Category Archives: Energy

Energy, Security

San Bruno Pipe: Ticking Time Bomb

Leave a comment

The San Francisco Chronicle says five families sue PG&E after the San Bruno fire:

The suits say the pipe was a “ticking time bomb” that PG&E ignored. They attack the utility for not having automatic shutoff valves on the line, which could have reduced the time it took to cut off the flow of gas that fed the inferno.

“This wasn’t an accident. This was a foreseeable consequence of ignoring safety measures,” said Frank Pitre, a Burlingame attorney representing the families. He said he would file cases on behalf of about two dozen more families in the next two weeks.

Richard Clarke cited this disaster in his keynote at RSA Europe last week. Here is my problem with his use of it as an example: he first said how simple it is to blow up a gas-line and cause massive destruction, then he said how complicated it is to design and deploy an attack on a utility (e.g. Stuxnet).

I asked him afterward about this apparent contradiction — easy to cause a disaster yet hard to cause a disaster. He said the sophisticated nature of “what they were trying to do” is what made Stuxnet different from the San Bruno explosion.

Ok, regardless of motive, which we can not really know anyway, let’s talk consequences.

Can we honestly say we are far more at risk from a “highly targeted” and “weaponized” and “highly sophisticated” attack like Stuxnet when it has had literally zero impact?

It seems to me that Clarke’s message about cybersecurity is weakened when he brings up examples of actual disasters and how easy they are — like a “ticking time bomb” instead of a bumbling virus.

His speech made me think the non-cyber environmental disasters (especially from energy companies) pose the more present danger (more likely, more severe) than anything he has to say about security. This is not to diminish the importance of security, but to keep it in perspective relative to things that the five families are describing in their lawsuit.

Energy

Linux Power Management

Leave a comment

Jupiter is a power management utility avaialble on SourceForge.net with a GUI for many advanced power features in Linux

Simple, easy to use hardware and power management applet for all i386 and x86_64 Linux laptops, and netbooks. A key component of the Aurora Linux distribution, also compatible with Fedora 12/13. Not supported on other distributions.

This saves you the trouble of managing power manually with sched_mc_power_savings, hdparm, laptop_mode and powertop.

Energy

$200 to fly, $400 more to bring your bag

Leave a comment

Airline after airline is approaching bankruptcy only to be rescued by another airline. At the announcement of most of these mergers the airline proudly proclaims that they will be taking the best of both airlines and making one new better airline. In reality most of these mergers were done for two reasons. The airline wanted to buy more gates and reduce competition in its more profitable markets.

The major airlines do everything they can to manipulate the supply of seats from one city to another. Another way they accomplish this is by treating a seat on a flight differently for those flying direct than for those flying a connection. Same plane, same seat different cost. In many cases it’s pay more get less.

An example: To fly direct from LGA (New York) to DTW (Detroit) on a flight tomorrow the lowest fare on a major airline is $585. However, for flights on the same day you can fly to MCO (Orlando) for $215. What is incredibly interesting is that the $215 to MCO is a connecting flight which stops in DTW. By spending an extra $370 you get a seat on the same plane from LGA to DTW but you give up the seat from DTW to MCO and gain the right to check bags. You thought $30 to check a bag was a steep price. Keep in mind you could already be paying over $300 for that ability.

I’m a huge proponent of analytic based pricing; it’s what I do for a living. But, somewhere along the way airlines allowed computer pricing to take over and common sense went out the window. Then again if consumers want to complain they need to use the power of the purse. Next time you fly see if you can’t get less for more.

Energy, History, Security

How to Make Quality Technology

2 Comments

An excellent lecture with common sense. RSA Animate illustrates why profit is not the best motivator for quality.

First, I disagree with the start of the presentation. The science is not freaky or surprising. People are still as manipulatable and predictable as ever. I explain this in my social engineering presentation where I demonstrate common fraud methods. Profit may be less important than American economists thought, but it reminds me that economists study…profit. Only an economist would say it is “irrational” to play an instrument. Social engineering experts, or even anthropologists and political scientists, are obviously going to be less likely to focus on profit when researching motivational factors. They see people manipulated by things like pride, prejudice and authority and realize that in many cases none of it is profit. With economists it really should be no surprise that profit is not always the prime motivator. This lecture concludes that mastery, purpose and contribution are motivators but there are others as well.

Second, I have to question why economists were ever under this impression (the lecturer says he believed only in profit three years ago). Why did they see profit as the sole and only motivator? I bet a huge clue is right at the start of the lecture when he says “mechanical skill” is very successfully manipulated by profit motive in business. Immediately it comes to mind that Henry Ford, Thomas Edison, and other industrialists were proponents of mechanical skill.

Perhaps it is from this era that a perception of a beautiful assembly-line with profit as motive became some kind of ideal. An American could create massive wealth as owner of a highly mechanized system of production. Inventor of the car was not Ford, Inventor of the light bulb was not Edison. I have seen scant evidence they believed in incentives for innovation, just output that allowed high margins. The Ford company showed this in spades over the past ten years when they pumped out SUVs for profit at a time when they could have innovated in hybrid cars with a purpose. That decision almost killed them, even though they had a few good years before the crash.

Ford and Edison, who actually were good friends, believed growth through profit incentives was the ideal path for everyone else because they saw it as their own path of success. Those who could produce more product, garner more profit, wrote the story of motivation. Ford not only did not innovate but he struggled with the basic concept of changing paint colors in cars to let consumers innovate and differentiate from each other. Edison meanwhile never actually invented anything (am I getting too excited here?) — he actually setup a warehouse full of mostly immigrants, poorly paid, who were hired to invent for him and then put his name on whatever they came up with. The inferior lightbulb he produced (inefficient use of energy and short life) was highly successful because it was produced faster than anything else and more consistently. His profit motive led to more profit than his competition, which enabled him to win in a race for profitability and NOT good product. Easy to see how mechanical skills were the focus of the empire he built. Americans came to believe in him as an inventor because he had great marketing and cash in the bank.

Regardless of whether you buy into my hypothesis (rant?) about Ford and Edison it stands to reason that other incentives, such as purpose, existed all along; they have been just poorly represented as goals against those who were profit driven and used their profit to market a particular vision of success. Nonetheless the mechanical skill view had many more years of success examples before losing much of its appeal. It carried the country all the way through the difficult 1940s. The Sherman tank, for example, was not superior or innovative but it was produced at a much faster pace than the enemy’s. A German Tiger tank would often face three or more Sherman (there were roughly 50 times as many Shermans on the ground to fight the Tigers). The Americans knew, in other words, that they were at high risk when put head-to-head against a tank better-suited for its purpose (longer range with better armor). However the US did not choose to improve quality, despite risk, when they found mechanical skill and assembly-lines (produced faster than anything else and more consistently) also achieved results.

Return for a moment to the question of why economists are surprised. The 1950s saw the vision of profit as motive begin to unravel in America as disillusionment was expressed by the likes of Kerouac; he said why work so hard in highly mechanical tasks if profit (margin and/or quantity) may never come but also was never truly fulfilling. This divergence from profit as a prime motive really came undone by the late 1960s during economically innovative years of “goodwill” and “free” stores that “recycled” without profit. This seems like yet another example of why economists have no reason to be surprised, but I’ll leave that thread for another day because it also touches on interesting points about compliance and regulation.

Back to the lecture it says the economists noticed their new test actually works outside the US. They position this as proof that purpose as motive is not an anomaly. I say this actually proves that the US is the anomaly. It works elsewhere because it should not have been a surprise in America; a period of rapid and dynamic mechanical skill growth with money as a motivator in the US does not mean the other motives never existed or would not come back. The industrial revolution through fabrication and mechanization generated a fascination so intense it even bled into sports — baseball, football and basketball — that are highly mechanical in nature and reward. Compare their program, run, stop, review, repeat and incentive system to a game of soccer.

With all that being said it also is notable that innovation in America has typically come from those not working with profit as their prime motivator. Post-it notes are a fun example. The proof is right under our noses. Those who say Apple is highly innovative have to prove it to me; as a life-long Apple consumer I don’t buy it. Show me an iPhone and I will give you a list of all the ideas it incorporates from others. All the way back to the first mouse debate it was clear to me that Jobs and Woz are the best at refining others’ ideas, not creating new ones. This is not to say they are driven only by profit, but it sure fits their motivation profile a lot better than Einstein’s.

If you still don’t believe me. I will go into much more depth on this when I present on the “Top Ten Breaches” next Wednesday at the RSA Conference in London. How does this fit security, you might ask?

The best defense prepares for attacks other than the ones motivated by profit alone — the most dangerous attacker may not be profit motivated at all. Likewise, the best defense is developed through incentives other than profit. As the lecturer points out, bugs will be fixed for free and much sooner if you can accept and promote motivations outside of profit. It is through these two views of security management that we really are looking at ways to find quality. I hope to see you there.