Interesting video on designing programming languages

Yesterday, I started watching this video on programming languages, and it took me over forty minutes to stop watching the video. It’s not because that the video was over an hour long, but rather the subject matter of the video.  It’s a presentation by Brian Kernighan titled “How to succeed in language design without really trying”.  The presentation by professor Kernighan was very well done.  He went through a bit of history with how some programming languages came about, as well as their usees.  He also talked about his time with Bell Labs, and how he, along with two other great programmers, wrote the language awk.  The video had me interested because, for one, I could understand half of what professor Kernighan said, and two, he admitted that he threw the language together out of necessity.  Also, he would, at times, remind the audience of his short comings, such as with functional programming languages, and remembering how to program in C.

Made My Own NES Classic Console

It looks like the NES Classic is sold out every where, and there are scalpers on eBay trying to bilk old fans out of their hard-earned coins.  Now, I don’t want to get an NES Classic on account of owning a couple of the featured games, as well as owning them on the Virtual Console.  But since the lack of want doesn’t stop me from tinkering, I made my own.

It’s quite easy to make a tiny device which can emulate and play NES games; it’s already been a reality for a long time.  In my case, I took a Raspberry Pi 3, got the official Raspberry Pi touchscreen, a case to contain these parts, an old SD card with an install of RetroPie on it, and a Classic USB NES controller.  And just for shits and giggles, I also hooked up the whole thing to a 20Ah battery so that I can play it on the go.

Frankenstein’s fun machine

This was a fun little project, but it does have its setbacks.  The Raspberry Pi, along with the other attachments, draws a good amount of current, and so has a problem with voltage (that’s the reason it has two USB connectors).  Also, if you want good sound, you’ll have to use a different sound output; the on-board audio jack is terrible.  Then there’s the price: this little beauty set me back around $200.  So while the NES Classic will set you back $60, at least that’s an official machine, and has a few bells and whistles.  Still, this device is easily configurable, and I can add as many games as I want.  So it not just plays NES games, but also SNES games.

Dealing With the Internet of Things

The other day, I attended a meeting of the North Texas chapter of ISACA.  There, the information technology veteran, Austin Hutton, gave a presentation on the dangers of the Internet of Things (IoT).  I have written about the IoT and how it can be used to devastating effect.  One of the problems that Hutton talked about is that there are more IoT devices than there are people on earth.   Thousands are being manufactured and sold each day, and each one of these devices can be hacked to assist in an attack.  And the problem is getting bigger.

Most of those devices were poorly designed, and thus have no way of being updated.  The companies who make these devices have thin profit margins, so they cannot afford to make them secure.  In some cases, the manufacturer buy the chips from other companies, so they are not directly responsible for its security.  The average IoT device can be easily hacked: a number of them have easy to crack passwords, or have flaws that were not detected when they were being designed.  There are even programs which can auto-hack some of these devices.  All the hacker needs to do is learn the make and model of the IoT device, select the program, sit back, and gain control over it.  For those devices which are used as intended, they may be doing something illegal.

Hutton gave the example of a Tempur-Pedic bed which can send the user’s data back to Tempur-Pedic for analysis so as to improve the user’s experience.  He then gave an example of someone else (specifically, his 14-year-old granddaughter) sleeping in the bed, and their data being sent to Tempur-Pedic without their permission.  This can be considered breaking the law because she’s a minor.  How would that situation be resolved?  How can we at least minimize the damage from IoT devices?

For one, education.  Though companies are really selling the convenience of IoT devices, consumers must learn how harmful IoT devices can be.  The public needs to learn that these devices can be used to cause harm to our cities, and possibly to themselves.  Recently, the business of a utilities company in Finland was disrupted due to a DDoS attack, resulting in the heating for their customers being disabled.  What if this was the smart thermostats of many of their customers getting hacked?  The attacker could lower the temperatures in these houses, or disable the thermostat, which would be a dangerous situation to homes in Finland during the winter. How else could these devices be attacked?  An attendant to the meeting, David Hayes of Verizon, had one other scenario.

There are utility companies in North America and Europe that use monitors called SCADAs which can remotely control machines vital to a functioning city (one example is the water pumps which keep drinking water flowing through the city).  What if, Hayes suggested, a hacker takes control of these pumps, and threatens to take them offline, or even increases their work to the point of destroying them, unless he is paid $100,000?  Now we’re starting to see the cost of this problem.  This cost will only increase, as malicious hackers devise ways of misusing these IoT devices.

Another way we can minimize the damage from IoT devices is to ensure that your IoT devices can be modified such that only you can control it.  If you can change the password, do it.  Check that a default root password hasn’t been hardcoded into the device.  If you can, find a device that can be updated (though few IoT devices have the capacity to be updated).  On the government side, we’re going to need some form of  oversight.  For instance, no IoT device bought by  the government can lack the ability to be updated.  How about current IoT devices?  There is little we can do about them.  If we’re dependent on them, then it’s going to be difficult to replace them.  Maybe for the average person it’s easy to change their IoT lightbulbs.  But how can a maintenance manager at a company tell his bosses that, due to the threats these IoT devices have to the security of the company, they all have to be changed.  How much will that cost?

This is a growing problem that will grow more as these hacked IoT devices are used to facilitate these attacks.  It is imperative that this problem be addressed now, rather then have some catastrophe occur, and involve the lives of thousands.

Wondering About Risk Assessments

Since I have little knowledge on audits (only from what I learned in college), I have been reading up on the finer details of an audit.  I came across this documentation on the methods of carrying out a risk assessment in an audit.  The article lists three options for performing a risk assessment (though there are many ways of performing a risk assessment).  One way of doing it is by having an outside consultant coming in, looking at what the company wants to accomplish, analyzes the business processes, and determines what their exact risks are.  Another way of doing it is for a consultant to come in, work with management to identify risk, determine the level of risk to the company, and evaluate the controls in place.  The final way, as detailed in the article, is to have an assessment performed by many employees in the company, identifying the possible risk, ensure the controls are in place, and monitor whether the controls are working.  This, though, is meant for an audit of the financial statements.  While it’s true these methods can be used to audit other parts of the company, these are mainly for ensuring that the financial statements are reasonably correct and free from errors.

So how could I apply this to an I.S. audit?  The first step on an engagement is setting the scope and the objectives of the audit.  Then you move on to the risk assessment.  Where to use these methods will depend upon how the company operates, and on the inherent risk to the company.  If the company is more “top-down”, and things are usually dictated from the top, then perhaps it would be better to have a consultant come in, talk with management to identify risk, and perform more assessments from there.  A problem with this, though, is that you may not get buy-in from the lower employees.  At least, that’s what I can tell from such an approach.

As for other methods, well, I’m going to have to eventually learn those in detail.

The Nintendo Switch™: Is this the success Nintendo needs?

So Nintendo has shown off their next console: the Nintendo Switch™.
This machine is a touchscreen with detachable controllers called Joy-Cons.  What a user can do is either play it while the device is connected to the TV, or take it out of the dock, and play games on the go.  The device has a number of controller options, including using the Joy-Con controllers, using a Nintendo Switch Pro controller, and just using the touchscreen.  The whole display will  be in full high-definition, and will probably support multi-touch capabilities.  It has been reported that the device has an nVidia Tegra GPU in it, so Nintendo has switched (no pun intended) to a new graphics card maker, and has moved on from ATI/AMD. It also looks as though the device supports cards similar to those used in the 3DS, but I’m sure it has on-board storage, as well. Now I need to ask the question: why should I care about this device?  I already have a PC which can play a number of games quite easily (maybe not the most recent games at the highest settings), as well as a good mobile phone and tablet. So for the most part, I’m not interested. There is a good number of publishers who are saying they will support the Switch. But what will they actually release on the device?  My guess is that, at first, they will release ports for the device (or games that have been remastered). But then what?  Would Bethesda release the next Elder Scrolls game on the Switch? It’s unlikely, considering that they’ll probably release it for the PS4 and Xbone, and of course they’ll have a PC version.  Maybe they’ll make a smaller version, or perhaps they’ll release the mobile version on the Switch.  If that were to happen, though, why would anyone care?  Couldn’t a user just play the mobile version on their phones or tablets?  How would that version be different? Bethesda may release an Elder Scrolls game on the Switch, but it won’t be a version that’ll be found on the other consoles, that’s for certain.

How about other parts of the device?  Will it have specs comparable to the PS4 and the Xbone?  Probably, however those two consoles already have upgraded versions on the way.  It’s true that they won’t be huge improvements over the originals (supposedly, the PS4k will have support for 4k televisions and be capable of running most games at 60FPS.  But that’s it), but they still have
specs that some big developers will like.  How about the development environment for the Nintendo Switch?  Can one easily take their Steam game and port it over to the Switch?  There were a big number of indie developers who really wanted to port their games over to the Wii U.  But the hardware was just too foreign from their familiar hardware to justify a port.  Thankfully, a number of games (such as Axiom Verge) did make it to the Wii U.  But is this enough to keep the new console afloat?

Among other big developers who have pledged support include the old vanguard of Sega, Capcom, and Square-Enix.  These three are laughable, as they have been hemorrhaging money for years.  Sega has lost millions over the past few years (though more recently they have rebound), Capcom has only been kept afloat by Street Fighter, as well as old re-releases of Mega Man and Resident Evil, and Square-Enix has seen marginal return on their mobile phone offerings (don’t even get me started on Final Fantasy).  What are they going to release on the Nintendo Switch?  How are they going to take advantage of the device?  Probably in the same way as the Wii: release only a small number of games, some re-releases, as well as “test” games, and see whether they are a success.  So it’s unlikely we’ll see some big games from these developers (although the remake of Final Fantasy 7 does not seem far-fetched.  Twenty years too late, is what I think).  Other developers include Konami, Activision, and Electronic Arts, but I really doubt they will release anything worthwhile on the Switch.

There are other developers who do look promising.  Platinum Games is making something, and with their track record with Nintendo, they’ll probably make some great content.  Others include From Software, but my guess is that they’ll port over Dark Souls or Bloodborne, so nothing new there.  Another developer on the list is Nippon Ichi, most famous for their Disgaea games.  What they’ll have is anyone’s guess.  Then there’s Epic Games.  That one is a bit of an enigma: why would they develop for the device?  Why would they care?  I have not a clue what they would make for the Nintendo Switch.

All of this information is wonderful, but the public needs to know other things. As I have mentioned, it needs to have specs similar to the competition, so what the final specs will be is unknown.  How will the games be played on it?  Will they all use cards, or will discs be supported?  What are the online capabilities for the Switch?  Since this is Nintendo we’re dealing with, we know it won’t be as good as the competition (probably little voice support, a gimped messaging system, and no online friends group support).  I’m sure the Switch will be region-free (even Iwata talked about this), so that will be a welcomed addition. But all of this will mean nothing if the software and feature support is solid.

We’ve seen the list of developers who are supporting the Switch, but what other features will it have?  In time, those will be revealed.  But is this something that Nintendo is showing that they are different, that they will listen to their fans, and possibly make the games that some of their fans want?  It’s impossible to please all of the fans, but there has been huge criticism for major Nintendo games over the past year.  Star Fox Zero was critically panned and Super Paper Mario: Color Splash was also criticized.  Let’s not forget how different Metroid Prime: Federation Force is from other Metroid games. So how is management going to be different for the Switch?  Will they be more willing to support third party developers (and I’m talking about actually throwing
money at them to develop exclusive content for the Switch, as well as helping them with developing the games)?  Will they make their online system more open to those consumers who just want to freely converse and play with other, different users? Will they allow for the users a little bit of freedom in Miiverse, to show content that may be a bit more grown-up?  Of course, there will still be moderators. It is doubtful, as Nintendo’s management has changed little since Iwata’s passing.

I feel that, if Nintendo really wants to recapture the consumers they lost to the competition, they will have to change some of the leadership at the top.  Even though they got a new president, mostly what has changed was what departments the current management looks over (most of the titles changed to “deputy <title>”, so they have a deputy director of marketing.  I guess they became deputies when they got a new sheriff in town).  It’s true that Nintendo has been getting younger developers into their company, and did try to find a younger president.  But their leadership cannot be made up of people who haven’t not been able to turn around their sales over the past few years. “A problem cannot be solved with the same level of thinking that created it,” as Einstein once said.

Is it too early to say whether this will be a big-selling machine?  Possibly.  But if Nintendo’s track record, their current corporate structure, and the list of developers is anything to go by, it’s doubtful that the Switch will be a best-selling machine five years down the line.

Research in Developing a Budget for Video Games

Since I like video games, and I know a thing or two about accounting, I thought of writing and recording a video which delves into how the budget for a video game is constructed. I have tried to find out how some major game developers make their budgets, but I have hit a road block. You see, major video game developers rarely give out specific details on how their video game projects are constructed and financed. This is probably due to the reason other studios could steal their ideas, or take advantage of some weakness they may show. It would still be nice to see how a video game is budgeted.

It seems the best I can find is from indie developers. While that is some good insight in how a video game may come together for small-time developers, I would like to see how a large video game developer, and major publishers, figure out the costs associated with development. It looks like that video is going to take a while.

The Problems With the Internet of Things

As more and more Internet of Things (IoT) devices are bought and set up, there is a growing concern for what they can do, in addition to their normal purpose.  The security researcher, Brian Krebs, had his website brought down by a Distributed Denial of Service (DDoS) attack.  The company who formerly hosted Krebs and his security, Akamai, said that the attack was brought on by hundreds of hacked IoT devices (he has since started using Google’s protective services).  This didn’t use reflection or replication attacks, either; it used traditional methods of denial of service, by flooding his site for requests.  Akamai says that this is the largest DDoS they have ever seen.  This brings me to the question: how can we prevent and/or mitigate these sort of attacks?

This attack was brought on mainly by unsecured, un-maintained IoT devices.  More recently, these devices have been manufactured, released, and not updated.  The average consumer of these IoT devices know that the features of the device make it such that one can easily control it from afar, often times with one’s mobile phone.  What they do not realize is that hackers can also break into these devices and use them, too.  Often, the manufacturer will throw in a free OS (such as GNU/Linux), add on their thin, proprietary layer, and sell it.  They do not realize the problem they are creating, as exemplified in the attack on Krebs’ website.

It is true that there is a cost to updating and maintaining these devices.  Which company wants to have a costly developer staff just to update the software on their line of light bulbs?  Then again, which company wants to be known for the product which aided in bringing down Google’s servers?  Either way, there’s going to have to be a way for these devices to get updated.

Usually what a user will find on these IoT devices is an embedded OS like GNU/Linux.  So why not develop a distribution that utilizes open standards and receives regular update?  Similar to Android, yet with stricter guidelines.  A company could, for instance, set up a distribution with safety, compatibility, and interoperability in mind.  They could work with the IoT device manufacturers in making products that work together, and can be updated regularly.  Though let’s not just talk about the manufacturers; the consumer also has a responsibility, too.  (It’s worth noting that there is an embedded GNU/Linux distribution that can be easily built and configured for IoT devices.)

The average consumer of IoT devices will have to learn about the extended benefits of these IoT devices, and they must realize that they come with a much greater risk.  Indeed, one cannot put a simple toaster in the same category as a light bulb which one can control with a mobile phone.  They must be made aware that an attacker can take control of their IoT devices and used for malicious purposes.  This doesn’t mean that they need to be scared into acting, though, because actions made in fear are, often times, poor choices.  They should be informed that it’s possible for this to occur, and that there are forces in place which are trying to counter these attacks.

Going forward, companies that make IoT devices, and consumers of IoT devices, must be more safety conscious, for there are malicious forces in the world who are ready and able to make use of these devices for their own nefarious purposes.

So I wrote a cute screensaver

A few months ago, I found a GIF of Kirby (or rather a bunch of Kirbys) dancing. I thought, This would be even cooler if it was set to music. So I set about writing a simple, little HTML5 screensaver.

In the Cinnamon Desktop for Linux Mint, you can write screensavers in HTML5 (technically, it uses Webkit, but we all know that’s a fancier version of KHTML). So I wrote this, chose some dance music, and had it play said dance music randomly every time the computer screen is locked.

If you wish to see a video of it in action, here it is:

My attempts at watching a video on job hunting

For the past couple of days, I have put off watching this video called “5 Fast Ways to Make Yourself More Hireable”, which was put out by the The Society for Collegiate Leadership and Achievement. When I finally sat down to watch the thing, I couldn’t view it.

I don’t know why I couldn’t view it. Maybe it was my web browser (Firefox for life!), or maybe it was the add-ons that I have active. Even when turning them off, I still couldn’t watch the video. Now, I’m not one to be deterred by a simple browser error. That’s when I looked into the sources of the page.

In the sources of the page was a bunch of Javascript code. Perusing the code, I easily found code snippets (which were nicely marked) that were meant for outside services. I know it’s been a while since I’ve written anything related to HTML and Javascript, but boy was this code obfuscated. I could barely read this stuff.

Anyway, after digging through the muck, I found the actual source of the video: an embedded iFrame. Boy, I didn’t think sites still used those. Still, I was able to watch the video. And hopefully after that, I’ll be able to find the job I want.

Thoughts on Green Finance as well as climate change

I was reading the BBC website last week (like I normally do each day) when I happened upon this article on Green Finance being a big opportunity.  One of the points the author first makes is that capital flows from one advanced country to another, growing economy, with which I can agree.  There is emerging so-called “Green Bonds”.  These bonds are being used to finance projects which are trying to find renewable energy sources or reduce carbon emissions.  The article warns that, when the Green Bonds actually do become more popular, it may be too late, and the projects will not be able to reverse the effects of climate change (the man interviewed in the article, the Bank of England Governor Mark Carney, said that Green Bonds only represent 1% of global financial institutions, so growth is going to take a while).  What’s stranger, though, is that he makes the comment that they shouldn’t grow too fast, that it could “materially damage financial stability.” I take this to mean that, even though these countries really need to cut their carbon emissions, the change to renewable sources may be too costly.  The cost of this change could be in researching how to better implement these new sources of energy (or other renewable resources), or the cost could also be in time, as setting up these sources and integrating them into a manufacturer’s processes will take time.  And machines the size of whole countries move slowly.

The article also talks about Carney urging businesses to disclose the risks that climate change pose to their businesses.  This part makes me ask: how does one exactly do that?  While a business can chart the rising cost of fossil fuels (due to the rising expense of drilling and refining oil), how does one exactly measure the impact of smog or carbon emissions?  It’s true that there’s a health risk to smog, and green house gases are leading to higher sea levels.  But how does this impact business?  Could they show how the change in weather affects their business?  One might be able to calculate the damage severe weather poses to their factories, e.g. flood damage, hail damage, and hurricane damage.  Another way could be to simulate how smog affects the company’s workers in a dirty city.  But will the numbers they calculate be close to reality?  Or will they have to give a qualitative answer to the problem?  From what I’ve read, some organizations and governments have been able to calculate how much climate can cost.

In any case, climate change is going to be very expensive for businesses in the future, and it’s about time we started investing in a plan to mitigate this disaster that’s waiting to happen.