Posted on

Twitter Annoyances

I have lost all patience with Elon Musk. Up until last week, I could see some rationale and a ray of hope in his Twitter monkeyshines, but renaming Twitter blew away any lingering spell.

I’ve never been a Twitter fan. I have no quarrel with folks who enjoy an adrenaline and dopamine thrill during a hot online exchange, but dashing off few characters and blasting them out to the world does not excite me, nor do I much enjoy reading blurted tweets. However, scientists, journalists, and many others have all appreciated a decade of Twitter’s rapid and live flow of opinion and information. Twitter established its usefulness for many users.

Some folks like to toss spit wads at the Twitter wall to see what sticks. That’s fine too, but it points the way to the downside of Twitter. I’m too old not to have noticed that attention-seeking, greed, and choler is always present in this world. Given the way people are, some of those spit wads will be mean and treacherous fire balls. Some heat improves a dish, but too much ruins it.

If it were easy, or even possible, to distinguish good and bad posts like sorting sheep and goats, I could see that managing a platform like Twitter would be an interesting and satisfying job. But we all have good days and bad days. My notion of good is only to a rough approximation of yours. On most points, we will differ. Sometimes we will differ a lot.

Anyone who has tried to keep peace in a family, lead an elementary classroom, or push a project team toward a goal knows how mind-stretching and frustrating taming the discourse on a platform like Twitter must be.

Did pre-Musk Twitter meet that difficult challenge? Not especially well. They were in trouble with the European Union and the FTC. Both the right and the left accused them of bias.

As a service system management product developer who has seen outfits like Twitter both succeed and fail, up to the last few weeks, I didn’t think Musk did too badly.

Musk always struck me as a little too hot for everyday consumption, but Tesla and Starlink are undeniable accomplishments. Unfortunately, massive layoffs at Twitter made sense.

Twitter has all the marks of a company that has struggled and failed to address issues. Instead of fixing problems with solutions, Twitter took the last century MBA route and hired more staff, thinking held over from the era when a coal shortage could be solved by hiring more miners.

Technology does not work that way. Typically, adding more staff delays a technical project. Twitter appears to have added bodies instead of engineering and administrative discernment, and that led to a flailing technical organization. They desperately needed trimming. Musk’s judgement was correct. A massive layoff, however cruel and harsh, was the only choice.

I’ve gone through the process of trimming a bloated staff and know how hard it is, akin to a brain surgeon extracting a tumor, but instead of a scalpel, you are stuck with a sledgehammer and pickaxe. If the result of your effort is vaguely in the direction of your goal, you haven’t done so bad.

There’s no question that Musk paid far too much for Twitter. At first, I was willing to give him a pass on that. The world’s richest man can tap his bulging piggybank and survive. Wasting money is a gazillionaire’s prerogative. Accumulating vast wealth offers experience on how much extravagance one can bear. One would assume.

The last few weeks have been bad for Twitter. It appears to have fallen into a descending spiral. Stiffing critical suppliers like landlords and cloud providers has affected operations, which decreases revenues, which further curtails resources. This is the way corporations die.

Yet another nail in the coffin: rumor says some employees still cash in vesting stock options at Musk’s inflated price of $54 per share. That will end soon. I wonder if those employees will continue to work for Musk when that fountain of gold turns into trickle of dry sand?

I expected that naming an advertising executive as CEO would inject some reality into Musk’s advertiser management and stabilize revenues, but the last change, renaming Twitter to X looks like another round of playground gags instead of advertising management skill.

Which brings me to my point: I’m an old Unix hand. X, for me, is the X Windows system developed at MIT that was the foundation for distributed graphic interfaces. Graphic user interfaces (GUIs) opened computing to a wide swathe of users. Without GUIs, computers would be impossible for most people to use.

And now, venerable X has been permanently tied to Elon Musk driving his Twitter Tesla into a bridge abutment.

 

 

Posted on

Cyber War In Ukraine

I’ve added an update for May 9th below.

The hacktivist war against Russia has been dismissed as ineffective, but my own reading indicates that it is unprecedented and formidable. The final results are not yet visible, but something exciting is happening.

History

Russia has been a center of excellence for cybercrime since the dissolution of the Soviet Union in 1991 when the centrally planned and controlled Soviet economy shattered and became a kleptocracy. The accepted story is that trained software and computer engineers lost their jobs in the broken system. In desperation, they turned to cybercrime. The narrative goes on to say that the line between cybercrime and government sanctioned intelligence operations is vague in the former Soviet Union. Rumors abound that Russian cybercriminals have a free hand to demand ransom and steal data and cash in return for cooperation with Russian intelligence services. The truth of this narrative is hard to evaluate, but it’s the backdrop for the current cyber war in the Ukraine.

Scope

I went on alert for a major Russian cyber attack on February 24, 2022 when the war in Ukraine started. When I wake up in the morning on the Pacific Coast, it’s mid-afternoon in Moscow and Kyiv. The workday has barely started in New York. By the time I finish my first cup of coffee, I’ve checked for cyber attacks, assuring myself that the European and North American power grid is intact, European and U.S. oil refineries are not burning, and the international financial system is still functional.

The Ukraine war has brought many surprises. I, among many others, thought a precision blitzkrieg invasion would engulf and obliterate key targets bringing down the Ukraine in days. Ten weeks later, the Ukrainians have halted the assault on Kyiv, taken back territory, sunk a Russian naval flagship, killed several high-ranking Russian generals, and hit targets inside Russia. The damage to Ukraine is huge, but the Russian attack has faltered. We now know that the Russian army is not as war-ready as we thought.

The Russian cyber war is harder to measure. Microsoft has provided an extensive report on cyber attacks against Microsoft software in Ukraine. There have been attacks, but not the smoking mess I anticipated. The cyber war is not over and could still intensify, but it is not the dismal defeat of Ukraine that I expected.

What Happened?

I had not thought much about hacks against Russia until I read a piece in the Washington Post about the Ukraine IT Army recently. Russian computing culture is notoriously vicious. Prudent folks have shied away from hacking a such a formidable foe, but the Washington Post Article reports that since the Ukrainian invasion, more hacked Russian credentials have released on the open web than from any other country.

Usually, the U.S. is the helpless victim bleeding hacked data and Russia is presumed to be the biggest and ugliest culprit. The tables have turned. Russian businesses and institutions have been hacked and doxed— their credentials, private messages, and data have been accessed and published. Even pro-Putin Russian criminal hacking organizations are victims. If you’d like to peruse some stolen Russian data and creds from Russian residential electrical contractors, banks, the Ministry of Culture, the State Nuclear Energy Corporation, and tons more, look here. Russian cybersecurity is weak, not the impenetrable citadel we thought it was.

Some analysts downplay the significance of these attacks. I don’t, if only because they deflate the reputation of Russian cybersecurity.

Hacking Russia from Home

U.S. and European state actors, government agencies like the National Security Agency and the European Union Agency for Cybersecurity, are undoubtedly at work, but we probably won’t know their role until long after the war is over.

The great hack of Russia is a “working from home” operation.

Cyber war is not kinetic war. Launching kinetic weapons— missiles, bombers, tanks, and troops— is costly and requires large and well-established organizations at the right time and place.

But kids with smartphones can launch cyber attacks from anywhere, if they know how, and many of them do.

Professional cyber attacks use more sophisticated equipment and methods, but large organizations are not necessary and the equipment is not hard to get. Computer professionals with all the knowledge they need have adequate equipment and connections in their home offices. Nothing like the cash, trained experts, and on the ground presence required to launch a $200K Javelin missile or even a cheap $6K Switchblade drone.

For example, here is an interview with a group called AgainstTheWest. The group is secret and the assertions in the interview are unverified, but I find them plausible. They say their goal is to collect intelligence on threat actors (security jargon for instigators of risks with the capability to do harm) from Russia, Belarus, and North Korea. The group says they are five people who are certified information security professionals who work together. They have an impressive list of data on their targets that they have acquired. They say they work with various official agencies, but they are independent.

To support groups like these, the Ukrainian government has set up a Telegram list with information on potential hacking targets and the progress of the cyber war. The list has close to 280,000 members.

Impacts

The Ukrainian volunteer cyberwar is unprecedented and startling. I’ve feared a cyberwar for several years, but I anticipated a war between state actors like the U.S. Cyber Command leading the action, nothing like Ukraine’s leaderless foreign volunteer army, which is akin to guerilla warfare, but the partisans are far from the kinetic battle. Is the IT Army a spontaneous gush of altruistic support for democratic institutions? Or a destructive, undisciplined, and chaotic mob without a chain of command? Or some ungovernable mixture that will challenge order for decades to come?

We will see.

Update for May 9th

May 9th is a major holiday in Russia, commemorating the triumph of Russian troops over Nazi Germany in 1945. Both Russia and Ukraine celebrate that victory. The U.S. used to celebrate May 8 as VE Day (Victory in Europe Day) although it is no longer a national holiday. In Moscow, military parades and exhibitions of weaponry are May 9 staples.

Many experts were expecting trouble, perhaps a doubled down bombardment in eastern Ukraine or the long awaited Russian cyber attack on the West. I was up early, doom-scrolling for trouble. Nothing much happened. Reports say that the Moscow parades were, perhaps, a bit subdued but typical.

Putin attempted to connect attacking Ukraine with defeating Nazi Germany. The war in Ukraine was business-as-usual, but Russian social media platforms were hacked, according to the Washington Post. “The blood of thousands of Ukrainians and hundreds of murdered children is on your hands,” appeared on Russian television and computer screens. Internal propaganda convincing the Russian people that Putin is fighting a just war is critical if the Russian is ever to succeed. If today’s hack can be repeated and amplified, the hacktivists, whom I assume were behind the hack, will strike a powerful blow for the Ukraine.

Posted on

Stop Using Software Built in Russia

The war in Ukraine that broke out in late February 2022 forces me to tell you to shut down, uninstall, and replace any software built in Russia that is on any computer you control. I am not the only one saying this. The caution applies especially to anti-virus and malware utilities and Virtual Private Network (VPN) tools.

Anti-virus and malware tools must have access to everything on a computer and they are remotely updated almost every day, which makes them dangerous if they are subject to unscrupulous interference. Virtual Private Networks are used to make network traffic harder to snoop on and more secure. They can be dangerous because their manufacturer may have access to all your network traffic. Most apps only access their own network traffic.

If you are sympathetic to the plight of the Ukraine, getting rid of Russian software is a way to place your own economic sanction on the invaders. Giving up Russian vodka and caviar is another way.

If you don’t care about Ukraine, you have still have another critical reason to act.

You must understand that your computing systems depend on the honesty and integrity of the manufacturers of the software running on your computer. Vulnerabilities, security weaknesses, are discovered in software from reputable software houses all the time. Most of these are mistakes, but some are software features, functionality that makes us want to buy software. But some of these features give manufacturers extraordinary power over systems.

This is not all bad. Software design frequently trades off between security and efficiency or convenience. A classic book on software design, Design Patterns, describes building blocks for designing reusable software modules, including patterns for making data and processes accessible throughout a system. These accessibility building blocks make a system more efficient, but less secure because a tiny breach can open up an entire system. The security of well-designed systems depends on the integrity and care taken by their manufacturers to strike the right balance. A careless or unscrupulous manufacturer can release scandalously insecure applications that the market will lap up, until the disastrous insecurity is discovered and a crisis ensues.

For example, a password reset provision in an application is a great convenience, and nearly a requirement for any commercial product. Yet password reset is a gaping security hole when the wrong hands are able to invite unauthorized actors into a system by changing passwords. Remote access for support is another required feature for most systems that becomes a weapon when a criminal uses it to take over.

Backdoors—routes into an application known only to developers—used to be common. Backdoors are now considered extremely bad practice, but some developers still use them to save time during development. But the last few weeks before release are often the most hectic of the entire software development cycle. Unless management insists, removing backdoors can be neglected by busy developers working long hours. The software user’s only protection from secret backdoor access is the integrity and honesty of the software manufacturer.

This is why I continually tell folks to be careful about what they install on their computers. Only install apps from reputable vendors. Don’t just assume a vendor is reputable; actively check them out.

Some, perhaps most, Russian software companies are honest and do not intend to exploit their customers. However, all businesses operating in Russia are subject to coercion by their government. That’s the way business now works in that country. If the Russian government wants a backdoor into an application, they can compel a Russian company to put one in. Since the war in Ukraine started, the pressures can only have increased.

Doing business in Russia differs from business in western countries like the United States, Canada, and the European Union. Government and private abuses do occur here, but we have a free press, whistle blower protection, and a tradition of following laws that are scrutinized by the public and changed when enough people oppose them. Maybe not fast enough, often enough, or exactly the way each of us might agree with, but the public eventually is heard in western governments.

With the Ukraine war, public oversight and rule of law in Russia has disappeared. You may argue that it was never present, but your computer is still in jeopardy if you are running Russia-built software. Your home computer could conceivably become an instrument in a cyberattack on western or Ukrainian infrastructure. Compromised home computers have played roles in criminal attempts to shut down servers by overwhelming them with traffic.

I don’t like blacklists and I will not publish a Russia blacklist here. I urge everyone to add checking for Russian involvement as part of their due diligence for installing software on their computer. As much as I admire Chinese traditional culture, I have also added the People’s Republic of China to my due diligence list. North Korea goes without saying, but I’ve never seen a North Korean software product.

For example, Kaspersky Internet Security is a popular and powerful anti-virus tool. Run a Google Search on “Kaspersky Internet Security Russia” and see dozens of items on the dangers of Kaspersky. Wikipedia has a “Software companies of Russia” page. These provide useful hints.

Ultimately, in this age of misinformation, you have to rely on research and judgement.

I am a cautious person by nature and do a lot of research. Along with reading software reviews, I go to the website of software houses I suspect and check their corporate pages.

Is their stock publicly traded? I tend to be less suspicious of companies traded on the Nasdaq or New York stock exchanges. The Securities and Exchange Commission (SEC) and the Federal Trade Commission help keep them honest, although foreign investment is allowed. Privately held corporations and those on foreign exchanges get more scrutiny from me.

Where is their company headquarters? Where do their officers and members of their board of directors live? Where are their development labs? Most large software companies now have labs all over the world, but a company with most of their developers in Russia attracts my suspicion. Check their jobs listing. Where are they recruiting? What does the trade press say about the company?

Triangulate multiple sources. The fact-checker’s rule of thumb is that any point not supported by three independent sources requires more examination. Be extra cautious when a piece “just sounds right.” That may be your preconceived bias speaking to you, a frequent source of bad decisions.

When my suspicions are aroused, I must have a good reason to install or continue to use the company’s software on my systems.

Be careful, folks.

A note of thanks to my friend from the Whatcom County Library System, Neil McKay, for edits and useful comments.

Posted on

Malware On Apple

Toto, I’ve a feeling we’re not in Kansas anymore

Mac fans and Apple marketing used to say Macs were immune to computer viruses. That was never entirely true, but it was mostly true. Users of Apple products really had fewer virus and malware issues.

But the landscape has evolved. Apple security incidents have gradually increased. In early February this year, 2022, the Microsoft 365 Defender Threat Intelligence Team, Microsoft’s crack computer security group, posted an analysis of a Mac trojan, a malicious software that looks innocent. The malware is surprisingly sophisticated. As it has grown in the wild, it has continually grown more malicious. This report on the Mac trojan signals the new world of Apple security.

Don’t be naïve. Everything in tech is touched by marketing. Microsoft fired this shot to convince system administrators that connecting Apple devices to Microsoft server systems can make Apples safer. You can take that claim for whatever a competitor’s claim is ever worth. The report is reliable, but it goes down best with a grain of salt.

Apple has left the farm in Kansas. It’s time to take Apple viruses and malware seriously.

History and Relationship with the Past

From the late 1980s on, Apple equipment was strong in niches like education and graphic design, but Microsoft was orders of magnitude more popular in typical homes and businesses, mostly because tons of Windows compatible software ran on cheap generic PCs from competing hardware manufacturers like Lenovo, Dell, and HP.

Apple focuses on user-friendly, high-end, premium products. They released the first commercial graphic all-in-on computer, the Macintosh, and followed it up with a string of top-shelf innovative products like the iPod, iPhone, and iPad as they continually improved their line of premium desk and laptop computers. This winning strategy eventually made them the most profitable company on earth.

Microsoft, on the other hand, has striven for a wide variety and high volume of useful products on competitive generic hardware. Clearly not a losing strategy: they became the second most profitable company on earth.

Security Through Obscurity

For years, choosing quality over quantity indirectly improved Apple’s reputation for security. Until recently, breaking into an Apple product was not an attractive project for most hackers.

Breaking into a computer system is easier than it ought to be, but it still requires time, effort, and risk. Given a choice between developing a technique for penetrating a Microsoft Windows system and an Apple system, hackers regularly chose Microsoft because the large Microsoft user base increased the chance of finding a juicy victim.

Security types call this “security by obscurity.” However, avoiding attention to avoid attack no longer helps after the victim engages an attacker’s attention.

In the last decade, Apple’s enormous success has blown away its obscurity. Now hackers see juicy Apple targets and are out to snag them.

Unix Roots

Microsoft has cleaned up its act considerably in the last decade, but early on, they had a dismissive attitude toward security. Windows developers and their predecessor DOS developers assumed that a personal computer was a standalone appliance like a toaster or a steam iron.

Securing a standalone PC meant locking the door to the office, chaining PCs to desks, and locking their cases. In those days, a physical hard drive was thought more valuable than the data it contained.

Microsoft took a long time to recognize that a PC connected to a network requires a different kind of security.

Meanwhile, the rising tide of hackers grew into a dark industry devoted to raping and pillaging Windows installations. Eventually, Microsoft realized they had to do something, and they have, but they’ve played a lot of catch-up.

Apple developers may have been slightly more aware of the dangers, but their “security by obscurity” cloak obscured impending threats.

Even so, Apple made a sound engineering decision a few years ago: instead of continuing to develop their proprietary standalone operating system, they adopted a variant of Unix, the open-source operating system long favored by academic, engineering, and enterprise developers. The popular open-source operating system, Linux, is also a Unix variant.

Disclosure: I am a dyed-in-wool and unreconstructed Unix programmer.

Unlike Windows, whose roots are in stand-alone PCs, Unix was designed for multiuser computers, and, more significantly, heavily used in colleges and universities as a teaching tool. AT&T developed Unix and then offered it as a royalty-free product to educational institutions for a small administrative fee. In those days, almost all software included source code. Universities were not allowed to distribute the source code or their work built on Unix, but they retained rights. Consequently, Unix was widely adopted by university computer science departments. This was a boon to Unix security.

I was one of the computer rats who hung out in the Western Washington University computer center in the middle of the night studying Unix and trying to break into the university multiuser system. We weren’t criminals, just inquisitive and rambunctious college students. While Windows and DOS basked in single user isolation, my cohort in university computer science programs all over the world pored over source code and beat the hell out of Unix. We learned a lot, and our archenemies, the sys admins, often other students, also learned. The upshot was Unix security systems, both code and administrative practices, were scrutinized and hardened.

When Apple made the momentous decision to replace their proprietary operating system, they became the beneficiary of all the prodding and testing my friends did in the 1980s and 90s. By adopting Unix, Apple acquired an operating system that had security pounded into its foundations—a much better position than the Windows security features bolted onto a gradually hardening insecure foundation.

So. Yes. Apple products are inherently more secure than Windows. But not much. And possibly not any longer. Microsoft, by no means a cluster of idiots, has worked hard to secure their products.

Keep in mind that secure is always a relative statement. When a professional says a system is secure, it’s a form of bluster that braces their self-confidence. A system may be more secure than others, but it’s only harder to break, not unbreakable.

Apple’s operating system is harder to hack into than older versions of Windows, but Windows today is orders of magnitude more secure than Windows of a few years ago. At the same time, Apple’s sharp engineers have only recently stepped into the target zone. They have their own catch-up game to play.

Scope

The Mac trojan Microsoft reported on began as a basic data theft exploit in late 2020. Apparently, the exploit begins like most hacking ventures: with an email that tricks an insider into letting a miscreant in. The exploit became more sophisticated over time. When the malware was first installed, it only transmitted basic system information to a master server. Over the next year, new capabilities were gradually added to the basic exploit and the malicious bot (the trojan acting as a robot under hacker remote control) started downloading installable applications.

Macs have mechanisms for preventing installation of untrusted software. The bot gained the capability to circumvent the protection. Then it began collecting and exporting more information and running code with root privilege, which is the highest level of privilege in a Unix system. For self-defense, the bot began removing and renaming the files it installed to thwart antimalware utilities that search for characteristic files to detect malware. It also started injecting ads into webpages.

I’m not going further into the details of the Mac trojan. Go to the Microsoft site, or take a look at this list of macOS malwares.

Counter Moves

I recommend that all Apple users begin to follow the basic rules of computer hygiene if they don’t already. Follow them carefully and the chances that you will run into trouble will shrink drastically. These are the rules I follow for myself. The last time I was hacked, knock on wood, I was running Windows XP.

The Rules

One

Don’t be tricked into trouble. Most victims of online attacks were, at some point, tricked in a non-technical way with the skills of a con artist, not computer skills or knowledge. For example, some clever hacker impersonates your boss on the phone and asks you to email a list of employee usernames and passwords to an odd address. Clearly a dangerous request. Check it out before you comply.

Or someone claiming to be your favorite niece calls from Waco asking you to give her access to your Amazon account because she’s in a jam. Or you get a phone call from Apple asking for your account password. Don’t get rooked by liars and imposters.

These cons are called “social engineering.” Their intent is to trick you into opening the door to a hacker.

Two

Avoid dodgy websites. You know which sites. The ones that appeal to base instincts or offer something too good to be true. Super gadgets for $19.99. Unbelievable cures that doctors keep secret for fear of losing patients. Inside financial tips. Salacious celebrity pics.

Click on one of those kind of web sites and you can lose more than your time and money; you could also infect your computer with nasty malware that will hurt for months to come if the infection is not promptly detected and removed.

Three

Be careful with downloads and installs. The simplest and most effective way to compromise your computer, laptop, tablet, or phone is to install an application that promises to entertain or perform useful work, but also opens your device to exploitation. During an install, your computer is a patient on the operating table whose heart is in the hands of a surgeon. If the surgeon is a crook, your computer is defenseless.

To protect yourself, get your apps from reputable sources. The Apple, Microsoft, and Google app stores vet the applications they offer. That’s a big help, but they are not perfect. Some nastiness gets through. Before you install, check the reviews and the reputation of the developer on the network. Avoid being the first to install a new app. Always download from secure (HTTPS) sites.

Get your hardware drivers directly from your operating system and device manufacturer sites. If you can’t avoid a third party site, research them thoroughly. I often go to Toms Hardware for driver information.

Four

Scan regularly for malware. Apple now has malware scanning (antivirus) built in. In addition, third party anti-malware tools are available for Apple. Almost all are effective when used properly.

Anti-malware tools are fiercely competitive, and the malware landscape changes daily. The tool that is the best today may be second rate tomorrow and best again next week. The brand of tool is not as important as regular updates and frequent scans.

Choose a malware scanner with a solid reputation. These scanners are uniquely well-positioned to mess with your device and steal data. Choose a well-reviewed scanner from a reliable source. Some popular scanners have been accused of questionable practices.

When you have chosen a scanner you trust, accept updates and run scans often.

Five

Keep your operating system and apps patched. Hackers are always looking for new vulnerabilities. They find the holes and exploit them quickly. The industry battles hackers continually with patches that stop up the holes in defenses. Turn away the invaders before they get in.

Automatic updates may be annoying, but the benefits outweigh the trouble. Sign up for automatic maintenance from reputable sources whenever you can. Automatic updates occasionally mess up, but that happens less as the sources get better at patching, and a botched patch is usually far less damaging than a successful attack.

Six

Use strong passwords. Password cracking is more sophisticated today than when the old rules were written. Long (sixteen characters or more) random passwords are still difficult to crack, but hackers have ways of cracking commonly used passwords. Any single word that appears in any dictionary, any common sequence of characters (like ‘123456789’ or ‘qwerty’) is a breeze. I like memorable nonsense phrases like ‘MyPetRockSaysHi!’.

A password manager utility that generates long random passwords is useful. Never duplicate a password. Some of the worst breaches in recent years have been based on duplicated passwords.

Current opinion is now that changing passwords frequently is counterproductive because it leads to weaker and duplicated passwords. A strong password that has never been revealed or compromised does not ever need to be changed.

Multi-factor authentication (MFA) is now common. Use it in addition to a password. Multi-factor authentication is harder to hack than the strongest password. For example, sites and devices that request a fingerprint or a face scan after entering a correct password are safer than a password alone because the chances that a hacker can get both are low.

The strongest multi-factor systems use an app generated token, like a 5-character code, or require a special USB device (key) that you have to plug in. Critical accounts, such as your bank or your brokerage account should always use multi-factor authentication.

The Future

More secure platforms are possible in the future because the many platforms of today were naively designed without much thought to the potential for abuse.

Bitter experience has burned off the naiveté. Computer security will always be a challenge because computing systems are maddeningly complex. Developers and designers will never be able to foresee every security flaw.

In the early days of our current computing platforms, software developers did not think much about security. The goal was to build a network to interconnect systems and make them reachable, not put up barriers to access. In retrospect, that was jaw-droppingly naive. The hackers of today still take advantage of that naiveté.

Fortunately, the industry is wiser now.  With new attitudes, improvement is possible.

I must credit my Whatcom County Library System friend, Neil McKay and computer communications expert, Steve Stroh, for their substantial help.