Nicki’s Central West End blog: Coding camps in the neighborhood

Posted on by
Reply

I live in an area of St. Louis called the Central West End, and we are fortunate to have not one but two world-class computer coding training facilities located here: Launchcode and Claim Academy. Both have been in operation for several years and have trained numerous programming professionals through some innovative instruction techniques and by focusing on non-traditional sources for their students. By non-traditional, I mean classes designed for people that have little or no formal programming experience and who want to make a mid-course career correction. In this post for a local blog, I describe their programs, their cost, and their advantages in training newbie programmers.

If you are interested in a programming career, you might want to first read a blog post that I wrote many years ago on how to pick the right online class for Computerworld. I cover things such as knowing what type of learner you are (visual, auditory, etc), figuring out if you have the necessary bandwidth to devote to the classes, thinking about what other support you will need besides the lectures, and understanding what learning programming skills really means.

Avast blog: Your out-of-date medical device could be leaving you vulnerable

Posted on by
Reply

Roughly a third of all connected devices have insecure defaults, such as no or weak password protection or poor software design, that make them ripe for exploits.

Last week, the FBI’s Internet Crime Complaint Center issued a public warning claiming that they have “identified an increasing number of vulnerabilities posed by unpatched medical devices.” They stated that these devices, such as insulin pumps and pacemakers, are running outdated firmware. They also lack adequate security features, meaning that hackers could change device settings and create dangerous conditions for the patients who literally depend on them. All of this isn’t a new problem, but the FBI’s notice is a good reminder of how law enforcement might focus its attention in this area. There is more to this story, read my blog post for Avast here.

Avast blog: How Uber was hacked — again

Posted on by
Reply

Last week, an 18-year old hacker used social engineering techniques to compromise Uber’s network. He compromised an employee’s Slack login and then used it to send a message to Uber employees announcing that it had suffered a data breach. Uber confirmed the attack on Twitter within hours, issuing more details on this page.

CSO went into details about how the attack happened.

The company claims no user data was at risk, they have notified law enforcement, and all of their services have been restored to operational status. In this post for Avast, I explain what happened and suggest a few lessons to be learned from the experience on how to prevent a similar attack from happening to your business.

Book review: Mother Daughter Traitor Spy

Posted on by
Reply

The novel tracks pretty closely to the real-life mother/daughter duo that lived in LA in 1940 and spied on a group of American Nazis who were organizing various meetings and propaganda efforts before we officially entered WWII. The two infiltrated the group, taking notes and names and eventually providing the details to the FBI. What is interesting about this story is how many parallels we have with present-day America, and the power of disinformation and hate to polarize and energize the general public. The mother/daughter duo — who have German heritage — have various adventures as they try to keep up appearances and convince the Nazis that they are genuine sympathizers, even though they want nothing to do with them. Coming on the heels of the new Ken Burns documentary about American’s role during this period, it presents some thought-provoking choices that were made.

Using Data Theorem’s Cloud Secure to protect cloud native applications

Posted on by
Reply

We tested Data Theorem’s Cloud Native Application Protection Platform called Cloud Secure in September 2022. Cloud Secure provides two major advantages:

  • It includes extensive and free CSPM protection to any customer
  • It automates cloud hacking with its Hacker Toolkits. These automate full-stack attacks of popular data breaches. This option starts at $4000 for an annual subscription.

Cloud Secure is one of five products that make up a CNAPP solution that offers a full stack security approach to all  their cloud-based applications. With full stack security, customers can visualize and take action on all their first and third-party APIs, cloud resources, mobile, and web applications built on cloud-native services. Data Theorem has a central analysis, policy and reporting engine that works across its product line. They protect workloads on Amazon Web Services, Google Cloud Platform, Kubernetes clusters and Microsoft Azure clouds.

Cloud Secure is available Cloud Secure is available for a 30-day free trial, and can be purchased from the three major cloud marketplaces, with full pricing details available here.

CSOonline: CNAPP buyer’s guide

Posted on by
Reply

Cloud security continues to be a vexing situation, and the tool set continues to become more complex, riddled with acronyms. Enter the Cloud Native Application Protection Platform or CNAPP. IT managers are looking for a few basic elements from these products, including more accurate threat detection, support for all workloads across multiple cloud deployments, and ways to implement preventable controls.

cso cnapp vendors tableEven still, that is a lot of software to manage, integrate, and understand. However, almost none of the products that claim to be CNAPP have a full set of features that incorporate all four of these categories. In this post for CSOonline, I explain the landscape and show you how to navigate amongst the contenders.

The changing world of the engineer c.1900

Posted on by
4

I have been reading David McCullough’s books on the Wright brothers and the building of the Brooklyn Bridge. Both give a very vivid picture of what the life of an engineer was more than a century ago. This life was a very different one from what we know of today. What fascinates me about how both the Wright brothers and the Roeblings (first John, then his son Washington, the engineers behind the bridge) that built things back in the day. Let’s look into their toolsets, their work habits, and their thinking processes.

First and foremost for both situations was the power of observation. Wilbur Wright spent countless hours watching how birds flew, and then tried to figure out a collection of materials that could mimic them. Within a decade people were building airplanes out of paper and wood, what we would consider mere toys today. But using some of those early calculations enabled us to build 747s and SR-71s that fly fast and are built with very advanced materials. And are anything but toys, to be sure.

Second was understanding your materials. The Wright flyer worked because it was extremely light and flexible. The Brooklyn Bridge worked because it was heavier than previous bridges: that it could withstand and distribute the loads properly. The bridge is still in great shape, more than 100 years later. We tear down lesser structures after a decade.

Washington Roebling spent his days watching his bridge being built from a nearby house. He was severely injured from getting a bad case of the bends before anyone knew what this was. Perhaps this could be the first attributed case of remote work, although the distance was covered using a telescope rather than a VPN, Slack and email. His father was also injured on the job from a ferry accident and dies shortly thereafter. All four men got in the middle of things and spent lots of hands-on time to refine their calculations and their drawings and their builds.

About those calculations. We are talking about basic math, using pencil and paper. We tend to forget how easy it is to revise things now that we have powerful computers that can instantly spot grammatical or coding errors and even suggest changes as we type. Back in those days, it was a lot more work and required often starting from scratch.

The slide rule was about as fancy as things got back then, something that I used when I first began my college education. When I went to grad school in the late 1970s, computers were still the size of rooms. Look at the evolution of IBM, from making those roomfuls of computers to changing the desktop world with its PC business, which was eventually sold to a Chinese company. Now IBM is a software and services company.

The first airplanes and bridges were built in the era before electricity. If you ever have an opportunity to visit the Detroit area, you should see the actual bicycle shop that the Wrights used to machine their parts. It isn’t recognizable because it ran on steam power, with these long leather belts that rotated the equipment. Now we think nothing of plugging something into the wall, and complain if the cord isn’t long enough. (You might remember my post about the invention of the electric light bulb and other wonders on display at the Henry Ford Museum.)

Engineers are taught how to solve problems. What is interesting about the stories in both books is how the context of the problems is explained in clear language, with gripping narratives about the various lives involved and the decisions made. You are there with the Wrights on a desolate barrier island as they struggle to figure things out, or inside the bridge piers or watching the cables being strung across the river. They are tales that have stood the test of time.

One reason is that both these books (as well as a third one on the building of the Panama Canal) are extraordinarily researched and well-written. I really enjoyed watching this interview McCullough did with Librarian of Congress James Billington on another of his books, the first part devoted to his writing tips.

Avast blog: The latest privacy legal environment is getting interesting

Posted on by
Reply

California’s privacy laws have now been in effect for more than two years, and we are beginning to see the consequences. Earlier this month, the California Attorney General’s office released the situations where various businesses were cited and in some cases fined for violations. It is an interesting report, notable for both its depth and breadth of cases.

The CalAG is casting a wide net and in my blog for Avast I discuss what happened there and how the  privacy legal situation is evolving elsewhere. I also offer some words of advice to keep your business from getting caught up in any potential legal action.

Avast blog: The rise of ransomware and what can be done about it

Posted on by
Reply

new report by John Sakellariadis for the Atlantic Council takes a deeper dive into the rise of ransomware over the past decade and is worth reading by managers looking to understand this marketplace. In my latest blog for Avast, I explore the reasons for ransomware’s rise over the past decade — such as more targeted attacks, inept crypto management, and failed federal policies — as well as measures necessary to start investing in a more secure future.

Building a better surgical robot

Posted on by
2

I have learned over the years that doctors who are digital natives, or at least comfortable with the technologies that I use (email and the web), are those doctors that I want to treat me. In the past, whenever I have looked for treatment, I have followed a different path to choose my doctor, looking for someone who was older with loads of experience, who has seen plenty of patients.

But older experience isn’t necessarily relevant anymore, and as I age that is also pushing the envelope of what “older” really means. The older docs got their medical education more than 30 years ago, when there were different treatment modalities, different standards of medical care, and computers were the size of rooms. This is why I went with my urologist, someone closer to my kids’ age than mine, when two years ago I had my prostate removed surgically. The operation went well, and was done with the DaVinici robotic device made by Intuitive Surgical. My surgeon, Eric Kim, did touch me during the surgery — to open and close me up and position the robotic arm The rest of the time he was using the robot.

The robots have some big advantages over manual methods. Patients spend less time in the operating room, not to mention a reduction in blood loss, much smaller incisions and shorter hospital stays. Kim estimates that less than five percent of all prostates are removed by manual methods anymore. He has done more than 100 surgeries using the latest model of the daVinci, one that requires a single incision. Many of his patients that had surgery with this model of the robot — myself included — were able to go home within a few hours.

The robots have another direct benefit: “The doctor has instant feedback from an ultrasound or heart-lung machine without taking their eyes off of the procedure and operating field in progress,” said David Powell, the principal design engineer for Intuitive.

Being interested in technology, I have learned that these robots have evolved from using 3D standard-definition stereo vision to today’s dual-console, multi-window 3D high-definition systems. These units can be found in hundreds of hospitals around the world and are used to perform numerous urology, thoracic, ENT and gynecologic laparoscopic surgical procedures.

The company has worked with Xilinx for two decades, upgrading their Virtex and Spartan FPGA video processing chipsets to make the views seen by their human surgeons more helpful and more precise. Plus, the better video setup means less eye strain for the surgeon, and the ability to train new staff members.

“Xilinx’ embedded processor architecture has led to a major revolution for us in terms of our subsequent platform designs,” said Powell. The current daVinci models employ dozens of these chipsets, and benefits from being programmable, as well as a more scalable and distributed architecture. This means that many new capabilities can be introduced with an in-field firmware upgrade, rather than swapping out major hardware components. All of this results in more uptime and increased robot usage, amortizing their costs over more surgeries. Our hospital has seven of the machines — both older and newer models — that are busy at most times. “It is rare for a robot to sit unused,” said Kim.

It is easy to recognize the newer electronics, because the original daVinci models used a collection of thick custom cables to connect its various components that were failure-prone and required frequent repairs. The current version uses a single fiber optic line to deliver eight channels of full 1080i HD video and is more reliable. Sadly, I wasn’t able to see the machine that did the deed on my prostate, but glad that I got the benefits!