If Only.

170616-N-XK398-090I’m reading the latest stuff on NOAA’s Tropical Cyclone 2 Updates (06182017), and I’m remembering some things.

If only there was someone who had dealt with emergency communications and worked toward developing a system where alerts could be sent to people’s mobile phones.

If only he had a military medical background with an idea of how things really work – and don’t – on the ground.

If only CARICOM had put such a system in place; if only when this alleged person was approached by Roosevelt King they hadn’t said they needed to spend a few hundred thousand US dollars to get it done.

If only he hadn’t told them that they could have developed the system from scratch starting at about $10K U.S., with development costs, circa 2006. That was too cheap and would employ local developers. That would be no good.

If only there was someone who had found himself working with such systems at ECN, and worked to troubleshoot existing systems, design new ones and see what goes wrong – plus document it all. If only those systems included NOAA! If only when he returned to Trinidad and Tobago, he tried connecting with people in Digicel and TSTT and met silence.

If only such a person existed. If he did, he’d probably be a farmer by now after having tried to chase a vision no one else wanted. Hypothetically, 12 years is a long time by human standards. 1/6th or 1/7th of a decent lifespan, really.

Ahh, well. If only we had that experience. Too bad.

A Curmudgeon’s Guide to Social Media

Grim JoyI used to be heavily involved in social media; some might think I still am when I’ve simply become more efficient and have sculpted my networks. In all, though, I rate myself a curmudgeon – a ‘a bad-tempered, difficult, cantankerous person.’

This is not to say that I am a curmudgeon, but I imagine that there are some people who send me things who now believe I am a curmudgeon. Wishing people happy birthday on social media with a click is silly. A deluge of images of politicians leaves me feeling dirty in ways a shower cannot cure, a stream of people who believe Putin masterminded everything from the Presidential Election in the U.S. to their lost sock makes me roll my eyes, watching building blocks of uninformed opinion become representative of otherwise intelligent people is the intellectual equivalent of being assaulted with gift wrapped feces.

David over at Raptitude figured out that he could have more time to do things with his experiment. Yet even as a curmudgeon, I have to point out that social media, social networks and the humans that use them are a part of our lives – we just don’t need to exist on their plane; they need to exist on ours.

What that means is we should understand that it’s typically not very important, and we should be OK with telling people not to send us crap on WhatsApp, Facebook messenging, Twitter, Instagram, and whatever crackpost (that was a typo but I like it) network that people use as echo chambers to feel good about themselves.

We shouldn’t have to think of ourselves as curmudgeons to do this.  We can control what we take in simply by telling people what we don’t want to spend our time on –  be it the stale joke networks on whatsapp to the in depth discussion on doomed men’s fashion, from the cute puppy videos to the insane amount of posts about adopting animals, etc. In my spare time, I don’t want that to be what defines me.

No, I’d rather define myself than be molded into an acceptable image of what society likes. We are society.

Public Comment on the Trinidad and Tobago CyberCrime Bill, 2017.

cybercrimeI like the spirit of the bill. My own personal background in technology is public knowledge; my LinkedIn profile will demonstrate that I have worked with companies that have been sensitive to ‘cybercrime’.  As an author on technology (virtual worlds and more), as someone who has earned media mention (BBC, New York Times), as someone who has been active in technology circles in the region (CARDICIS, LACNIC) and outside (the 1st Mobile Convergence, among others) and as someone who has spent over two decades of his life in software engineering, I submit the following comment:

Clause 4:

““electronic mail message” means an unsolicited data message, including electronic mail and an instant message;”

While these messages can be unsolicited, they can also be solicited. I think the use of the word ‘unsolicited’ should be reserved for what is popularly known as SPAM.

“hinder” in relation to a computer system, includes—
(a) disconnecting the electricity supply to a computer system;
(b) causing electromagnetic interference to a computer system;
(c) corrupting a computer system; or
(d) inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data;

Item (d) is problematic because it is contextual and no context is provided. It describes functions that can be perfectly legitimate in designed use of systems. Further, I would like to point out that the undesigned use of systems is what is called ‘disruptive’; that ‘disruptive’ in this context is about innovation, and that innovation is of particular importance to a developing economy. To stifle innovation is to stifle the economy and culture of the nation.

For example, no one expected ‘apps’ to become popular on phones, and installing ‘apps’ on a phone can have an adverse impact on performance.

The question then becomes how much is adverse, and we enter a realm of subjectivity in a world where Moore’s Law advances faster than amendments to Acts. This is why computer software has ‘System Requirements’ as far as operating system and hardware.

Further, there are ways of altering data that are not direct, and as such, defining the methods of altering data limits the Act. Since this is a public comment, I shall not divulge further.

I suggest the following:

““hinder” in relation to a computer system, includes—



(d) Affecting computer data or software in such a way that overall performance and use of the system is adversely affected to the degree that a system cannot perform it’s functionality when all documented system requirements are within normal limits.

(e) Rendering the data on a computer system to be unusable for it’s operation.”

 

Clause 10:

It should also be worthy noting that the critical infrastructure also entails the entire Domestic Communication Infrastructure (DCI), which has crossover to the Telecommunications Act (Section 69). This is increasingly important since Session Initiation Protocol (SIP) trunking is  increasingly used for telecommunications (Voice over IP (VoIP)).

Businesses also are concerned when it comes to critical infrastructure; they have their own. Examples include banking systems, medical systems (should we get some in use), etc. While not directly critical infrastructure, havoc can be created by bringing down these systems. I suggest allowing businesses the concept of their own ‘critical infrastructure’ within the bill. It would be open to interpretation by the Court.

As an example, when I worked for Emergency Communications Network in Ormond Beach, Florida, the business was to make people aware of emergencies by phone (telephony), text (SMS), email, and social media according to contract. We did this at the Town, City, County, State and Federal Levels. Our security was therefore required to be as good as or better than these systems, but we were not considered a part of the DCI. However, we had to perform security audits.

Clause 16:

Consent can be as fluid as a relationship, and the storing of the image(s) does not mean that they actually took the images; they may have been sent by the offended party. A scenario of a bad breakup might be immediately followed by an accusation of such images existing on someone’s computer system (phone, computer, etc.) and suddenly, what were once consensual intimate images become reason for the upheaval of the accused’s life. That seems a bit extreme, and seems like an aspect of the system very open to abuse.

Sharing the images without written and signed consent, on the other hand, is without question an offense.

General Notes

(1) There is a lot of authority to decide given to Magistrates and Police who may not understand the technologies that they are dealing with. This brings up potential appeals that can clutter the Court(s) further; there is no mention of prerequisite training and continued education in these aspects of Law. This legislation may not be the place for such things, but as a layperson all I can suggest is that it should exist somewhere.

(2) There are potentially cases where trained professionals can be accused of doing illegal things when, in fact, they communicated what they were doing clearly with the person or legal entity that they were doing work for. This highlights the importance of appropriate contractual documentation, and this needs to be highlighted to professionals and their clients such that all understand it.

It would be good to see that level of professionalism become the norm.

(3) Separate from (2): Sometimes bad things happen when troubleshooting or installing a system, and professionals can be put at risk by this legislation. This is, sadly, quite common – ask any Doctor. Systems are increasingly complex and while attempting to fix something that is the focus of a contract, it is possible to break something else – particularly when the lowest bidder gets the work by not billing for appropriate documentation.

Further, operating systems and hardware are fluid. Unlike medicine, where the human body generally follows certain anatomy and physiology, computer systems by and large are made up of various permutations of software and hardware that may or may not be up to date, making it a very difficult thing to protect against. There is no certification that covers everything, there is no degree that is current with technology and there is no way to know everything about a system when troubleshooting it.

Thus, actual criminal intent needs to be required in all of this. After all, lawyers are not held accountable for losing cases (even when they do everything correctly) by means of fines or jail time. To put this burden on the shoulders of other professions seems unethical.

 

(4) It bothers me that the opportunity to protect the privacy of individuals is not highlighted in this Bill. While individual privacy has been protected by copyright in the past in other nations (I do not know about here), there are larger concerns.

For example, asking me for a digital copy of my National ID opens me up to identification theft. I do not have laws that protect MY information once it gets into government systems – until Clause 15 is enacted, and even then, I have no assurances other than someone will get prosecuted. That hardly makes me feel secure. This leads to security audits in Government offices, which are not mentioned at all in this legislation (see (6)).

(5) There should be different criteria for first time offenders and repeat offenders, as well as with minors and adults. We might end up making criminals of children before they begin thinking of adulthood. We need to be very careful here not to limit young curious minds because ignorance of appropriate technology etiquette. These could be teaching moments.

Repeat offenders, on the other hand, may need Court orders that limit their access to technology as is done in other parts of the world.

(6) There is no mention of the requirement of 3rd party audits on Government computer systems (critical infrastructure and otherwise) to assure that national security and privacy of information of citizenry is maintained at the highest levels by the government. This, in my eyes, is a serious flaw.

Conclusion

I observe local IT professionals, and more often amateurs and amateurs in professional’s clothing, putting themselves into positions where they could be wrongfully accused of things that they themselves were contracted to do.

Certifications and Degrees do not make someone responsible.

The public needs to be better educated on this Bill in this regard, particularly since companies are notorious for hiring someone who they know instead of who knows what they are doing. There is public speculation on Government doing this as well, which I know little enough to comment on but have heard enough to make comment.

The Bill implicitly pushes forward best practices in the IT field, where contracts would have to be in writing and agreed upon, where documentation should be provided on the work to be done as well as the work done. I would suggest some degree of indemnification when it comes to troubleshooting and repairing systems to give guidelines in the readings of the Act by Magistrates.

The Act should codify requirements of critical infrastructure to be audited to assure security of information. This is the main thrust of the legislation, and yet there are no preventive measures to be found in this Bill that provide for that and no responsibility communicated that makes the Government responsible for critical systems. Certainly, securing systems is of interest enough to create a Bill like this – it should also be of enough interest to assure that government computer and network systems, as well as those that use them, are independently audited on at least an annual basis. Failure in this regard makes this Bill moot.

The Property Tax of Trinidad and Tobago: Privacy

Property Taxes IconWith all the media coverage on the new (2017) Property Tax here in Trinidad and Tobago, it’s hard to pick one article out of all of them to get a cohesive idea of what it is. In fact, most of the articles I’ve seen have been devoid of facts and full of opinions – let’s just say that there is a communications issue.

Frankly, if the roll-out had been done with better communication, it would have been less the political football it has become.

I own property – a fair amount – and people know this, so they ask me about it. My land is agricultural, so the new tax is almost straightforward for me. Almost.

But who reads these forms? Who has access to these forms? With people being asked to take pictures of their property and give personal details, one of the main questions I have heard from more moderate voices revolves around privacy.

And there are privacy issues to consider with crime as endemic as the common cold, and allegations in foreign news:

A project that Cambridge Analytica carried out in Trinidad in 2013 brings all the elements in this story together. Just as Robert Mercer began his negotiations with SCL boss Alexander Nix about an acquisition, SCL was retained by several government ministers in Trinidad and Tobago. The brief involved developing a micro-targeting programme for the governing party of the time. And AggregateIQ – the same company involved in delivering Brexit for Vote Leave – was brought in to build the targeting platform.

David said: “The standard SCL/CA method is that you get a government contract from the ruling party. And this pays for the political work. So, it’s often some bullshit health project that’s just a cover for getting the minister re-elected. But in this case, our government contacts were with Trinidad’s national security council.”

The security work was to be the prize for the political work. Documents seen by the Observer show that this was a proposal to capture citizens’ browsing history en masse, recording phone conversations and applying natural language processing to the recorded voice data to construct a national police database, complete with scores for each citizen on their propensity to commit crime.

“The plan put to the minister was Minority Report. It was pre-crime…

The sole local article I saw on that was hereI admit I don’t read the local newspapers too much, so I might have missed a few other articles. 

Now, being sensible and intelligent, you’ll ask me how this all ties in to the question of privacy as related to the property tax information being voluntarily sent in. That quote isn’t about the reported 105 warrants to intercept communications with 1 arrest (Less than 1% success if you bother with math). We’re talking about other stuff.

We all know that there are issues with corruption – such as the open secret of passing bribes in the Licensing Office. Anyone who lives in Trinidad and Tobago knows that there is rampant corruption in government – which, to my understanding, happens to be the largest employer in the country. And if they can’t even pay their people, when there are meetings about not purchasing toilet paper, you have a security risk. You have a privacy risk.

The privacy is a legitimate concern. Who has access to this information? How will it be used in other ways? Who is speaking to the populace being comfortable about that?

Certainly, I understand that the government needs to build it’s data – the log books of old would take decades to computerize, and I do applaud the genius of crowd-sourcing from the populace… but… privacy.

I’m of low confidence.

And that’s the press of this entry.

A little ad lib below.

Some Personal Notes On The Property Tax.

Personally, I don’t like the idea of a property tax where one can forfeit property if one doesn’t pay it for 5 years. It’s a de facto tenancy to the State at that point, and I think that’s wrong. People pay stamp duty when they purchase, and many other taxes are levied.
However.
I also don’t like speed limits as they are in Trinidad and Tobago, but if I break them I get a ticket, so I obey them. I don’t agree to a lot of silly laws, but I also understand that a society of laws is necessary. I don’t have to like them.
I bring this up because a lot of people are saying that people shouldn’t submit their forms, particularly in grassroots meetings. It’s a matter of Civil Disobedience, I suppose, and I doubt that few people who are considering it know the story of Henry David Thoreau’s Civil Disobedience – about how he didn’t believe in the Church tax, and how he was thrown in jail. What many people tend to overlook is that he only got out of jail because someone came by and paid his Church tax for him.
I will not advise anyone to take this course of action. If the person or people advising you to do this will pay the $500 fine you’ll get for not submitting… well, you decide. It is the Law.

The Human Factor: Tangible Results

Mas allá de lo tangibleOne of the issues I faced across the decades of my professional and private technology endeavors has been, simply put, the amount of intangible there was.

A visit from my father in the late 1990s saw him proud of what I was accomplishing, but he had really little idea of what I was doing. He was of the electro-mechanical engineering sphere, a meshing of the arcane art of visualizing the magnetic fields of motors and the results that they churned out, physically. He enjoyed the recliner, the space in my apartment, and the ability to watch a flat screen in any room he was in – he appreciated the rewards of my work but not the work itself. Later, when he saw me strip myself of those ‘rewards’, he had no idea what I was doing even when I was getting media attention.

The human factor of sharing any achievements is difficult enough given the shifting sands of technology and the ability to comprehend them to understand the achievements. Dealing with things covered with Non-disclosure agreements, non-compete agreements, trade secrets and so forth creates a divide between people one doesn’t work with – sometimes unbridgeable. The idea of being the keeper of secrets is a romantic notion when it can be pretty tragic. I know I lost a few girlfriends to my being lost in thought about something that we could not communicate about. Call it a personality flaw. Mine. I live what I’m doing and employers and businesses loved me for it.

And then there’s the disconnect within a business, where the tangible results are misted by horrid implementations of the Agile processes. It’s why I prefer a more DevOps methodology. In the latter, there are tangible results with Operations, who are part of the process.

There is no complaint in any of that, simply a statement of fact. I bring this up because in comparing my battling the Trinidad Roseau versus Software Cost Estimation.  On one hand, I have tangible results that I can write about and share with others, and on the other hand I am writing about how developers can’t properly estimate given the effective silos in a company that keep them from being a true part of the larger project. This is where startups are awesome to work with.

Everyone has a balance. Some people can balance these things better than I can, some people cannot balance them at all – at points, I balanced them well – but life isn’t a sprint, it’s a marathon.

But I do think that Software Engineers and others in Information Technology deserve more in the way of expressing tangible results not just to others, but for themselves.

On Software Cost Estimation

University of Maryland and Sourcefire Announce New Cybersecurity PartnershipA recent video had me considering the problems of software engineering cost estimation – something that has plagued software engineering. It has also plagued people who think software engineering is just coding because, frankly, they’re idiots.

Since I’m out of the industry – by my choice and on my terms – I can now tackle some topics and speak my mind more freely without worry of repercussions when it comes to the next contract, or the next job.

The video is, “How To Price Design Services“, and I’ll embed it at the end of this post.

Now, when it comes to software cost estimation, we start off by gathering requirements. We come up with a design, or alternative designs, built on architectures and technologies that may be new or not, that a company might have the resources to do or not, etc. Some people call this ‘discovery’. Based on what is found in discovery, an estimate is done by reading tea leaves, a magic 8 ball, estimates of coders, and perhaps killing a gluten-free chicken and reading it’s entrails. That’s about as scientific as most people do it.

And how does one get the estimates? As a software engineer over the decades, I know an estimate given by someone writing code (not necessarily a software engineer) is:

  • based on assumptions based on the documented or communicated (mistake 1) information that leads to assumptions (mistake 2).
  • based on their skill level and experience, as well as innate ability.
  • dependent on how much pressure is applied to them, with different thresholds for different individuals.
  • usually wrong.
  • never tied to the value for the company.

Now, I’m not saying that the value of a project for the company should be the estimate – far from it, that’s just not how business works. But let’s talk about profitability – immediate and recurring.

The immediate profit usually doesn’t work out unless a marketing department is brilliant, or there is a monopoly, or both. So it’s about recurring profit. How much would be expected as a return withing – oh, let’s say – 6 months?

The point is that there is a value associated with the project that is rarely communicated to the development team, which is usually – hopefully – smart enough to pick this apart. And the people asking for the project almost never want to let the development team know the value that they’re contributing because those salaried employees will want more money.

Meanwhile, every software project encounters problems because of technology changes, changes on the development team (a problem of poor hiring or poor retention policy), requirements creep (‘someone in the sales department just had a great idea!’), design flaws (they happen), architecture problems and…. well, just about everything.

The main problem with all of this is that estimates simply aren’t accurate – which, actually, is exactly what they are supposed to be. An estimate is never accurate. It approximates, and people don’t get fired too often off of teams because of their coding abilities, but because of their or someone else’s estimation abilities.

There is a point here. That point is that the development team is only as invested in the project as the business team and management permits them to be – and if they’re better invested… productivity will increase and there will also be more careful and thoughtful estimates.

Now, does ‘invested’ mean ‘more money’? Sometimes. Free gummi bears and a gym might work in Silicon Valley, but they also make a metric buttload more money than a development team in – oh, let’s say Orlando, Florida. No, that ‘incentive’ is to get people to stay physically in place in a brick and mortar establishment which, sadly, is still the norm. But they don’t actually make people tweak that bit of code just a little more efficiently. You don’t toss gummi worms at developers and they prance around.

It’s about being vested. And that’s the core problem of cost estimation – the developers are given a black box to fill with little to no actual information from the business.

Oh. That video:

Speaking In Tongues To Recruiters.

Grim JoyRecruiters still reach out to me. To be fair, my digital shadow is still on numerous job sites, and I should endeavor to clean that up so that I no longer get their emails, but even where it is cleaned up I still get recruiters contacting me.

You see, despite what you might see as a grim appearance, I am content. I did my time in the Code Mines, in meetings where mediocrity ran supreme, talking to bosses more interested in the shiny than the needed infrastructure. I have tales I might write as I laugh about how I seem to have traded my time and frustration for the pittances paid me and the insulting raises.

Despite my description, I’m not bitter. That’s on me. That was the mistake of my youth.

And if these recruiters warrant a response, if they pique my interest enough for me to take a look at what they have to offer me, I imagine them reading it and wondering whether I’m sane. That they might stare at their monitor and wonder who gave them such a response. The odds are better that they don’t even read it and just scan it, so I toss in keywords like ‘telecommuting’ and ‘part-time’ so that they know where to file it.

In their minds, I suppose, I’m an alien. A layperson in sociology might consider me a GenXer tired of a world that didn’t reward despite my experience and abilities, often overshadowed by the more passionate and sometimes even smarter kids growing up – but being ‘smarter’ or more passionate doesn’t bring the real world experience needed for good projects. In fact, more often than not, it results in failures that bleed a company or have catastrophic results. For me, it’s often akin to watching a bus being steered off a bridge all while you’re shouting from the back, “No, no, no!”

Life is funny that way, and I thank every company I’ve worked for and with for that. Those experiences proved to me that I’m not an idiot; they proved to me that I could do better, and in some instances – few but there – I was completely wrong and learned those lessons. Lessons I paid for with my time, with my health, with my youth.

I cannot get my youth back, but I can keep my time and better my health. If I don’t have to sit behind a desk 14 hours a day fixing other people’s messes, I find my health improves significantly. Life is funny that way.

Now my time is worth more to me. This is alien to recruiters, those people who broker careers on commission, and companies that think that they’re all going to save the world. A word to those aspiring to be wise: Your company won’t save the world. You won’t save the world. It might change things, and maybe things will be better because of your efforts. Maybe.

If you want my time or help, it’s now on my terms. And that’s just alien to recruiters, particularly when there are people who would jump at what they think are opportunities – and which well could be for other people.

I didn’t apply for that jobs the recruiters are writing me about. I have my life to do, and if your problem is interesting enough and you meet my basic requirements, I might help you out.