Beware of Un-updatable Devices

A hundred million IoT devices are open to hacking. It turns out there is a whole slew of flaws in four different basic TCP/IP implementations. Since many IoT devices don’t have auto-update capabililty, and many don’t have updatable firmware at all, all of these devices are simply waiting to be subverted by hackers.

In order news, a startup has produced an autonomous robot that drives around the farmer’s field all by itself, zapping what it considers weeds with lasers. What could possibly go wrong?

If you are deploying any IoT technology, consider carefully how the devices will be updated with new software. Parts of the IoT industry have a sell-and-forget mindset, and that will embed ticking timebombs in your infrastructure.

Bad Face Recognition

In the U.S., police have started rounding up suspects based on defective image recognition from grainy surveillance video. Image recognition is known to work poorly on black faces, probably because they were mainly trained on images of white people.

When we roll out new technology, we of carefully explain to the users where and how it can be used. But if we can reasonably expect our users to ignore our admonitions, maybe we shouldn’t sell it at all.

https://www.theverge.com/2021/4/13/22382398/robert-williams-detroit-police-department-aclu-lawsuit-facial-recognition-wrongful-arrest

Speak Nicely to Yourself

Notice how you talk about yourself. It affects your self-image. It can be hard to do while speaking, but lockdown has presented us with an endless succession of Zoom calls to work with. If the meeting is not being recorded, ask if it is OK for you to record it. Zoom now also has an automatic transcription feature that turns the audio into text.

Once you have the recording or text, look at the parts where you are speaking. Notice the words you are using about yourself, your team, and your projects. If you are using neutral or negative words where a positive word would have been reasonable, try saying the sentence to yourself with the improved word. For example, don’t say your team is “doing okay” if you are actually “doing well” or even “doing great.”

Using more positive words will give you increased energy and happiness. Try it.

Thank Someone

Remember to thank other people. It’s easier to thank a colleague when you meet him or her in the office than thanking them via Zoom. That’s why most people are not expressing gratitude during lockdown like they used to.

Telling someone else that you are thankful for their contribution will improve their day. It will improve your day, too, and it costs you nothing. Science also shows that expressing gratitude reduces stress hormones and has a host of other health benefits.

Make a note to yourself to thank someone for something this week. Putting a “Thank you” post-it note on your computer will remind you. And just watching the note will lift your own mood.

Plan Your Travel

Start planning your next trip. The antidote to lockdown cabin fever is to imagine a trip somewhere. You’ll be able to travel again this year, even if you probably won’t have the whole world available. That doesn’t matter. What matters is that you spend time planning your trip.

Choose a destination and start researching. Since we’re only imagining at this time, you are fortunately free to skip the frustrating part where you search for cheap airline tickets. But find a hotel or Airbnb for your imaginary trip, and find out what you want to see and do.

Imagining a better future where you can travel again will lift your spirit. And once you’ve made the plans, your trip is more likely to actually happen.

Look at the Stars

Get away from your screens and look at the night sky. It’s International Dark Sky Week this week. Get out of the city and away from the lights to somewhere you can see the stars. Looking up at the sky will put your worries in perspective. You can check out the official International Dark Sky Places directory here https://www.darksky.org/our-work/conservation/idsp/finder/. If there is no place hear you, look at the light pollution map (https://www.lightpollutionmap.info) and find the least light-polluted place near you.

Spring Cleaning

Did you do any spring cleaning? Spring is a good time to start new things, and that’s why we have a phrase for cleaning up this season.

Your physical environment affects you, and clutter around you makes it much harder for you to get started on anything new. Try removing all the excess stuff from one room, or just a corner of a room. Sit in the cleared space and feel the difference.

To make a change in your life, enlist your physical environment to help you. If you don’t change your environment, it is much harder to make any other change stick. Do a little spring cleaning and improve your life.

The Intern Did It!

The intern did it! Solarwinds’ new CEO just added another top contender to the pantheon of bad excuses. This one is right up there with “the dog ate my homework” and is destined to become an instant classic.

Testifying before a U.S. Congressional Committee, Solarwinds came out looking like bungling amateurs. First, they had a system that allowed a password like solarwinds123. Second, they had an externally accessible system where that password worked. Third, they didn’t do anything about it when security researchers pointed it out. Fourth, they try to pin the blame on an intern that created that password.

As a CIO, you can either isolate your public-facing systems completely from the internal ones, and allow username/password access. Or you can use two-factor authentication or other additional security. The time when you could secure a non-trivial, externally-facing system with just a username and password are long gone.

User Experience Disasters

This week’s episode of my podcast Beneficial Intelligence is about User Experience disasters. Danes consistently rank among the happiest people in the world, but I can tell you for sure that it is not the public sector IT we use that makes us happy. We have a very expensive welfare state financed with very high taxes, but all that money does not buy us a good user experience.

Good User Experience (UX) is not expensive, but it does require that you can put yourself in the user’s place and that you talk to users. That is a separate IT specialty, and many teams try to do without it. It doesn’t end well. Systems with bad UX do not deliver the expected business value, and sometimes are not used at all. A system that is functionally OK but that the users can’t or won’t use is known as a user experience disaster.

We have a web application for booking coronavirus testing here in Denmark. First you choose a site, then you chose a data, and then you are told there are no times available at that site on that date. If a UX professional had been involved, the site would simply show the first available time at all the testing centers near you. We now also have a coronavirus vaccination booking site. It is just as bad.

As CIO or CTO, some of the systems you are responsible for offer the users a bad experience. To find these, look at usage statistics. If you are not gathering usage, you need to start doing so. If systems are under-utilized, the cause is most often a UX issue. Sometimes it is easy to fix. Sometimes it is hard to fix. But IT systems that are not used provide zero business value.

Listen here or find “Beneficial Intelligence” wherever you get your podcasts.

Beware of Data Collectors

The days of untrammelled data collection “for the common good” might be ending. At least the watchdogs are yapping a little louder, as a new court case in London shows. The British National Health Service apparently has a contract with secretive American data analyst company Palantir, and they are being sued by a private privacy watchdog.

I would probably not choose to name my company after the device with which the dark lord Sauron subverted the wizard Saruman. However, the Lord of the Rings reference is obviously lost on investors, who value Palanatir at around $50 billion even though they have yet to make money.

As a CIO, you need to know where your data goes. If you have third parties analyzing them, you need to have someone make an independent assessment of whether you can expect your data to be safe with them. You need to balance the reward against the reputational risk if you are found cooperating with shady operators.