Review: Fab, The Coming Revolution on Your Desktop
Fab is an interesting book by Neil Gershenfeld. It chronicles a class Neil designed and taught at MIT called "How to build just about anything" and then some "field experiments" where they take some industrial fabrication equipment, make some easy to use software and deploy it to various communities around the world. Very similar to Hole in the Wall.
It's an easy read that you'll blaze through. The basic idea is that if you give people tools to build stuff, they will build stuff and in general in the world, that ability to fabricate tools and various other artifacts is probably a lot more important than something like internet access or DRM. Further, the people who want to build things aren't always the people you think as Neil's class was filled with non-engineers. I'm not sure the MIT campus is a good sampling of the public though.
To be fair and critical though. A lot of the work is kind of swept aside. Giving someone a sign cutter gives them a tool to produce circuit boards but actually building a useful set of circuits and debugging them is a different kind of problem. Maybe I'm a bit pessamistic, having seen the industry work and done my part to debug custom hardware in the past.
It's still an interesting read and an optimistic one. I couldn't help but think Neil swept a lot of the complexity and difficulty away as he wrote it to make it look easier than it is but I also kind of wanted to have access to one of his "fab labs" to play around with stuff.
technorati tags: book, fabrication, fab, gershenfeld,
The VA and Bureaucracy
So it has been awhile since I blogged. Sorry! So anyways I have been following the security breach that happened to the Veterans Affairs (VA) with interest. For those of that do not know, basically a VA worker had been taking veterans data like SSN and name etc, home so that he could work on his project from home. What happened was his laptop with USB drive got stolen from his house and the VA data went with it. No one knows what if anything happened to the data but it does leave millions of veterans open to identity theft. More info here.
This is near and dear to my heart as it was one of the first projects that Tate and I worked on. The project was at the time the largest Certification and Accreditation (C&A) process for the federal government was happening at the VA. Tate and I jumped onto a contract with a company that had head count and we were off to Virginia for training. Now for those of you that do not know, the C&A process is very large and detailed. It is created and kept by the National Institute of Science and Technology (NIST) and is the process all federal agencies need to follow to be compliant. The documents themselves are actually really well written and freely available. Basically the C&A process is summed up as this: develop a policy, test against it, determine risk points, and then remediation plans. The certification part is where the auditors, audit against the policy and the standards set by the C&A documents. The accreditation part is where the big hunchos of the agency either accept the risk and keep their IT going or stop it until the risk is remediated. This process was what we were "thinking" we were getting into. At this point we did not have C&A experience so this was worth it for us.
Ok.... so we get to Virginia and start what we thought was going to be some hard security work. In fact the company we were working under thought that our skill sets might not be up to par enough.... We had to go to a meeting with all the auditors and the VA staff where they were going to let us in on the work involved and this is where we had our first exasperating moment on this project. The main person involved on the VA side stands up and tells us this is the biggest C&A process ever and blah, blah......Oh yeah, no one other than VA personnel is able to touch ANY computer either physically or virtually! Wait a sec! I still remember the whole crowd of 200 or so auditors all collectively looking around and I think some people in the back row made a run for it at this point. Everyone was thinking exactly what you are thinking at this moment, how can you test "technical controls" without actually testing... Well they came up with the answer, which was to pair us up with our very own set of VA hands, still attached to a VA employee at each site we visit. Yup, now instead of us actually typing and testing a computer we were supposed to relay commands to a VA staff person and they would type it in! Sweet, I can give my carpal tunnel a rest and set my jaw wagging. I can just see it now, "Oh look, it looks like this computer has some malware. Click here, load this tool, select this hex field and check the registry....NO NOT THAT KEY! Run!"
Right about this time the second bomb shell went off.... The guy up front promptly says that all test results we collect are to be given to the VA. This makes sense as it is their computers and they are entitled to our analyzed results right? Wrong! The guy corrects himself and says that the results are not to be analyzed by the auditors but by VA personnel. Hmm...so at this point I am not touching a computer nor am I analyzing the results for risk or what is wrong. Something seems very broken about this process at this point.
In the next part I will explain the next day and our first site experience. In reading this I am sure you are now not surprised to hear about data breaches and lameness on the part of the VA. After all they pretty much subverted the C&A process to insure they pass.
Review: The World is Flat
Quite a fascinating read, it reads very quickly. Friedman is great columnist, one of the ones I regularly read and in this quick read he breaks down globalism, consumerism, technology, insourcing and outsourcing very nicely. It's not an academic work and it's not journalism either but Friedman's style tends to be somewhat (at least as I read it) fair in his treatment of the issues. For example he talks about the good things and the bad things Walmart does and he doesn't come across as if he has a strong stance one way or the other, he simply presents some things and the various good and bad sides; so long as you see globalization as something that is happening rather than something we might stop or do away with. If you're a protectionist you might disagree with the whole thing..
I like the allusion, leveling the playing field in a grand scale is really flattening the world. It's definitely a worth while read if you conduct business in today's world.
I've been too lazy
So this is totally skag, knocking off someone else but I was pleasantly surprised.
Do this, with GNU Grep:
export LESS=-R
export echo $GREP_OPTIONS=-i --with-filename --color=always
The -i and --with-filename might screw some scripts up but I'm sick of typing them.
