Friday, October 28, 2016

Just a container

Pearl #12: When loved ones pass away, you've just lost the containers they lived in, not the essence of the impact they had on family, friends, and community and not the memories you still hold dear.
. . .
Zeke's oldest son delivered a superb eulogy at the funeral. It was heartfelt, loving, contemplative, and funny. He succinctly captured the essence of Zeke's personality and his influence on the people around him. We could all laugh while we cried, remembering the happiness Zeke brought instead of our sadness at his passing. That was Zeke. Not the container, but the memories. I hope I'm able to leave such fond memories when I no longer need the container I walk around in.

Karl Wiegers, Pearls from Sand: How Small Encounters Lead to Powerful Lessons (pp. 59, 61), 2011, Morgan James Publishing

Wednesday, October 26, 2016


Vision without Action is a Daydream. 
Action without Vision is a Nightmare.

Japanese proverb.

Saturday, October 22, 2016

IoT: Safety & Security

Like the thermodynamics example we provided above, cyber-physical and many IoT systems frequently invoke an intersection of safety and security engineering, two disciplines that have developed on very different evolutionary paths but which possess partially overlapping goals. We will delve more into safety aspects of IoT security engineering later in this volume, but for now we point out an elegantly expressed distinction between safety and security provided by noted academic Dr. Barry Boehm, Axelrod, W. C., Engineering Safe and Secure Software Systems, p.61, Massachussetts, Artech House, 2013. He poignantly but beautifully expressed the relationship as follows:

  • Safety: The system must not harm the world
  • Security: The world must not harm the system

Thus it is clear that the IoT and IoT security are much more complex than traditional networks, hosts and cybersecurity. Safety-conscious industries such as aircraft manufacturers, regulators, and researchers have evolved highly effective safety engineering approaches and standards because aircraft can harm the world, and the people in it. The aircraft industry today, like the automotive industry, is now playing catch-up with regard to security due to the accelerating growth of network connectivity to their vehicles.

Brian Russell, Drew Van Duren, Practical Internet of Things Security, 2016, Packt Publishing

Friday, October 21, 2016

The Same Password...

People often use the same password at multiple sites. For instance, a 2005 study by Cyota found that 44 percent of people surveyed used the same password at multiple sites, and 37 percent of online banking customers used the same password at less secure sites. When passwords are used at multiple sites, if a password is compromised at one site, it is compromised at all sites. In fact, attackers sometimes invite someone to an attractive site and let them pick their own username and password. The attackers then try that username and password at other sites the victim is likely to use.

Randall J. B., Raymond R. P., Corporate Computer Security (pp. 252), 2015, Pearson

Sunday, October 2, 2016

Ouch, Waterfall!

Another relevant research result answers this question: When waterfall requirements analysis is attempted, how many of the prematurely early specified features are actually useful in the final software product? In a study [Johnson02] of thousands of projects, the results are quite revealing—45% of such features were never used, and an additional 19% were “rarely” used. See Figure 5.1. Almost 65% of the waterfall-specified features were of little or no value!

Craig Larman, Applying UML and Patterns: An Introduction to Object-Oriented Analysis and Design and Iterative Development (pp. 45), October 30, 2004, Prentice Hall