Eleven Years, Over a Million Page Views

I started writing this when I got my motorcycle license in my early forties. The first post was in March of 2013 when I decided to get my learner’s permit. From there I’ve tried to (as honestly as I can) describe my motorcycling experience. In that time I’ve gone through a bewildering array of bikes as I’ve figured out how I was going to enjoy this hobby. I noticed that the blog has just passed a million views (and messed up the odometer styled page counter), so thought it time for a review. Where have I wandered in the past 11 years of motorcycling? It all began with my Mum’s passing and an opportunity to ride without panicking those around me.


The First ’07 Ninja 650 seemed like a logical starting bike. From there I got my first fixer-upper in the form of a ’94 Kawasaki C10 Concours. Getting that out of a hedge, sorting it out and putting lots of miles on it felt like a big win, but I was still learning and when the carbs went on me, I lost the plot with it. That’s one of those ‘Costanza moments’ when I wish I could have a do-over – I’ve got the tools and knowhow now to sort them out!

The KLE dual sport was too small for me (couldn’t get me to 100kms/hr which is dangerous on our increasingly crowded and impatient local roads), so it came and went. I also dabbled with an old Yamaha XS1100, but never got it road worthy so it doesn’t make the list. Then there was the PW80 I got for Max which he wanted nothing to with, so it came and went. Neither of them cost me anything (I broke even on both) so, whatever.

With the Concours acting up and a dead Midnight Special in the garage, I was prompted into the ’03 Triumph Tiger, which has been my longest serving machine (currently at 8 years and over 40,000kms travelled). The Tiger filled the gap for a long time and let me drop both the Yamaha and the Kawasaki. While the Tiger performed regular riding duty I came across a Honda Fireblade that had been sidelined for several years, got it for a song, fixed it up, rode it for a season and then sold it on for a small profit, which felt like a win.

During the early days of COVID the Tiger started acting up and I came across a 2010 Kawasaki GTR1400/Concours 14 for sale with low miles that had also been sidelined in a shed. I sorted out this complex bike and once again felt like my mechanicking skills had levelled up. With some extra contract work I’d done and the money from the Fireblade this step up to something more expensive didn’t eat into savings.

The C14 and Tiger are both still currently in the garage. In 2021, as COVID lingered, I came across an opportunity to try a vintage restoration. I had a choice of several bikes and took one that was the furthest gone, which in retrospect was a mistake (don’t get cocky, right?). I cleaned up this ratty old chopped 1971 Bonneville and got to the point where it sat in the corner of the garage because I’m too stingy to throw money at it. Lesson learned: if you want to go vintage, be prepared to pay through the nose for it and wait a lot for parts availability.

I let the Bonneville go this spring for what I paid for it (minus the new parts). It was a loss but it gave me something to do while the world stopped and I learned a lot. It was fun doing an archeological inspection of a machine that was almost as old as I am.


What’s next? I’ve never owned a new bike before. Following my shear perversity in terms of motorcycling, I’m tempted by a Moto Guzzi V85 TT. Partly because of the character, partly because I think they’re stunning and partly because it’s so not everyone else.




If it’s a black Ninja it’s 13 years ago, but 
whatever, Facebook.

I noticed the other day that the blog has passed a million page views. It took since March of 2013 (when I started riding) to pull it off, so that’s just over 11 years, but a million is a bigger number than most people can conceive. Over the 4083 days this blog has been up it has averaged over 250 page views every day, which feels good. It provides information for people looking for details on some of the mechanics I’ve tackled, and it also gets good pickup on travel stories and bike tech. I’m hoping more travel stories are in the future.


Another story that popped up recently was the ride around Vancouver Island ten years ago. That would be the first time I rented a bike while away from home. It led to the Island Escape story in Motorcycle Mojo. What isn’t mentioned there is that prior to my wife’s conference we also rented scooters and went for an adventure to Butchart Gardens in Victoria.

More travel opportunities like that, or Max and I’s ride through the Superstition Mountains in Arizona, or down to the Indianapolis MotoGP race would be fantastic, it’s difficult to find the time though.


The other day I thought I’d get into the throttle controls on the Tiger and clean and lubricate all the bits (if you read this regularly you can guess where this is going). Everything plastic on this 21 year old bike is brittle and yep, the throttle cable adjuster broke. I’ve jury rigged a solution, but like everything else on this bike, finding parts is becoming ‘vintage difficult and expensive’, even though it’s anything but.

My biking decisions might be made for me if we decide to move. If we downsize into a condo or something without a garage I’d be tempted to clear the deck and get something new. At that point having something that someone else has to work on while it’s under warranty would make sense. I don’t know how long I’d be happy with no working space, but perhaps I’d end up getting in with a shop coop and having some space in a shared garage somewhere. My approach to motorcycling is quite isolating. A change in circumstances might be a good thing.
If every time I touch the Tiger to do maintenance (it needs regular TLC) the parts crumble in my hands, I don’t know how much longer I can keep it going. I’d really like to get it to six figures but beyond that I’m not sure – perhaps turn it into modern art?
I’m still also keen to pursue trials riding and perhaps long distance enduro with an eye for finishing rather than beating up machinery to attain top speeds. I’d do track days but I live in Ontario, which doesn’t make access to things like track days easy in a any way. Likewise with the off roading. It’s about, but it’s sporadic and they make it as difficult as possible. Living somewhere else might open up motorcycling opportunities that feel out reach here in the overcrowded and increasingly dark heart of Canada.

from Blogger https://ift.tt/eI29MAT
via IFTTT

Prioritizing Work and Saving My Patience for What Matters

I was talking to Alan Seeley on email who now writes for Classic Bike (UK) Magazine. I told him about the s*** show that was trying to order used parts from eBay to keep the old Tiger in motion. He put me in touch with Chris Jagger and also put my issue into the letters section of the magazine. Chris’s advice is that there are weak points on these bikes and as they age they get retired because of the lack of support. If you’re going to take on a Hinkley Triumph, even a relatively recent one, don’t expect the kind of support you’d get from other manufacturers.

I’ve sorted out ’90s Fireblades and Honda never blinked when I was looking for parts. Suzuki is legendary with how they look after their engineering history, and Kawasaki has also been nothing but solid when I was working on older machines. I actually found it easier to find parts for a 53 year old Meriden Triumph than I have with much newer Hinkley machines. I’ve said it before and I’ll say it again, for a company that markets on their history so heavily, Triumph vanishes when it comes to providing parts support, even for recent machines.

I took Chris’s advice and went looking for backup used parts. This time around I found a throttle body that looked like it has spent some time in an archeological dig, and it arrived in a beaten up box but this time the seller padded it well and the plastic bits were intact. I cleaned and dismantled the unit and now have spare throttle bodies, fuel injectors and a complete idle control housing along with all the other odds and ends.

When I put the Tiger back together I tried putting pins in the broken wires on the fuel sender but it didn’t work. I got a replacement fuel sender, but this time from a US eBay parts provider. I foolishly thought the shipping would be less but eBay surprised me with a surcharge on delivery that was 3x the shipping costs. Both the throttle body and the fuel sender came in on the same week. The throttle parts were much bigger and heavier and came from the UK with no surprise surcharge and the shipping cost was 30% lower. The moral here? Don’t buy used parts on eBay if it’s from an American based seller – you’ll get caned by US Post surcharges. No so with UK suppliers.

The good news is the new part works well, but not without other teething problems. That age of this bike is really starting to show. The wires had broken in the sender unit but unbeknownst to me they’d also broken on the other side of the connector, so when I first plugged the new unit in I got nothing. After taking the tape off I discovered the broken wire, cut off the connector, crimped on new plugs and it works a treat.


While I was waiting on parts I pulled the valve cover and checked the valves just to make sure they weren’t what might be causing the stalling and hesitation.


I’d last done this perhaps ten thousand miles and a couple of years ago – everything was still within spec. It’s an afternoon to do it but worth knowing that the valves aren’t the issue. That also gave me a chance to go over the seals on the airbox and pipes, clean and check the spark plugs, put a spacer on the throttle return to stop it stalling and wire in a bypass to the battery so it’s showing 13 volts when running now (the wiring for the battery is byzantine and loses voltage over time). I also rebalanced the throttle bodies while I was in there.


With the new fuel sender in, I’ve had the Tiger out multiple times over the past week. It doesn’t stall! It starts reasonably easily, Shows 12.8-13.2 volts when running (it used to hover around 12), and the throttle action is close to what it was before things went sideways.

How am I able to apply such patience to the Tiger? I sold the Bonneville!  Got what I paid for it and took a hit on some of the new parts I’d purchased, but with it gone I’ve got more room both in the garage and in me head to work on the Tiger.

The old Bonnie was interesting to work on during COVID but I’m still young enough to be motivated by riding rather than spending endless days in retirement hunting for expensive parts and installing them. Having two frustrating Triumphs was one too many, and since the Tiger’s going to start demanding engineering rather than just mechanics if I want to keep it in motion, it was time to let go of my first attempt at (the eye wateringly expensive world of) vintage restoration. I like my projects to be more recent sidelined bikes – the ’97 Fireblade remains a highlight (that I made money on!).

The Bonnie project had stalled out when I realized I was a grand in on new parts and nowhere close to being able to ride the thing. In retrospect I should have picked one of the other running options, but I went for the romantic Triumph option… and regretted it. An alternate reality Tim went for the BSA trials bitza and is deeply involved in vintage trials right now.


Links & Pics

Valve cover off on the Tiger. It’s pretty easy to get into – other than having to wiggle the cover out the right side under the frame – which actually caused problems on the reinstall when the gasket didn’t sit right and the bike barfed expensive synthetic oil all over the garage floor when I restarted it- but I’m not going to mention that in the blog.


With the Bonnie and bits gone, there is much room (both mentally and physically) to get on with keeping the Tiger in motion. The Kawasaki remains rock solid.


Used on Triumph models up until  four years ago – they don’t make these any more.


I’m taking the broken one to bits and measuring all the bits. I currently have two plans: 1) digitally 3d model the part and look into 3d printing options with fuel proof materials. Nylon filament printing seems to be the fuel-proof material of choice. Lots of services out there. 2) is to build my own copper/steampunk version of this plastic bit using copper piping and fittings.


My pins in the connectors attempt with the old fuel sender didn’t cut it.


I thought the C14 might have an oil leak, but it turned out to be the oil in the fairing after the spring oil change. After a thorough cleaning it’s running like a (oil tight) top.


Here are some details on the voltage fixes for 955i Tigers. Running the wire from the reg/rec to the battery was straightforward:


Sasquatch voltage fix:

https://tigertriple.com/forum/index.php?topic=3843.75  is lost to the internet (those Hinkley Triumph support forums are dying out).

https://www.advrider.com/f/threads/sasquatch-link-please.1267616/

https://www.advrider.com/f/threads/tiger-electrical-upgrades.496199/

Reg/Rec update:

https://www.triumphrat.net/threads/charging-system-diagnostics-rectifier-regulator-upgrade.104504/


This is the Fuel Level Sender: Part Number: T2400526 that needed a swap…


Thanks to the massive shipping surprise it would have been cheaper for me to buy this new from a dealer (assuming they haven’t discontinued it). Don’t buy used parts from U.S. based eBay parts providers! It’s not their fault, but eBay makes a mess of US/Canada shipping.


from Blogger https://ift.tt/W7V3L4l
via IFTTT

Stay With Me, this is Going to Get Quantum Weird

 This was originally posted on the Canadian Cybersecurity Network’s CyberVoices page: Stay With Me, this is Going to Get Quantum Weird 


CyberVoices is well worth a look if you want to get a sense of cybersecurity in Canada from many different perspectives in 2024. It gets you away from the goverment / business / marketing talk about cyber which tends to contain a lot of self-interested spin.

Canadian Cybersecurity Network’s CYBERVOICES.

***

Science and technology were making great strides at the end
of the nineteenth century, to the 
point where we were beginning to discover
problems with the reality we thought we lived in. Newtonian physics does a
great job of describing what we see around us, but it turns out this is an
illusion created by the scale at which we operate. It’s like thinking the earth
is flat because it looks that way, but it only looks that way because we’re not
big enough to see it; reality is in the eye of the beholder.

What we discovered as we looked closer with better
technology was that the universe isn’t a deterministic machine. The double slit
experiment caused great confusion because it looked like light was both a wave
and a particle. Rutherford’s gold foil experiment suggested that the recently
discovered atom was almost entirely empty space. Most of what you breathe in is
vacuum! The universe is much stranger than we first thought, and it isn’t
deterministic at all, but very much probabilistic. Einstein hated this ‘spooky
action at a distance’ quantum nonsense, but through the 20th Century
we’ve come to understand that this is how the universe works.  Most people don’t know this because education
finds teaching science in a Newtonian way easier. Professor Brian Cox has a
good quote in his book, The
Quantum Universe
: “It’s not Newton for big things and quantum for small
things, it’s quantum all the way.”

This emerging quantum awareness created the first quantum
revolution. Once we recognized that quantum effects happen around us all the
time, we started designing technology that made use of these newly discovered natural
phenomena. If you think this is only for exotic university labs, you’re wrong. The
flash memory that you’re likely reading this through depends on quantum
tunnelling to work, as do lasers, MRIs and super conductors.

So, what’s all this talk about quantum computing and what
the heck does this have to do with cybersecurity? In the 1970s many researchers
started theorizing about quantum computing and Richard Feynman put it together
in the early 80s, then the race was on to build the theory. What’s the
difference between this and passive 20th Century quantum technology?
We’ve developed the technology and theory now to engineer quantum outcomes
rather than just using what nature gives us. As you might imagine, this is
incredibly difficult.

I had an intense chat with Dr. Shohini Ghose, the CTO of the
Quantum Algorithms
Institute
at the end of our quantum cybersecurity readiness training day
this week in BC. She was (quite rightly) adamant that we can’t know quantum
details without observing them and when we observe them, we change them, but my
philosophy background has me thinking that I’m going to try anyway. An
unobserved universe is entirely probabilistic. It only becomes the reality we
see when we perceive it. It reminds me of the crying angels in my favourite Doctor Who episode.
This bakes most people’s noodles, but the math clearly indicates that in
measuring a photon’s location we can’t also know its velocity and direction –
that’s the uncertainty
principle
in action. I’m probably wrong about all of that, but I’d rather
people take a swing at understanding this strangeness rather than being afraid
of being wrong.

Alright, we’re halfway through this thing and you haven’t
mentioned anything cyber once! If you think about the electronic systems we
use, they’re entirely Newtonian. They reduce information to ones and zeroes and
produce the kind of certainty we all like, but this is a low-resolution approach
that is about to hit its limit. We’re building transistors so small now that electrons
are tunnelling through the nanometer thick walls (atoms are mainly empty space,
remember?) between transistors, rendering future miniaturization impossible;
we’re nearing the limits of our Newtonian illusion. That means the end of
Moore’s Law! Panic in the disco!

Quantum computers don’t use electronics as a common base. A
quantum computer processor might be ionized particles, or photons, or nanotech engineered
superconductors, and those are just a few of the options. By isolating these
tiny pieces of the cosmos away from the chaos of creation and applying energy
to them in incredibly intricate ways, we can create probability engines that
use astonishing mathematics to calculate solutions to problems that linear
electronic machines could never touch, but unlike classic computers we need to
do this without observing the process or all is lost. Imagine if you had to
design the first microprocessors in the dark and you’re a fraction of the way
towards understanding how difficult it is to build a quantum computer, but it’s
happening!

We’re currently in what’s called the NISQ (noisy
intermediate scale quantum) computing stage. We’re still struggling with
applying just enough energy to get a particle to polarize how we want it to,
all while keeping the noise (heat, radiation) of reality out. That’s why you
see quantum computers in those big cylinders as a chandelier. The cylinders are
radiation shields and containers to cool everything down to near absolute zero
(gotta keep that thermal noise out), and the chandelier is to keep the electronic
noise of the control systems (old school electronics) away from the quantum
processor.

My favourite quote from the PhDs I’ve talked to is, “a
viable quantum computer is five years out. And if I’m wrong, it’s four years.”
What does that mean for ICT types? Quantum computers don’t do linear. When you
give them a problem, they leverage that state of being everywhere at once to
produce massively parallel computing outcomes completely foreign to what we’re
familiar with in our multi-core processors. Quantum algorithms are designed to
blackbox the calculation, so observation doesn’t spoil quantum processes and
then spit out answers as probabilities.

What does that mean for cybersecurity? Peter Shor came up
with an elegant idea in the mid-90s that uses a Quantum Fourier Transformation
to calculate the periodicity in prime number factoring. If you can calculate
the period of two large, factored primes (there is a repeating pattern), you
can reverse engineer those primes. In RSA encryption or anything else that uses
factoring you could calculate the private key and tear apart the encrypted
transport layer handshakes rendering secure internet traffic a thing of the
past. From there you could imitate banks or governments or simply decrypt
traffic without anyone knowing you’re there. You won’t see cybercriminals doing
this because the tech’s too tough, but nation states will, though you won’t see
them either because they will be quietly collecting all of that encrypted
online data Imitation Game
style. This process may already have begun with harvest now, decrypt later (HNDL).

There is much more to quantum technologies in cybersecurity
than the encryption panic though. Recent research suggests that instead of running
into limits with electron tunnelling in transistors, our new quantum 2.0
engineering could leverage this quantum effect to create Qtransistors
magnitudes smaller and much faster than what we have now. Cybersecurity will
have to integrate that technology as it evolves. Quantum communication is
another challenge. NIST
is making mathematical quantum resistant algorithms
as I type this, but you
could also leverage quantum entanglement itself to create quantum key encryption.
China has an entire network of satellites testing these hack proof comms links
now. There could be quantum locked portions of the internet in 15 years where
high security traffic goes. Guess who is going to have to manage those secure networks.

If you’re in cybersecurity there is much more to quantum
than panicking about encryption. Anyone in the field would be well served by
digging in and researching this fascinating technological emergence. My
colleague, Louise Turner, and I presented at the Atlantic Security Convention
on this in April. Give
our presentation a look
. There are lots of links to fascinating resources.
It’s time to free your mind, Neo.

from Blogger https://ift.tt/Q1o0vBF
via IFTTT

Going Aftermarket with Kawasaki GTR1400/C14 Tire Pressure Sensors

I soldered a new battery into the rear temperature sensor on the Concours when I changed the back tire last year after picking up a puncture. The front was starting to get sluggish when connecting wirelessly, suggesting the battery was dying there and the front tire was due a change, so I did it in the fall. Unfortunately the sensor didn’t pick up signal again on that bodge. Rather than beat up that old sensor again I went looking for alternative options.

I love a good hack, and Big Red walks you through one here on how to take aftermarket tire pressure sensors, program them to your stock Kawasaki settings and then use them instead of expensive stock items. The coding unit is $230, but works on anything, meaning I’m not beholden to a dealer for tire pressure sensors on the cars either. A pack of 2 sensors is $95, so all together a full sensor replacement on the bike including the tool needed to program them is $325. The stock sensors are $258 each, so an eye watering $516 for the pair. $200 cheaper and I have the tool that’s usable across a wide range of vehicles. That’s my kind of hack!

How did it go? After all the frustrations with the Tiger and Triumph, the C14 reminded me how nice it is to work on a bike that’s supported by its manufacturer and the aftermarket.. When I compare the thriving online communities at COG and other online forums that support Kawasaki ownership, I can only think, ‘way to go team green.’ By comparison I read a post on one of the Triumph forums that said, ‘these forums are dead. Everyone is giving up on these old bikes…” Except the bikes in question are not that old.


When I walked into my local Kawasaki dealer and asked for parts for my mid-nineties C10 there was never an issue. If I hop into an online forum for the Kwak I see an active community full of ideas and support.  Most of the Hinckley Triumph forums for anything over 15 years old are derelict. The posts on them are from at least five years ago giving you some idea of what trying to keep an older Hinckley Triumph on the road is like (ie: impossible). It makes me question owning another one, which is a real shame because I wanted to believe in the brand, but they only market their history, they don’t honour it by supporting owners in keeping old machines in motion.



Back in the land of the living, Big Red’s walkthrough was spot on. I popped one side of the new front tire off the rim and removed the 14 year old sensor. I couldn’t see why it wasn’t getting power – my soldering looked good – maybe a bad battery? No matter, new parts are going in.




If you know that the Mazda 3 2004 sensors are a match for the Concours ones, then the rest is straightforward. I set the MaxiTPMS unit to the Mazda settings and then put in the ID number from the old C14 sensor in and the wireless upload only took a few seconds.



I could also check the sensor once it was programmed, which gave me some piece of mind before putting it back in the tire.

The whole process was straightforward, aided by a warm March day where I could leave the tire in the sun while I set the sensor. Warm tires are much easier to stretch over the rim!





I installed the new sensor which fits snugly in the rim. All the parts including the tool from Autel felt like quality pieces that will last. With the tire reinflated I put the wheel back in and torqued everything to spec while also making sure everything was grease free (especially the brake bits).

I took it up the street with the intention of riding around the block because that’s how long it
usually takes to get the dash reading the wheel pressures, but this new sensor had it showing in seconds – before I even got to the stop sign. I checked it against the digital tire pressure gauge and it’s right on the money.


It felt good to have a win in the garage after banging my head against the Tiger for so long. Speaking of which, I recently attempted to plastic weld the part they won’t supply any more and as I was putting it back together the wiring broke off on the fuel level unit (because I’ve had the tank off so many f***ing times!). As much as it pains me, I think I’m going to take Triumph’s hint and let the Tiger go… which is something I never thought I’d say. So much for my goal of hitting 100k with it.

It is actually nuclear powered – the plutonium goes in under than panel, like on Doc Brown’s DeLorean…

from Blogger https://ift.tt/JQRbYHo
via IFTTT

Little Cyber Skills Bonfires Across Canada

 It’s been one of those months when possibilities for the future keep going in and out of focus. My secondment ends in August. There might be a possibility of an extension, but there are questions around whether or not I’m allowed to do it contractually. There are also questions around whether or not I want to go back into the classroom at all. Here are some of the things that have happened in the past few weeks that have me up at 5am after a14+ hour work day that should have knocked me out for a full night of sleep…

I did a ten day run across the Maritimes a couple of weeks ago. This involved a teacher PD day in Nova Scotia on a Saturday and then in class enhanced technology training days in schools across New Brunswick which mainly focused on trying to leverage the national CyberTitan cyber range competition images from previous years with students with varying backgrounds in cybersecurity. This isn’t edtech as you know it, it’s leading edge technology being leveraged to teach complex, interdisciplinary ideas that we can’t usually get anywhere near in the classroom.

The first day in Fredericton was frustrating due to technical difficulties and pedagogical challenges. Using state of the art cloud based cyber range simulations is always going to be a stretch in classrooms. Doing it on the IT infrastructure in schools is like trying to drive a Formula One car on a dirt road. The range of student skill made it impossible to sufficiently differentiate in order to land everyone in Vygotsky’s zone of proximal development and technical issues only complicated matters further. I finished the day exhausted and frustrated.

Day two completely restored my faith in this experiment. Oromocto High School has a brilliant computer technology instructor who has built a strong community of CyberTitans and the computer lab we were in was fit for purpose. We had a great day on the range where I got to see students grasp concepts that even CyberPatriot can’t address due to it’s old-school desktop virtual machine approach. On top of that I learned I am not alone! Blair, who runs the program at OHS is also Cyber Operations qualified, making us the only two I know of in Canada. Teachers like to invent their own certifications (and degrees) for education technology rather than explore relevance with what everyone else is doing, so it was nice to meet another willing to take on the challenge of a globally recognized industry cert.

Over the week I got to iterate with schools with little to no CyberTitan experience and even a middle school. There are edge cases around exceptional teachers where this kind of enhanced learning is not only possible but essential if we’re to develop students capable of surviving the very technologically disruptive future we all face. One of my key takeaways in that week was to emphasize the importance of tending to these unicorns, they are few and far between.

I wrapped up the trip in Charlottetown where our local partner and I had a great chat with CBC radio about how to build genuine cyber-fluency. This is like starting a fire with wet wood. It takes skill, determination and collaboration to make it work, and none of these things are easily found in Canadian education. Having now taught in classrooms from BC to Newfoundland, I’ve been fortunate enough to experience the wildly inconsistent landscape of Canadian education (there is no such thing, we are the only developed country in the world without a national educaiton strategy), but there are commonalities, like the staggering lack of digital skills we graduate students with. Nurturing local expertise is a way to scale this up. I hope administrators from coast to coast recognize and focus on that.

I finally cracked the TV egg and found myself on CBC Compass. The final question there was a big one, but I stand by my answer: we need to be teaching meaningful digital literacy so that our students can operate safely and effectively in an increasingly technology dependant world. We indeed face global challenges that threaten our future. If we don’t start learning the tools at our disposal effectively, we’re not going to solve them.

The frozen sea on an empty PEI shore…

from Blogger https://ift.tt/9dsTW4Q
via IFTTT

Fleeing the Nagging Winter

 

Saw a guy on a GS flying down the 401 towards Windsor today, which conjured fantasies of fleeing the nagging winter to warmer climes. I’d eventually come back when winter lets go… maybe.

When it warms up I’d complete the loop:

https://maps.app.goo.gl/cdPdK2kD3rzwjEnN6

from Blogger https://ift.tt/rca7SW3
via IFTTT

The Struggle is Real: Trying to Keep at Triumph 955i on the Road

The ‘Idle Speed Control Valve Housing’ (Part Number: T1241064) continues to be a pain in my ass. This housing sits behind the throttle body on my 2003 Triumph Tiger 955i and it seems Triumph isn’t supporting them anymore. My local dealer shrugged and said it isn’t available any more, so I went further afield.

Blackfoot Motosports in Calgary’s site seemed to suggest that they could provide this complex plastic piece that doesn’t enjoy Canada’s extreme temperature swings (I’ve gone through 2 of them so far). So I ordered it! Guess what:


That an O-ring should take 3 weeks is one thing, but the housing is obsolete? On a bike that’s only just 20 years old? So, I did a little research. It turns out this product fits 84 vehicle variants across four Triumph Models between 1993 and 2020. A part that was in use on models four years ago is obsolete? That doesn’t sound right.



No matter where I look the story is the same: this key part of the idle control system on thousands of bikes isn’t available?  Being a determined sort, I looked to ebay for options and came across Bike Spares Barn in the UK. They take bikes traded in at dealers that are still running and on the road and dismantle them for parts, which is what I’m reduced to using with my Triumph.

They had a throttle body with the needed idle control housing on it along with an airbox. My airbox isn’t in great shape so I got both parts. They worked out with shipping to be about $300CAD. It took a good 3 weeks for the parts to get here (I ordered right after the holidays so I can’t really fault the timeline). The seller was very communicative with what was going on so, unlike some ordering experiences, I was never left wondering where things were.


The box finally arrived and looked like someone had been playing football with it. Two corners were mashed in and a piece of the airbox was sticking out of the box. I unwrapped it and everything looked OK so I began to clean and dismantle everything. The airbox was a good idea, this one is in much better shape than my 24 Canadian winters one, but the throttle body didn’t fare so well. 

Inevitably, the only broken piece on the damned thing was the fragile idle housing, which was cracked around the base in exactly the same place that the one I’m trying to replace is.



So, I’m back where I started, but with a spare throttle body and two broken idle housings. This damned thing is so complicated that fabricating an alternative isn’t likely. The three pipes on the bottom go out to each throttle body and servo sits inside that is moved up and down electrically adjusting the vacuum so passages open up to each throttle and modulate the idle so the bike doesn’t stall. When this complex and fragile piece doesn’t work as it should the bike hesitates on acceleration and stalls.

Obviously this wasn’t the case because the bike it came from was working fine (they tested it before dismantling it), but it didn’t survive ebay’s international shipping service. I asked Bike Spares Barn what to do and they said to go through ebay’s return/refund process, but ebay is cagey about sharing that anyware. Fortunately Peter at Bike Spares Barn helped me navigate the obfuscation and we’ve now gotten me a refund… but I’m still stuck without this part.

I’ve asked before and I’ll say it again: if you’re not willing or able to support your own machines, Triumph Motorbikes, how about sharing publicly the CAD files on this part so after market and crafty types like myself can fabricate our own? With the right fuel resistant plastic in a 3d printer, I could knock up my own version. But before I did I’d reinforce the model and design something more robust so I’m not left out in the cold again.

The happy face getting the solution to my problem in (the box on the bench)… then, well, you know what happened.


from Blogger https://ift.tt/7CBcxPq
via IFTTT

International Cyber Cooperation: Reflections on the GFCE & GC3B

I first experienced the frustration inherent in Canada’s approach to cybersecurity education last year at the University of Waterloo’s CPI conference. There Charles Finlay from the CyberCatalyst talked about how other smaller countries focus on a collaborative approach to cybersecurity that creates a coherent ecosystem of partners who support rather than compete against each other. In the asymmetrical world of cybersecurity where attackers have every advantage in terms of anonymity, it isn’t just criminal organizations working the dark end of the internet in 2023, it’s authoritarian nation states with fully developed offensive cyber operations. Without collaboration, democracies will dissolve in the chaos of our networked world.


We have the resources,
cooperation is what’s missing.

In the year since I’ve been working to establish connections between the many entities in Canada’s cybersecurity industry intent on education and career pathways illumination, but what I’ve found are siloed organizations (private, public and NFP) fixated on IP and market share whose idea of collaboration is creating partnerships to defeat what they perceive as competition. This isn’t collaboration so much as it’s about combining resources to compete more effectively.


This monopolistic approach is partly the result of how Canada funds cyber-education and industry awareness. By creating competition for funding, potential collaborators are turned into competitors and the possibility of mutual support becomes impossible. A great example are all the competing networks, alliancesconsortiums, catalysts and councils – all of whom claim to be creating a collaborative ecosystem under their leadership. Finding funding and piling onto this chaos seems to be the way in Canada. This has been a great frustration and a repeating theme on Dusty World over the past year:

Creating A Canadian Cybersecurity Ecosystem (Oct ’22)

How Cybersecurity Might Become More Diverse, Equitable and Inclusive (Dec ’22)

You Want to Teach WHAT?!? Reconfiguring Technology in Schools to Empower Pedagogy (Oct ’23)

Cyber Education in Canada is Broken, Here’s How to Fix It (Nov ’23)


***


The majority of attacks are US focused, but if
you consider Canada has 1/10th the people, we
actually face similar numbers of attacks per capita.

One of the ways I’ve escaped Canada’s siloed approach to, well, pretty much everything, is to look internationally for organizations interested in working collaboratively on the cyber-problem. That would be the one where we put all our critical infrastructure onto a global network that was never designed to be secure and then struggle with wave after wave of increasingly automated cyber-attacks in an environment where the attack surface has become impossibly complicated post COVID.

I started by looking at the World Economic Forum’s review of the new US Cyber-Strategy, which is focusing on protecting critical infrastructure and improving collaboration both domestically and internationally to create more effective cyber-defences. Canada’s strategy is designed to encourage competition rather than collaboration and has resulted in our being one of the most targeted countries globally

The US strategy seems to be aware of this North American predilection for relentless market dominance fixated competition and is attempting to put resources into a collaborative mindset. That approach became apparent to me when I attended the Global Conference on Cyber Capacity Building this fall.


***


Through looking into WEF and the UN I came across the Global Forum for Cybersecurity Excellence (GFCE). In June I pitched this proposal on helping cybersecurity practitioners become aware of the coming threats to encryption that quantum computing brings: GFCE Proposal – Cybersecurity in the Age of Quantum Advantage.docx. The elevator pitch is: quantum computing will break most of the encryption standards we depend on for everything from our online financial systems to military communications in the next decade, and likely much sooner.

The GFCE got back to me and said they felt that quantum awareness was an important piece of the puzzle and a good fit with their Global Conference on Cyber Capacity Building (GC3B) happening in Accra, Ghana at the end of November. They invited me to develop the research and present it at the event.. I’m currently seconded with both ICTC working on cyber-education outreach and the Quantum Algorithms Institute developing education for quantum readiness. QAI supported this research and I got in touch with Louise Turner, a former student now in the inaugural cohort of cybersecurity at Queens University, and she and I put the paper together.




While doing two jobs I beavered away on the paper in the background and Louise (who was juggling her third year course load) and I managed to get the paper in on time. While all that was going on we were both jumping through the hoops in terms of visas and medical requirements to take what would be both of our first trips to Africa.


It all came together at the end of November and we found ourselves at Pearson Airport in Toronto getting on a plane to Washington and then across the Atlantic to Accra. The entire process felt insurmountable, but I’ve found that if you chip away at seemingly monumental projects like this you get the pieces in place – just don’t expect it to happen all at once and pace yourself.

A particular frustration was all the dead ends I chased in terms of finding support for both the research and going to the event itself. I was disappointed to not get support from organizations I have long relationships with who claim to champion just this sort of digital engagement. I went out of my way to attend academic events, but when I asked any of my contacts in those organizations about support, I found the doors firmly closed. Every form of federal support is safely locked to academic partnerships in a way that makes it impossible for anyone but an internal PhD to claim them; those Canadian silos are exceptionally good at taking care of themselves. I talked to many professors in a multitude of schools but they all disappeared back into their funded, tenured worlds after making noises about how important this kind of work is. That’s ok, we did it ourselves.

***


It was snaining in Toronto when we left, but on the ground in Ghana after 12 hours of misery in a middle seat next to the only guy bigger than me on the plane (why don’t airlines use smart tech to arrange seating better?), we found ourselves on the ground in Africa! The VISA support by the Ghanese government had been spectacular in Canada and the hospitality was just as special at the Accra Airport. A senior military officer ushered us through customs in seconds and out to the GC3B desk where we got connected to our hotel and suddenly found ourselves tearing through Accra traffic, stunned by the sights and sounds… and heat (Accra is only 600kms north of the equator)!

 
The conference flags were all around the city. From our anonymity in Canada, we suddenly found ourselves at a very welcoming international event.


The Accra City Hotel was where we’d been put up for the conference and was only a ten minute drive from the very fancy Kempinski Hotel where the conference was taking place. We had lunch and then collapsed in our rooms for the afternoon after over 24 hours on the road.


The week before we’d built a powerpoint: QAI GFCE cyber in the age of quantum research presentation.pptx that was designed to gently introduce cybersecurity policy and technical practitioners to quantum computing. We went over it after our afternoon naps on the pool deck in the sweltering heat and humidity of an Accra evening. Louise helped pioneer women in cybersecurity in our school back in 2018/19 when she was in grade 10 and I’ve known her ever since, so we knew each other’s strengths and felt ready to go with the presentation the next morning. That night we had a fantastic Ghanan buffet and then hit the hay.


Since we were presenting on the periphery of the main conference we got to meet the Global Forum for Cyber Excellence working groups who were the organizers of the research presentations. This gave us ‘behind the scenes’ access to the conference before the main event kicked off the next day. It quickly became apparent that the research presentations needed more time to do them justice. We heard from researchers from all over the world studying everything from regionally specific cyber challenges to international projects on how cyber is presented in the media – to call it fascinating would be an understatement.


Louise and I stepped up for our presentation and knocked it out of the park. We’d de-tuned the technical details in it (Louise was happy to get into explaining how lattice based mathematical encryption actually works), but the GFCE was keen to focus on making it an introduction to quantum computing and how it will change cyber practices in the next few years. My being a teacher was considered a benefit in introducing this technology that is often obscured by academics fixating on its technical complexities. To ensure equitable access we focused on ensuring everyone had access to publicly available research that would assist them in further exploring the technology. This is an area where Canada excels – putting publicly available material online for anyone in the world to access, so we made good use of the many Canadian cyber and quantum resources available.

We must have done well because we were the only presentation who was asked questions by the reviewer running the event and we ended up late to lunch because we had a line of attendees wanting to ask further questions. There is a lot of curiosity out there around quantum technologies but not a lot of people developing accessible education for the public; it tends to be an academically isolated industry.


Our reviewer kept referring to me as Doctor King during her analysis of our paper, but I’ve always been interested in how technology becomes applied rather than working on the academic/theoretical side of things. Applied technology use has been my focus since I migrated decades old paper based engineering paperwork onto Lotus123 back in 1991. I was happy to use my blue collar technician’s approach to putting a pin in the idea that you need a PhD to understand quantum computing. When it comes to the technologies that so influence our lives (as quantum certainly will), I think everyone deserves to understand how they work.

The rest of that first day at the Global Conference on Cyber Capacity Building was fascinating because it wasn’t really about the conference, but instead about the mechanics of the GFCE. By the time we were heading back to the hotel I felt like I’d found my tribe and was determined to see what else I could do with them. This was the collaboration and mutually supportive approach to cyber that I’d been missing.


We wrapped up day one feeling the burn. I’ve never felt so good jumping into a pool after a day of sweating through a suit. While in the water I bumped into one of Nigeria’s cybersecurity leaders and we had a nice chat while watching the sun go down.

The next morning we were up again at midnight our time for a 6am start, and on our way to the Kempinski for the opening of the main event. The conference had swollen in size since we’d seen early setup the day before. Instead of a hundred of so people, over 800 were coming in from over 100 different countries, all intent on seeing how we might work together to make digital transformation more equitable and accessible to all.

I use Twitter as a way to bookmark ideas and resources so I can find them later when I’m building one of these blog posts. My feed from the conference probably tells the story better than a summary here, but to say it was engaging and eye opening would be underselling it. The GC3B worked every angle from policy and diplomacy to technical cooperation and regional partnerships all the way through to international collaboration. It changed the way I see cybersecurity because it moved me beyond the veiled, siloed and somewhat paranoid world of Canadian cyber.


On the second day we were bused over to the park where Ghana’s first president is interred for an end of conference dinner. Like everything else that week, it fundamentally challenged my preconceptions. If indigenous people had overthrown European colonization and established their own representative democracy in the wake of that oppression in Canada, that’s where Ghana is today. The story of Kwame Nkrumah and his efforts to awaken a pan-African culture were fascinating, especially from the perspective of someone living in a resource consumption focused culture where we continue to struggle with our colonial past.

Kwame Nkrumah Mausoleum in Accra – well worth a visit.


On the bus ride over (which was an adventure in itself – African commuter buses have drop down seats so the bus is shoulder to shoulder in every row without an exit aisle), I was at a loss to understand how we appeared to be the only Canadians at an international conference where over 100 countries were in attendance. The US State Department had helped fund the event, as had the EU, and we’d met Australians and many other Commonwealth nationalities, but not a single Canadian. The Australian told us about how her government’s local office had picked her up at the airport, taken her out for lunch and made sure she was OK at her hotel. Ours sent us a PDF of things to do in Accra.


All of this prompted me ask the Swede sitting next to me how Canada is seen in the international community. I’d honestly expected to hear nice things and assumed we’d simply not been involved in all the clandestine activities of our government at this event, but that’s not what came out. The Swede described Canadian participation in world cyber cooperation to be ‘selfish and minimalist’, which came as a shock despite what I’d observed (it’s a teacher survival mechanism to ignore the worst and assume it’s my misunderstanding). The Estonian in front of us chipped in with, “I think Canada asks what the minimum is to look like they are involved in a project, give it and then that’s the last we hear from them.” Attendees from a dozen other countries all nodded in agreement. I did the most Canadian thing imaginable and apologized for my government and all the organizations that are funded by it – even though they’d all ignored my own requests for support prior to the event.

***


As I floated into the pool later that night pondering how I’m going to dress for the final day of the conference with a suit jacket soaked through with sweat (I went with just a shirt for the final day), I found that I wasn’t cowed by what seems to be an insurmountable cultural problem we face as a country. Internally we have the resources and education to make cybersecurity a viable pathway. Canada should be poised to help solve the world’s cyber-skills shortage, but instead our plan is to (as it has been in so many other cases) take that talent from other places that need it for our own ends, and do as little as possible to support international cyber development to ensure an equitable digital transformation for all.

I’m a fan of Paul Theroux’s travel books. His trip across Oceania ends in Hawaii where he stays at one of the top resorts that is staggeringly expensive. Over the week he finds it coddling and restful, but he comes to the conclusion that when people have money, they mainly use it to keep other people away. The fancy resort provided privacy and a lack of bother from others – that was its main purpose and where the money got spent. Canada is a wealthy country and it seems we use our wealth in much the same way, to isolate ourselves from others. It’s not very flattering.

Over 100 countries in attendance. Didn’t see a single Canadian in any of the dozens of presentations and none were presenting. I know for a fact that Canada has some of the top cybersecurity practitioners on the planet, but they don’t like to share?




***

I arrived at the last day of the conference with a head full of thoughts. This lack of engagement by my country (at least in person, evidently Canada was one of the first to endorse the Accra Call) suggested that the lack of cooperation I see domestically is reflected in our international engagement too. My background and interest is in educational engagement with cybersecurity and other emerging technologies that I feel are essential to students making smart decisions about their futures, so to end the conference I attended Session 4.26: Thinking out of the box to inspire a new generation of cybersecurity talent:
  

You might not have watched that video, but this sort of brainstorming and mutual support is just what we need if we’re going to produce a cybersecure future. This doesn’t happen behind closed doors or at a distance. I hear a lot of Canadians talking about the Canadian government as though it’s distinct from them. This cool distance creates problems with how Canadians understand their own country and their role in it, but this distance also freezes out possibilities for international collaboration, which must be about more than sending money.


I had a great chat in that session on developing cyber talent with a young man from Ghana who had started off as a hacker before coming over to the defenders. He described that journey, especially in a place where you can’t drink the water and social services are often non-existent, as difficult because the payouts for being a bad guy are always going to be better. To hear people who are living in what Canadians would consider poverty talking about how they can work together to create equitable digital transformation that will improve standards of living for all was inspiring. You’d have to be the worst kid of self-serving bureaucratic robot to think otherwise.

***

On the final morning we reconvened at the Kempinski and ended the conference with many promises of future work together. It was inspiring and I couldn’t help but get a bit teary, especially when they included the presentation awards for Ghana’s Student National Cybersecurity Competition


An all-female team won Ghana’s student cybersecurity challenge
Having been deeply involved in Canada’s student cybersecurity competition since its inception, I was interested to see this presentation. Some stats for comparison:
Ghana has 475 high schools, 50 participated in the national student cybersecurity competition, that’s an 11% participation rate. You might think that low but Canada is currently at 0.6% of high schools participating nationally in CyberTitan has been running for six years (the Ghanan CCS is in its third year). The siloed nature of Canada’s regionalized education system (we are the only developed country in the world without a national education strategy) has a lot to do with that.
An all-girl team won the 2023 edition of their SCC. No all-girl team in Canada has ever come close, which makes for an interesting comparison on access to STEM education opportunities between the two countries. If money is used to keep people at a distance, male dominance in cybersecurity is certainly operating along similar lines in Canada. There is much to do in terms of gender equity in the Canadian tech ecosystem.
There were two ministers and other members of parliament at the awards celebration for these students. No member of Canadian parliament, minister or not, has ever attended CyberTitan nationals. Another example of our remote/arms-length governing? At the very least it highlighted the lack of value we seem to place on securing our critical infrastructure in a digital future that will increasingly depend upon it.
***
On the long plane ride home I was reflective. Was it easy doing this thing? Not at all. I spent a lot of time talking myself out of it for various reasons, and burned a lot of cycles trying (unsuccessfully) to find support to do it. Without Louise coming on and helping carry the research load, I think I may well have talked myself out of going, and what a shame that would have been.
Winnie knows how it feels. Whoever is doing Xmas
decorating at Dulles is a bit… chaotic in their approach,
but I like it!

Doing the research outside of my regular working hours wasn’t easy, and managing the many logistical requirements both medical and paperwork wise was also a heavy load to carry, but it’s these extras that I always get the most out of in my work. If you look at my LinkedIn you won’t see me bragging about the work I’m paid to do, but rather the projects I chase beyond those expectations. At the end of the day I’m mission driven. After twenty-years in the classroom and building one of the most successful digital skilling programs in Canada in the most unlikely of places, I want to take what I’ve learned and spark opportunities like that nationally, so more Canadian students can access emerging technologies and make informed decisions about where to go next. That this is a struggle continues to baffle me, but I’m committed to climbing that mountain.

Regrets? None. This wasn’t easy but that’s exactly why we need people to put the work in and make this sort of connection happen. Am I frustrated by Canada’s approach? Yes, but that too is a challenge rather than a loss, and one that we will overcome with vision and determination.
With a renewed commitment we will see a meaningful Canadian presence at the next Global Conference on Cyber Capacity Building taking place in Geneva in two years. I intend to be working with the GFCE by then in their education working group if not elsewhere in the organization. I hope I can bring more Canadians into it too.

from Blogger https://ift.tt/ivjeWAJ
via IFTTT

Accra to Sheringham

 At the end of November I attended the Global Conference for Cyber Resilience in Accra, Ghana. I was on a tight schedule with work expectations so I flew in and out in the same week, but had I the time and resources I would have ridden out. Mapping a route out of the African west coast to Europe is interesting. I got my Ghana visa quickly as part of the conference, but had I ridden out I would have had to do some legwork to get the other countries in order. To ride from Accra to Europe out of Africa would have also needed visas for Ivory Coast, Mali, Mauritania, Western Sahara and Morocco.


A problem with the Mercator map projection that we typically see the world map on is that it shows areas around the equator at scale but then distorts regions as they approach the poles, which is why many people think that Canada is about the same size as Africa when in fact three Canada’s would fit comfortably inside it. This was made plain to me as we passed over Dakar in Senegal and then flew on for nearly another three hours to get to Accra (it’s about the same distance as Toronto to Saskatoon).

Mercator projections were designed to provide true course headings for ships, and they do it well, but they were never designed to show the entire world. This is a Robinson Projection which shows the scale of things much more precisely.

Keeping those African sizes in mind and at an optimistic 400kms per day which includes five border crossings known to eat entire days by themselves, the African portion of this trip is just shy of six thousand kilometres, much of it across the Sahara.

5836kms across some interesting terrain…

I thought I was the first in my family to get out Ghana way, but my Grandad was dropped off there by the Royal Navy in 1940 and then proceeded to support his Hurricane squadron as they drove and flew across the Sahara to get into the war in Libya. They landed at Takoradi, so day one would be a sunrise departure into the equatorial heat (that needs to be felt to be believed) and a six hour ride up the coast to stand on the dock he landed on 83 years ago.

Of course that already puts me behind the 400kms/day average I was aiming at, but after experiencing ‘Ghana Time’ first hand, I suspect that trying to keep to a strict schedule is a sure source of madness in this neck of the woods.

It’s fifteen and a half days at 400kms per to get to the crossing at Gibraltar and I wrapped up the conference on November 30th. If I left December 1st, I could apply twenty days to the Africa portion of the trip and give myself some time for surprises. That’s still a tight schedule though when you consider the borders and terrain I’d be crossing.

If I could be on a ferry on the 20th, I’d be in Spain on the 21st and up in Evora in Portugal at that farm house we stayed at last year in time to meet up with the fam for the solstice. We could put our feet up over the holidays, but I’d eventually push on to Sheringham where I’d have a cottage rented for the rest of the winter and spring. A winter two wheeled insertion into England might require some patience as I’d have to wait for a weather window, though hanging out in Portugal for several weeks during the darkest days wouldn’t be a hardship.

What to do it on? Yamaha has a dealer in Accra, and riding across the Ténéré on a Ténéré has a certain appeal. If I rode a Tiger all I’d be thinking about is the Monty Python sketch the whole time. The Ténéré 700 has an explorer edition for 2024 which has a bigger tank and comes with luggage and such. It’s not the ideal machine for long overland treks, but it could certainly handle any surprises well enough.

If I were to give into my Tiger fixation, the new 900 Rally Pro model does the trick and would handle the days of making distance better.

Of course, given a choice I’d rather get my unsupported old Tiger sorted out and then take it!

I’ve said it before and I’ll say it again, if I had money I’d be dangerous.

from Blogger https://ift.tt/13Eg5Vq
via IFTTT

What You Need To Work in Cybersecurity: the secret sauce

I see a lot of rules based ‘quick fix’ learning opportunities in cybersecurity, and by that I mean short, intensive courses that claim to make you ready for a cyber job by taking a couple of courses. These are usually boot camp style condensed programs that promise to turn an accounting or science student into a cybersecurity practitioner in a single semester by showing you how to use tools x, y and z. They treat cybersecurity as though it’s an office job: we show you the cybersecurity rules and you follow them. You can see how well this is working by the ongoing shortage Canada faces in finding cybersecurity professionals.
I got into cybersecurity with my students in 2017 when we started chasing CyberTitan, but I brought something with us that isn’t typical in the world of STEM: a relationship with technology that is based on a willingness to hack. I don’t like the word hack, it has negative connotations to it in English that have been encouraged by the self appointed masters of STEM (the S&M part), but that willingness to iterate and work outside the expected outcomes is the secret sauce in cybersecurity that many ignore, and a major reason for why I’ve taken to it like I have.
‘Necessity is the mother of invention’ has been the motivating factor in my relationship with technology since the beginning. I moved quickly from off-the-shelf to customized solutions based on experimentation and need. WIthin six months of owning my first home computer (a VIC20), I’d figured out how to copy software using a sufficiently low noise audio deck. My first x86 Windows PC was purchased but quickly modified as I came to need more memory and processing power. By the mid-90s I was building my own computers at a time when many people didn’t own one.
This process was initially powered by curiosity, which many training programs eclipse with the promise of ‘we provide the initiative and knowledge so you don’t have to’ approach – something that has never appealed to me and a major reason why I didn’t start collecting certifications until 2001 (I’d been working in IT for a decade at that point). Schools are bad at this too. Many educators feel that it is their job to impart knowledge in a regimented format (that’s why we call them disciplines!) and assess student understanding with examples of rote learning that emphasize compliance rather than their own understanding of a subject. Many in education call this approach rigorous and disciplined – it’s how they demonstrate credibility.
The Indians have a term for austere innovation: jugaad (non-conventional, frugal innovation) which doesn’t have the pejorative connotations of the English ‘hack’. Jugaad celebrates common sense with a solutions focused approach to creative problem solving without needless bureaucracy. It emphasizes an applied approach to making technology works that is especially needed in an industry like cybersecurity where practitioners are often facing out of the box problems. WIRED recently did an article on a Ukrainian technologist who demonstrated this start-up like approach in the war with Russia. There is even an event in cyber that highlights this out-of-the-box rapid response to an unknown problem: the dreaded zero day vulnerability. Jugaad will get you much further than any amount of rote learning during a zero day attack.
Kintsugi has played a part in
my motorcycling.

There is another term in Japanese that takes the derision found in English out of making old things work. I’ve long enjoyed the concept of ‘kintsugi‘ or ‘golden joinery’, which is the repairing of old things using gold to embellish the fix rather than trying to hide it. In typical Japanese fashion it raises what is seen as banal work in the West to an artform. A concept that combines jugaad’s celebration of a fix beyond rules based approaches with kintsugi’s raising of that fix to an artform is where a good candidate for work in cybersecurity should find themselves inspired. When I started in cyber I found my  IT background helped in terms of understanding the mechanics of what was happening, but my kintsugi powered jugaad approach is what has allowed me to thrive.

This ‘secret sauce’ is often ignored in education and especially in cybersecurity adult retraining. There are some disciplines that tend to attract rules focused types, but that fixation on systemic order blinds them in the edge cases where cybersecurity often operates. Rather than retraining an accountant or rigorously compliant STEM student, I suspect that those exploring subjects like detective work in policing or creatives in the arts would find the skills they’ve honed more effective, but that doesn’t stop everyone from demanding a computer science degree for any job in the industry.
In 2019 after the Terabytches went to CyberTitan nationals we got invited on the local radio station to talk about the experience. The interviewer asked me a good question about our DIY approach to computer tech. I was annoyed at the lack of resources, but he suggested it might be what gave us an edge. He was right, we’d been jugaading and it made us mighty!

There are many jobs in cybersecurity. People who lean toward the jugaad end where they can problem solve without restrictions can find a comfortable fit in operational cybersecurity where they are monitoring real time threats, penetration testing where they are attempting to exploit a client’s system to highlight vulnerabilities, or threat intelligence which focuses on gathering reconnaissance data on threat actors. But even in the policy and compliance work, a willingness to consider and understand threats and solutions that are outside the box is a necessity.
This map of cybersecurity domains gives you an idea of the many specializations that the field offers, though I would argue that in all of them (even those up the compliance end) an ability to work from your own initiative and experience rather a rule book is essential.
Sam Sheepdog & Ralph Wolf know the score.

I sometimes describe cybersecurity types as sheepdogs. I think many in law enforcement also fit this description. You can’t send a goat to fend of wolves, but having a wolf of your own will do the trick. Early on in my transition from IT into cybersecurity I found myself leaning on IT administrative habits that don’t work in cyber, and came to realize that the jobs are very different, though the technology is the same. If you have an IT person running your cybersecurity you’re likely to be constantly surprised by the attacks you face because they tend to see systems in an architectural way rather than as an opportunity to be compromised.

It would be easy to say something silly like, ‘there are no rules in cybersecurity!’ but that’s pointlessly reductive. It would also be easy to describe all the people in it as hackers, but this isn’t true either, though a mentality that tackles problems from a place of curiosity and jugaad is far better than a rules compliant myopic who can’t see beyond the framework they maintain. At the end of all this I firmly believe that you need a bit of the wolf in you if you want to consider a career in cybersecurity. I wish more cybersecurity training and especially adult retraining would emphasize that when looking for candidates rather than demanding STEM grads often missing these skills. If it’s a formulaic job that you’re looking for, cyber isn’t it.
STEM students are often missing skills which “include teamwork, collaboration, leadership, problem-solving, critical thinking, work ethic, persistence, emotional intelligence, organizational skills, creativity, interpersonal communication, and conflict resolution.” Adding an ‘A” to STEM doesn’t fix this, incorporating an iterative, resilient, team-based problem solving mindset into STEM subjects would, but that doesn’t tend to be how we teach them.

Another piece of Canada’s cybersecurity puzzle came into focus from the last post on how our cybereducation system is broken. In response to that, Francois Guay from the Canadian Cybersecurity Network followed up with the observation that the cybersecurity talent pipeline in Canada is also in tatters.

I’ve been thinking about that post and believe all of the responses from both new cybersecurity practitioners and veterans are valid. It would appear that when you try to fix a talent shortage with rushed retraining no one trusts the results. Problems such as absurd requirements for entry level positions like asking for 5 years of experience on a tool that only came out last year or demands for that vaunted yet irrelevant computer science degree continue to strangle entry level workers coming into the field, even though they have hacked (cough) their way through our broken cyber education system to do it.
Not to sound hopelessly jugaad, but the simple solution would be to introduce cybersecurity apprenticeships that give everyone a chance to find those with the right combination of fearless curiosity, critical thinking and tenacity needed to do the job. Students with a background in science and technology might find that they are familiar with the medium that cybersecurity operates in, but that doesn’t mean they’ll be able to handle the demanding stochastic message that working in cyber demands.
I’ve always told my students that if they can bring a willingness to explore, experiment and possibly break things in the process of figuring them out, they don’t need to sweat the technicalities, I can teach them those by harnessing the curiosity they bring with them. I’ve had strong technical students fail in cyber because they lean on systemic approaches to do less. Another favourite adage of mine in the classroom is, ‘if you’re looking for a way to do less, you’ll usually find it.’ Those that want to work in a framework often do it so that they can delineate where they can stop; in other words it’s used as a way to limit their involvement. That’s no way to approach cybersecurity. If solving a problem is a nine to five gig for you, go find work elsewhere.

from Blogger https://ift.tt/J23ZnTt
via IFTTT