university immediately suspended this line of research and pledged to conduct an investigation.
— On April 24th, the researchers issued a letter of apology, noting that they had conducted this research in August 2020, but all three patches had been stopped before actually making it into the code. The researchers said the patches submitted in April 2021 were valid and not part of the earlier research (referred to as “hypocrite commits.”)
One of the key issues here was distinguishing between research on a system and research on people, as the latter has substantial ethics protocols and approvals in academia because of prior activities like the Stanford prison experiment in 1971. Software supply chain issues will likely be the hot cybersecurity topic for 2021, partially because of Solar Winds, but also because these types of stories are surfacing every week or so in various forms. There’s no easy solution here as modern software is built on layers and layers of other packages—some proprietary, some open source. There is zero realistic possibility for monitoring every single line of code or even knowing who wrote it, much less assigning legal liability.
On April 21, new FAA rules for commercial drone flights came into effect, and they are complex. The regulations cover small drones that operate over people, from vehicles, and at night, and the intent is to grow the U.S. commercial market in a safe manner. While most of the regulations fall on manufacturers, drone pilots (even amateurs—once you accept payment for that cool video, you are now a commercial operation!) should carefully check the changes, parts of which take effect in April 2021, September 2022, and September 2023. You can read a more detailed discussion from a lawyer or jump to the FAA’s page on the topic.
Key changes include remote ID broadcast requirements, which can be met in variety of ways. There are also airspace restrictions and regulations for areas that allow drones to fly without appropriate equipment. Finally, contents of the Remote Pilot knowledge test are changing to reflect the new regulations.
Amateur operators are currently required to register drones that weigh over 0.55 pounds (the cost is $5) and will be subject to a knowledge test in the near future.
We enjoyed Gabriel Popkin’s (@GabreilPopkin) story about the wood pellet industry in the New York Times this week. Popkin did a great job illustrating the tradeoffs and unintended consequences in environmental policy.
In barely a decade, the Southeast’s wood pellet industry has grown from almost nothing to 23 mills with capacity to produce more than 10 million metric tons annually for export. It employs more than 1,000 people directly, and has boosted local logging and trucking businesses.
What’s behind this?
In 2009, European officials decided to declare biomass energy — basically, the burning of wood or other plants, rather than fossil fuels — to be carbon neutral. The idea is that regrowing plants, over time, would ultimately reabsorb the carbon dioxide released by the burning.
Many scientists have long been skeptical of biomass’s climate benefits. Wood releases more carbon dioxide per unit of electricity produced than coal or gas, and a newly planted tree can take decades to reabsorb the carbon dioxide emitted by burning. “Wood is a sucky fuel,” said Tim Searchinger, a researcher at Princeton.
In 2009, a group he led wrote in the journal Science protesting what they called a “critical climate accounting error.” They argued that certain major international climate policies and legislation designed to reduce countries’ greenhouse gas emissions allow nations to burn biomass and discount their smokestack emissions but fail to account for the carbon losses caused by cutting down trees to burn them.
Last week 39 formal sub postmasters (retailers who run a post office business as part of their operations) in the UK were cleared of theft, false accounting, and fraud charges in what Haroon Siddique (@Haroon_Siddique) and Ben Quinn (@BenQuinn75) of The Guardian called “one of the biggest miscarriages of justice in British legal history.” Some had been in jail for more than ten years.
Because a buggy IT system known as Horizon erroneously suggested there were accounting problems.
In an Orwellian nightmare, the UK Post Office insisted that the Horizon system could not be at fault, putting the burden of proof on the accused, who had to personally make up the difference or face prosecution. Some were convicted based solely on data from the IT system, and in several cases defense lawyers convinced their clients to plead guilty to charges of accounting fraud in order to avoid more serious theft charges.
As many as 900 people may have been prosecuted between 2000 and 2014 as a result of the flawed software supplied by Fujitsu. The result: bankruptcies, divorce, prison sentences, and at least one suicide. So far, proposed settlements from the scandal have been in the range of a minuscule $30,000 for each victim after legal fees.
In another Guardian article this week, Royce Kurmelovs (@RoyceRk2) had an excellent story on some key players driving the unexpected breakthroughs in solar power over the last 50 years, starting with Richard Nixon’s desire to free the United States from Middle Eastern oil.
In the very early years of the industry, the [perceived] wisdom had been that a 20% conversion rate marked the hard limit of what was possible from PV solar cells. [Australian Researcher Martin Green], however, disagreed in a paper published in 1984. A year later, his team built the first cell that pushed past that limit, and in 1989 built the first full solar panel capable of running at 20% efficiency.
It was a moment that opened up what was possible from the industry, and the new upper limit was “set” at 25% – another barrier Green and his team would smash in 2008. In 2015, they built the world’s most efficient solar cell, achieving a 40.6% conversion rate using focused light reflected off a mirror.
Kurmelovs then tells the story of Green’s graduate student, Zhengrong Shi, and the spectacular rise and fall of Shi’s company, SunTech. It’s a brief but fascinating read of how the world—and assumptions about energy supply and use—changed rapidly and defied expectations.
Go grab a coffee…
… and tell some friends about Franklin Faraday!
In short: if you can delegate it, delegate it.
Not because I don't care, but because I don't need to be there. And the owner’s word weighs a ton.
And on that point, here’s the key quote from Fried’s related article on why the owner's word weighs a ton from 2018:
As much as we’d like to pretend we’re just one of the crew, the owner is the owner. And when the owner makes a suggestion, that suggestion can easily become high priority. It’s rarely what the owner intends, but it’s often how it’s received. When the person who signs your check says this or that, this or that can quickly become the most important thing.
In our experience, this is some of the best management guidance ever. Generally speaking, exactly zero people want their boss to be more involved—and if they do, they will tell you. One the best things you can ever tell someone is: “You make the decision, and I’ll back you up.” It is incredibly empowering. If they make the right decision, it’s a win. If they make the wrong decision, they gain experience for the future. More often than not, though—especially if you are clearly communicating objectives—they make a better decision than you might have made because they are closer to the problem.
There was an interesting survey about remote work that came out this week reflecting key issues for managers in the near future:
— Just 2% of people said they were looking forward to full time work in an office again.
— 65% said they wanted to continue working remotely
— 58% of workers said they would look for a new job if they can’t continue to work from home
— No commute (84%) and saving money (75%) were the top benefits of remote work.
— In fact, 38% said they were saving $5k/year by working remotely, and 20% said they were saving $10k/year. The savings came from gas, lower food costs, and miscellaneous other items such as dry cleaning.
The biggest problems cited were overwork (35%), non-work distractions (28%), troubleshooting technology (28%), and reliable internet (26%).
Meanwhile, another study found that working remotely will increase U.S. economic productivity by 5%.
Ingenuity conducted its third test flight on April 25th, climbing to an altitude of 16 feet and flying 164 feet horizontally at a speed of 6.6 feet per second. This was notable because vacuum chambers on the ground only allowed for test flights of about 1.6 feet in any direction. NASA has been testing more of Ingenuity’s camera capabilities, and a key question for the third flight was if the ground tracking camera—used for navigation—would work over longer distances.
Lots of things have to go just right for the camera to do that, said Gerik Kubiak, a JPL software engineer. Aside from focusing on the algorithm that tracks surface features, the team needs the correct image exposures: Dust can obscure the images and interfere with camera performance. And the software must perform consistently.
Ed Caesar (@EdCaesar)’s article this week in The New Yorker about “The Incredible Rise of North Korea’s Hacking Army” was… well.. incredible.
North Korea is a fascinating but very, very difficult subject to write about in any detail beyond the “North Korea is a really strange place” theme. This article explains how the Hermit Kingdom—even with its extremely repressive and isolated environment—developed a cyber capability that has caused a significant amount of damage. Registration is likely required for reading—although possibly not on mobile devices at the moment—but here are two choice clips from a very long article:
Choi told me that North Korean code was “masculine” in its brute concision: “Very simple, very practical, and they always go straight for their aim and goal.” He added, “The key to their success is their relentlessness—they just attack, endlessly.”
Oh and that cryptocurrency “investment” you were going to make? Congratulations, if the fraudsters don’t get you, you are now target number one for North Korean cyber crime:
Jesse Spiro, who is in charge of policy initiatives at Chainalysis, a private company that investigates cryptocurrency-related crime, [said] recently that North Korean hackers have stolen at least $1.75 billion in digital coins from trading exchanges. This revenue stream alone could cover about ten per cent of North Korea’s total defense budget.
Warning: Lawyer stuff.
Technology + Common Sense™ is a trademark of Franklin Faraday Group LLC. All linked content is the property of the respective author(s). Commentary and non-linked content is Copyright © 2021 Franklin Faraday Group LLC.