It's time to burst the AV bubble

Yet another example of a BMS / control system vulnerability popped up this morning.

With penetration tools becoming increasingly simple to use and services such as Shodan freely accessible to anyone who is so inclined, regardless of their intentions, I am still astounded that there appear to be so many people within the AV and integration industry who are completely oblivious to even the most basic network security.

We really need to move away from this view that we live in our own little isolated world far more rapidly than what is currently taking place. We build systems that have complete control over environments. We create, commission and install solutions that drop multiple-tonne screens from roofs, that distribute (potentially sensitive) media, that have eyes and ears in every space, control power, lighting, physical access and the monitoring of all of these services. Yet, as an industry we still seem believe we function inside our own AV bubble.

Those that continue the AV / IT dichotomy and perhaps more scarily actively spread the great fear of 'the network guys / girls' to newcomers to the industry truly scare me. Not only do they work against themselves but they position the entire industry as the threat or issue that needs to be resolved.

/ rant

Teach kids to farm, not code.

My father taught me to code as a kid. He's spent sections of his life as a software engineer and as a teacher and was one of the best mentors I could have asked for when starting the craft. These days he and my mother run an organic farm, are outspoken advocates of sustainable living and are both extremely involved in community activism.

On being exposed to code.org's recent hugely popular campaign he had an interesting comment. This is a view that I've seen mirrored amoung a number of people not actively engaged non-profit based software engineering or hacktivism. His entire post is below, with my comment following.

“I’ve been able to write code fluently in a couple of languages at any one time for most of the last 35 years (although pretty disinterested for the last 5 or 6). Its much much easier than learning to speak, communicate, read and write or develop basic numeracy - skills which we expect of most members of our society. Growing food is far more challenging, requires an order of magnitude more knowledge and continuous learning and dedication. It requires us to be connected with a real world of which we still know almost nothing compared to what there is to learn. The way we do it has huge intergenerational consequence for people and everything else that lives on this planet.

Why are programmers granted such high status and wealth in our society for living in a self-created self-indulgant intellectual world of constant escapism - and yet farmers are regarded with such distain when they operate on the most important boundary between society and the biosphere? It’s all very well stating that all human beings should learn to code (and dance and sing) but it is far far more important that all human beings learn to interact with the natural environment and understand the basics of food, water and shelter.”

— Steve Burgess

The ability to code itself does absolutely nothing to thrust developers into this elevated world of riches, status and disconnection that you allude to. Programming is simply a tool, a way to abstract a problem and enable it to be solved or solved more efficiently. What boosts mere mortal programmers into the world of software engineering demi-gods is their ability to clearly define these problems and present them in this abstract world. The programming part is nothing more than a hammer to a builder or a scalpel to a surgeon. Yes, you need to know how to use it, but the skill involves knowing what to do with it.

Even with absolute mastery of this skill you do not suddenly go riding into the palace of software engineering gods on the back of a sparkling unicorn to frolic in abundant riches. There are developers all across this planet that are absolutely incredible at what they do, serious geniuses and masters of the craft yet still barely earn enough to survive. What differentiates a programmer from a stupidly rich programmer is the problems they choose to solve. Addressing problems that improve the efficiency of advertising (Google, Facebook et al) are a pretty proven way to do this, as is high frequency trading algorithms or building things that people who already have a lot of money (VC / investor) can use to make more money. The list goes on.

What code.org advocates is teaching this art of programming. Yes, it is an advertising campaign that uses people who have made stupid amounts of money through some of the above tactics but lets remember it also an advertising campaign targeted at America and saying "Do x and you'll be swimming in vats of riches, shiny things and scantily clad women" is a proven tactic in that demographic. What code.org promotes is teaching kids how to look at problems, analyse them and present them in a way that captures what they are trying to solve. It promotes teaching kids how to use a new tool that can assist them to devise solutions to whatever problems they desire. Most importantly it promotes teaching them a tool that they can use to express and communicate this.

P.S. If you're having a hard time finding the applicability of programming to real world problems (i.e. things not contained in the get rich quick options outlined above) have a look at Random Hacks of Kindness and other similar initiatives.

Abstraction

Developers suck at staying on task. Or rather, developers suck at staying on the relevant task.

The thirst for knowledge, the urge to understand and the desire to hack - all key traits of many great software engineers, are unfortunately also their downfall. Ask a developer to solve and problem and they'll disappear down a rabbit hole only to emerge with a uselessly large area of knowledge vaguely positioned around what was required to create a solution.

Concentric circles showing excessive research performed and periphery knowledge obtained around what is actually required to solve a problem.

As enjoyable as this may be, building a working knowledge of astrophysics to ensure that your dynamically generated, Apple ~~rip off~~ influenced space background is accurate may not be the best use of time.

Don't get me wrong, by all means, this is the sort of polish that differentiates people, teams and products from their competitors. But to compete, you first need to have an entry in the competition.

I recently began actively training myself away from this obsession with excessive research and NIH Syndrome both in my coding and other output. Now that's not to say that I no longer have an interest in learning, experimenting and hacking - it's actually quite the opposite. I now approach things width first rather than depth first, allowing me to really play with those core areas that are most interesting or most beneficial rather than burning all my time of the first problem I encounter and having to endure subpar solutions to those that follow.

As part of this ethos I've discovered a number of new tools which in the past I would have tried to build... badly. One of these is Squarespace. When it comes to web publishing it allows me to stay comfortabley floating up in the higher levels of abstraction and just focus on releasing the odd literary train wreck on the world, rather than laying the track in preparation.

I'm continuing the search for other tools that allow me to refocus on the actual tasks and goals. Utilities that help me to simplify specific parts of a problem so that I can solve it first, then solve it better. I'm keen to see what else this un-surfaces.