Clean Coal No Longer a Pipe Dream?

A new coal technology may be able to provide commercial electricity without emitting dangerous greenhouse gases.

Every one knows that climate change is a huge problem. If you don't think it is a problem then you are more in denial than the Swiss were during World War 2. But in addition to warming global temperatures, more intense hurricanes and desertification, we face the problem of ocean acidification. Very simply, the increases in atmospheric CO2 is turning the world's ocean (and lakes and ponds) into carbonic acid. The acid is dissolving coral and shellfish, disrupting the ecosystems that depend on those animals. Even climate change deniers can't deny acidification.

Solar and wind are getting cheaper and cheaper. But we still face the problem of how to run our TVs and microwaves when the sun doesn't shine. We also don't have the electric grid infrastructure to get the power from remote solar cells and windmills to American homes.

The coal industry has been pushing carbon capture technology. The emissions of coal fired power plants would be cooled down and passed through a solution which would bind with the CO2. But the world burns more than 8 billion tons of coal annually and this capture process is extremely expensive.

But there may be hope! We may have true clean coal technology soon! A group of researchers is in the process of commercialing coal direct chemical looping. What is that? Well, think about a fuel cell car. The hydrogen is not burning in a fuel cell. It is being oxidized, but it there is no fire and no loss of energy to heat. Instead the energy released is turned straight to electricity. Direct chemical looping is like that but with coal.

Very, very exciting. This technology may allow people to continue to use an extremely cheap, plentiful fossil fuel without causing further global warming.

Why no recent updates?

Good day to all of my loyal (and disloyal) readers! I must apologize for the lack of recent updates. I started a new job at the beginning of April. I am managing Comodo Certificate Manager, an enterprise software platform for issuing, installing, and revoking SSL Certificates (for those of you who don't know what is, they enable secure e-commrece).

The job is awesome, but it has been a lot of work to get ramped up on the organization and technology. Even worse, I have had to move to New Jersey (without a car) and have to deal with the time sink of NJ Transit. When things settle down, I promise to post more awesome stuff for you guys!

UPDATE: Next Gen Credentials

UPDATE: Recently, I posted some musings on fixing the issue of too many passwords, security and next gen credentials.

It turns out that there is another approach I was unaware of: Behavioral Biometrics. Here's the idea. The system will confirm that the user is who they say they are by the way that they type, not by their password. The concept of using behavioral biometrics for authentication is nothing new, but prior approaches use the typing style as a secondary credential in multi-factor authentication schemata. I.e. a user would both need to know a password AND type it properly.

Obviously, the two-factor scheme would be more secure and not solve the remembering-passwords issue. The biometric only scheme would solve that issue, but would it be more secure than password authentication?

Aside from the problem of false positives (granting access to an unauthorized user), the more likely issue would be false negatives. It isn't clear to me that everyone types in a way that could be consistently recognized all the time. Perhaps for trained stenographers, but what about non-touch typers? I don't touch type. Rather I hunt and peck rapidly and inconsistently. How would a system recognize my style? Perhaps the algorithms are sufficiently robust. Perhaps these systems will only be adopted in situations (such as the NSA) where security is prized above ease-of-use.

It makes me wonder, though how robust these approaches are. Could an attacker watch someone type and mimic their style? Probably, but an attacker who could do that could more easily discover the password by watching.

Identification by behavioral biometrics was pioneered by authorities in Big Brother Britain (which has installed around 4 million cameras to spy on its citizens). British authorities use gait recognition, a computer vision technique whereby software identifies users by their walking style.

Ironic that security firms are using these techniques to secure people's personal information whereas Britain is using them to invade privacy.

A Brief Primer: Hackers and Hacking

Hacking is a serious problem that should be taken more seriously. This primer should help the technological beginner understand many of the issues.

Note that there are two definitions of hacking:

1. Informal engineering
2. Software based attacks on computing resources, usually using network infrastructures

This article concerns definition #2

Script Kiddies at Play

Much hacking has been the domain the domain of so called script kiddies. These mischief makers often have minimal technical skills. Instead they use freely available tools to break into poorly administered websites. They are not terribly organized, malicious, or dangerous.

Hacking Inspired by the Godfather

Criminal organizations hack for profit. Often they steal financial data, send spam, or commit click fraud (automatically click ads into order to earn ad revenue). They use malware such as viruses, worms, and trojans to hijack consumer PCs. Once they gain control of a PC, these groups link the machine up to a botnet, a group of hijacked machines that coordinate. These botnets usually consiste of more easily hijacked windows machines, but are often led by higher-powered hijacked Linux machines. Another technique criminals use is phishing, deliberately misleading someone into giving away their user name and password. Usually, this is done by presenting the user with an email or webpage that appears to be from a reputable online bank, retailer, or service provider. When the user enters their password, the criminal stores it and exploits the user later. This technique can lead to illegal credit charges, bank transfers, and even identity theft. Sometimes the thieves use social engineering or active impersonation to deceive users (over the phone or in person). Estimates of the cost of these cyber-crimes range from the low billions to $1 trillion. The true cost is probably somewhere in between.

Hacking Inspired by MLK, Ghandi, and Mandela

Hacktivists constitute another category of hackers. These collectives view hacking as a form of non-violent social or political protest. Anonymous is by far the best organized, most famous, and most capable such collective. One of the most common techniques used by Anonymous and other hacktivist organizations is the distributed denial of service attack. This form of attack sends so many requests to a server, that the server cannot handle legitimate requests. Many hacktivists have argued that DDoS attacks are legal. Another common hacktivist strategy is to steal data or hijack a website in order to humiliate its target. One of the most dramatic hacktivist actions occurred on live television. Anonymous announced that it hacked the infamous Westboro Baptist Church while the organizations' representative debated live on air.

Hacking as Patriotism

Recently, there have been many controversial reports regarding state sponsored hacking. Although not 100% confirmed (approximately 99.99% confirmed), these hacking incidents are particularly scary for two reasons:

1. Nation states have an order of magnitude more hacking resources
2. Nation states may attack enemy's critical infrastructure

More on state sponsored hacking upcoming.

Chinese State Sponsored Cyber Attacks and Our Response

First, if you are unfamiliar with the basics of hacking, check out my previous post. Stay tuned for more specific info on how to secure your business.

Executive Summary

The Chinese State has been hacking U.S. and multinational companies, stealing valuable intellectual property. Businesses must take software security seriously, investing more resources in locking down computers and networks. The U.S. government should strike back at this Chinese aggression, disabling Chinese Internet censorship, and shedding light on Chinese government atrocities.

 

Chinese Cyber Attacks

Mandiant Corporation recently released a report on coordinated cyber attacks by the Chinese on large U.S. businesses and other organizations. The report raised lots of alarm bells and rightfully so. So what should we do about these attacks? We should respond in the name of liberty.

Sitting on our hands is not an option.

The detailed, well-written report focuses on APT1, the largest Advanced Persistent Threat to face American companies. APT1 is far more than a few script kidding with fast broadband. Mandiant presents a large body of evidenced that this organization is, in fact, Unit 61398, the cyber-warfare unit of the People's Liberation Army. This report was released in the wake of a New York Times article detailing a four month intrusion into its systems. The Washington Post reported a similar incident. The papers believe they were targeted in retaliation for less than favorable stories they ran on Chinese Prime Minister Wen Jiaobao.

Mandiant Corporation discovered those attacks and repelled the attackers. Their research has uncovered more than 140 total hacking incidents perpetrated against international organizations by APT1–most of them relatively sophisticated. The attacks originated from Shanghai and required a huge number of computing power and manpower. The pattern of attack used by APT1:

1. Launch a spear phishing attack to acquire the password of a member of the target organization
2. Use that user's credentials to load malware into his/her computer
3. Leverage that malware to infect other systems in the target network
4. Transfer a huge amount of intellectual property (often terabytes) back to APT1's servers
5. Wash
6. Rinse
7. Repeat

The APT1 attacks were largely to steal intellectual property. This should be no surprise to anyone. China has written its laws so that foreign companies must partner with local firms in order to do business there–largely so that foreign companies will have to share IP in order to access China's burgeoning labor or consumer goods markets. Of course, these hacking incidents are far more sinister.

Who knows how far China will go? By one account, Chinese officials have already used stole IP to blackmail a corporate boss. What's to prevent China from attacking critical infrastructure? If China invades Taiwan and the US responds, might China be willing to take down the systems that operate the US power grid? You bet your sweet ass they would.

See no evil. Hear no evil. Hack no evil.

The Chinese government claims to have no knowledge of any attacks calling the Mandiant's report a fabrication. How beleievable are China's claims? Not very. Attacks of that magnitude could only have been carried out by a large organization, either a government or a large corporation., their location makes it nearly certain that they were at least tolerated. Furthermore, the Chinese government keeps a tight reign on their network. They use deep packet inspection in order to spy on and censor their own citizens. They maintain such tight control of their networks, and they didn't notice such large scale hacking happening in Shanghai? Yeah, right.

So what should we do?

Obviously, defensive measures are de rigueur. The Department of Defense, Central Intelligence Agency, and National Security Administration and many other government agencies have taken IT security seriously for a while now. Of course, the Chinese have chosen to attack the weak underbelly of U.S. corporations whose investors and management don't understand the threat. U.S. businesses need to get in the game. Firewalls, security policies, threat modeling, application security, data encryption, penetration testing, and more. If you don't know how to secure your networks, applications, and data, learn fast. Stay tuned for some specific information on how.

But are defensive measures enough? What we have here is a cyber-war. Or some would argue that cyber-espionage is a more appropriate term. That's all semantics. It doesn't matter what it's called. We need to fight back. Even if the group launching these attacks is not directly associated with the government, it is being sheltered. Remember, the Afghan government did bomb our embassies, but they harbored those who did. The U.S. government ignored the attacks, and a few years later, the thousands died in the 9/11 attacks. We don't know how far China is willing to go.

The NSA, CIA, and military cyber operations should strike back. But how? They attacked our businesses and stole valuable intellectual property. We could respond in kind, but we don't want their IP. What would we do with it anyway? We could escalate the war by taking down their infrastructure, grounding their airlines, stopping their trains, or take down their data centers, but that would achieve little.

Hacking for Liberty

We should steal embarrassing Chinese state secrets and use them to further its citizens liberty. China's government treats its citizens horribly. Those who seek redress are sent to labor camps, tortured or even executed. Rule of law does not even exist. Corruption is rampant at all levels. Rich public officials demand bribes from even the miserable poor.

China has gone to great lengths to keep its citizens in the dark regarding these injustices. The formal press is state run and the Internet is completely censored. We should use cyber operations steal data on all of China's injustices and corruption and give it to the press. Furthermore, the Chinese people are completely cut off from the press by Chinese censors, so we should change that. We should take down their censorship infrastructure and shine rays of light on their darkest secrets so that their citizens can demand justice.

What would happen? Certainly, this activity would raise Chinese awareness of their government's despotic nature. And this would foment change. Whether the change would come fast as in Egypt or slowly as in Myanmar, I do not know, but change would come. Change will come anyway. As China's population journeys from subsistence living to middle class, it will demand not just prosperity, but freedom. The first American colonists made this journey and these demands in the 17th and 18th centuries. Liberty is one of the cornerstones of American foreign policy. Recently, the U.S. has attempted to spread democracy in the Middle East. The imposition of democracy by ground troops failed. Many died, and the U.S. economy was gravely injured. But we have met success in Egypt, Libya, and Tunisia by supporting dissidents. The Chinese government is stronger than those Arab dictators, but the prize is bigger. First, in China, unlike in the Middle East, no violent, fundamentalist religion holds sway. The downfall of the Chinese Communist Party would certainly mean democracy. Second, the Chinese economy will be the world's largest by 2030. It is crucial, that such a large influential country be a force for good.

Of course, the U.S. is likely responding to these attacks as I am writing. If nothing else, security is being tightened in datacenters all over the country. Perhaps, agressive counter-attacks are happening. We won't know the details for years if ever. We'll continue to follow this fascinating story as it unfolds. Loyal readers, keep your Internet dial tuned right here for updates.

Takeaways

1. The Chinese Government is operating large scale attacks on US business
2. China denies everything
3. Lock down your business! SECURE SECURE SECURE
4. The U.S. government should respond by hacking back
5. China's human rights abuses should be exposed to all
6. The Chinese people should not be kept ignorant by their government any longer
7. Hacking can be used as a tool for freedom

Telecommuting, Marissa Mayer, and the Workplace of the 21st Century

Should businesses allow telecommuting?

Fair disclosure: I have lobbied in the past for Apple to buy Yahoo!. I still hold that position. But what to make of Marissa Mayer's new no-telecommuting policy?

Marissa Mayer, CEO of Yahoo!, former Vice President at Google, recently announced a no-telecommute policy at Yahoo!. She has stirred up a lot of controversy. Notably, Forbes supports the ban arguing that face-to-face collaboration will foster innovation. Richard Branson argued that employees need to trust each other enough to work remotely. Many argue that for the good of parents and kids, parents need to be able to work from home and raise children.

Q: So who's right?
A: They all are.

Marissa Mayer and Forbes are right. Often a five minute conversation can resolve an issue that would require a 16 email chain. Videoconferencing can help to resolve acute issues that come up. But communication latency, compression artifacts, and limited resolution all hamper creativity. Have you ever successfully brainstormed remotely? It can work, but the not as well. Similarly, a lack of water-cooler time can prevent a cohesive culture from developing. Those cultural HR campaigns and marketing materials do little. I do disagree that working remotely damages trust. I have worked remotely with some consumate professionals who I would trust with my toughest projects. Similarly, I have worked in person with morons who barely understand their own jobs or sociopaths who try to push all of their responsibilities on others. Trust comes from competence and forthrightness, not from co-location.

Richard Branson is right, too. I personally enjoy the human aspects of my job. I make it into the office whenever I can. But I can't always make it in. Like every human being, I get sick. It's nice to work from home so that I don't have to use my PTO. Without the ability to work from home, employees will go to work sick and pass germs on to colleagues. My girlfriend and I used to live several hours away. Without the ability to work remotely one day a week, we wouldn't have been able to maintain our relationship. Surprise, Ms. Mayer! I would have chosen my girlfriend over my job. As a talented, in demand engineer and product manager, I have no shortage of recruiters emailing me. I am sure that Yahoo!'s top talent have many opportunities, too. I am sure that many busy parents are currently considering how to achieve a better work-life balance.

So what's a CEO to do? How to achieve the TAO of telecommuting?

First, blanket, no-telecommuting policies will be harmful in the long term. Those talented Yahoo! employees who want to telecommute will leave. Period. But how to achieve a common culture and foster creativity while facilitating a good work-life balance for all employees? Like anything else, develop a detailed, pragmatic plan.

All jobs should be classified into telecommuting bands, similar to the job levels many companies use to grant vacation days and other perks. Everyone needs to spend some time in the office. Yes, even that sysadmin who lives in another state and only needs an Internet connection in order to monitor the database and restart the servers. The company should fly him in for one week a quarter, do some knowledge transfer, and do some fun morale building activity. Others may need different amounts of time in the office. For example, an engineering manager may need to spend four or five days a week in the office. An engineer may only need to spend three days. A receptionist could not ever work from home.

Maximize productivity and creativity

My mother always told me You catch more flies with honey than with vinegar and the old proverb is true. There are much better ways to foster creativity, productivity, and a vibrant culture than to force people into the office. Encourage employees to take an ownership stake in the success of their team, division, and company. I'm not talking about a financial stake. Those incentives don't work as well as you think. Allow workers to work on their own projects with an 80/20 policy or a 24 hour ShipIt contest.

Yahoo! and Telecommuting

I can't promise to understand all of the cultural and organizational issues at Yahoo!, but I'll donate my 2 ¢ to my noble bog readers anyway. Marissa Mayer has kept a high profile for a CEO. She has nearly five times as many hits on Google as Yahoo's founder, Jerry Yang. Certainly this announcement has generated a lot of publicity for Yahoo! of late. There is a good chance that lower level Yahoo! managers are already allowing their most valuable direct reports to violate the policy lest they walk. This policy may also die quietly. I do also think Yahoo! needs a shake-up. Its communities, Yahoo! groups and Flickr have been languishing in the wake of Facebook, Instagram, Tumblr, and the like. The temporary energy generated by this policy might work.

In the end, though, Yahoo!'s problem isn't policies, it's talent. Google has been purchasing the best engineers, scientists, and product managers for years. My best computer science professor left a high profile tenure track position at a top 25 university to take the Google money. Yahoo! shelled out a nice chunk of change to Ms. Mayer, but she won't transform the company on her own. Does Yahoo! have the money to buy the best and brightest? All the more reason for Apple to acquire the iconic Internet portal.

Supreme Court Appears to Back Monsanto in Patent Dispute

I updated you guys yesterday on a fascinating case before the Supreme Court. As you have probably figured out, I am leery of the extremely broad legal protections given to IP in this country. I felt that the case was important enough that I posted it both to my political blog and to my tech blog.

Let's have an update on the arguments.

According to the New York Times, the arguments in Monsanto vs. Bowman seemed to go the way of the giant chemical and agricultural company. Apparently, the attorneys for Monsanto were allowed to speak at length whereas Mr. Bowman's attorneys were shut down. The justices outright told Mr. Bowman that the legal basis for his defense, namely the doctrine of patent exhaustion does not apply.

Although it seems that Bowman is unlikely to win outright, SCOTUS observers have been wrong before. The court may decide the case on narrower grounds that would not have pose such a huge threat to our long-term agricultural stability. Justice Breyer appeared to open the door for an exception with his comment "maybe three generations of seeds is enough", but it isn't completely clear what loophole that would allow. Perhaps the court could rule that Mr. Bowman intentionally planted seeds that he knew contained the genes resistant to Monsanto's herbicide Roundup, and there broke the patent. Perhaps if a farmer planted the seeds without any intention of using the patented seeds, then the patent might not apply.

Stay tuned for a ruling.