Fleeing the Nagging Winter

 

Saw a guy on a GS flying down the 401 towards Windsor today, which conjured fantasies of fleeing the nagging winter to warmer climes. I’d eventually come back when winter lets go… maybe.

When it warms up I’d complete the loop:

https://maps.app.goo.gl/cdPdK2kD3rzwjEnN6

from Blogger https://ift.tt/rca7SW3
via IFTTT

The Struggle is Real: Trying to Keep at Triumph 955i on the Road

The ‘Idle Speed Control Valve Housing’ (Part Number: T1241064) continues to be a pain in my ass. This housing sits behind the throttle body on my 2003 Triumph Tiger 955i and it seems Triumph isn’t supporting them anymore. My local dealer shrugged and said it isn’t available any more, so I went further afield.

Blackfoot Motosports in Calgary’s site seemed to suggest that they could provide this complex plastic piece that doesn’t enjoy Canada’s extreme temperature swings (I’ve gone through 2 of them so far). So I ordered it! Guess what:


That an O-ring should take 3 weeks is one thing, but the housing is obsolete? On a bike that’s only just 20 years old? So, I did a little research. It turns out this product fits 84 vehicle variants across four Triumph Models between 1993 and 2020. A part that was in use on models four years ago is obsolete? That doesn’t sound right.



No matter where I look the story is the same: this key part of the idle control system on thousands of bikes isn’t available?  Being a determined sort, I looked to ebay for options and came across Bike Spares Barn in the UK. They take bikes traded in at dealers that are still running and on the road and dismantle them for parts, which is what I’m reduced to using with my Triumph.

They had a throttle body with the needed idle control housing on it along with an airbox. My airbox isn’t in great shape so I got both parts. They worked out with shipping to be about $300CAD. It took a good 3 weeks for the parts to get here (I ordered right after the holidays so I can’t really fault the timeline). The seller was very communicative with what was going on so, unlike some ordering experiences, I was never left wondering where things were.


The box finally arrived and looked like someone had been playing football with it. Two corners were mashed in and a piece of the airbox was sticking out of the box. I unwrapped it and everything looked OK so I began to clean and dismantle everything. The airbox was a good idea, this one is in much better shape than my 24 Canadian winters one, but the throttle body didn’t fare so well. 

Inevitably, the only broken piece on the damned thing was the fragile idle housing, which was cracked around the base in exactly the same place that the one I’m trying to replace is.



So, I’m back where I started, but with a spare throttle body and two broken idle housings. This damned thing is so complicated that fabricating an alternative isn’t likely. The three pipes on the bottom go out to each throttle body and servo sits inside that is moved up and down electrically adjusting the vacuum so passages open up to each throttle and modulate the idle so the bike doesn’t stall. When this complex and fragile piece doesn’t work as it should the bike hesitates on acceleration and stalls.

Obviously this wasn’t the case because the bike it came from was working fine (they tested it before dismantling it), but it didn’t survive ebay’s international shipping service. I asked Bike Spares Barn what to do and they said to go through ebay’s return/refund process, but ebay is cagey about sharing that anyware. Fortunately Peter at Bike Spares Barn helped me navigate the obfuscation and we’ve now gotten me a refund… but I’m still stuck without this part.

I’ve asked before and I’ll say it again: if you’re not willing or able to support your own machines, Triumph Motorbikes, how about sharing publicly the CAD files on this part so after market and crafty types like myself can fabricate our own? With the right fuel resistant plastic in a 3d printer, I could knock up my own version. But before I did I’d reinforce the model and design something more robust so I’m not left out in the cold again.

The happy face getting the solution to my problem in (the box on the bench)… then, well, you know what happened.


from Blogger https://ift.tt/7CBcxPq
via IFTTT

International Cyber Cooperation: Reflections on the GFCE & GC3B

I first experienced the frustration inherent in Canada’s approach to cybersecurity education last year at the University of Waterloo’s CPI conference. There Charles Finlay from the CyberCatalyst talked about how other smaller countries focus on a collaborative approach to cybersecurity that creates a coherent ecosystem of partners who support rather than compete against each other. In the asymmetrical world of cybersecurity where attackers have every advantage in terms of anonymity, it isn’t just criminal organizations working the dark end of the internet in 2023, it’s authoritarian nation states with fully developed offensive cyber operations. Without collaboration, democracies will dissolve in the chaos of our networked world.


We have the resources,
cooperation is what’s missing.

In the year since I’ve been working to establish connections between the many entities in Canada’s cybersecurity industry intent on education and career pathways illumination, but what I’ve found are siloed organizations (private, public and NFP) fixated on IP and market share whose idea of collaboration is creating partnerships to defeat what they perceive as competition. This isn’t collaboration so much as it’s about combining resources to compete more effectively.


This monopolistic approach is partly the result of how Canada funds cyber-education and industry awareness. By creating competition for funding, potential collaborators are turned into competitors and the possibility of mutual support becomes impossible. A great example are all the competing networks, alliancesconsortiums, catalysts and councils – all of whom claim to be creating a collaborative ecosystem under their leadership. Finding funding and piling onto this chaos seems to be the way in Canada. This has been a great frustration and a repeating theme on Dusty World over the past year:

Creating A Canadian Cybersecurity Ecosystem (Oct ’22)

How Cybersecurity Might Become More Diverse, Equitable and Inclusive (Dec ’22)

You Want to Teach WHAT?!? Reconfiguring Technology in Schools to Empower Pedagogy (Oct ’23)

Cyber Education in Canada is Broken, Here’s How to Fix It (Nov ’23)


***


The majority of attacks are US focused, but if
you consider Canada has 1/10th the people, we
actually face similar numbers of attacks per capita.

One of the ways I’ve escaped Canada’s siloed approach to, well, pretty much everything, is to look internationally for organizations interested in working collaboratively on the cyber-problem. That would be the one where we put all our critical infrastructure onto a global network that was never designed to be secure and then struggle with wave after wave of increasingly automated cyber-attacks in an environment where the attack surface has become impossibly complicated post COVID.

I started by looking at the World Economic Forum’s review of the new US Cyber-Strategy, which is focusing on protecting critical infrastructure and improving collaboration both domestically and internationally to create more effective cyber-defences. Canada’s strategy is designed to encourage competition rather than collaboration and has resulted in our being one of the most targeted countries globally

The US strategy seems to be aware of this North American predilection for relentless market dominance fixated competition and is attempting to put resources into a collaborative mindset. That approach became apparent to me when I attended the Global Conference on Cyber Capacity Building this fall.


***


Through looking into WEF and the UN I came across the Global Forum for Cybersecurity Excellence (GFCE). In June I pitched this proposal on helping cybersecurity practitioners become aware of the coming threats to encryption that quantum computing brings: GFCE Proposal – Cybersecurity in the Age of Quantum Advantage.docx. The elevator pitch is: quantum computing will break most of the encryption standards we depend on for everything from our online financial systems to military communications in the next decade, and likely much sooner.

The GFCE got back to me and said they felt that quantum awareness was an important piece of the puzzle and a good fit with their Global Conference on Cyber Capacity Building (GC3B) happening in Accra, Ghana at the end of November. They invited me to develop the research and present it at the event.. I’m currently seconded with both ICTC working on cyber-education outreach and the Quantum Algorithms Institute developing education for quantum readiness. QAI supported this research and I got in touch with Louise Turner, a former student now in the inaugural cohort of cybersecurity at Queens University, and she and I put the paper together.




While doing two jobs I beavered away on the paper in the background and Louise (who was juggling her third year course load) and I managed to get the paper in on time. While all that was going on we were both jumping through the hoops in terms of visas and medical requirements to take what would be both of our first trips to Africa.


It all came together at the end of November and we found ourselves at Pearson Airport in Toronto getting on a plane to Washington and then across the Atlantic to Accra. The entire process felt insurmountable, but I’ve found that if you chip away at seemingly monumental projects like this you get the pieces in place – just don’t expect it to happen all at once and pace yourself.

A particular frustration was all the dead ends I chased in terms of finding support for both the research and going to the event itself. I was disappointed to not get support from organizations I have long relationships with who claim to champion just this sort of digital engagement. I went out of my way to attend academic events, but when I asked any of my contacts in those organizations about support, I found the doors firmly closed. Every form of federal support is safely locked to academic partnerships in a way that makes it impossible for anyone but an internal PhD to claim them; those Canadian silos are exceptionally good at taking care of themselves. I talked to many professors in a multitude of schools but they all disappeared back into their funded, tenured worlds after making noises about how important this kind of work is. That’s ok, we did it ourselves.

***


It was snaining in Toronto when we left, but on the ground in Ghana after 12 hours of misery in a middle seat next to the only guy bigger than me on the plane (why don’t airlines use smart tech to arrange seating better?), we found ourselves on the ground in Africa! The VISA support by the Ghanese government had been spectacular in Canada and the hospitality was just as special at the Accra Airport. A senior military officer ushered us through customs in seconds and out to the GC3B desk where we got connected to our hotel and suddenly found ourselves tearing through Accra traffic, stunned by the sights and sounds… and heat (Accra is only 600kms north of the equator)!

 
The conference flags were all around the city. From our anonymity in Canada, we suddenly found ourselves at a very welcoming international event.


The Accra City Hotel was where we’d been put up for the conference and was only a ten minute drive from the very fancy Kempinski Hotel where the conference was taking place. We had lunch and then collapsed in our rooms for the afternoon after over 24 hours on the road.


The week before we’d built a powerpoint: QAI GFCE cyber in the age of quantum research presentation.pptx that was designed to gently introduce cybersecurity policy and technical practitioners to quantum computing. We went over it after our afternoon naps on the pool deck in the sweltering heat and humidity of an Accra evening. Louise helped pioneer women in cybersecurity in our school back in 2018/19 when she was in grade 10 and I’ve known her ever since, so we knew each other’s strengths and felt ready to go with the presentation the next morning. That night we had a fantastic Ghanan buffet and then hit the hay.


Since we were presenting on the periphery of the main conference we got to meet the Global Forum for Cyber Excellence working groups who were the organizers of the research presentations. This gave us ‘behind the scenes’ access to the conference before the main event kicked off the next day. It quickly became apparent that the research presentations needed more time to do them justice. We heard from researchers from all over the world studying everything from regionally specific cyber challenges to international projects on how cyber is presented in the media – to call it fascinating would be an understatement.


Louise and I stepped up for our presentation and knocked it out of the park. We’d de-tuned the technical details in it (Louise was happy to get into explaining how lattice based mathematical encryption actually works), but the GFCE was keen to focus on making it an introduction to quantum computing and how it will change cyber practices in the next few years. My being a teacher was considered a benefit in introducing this technology that is often obscured by academics fixating on its technical complexities. To ensure equitable access we focused on ensuring everyone had access to publicly available research that would assist them in further exploring the technology. This is an area where Canada excels – putting publicly available material online for anyone in the world to access, so we made good use of the many Canadian cyber and quantum resources available.

We must have done well because we were the only presentation who was asked questions by the reviewer running the event and we ended up late to lunch because we had a line of attendees wanting to ask further questions. There is a lot of curiosity out there around quantum technologies but not a lot of people developing accessible education for the public; it tends to be an academically isolated industry.


Our reviewer kept referring to me as Doctor King during her analysis of our paper, but I’ve always been interested in how technology becomes applied rather than working on the academic/theoretical side of things. Applied technology use has been my focus since I migrated decades old paper based engineering paperwork onto Lotus123 back in 1991. I was happy to use my blue collar technician’s approach to putting a pin in the idea that you need a PhD to understand quantum computing. When it comes to the technologies that so influence our lives (as quantum certainly will), I think everyone deserves to understand how they work.

The rest of that first day at the Global Conference on Cyber Capacity Building was fascinating because it wasn’t really about the conference, but instead about the mechanics of the GFCE. By the time we were heading back to the hotel I felt like I’d found my tribe and was determined to see what else I could do with them. This was the collaboration and mutually supportive approach to cyber that I’d been missing.


We wrapped up day one feeling the burn. I’ve never felt so good jumping into a pool after a day of sweating through a suit. While in the water I bumped into one of Nigeria’s cybersecurity leaders and we had a nice chat while watching the sun go down.

The next morning we were up again at midnight our time for a 6am start, and on our way to the Kempinski for the opening of the main event. The conference had swollen in size since we’d seen early setup the day before. Instead of a hundred of so people, over 800 were coming in from over 100 different countries, all intent on seeing how we might work together to make digital transformation more equitable and accessible to all.

I use Twitter as a way to bookmark ideas and resources so I can find them later when I’m building one of these blog posts. My feed from the conference probably tells the story better than a summary here, but to say it was engaging and eye opening would be underselling it. The GC3B worked every angle from policy and diplomacy to technical cooperation and regional partnerships all the way through to international collaboration. It changed the way I see cybersecurity because it moved me beyond the veiled, siloed and somewhat paranoid world of Canadian cyber.


On the second day we were bused over to the park where Ghana’s first president is interred for an end of conference dinner. Like everything else that week, it fundamentally challenged my preconceptions. If indigenous people had overthrown European colonization and established their own representative democracy in the wake of that oppression in Canada, that’s where Ghana is today. The story of Kwame Nkrumah and his efforts to awaken a pan-African culture were fascinating, especially from the perspective of someone living in a resource consumption focused culture where we continue to struggle with our colonial past.

Kwame Nkrumah Mausoleum in Accra – well worth a visit.


On the bus ride over (which was an adventure in itself – African commuter buses have drop down seats so the bus is shoulder to shoulder in every row without an exit aisle), I was at a loss to understand how we appeared to be the only Canadians at an international conference where over 100 countries were in attendance. The US State Department had helped fund the event, as had the EU, and we’d met Australians and many other Commonwealth nationalities, but not a single Canadian. The Australian told us about how her government’s local office had picked her up at the airport, taken her out for lunch and made sure she was OK at her hotel. Ours sent us a PDF of things to do in Accra.


All of this prompted me ask the Swede sitting next to me how Canada is seen in the international community. I’d honestly expected to hear nice things and assumed we’d simply not been involved in all the clandestine activities of our government at this event, but that’s not what came out. The Swede described Canadian participation in world cyber cooperation to be ‘selfish and minimalist’, which came as a shock despite what I’d observed (it’s a teacher survival mechanism to ignore the worst and assume it’s my misunderstanding). The Estonian in front of us chipped in with, “I think Canada asks what the minimum is to look like they are involved in a project, give it and then that’s the last we hear from them.” Attendees from a dozen other countries all nodded in agreement. I did the most Canadian thing imaginable and apologized for my government and all the organizations that are funded by it – even though they’d all ignored my own requests for support prior to the event.

***


As I floated into the pool later that night pondering how I’m going to dress for the final day of the conference with a suit jacket soaked through with sweat (I went with just a shirt for the final day), I found that I wasn’t cowed by what seems to be an insurmountable cultural problem we face as a country. Internally we have the resources and education to make cybersecurity a viable pathway. Canada should be poised to help solve the world’s cyber-skills shortage, but instead our plan is to (as it has been in so many other cases) take that talent from other places that need it for our own ends, and do as little as possible to support international cyber development to ensure an equitable digital transformation for all.

I’m a fan of Paul Theroux’s travel books. His trip across Oceania ends in Hawaii where he stays at one of the top resorts that is staggeringly expensive. Over the week he finds it coddling and restful, but he comes to the conclusion that when people have money, they mainly use it to keep other people away. The fancy resort provided privacy and a lack of bother from others – that was its main purpose and where the money got spent. Canada is a wealthy country and it seems we use our wealth in much the same way, to isolate ourselves from others. It’s not very flattering.

Over 100 countries in attendance. Didn’t see a single Canadian in any of the dozens of presentations and none were presenting. I know for a fact that Canada has some of the top cybersecurity practitioners on the planet, but they don’t like to share?




***

I arrived at the last day of the conference with a head full of thoughts. This lack of engagement by my country (at least in person, evidently Canada was one of the first to endorse the Accra Call) suggested that the lack of cooperation I see domestically is reflected in our international engagement too. My background and interest is in educational engagement with cybersecurity and other emerging technologies that I feel are essential to students making smart decisions about their futures, so to end the conference I attended Session 4.26: Thinking out of the box to inspire a new generation of cybersecurity talent:
  

You might not have watched that video, but this sort of brainstorming and mutual support is just what we need if we’re going to produce a cybersecure future. This doesn’t happen behind closed doors or at a distance. I hear a lot of Canadians talking about the Canadian government as though it’s distinct from them. This cool distance creates problems with how Canadians understand their own country and their role in it, but this distance also freezes out possibilities for international collaboration, which must be about more than sending money.


I had a great chat in that session on developing cyber talent with a young man from Ghana who had started off as a hacker before coming over to the defenders. He described that journey, especially in a place where you can’t drink the water and social services are often non-existent, as difficult because the payouts for being a bad guy are always going to be better. To hear people who are living in what Canadians would consider poverty talking about how they can work together to create equitable digital transformation that will improve standards of living for all was inspiring. You’d have to be the worst kid of self-serving bureaucratic robot to think otherwise.

***

On the final morning we reconvened at the Kempinski and ended the conference with many promises of future work together. It was inspiring and I couldn’t help but get a bit teary, especially when they included the presentation awards for Ghana’s Student National Cybersecurity Competition


An all-female team won Ghana’s student cybersecurity challenge
Having been deeply involved in Canada’s student cybersecurity competition since its inception, I was interested to see this presentation. Some stats for comparison:
Ghana has 475 high schools, 50 participated in the national student cybersecurity competition, that’s an 11% participation rate. You might think that low but Canada is currently at 0.6% of high schools participating nationally in CyberTitan has been running for six years (the Ghanan CCS is in its third year). The siloed nature of Canada’s regionalized education system (we are the only developed country in the world without a national education strategy) has a lot to do with that.
An all-girl team won the 2023 edition of their SCC. No all-girl team in Canada has ever come close, which makes for an interesting comparison on access to STEM education opportunities between the two countries. If money is used to keep people at a distance, male dominance in cybersecurity is certainly operating along similar lines in Canada. There is much to do in terms of gender equity in the Canadian tech ecosystem.
There were two ministers and other members of parliament at the awards celebration for these students. No member of Canadian parliament, minister or not, has ever attended CyberTitan nationals. Another example of our remote/arms-length governing? At the very least it highlighted the lack of value we seem to place on securing our critical infrastructure in a digital future that will increasingly depend upon it.
***
On the long plane ride home I was reflective. Was it easy doing this thing? Not at all. I spent a lot of time talking myself out of it for various reasons, and burned a lot of cycles trying (unsuccessfully) to find support to do it. Without Louise coming on and helping carry the research load, I think I may well have talked myself out of going, and what a shame that would have been.
Winnie knows how it feels. Whoever is doing Xmas
decorating at Dulles is a bit… chaotic in their approach,
but I like it!

Doing the research outside of my regular working hours wasn’t easy, and managing the many logistical requirements both medical and paperwork wise was also a heavy load to carry, but it’s these extras that I always get the most out of in my work. If you look at my LinkedIn you won’t see me bragging about the work I’m paid to do, but rather the projects I chase beyond those expectations. At the end of the day I’m mission driven. After twenty-years in the classroom and building one of the most successful digital skilling programs in Canada in the most unlikely of places, I want to take what I’ve learned and spark opportunities like that nationally, so more Canadian students can access emerging technologies and make informed decisions about where to go next. That this is a struggle continues to baffle me, but I’m committed to climbing that mountain.

Regrets? None. This wasn’t easy but that’s exactly why we need people to put the work in and make this sort of connection happen. Am I frustrated by Canada’s approach? Yes, but that too is a challenge rather than a loss, and one that we will overcome with vision and determination.
With a renewed commitment we will see a meaningful Canadian presence at the next Global Conference on Cyber Capacity Building taking place in Geneva in two years. I intend to be working with the GFCE by then in their education working group if not elsewhere in the organization. I hope I can bring more Canadians into it too.

from Blogger https://ift.tt/ivjeWAJ
via IFTTT

Accra to Sheringham

 At the end of November I attended the Global Conference for Cyber Resilience in Accra, Ghana. I was on a tight schedule with work expectations so I flew in and out in the same week, but had I the time and resources I would have ridden out. Mapping a route out of the African west coast to Europe is interesting. I got my Ghana visa quickly as part of the conference, but had I ridden out I would have had to do some legwork to get the other countries in order. To ride from Accra to Europe out of Africa would have also needed visas for Ivory Coast, Mali, Mauritania, Western Sahara and Morocco.


A problem with the Mercator map projection that we typically see the world map on is that it shows areas around the equator at scale but then distorts regions as they approach the poles, which is why many people think that Canada is about the same size as Africa when in fact three Canada’s would fit comfortably inside it. This was made plain to me as we passed over Dakar in Senegal and then flew on for nearly another three hours to get to Accra (it’s about the same distance as Toronto to Saskatoon).

Mercator projections were designed to provide true course headings for ships, and they do it well, but they were never designed to show the entire world. This is a Robinson Projection which shows the scale of things much more precisely.

Keeping those African sizes in mind and at an optimistic 400kms per day which includes five border crossings known to eat entire days by themselves, the African portion of this trip is just shy of six thousand kilometres, much of it across the Sahara.

5836kms across some interesting terrain…

I thought I was the first in my family to get out Ghana way, but my Grandad was dropped off there by the Royal Navy in 1940 and then proceeded to support his Hurricane squadron as they drove and flew across the Sahara to get into the war in Libya. They landed at Takoradi, so day one would be a sunrise departure into the equatorial heat (that needs to be felt to be believed) and a six hour ride up the coast to stand on the dock he landed on 83 years ago.

Of course that already puts me behind the 400kms/day average I was aiming at, but after experiencing ‘Ghana Time’ first hand, I suspect that trying to keep to a strict schedule is a sure source of madness in this neck of the woods.

It’s fifteen and a half days at 400kms per to get to the crossing at Gibraltar and I wrapped up the conference on November 30th. If I left December 1st, I could apply twenty days to the Africa portion of the trip and give myself some time for surprises. That’s still a tight schedule though when you consider the borders and terrain I’d be crossing.

If I could be on a ferry on the 20th, I’d be in Spain on the 21st and up in Evora in Portugal at that farm house we stayed at last year in time to meet up with the fam for the solstice. We could put our feet up over the holidays, but I’d eventually push on to Sheringham where I’d have a cottage rented for the rest of the winter and spring. A winter two wheeled insertion into England might require some patience as I’d have to wait for a weather window, though hanging out in Portugal for several weeks during the darkest days wouldn’t be a hardship.

What to do it on? Yamaha has a dealer in Accra, and riding across the Ténéré on a Ténéré has a certain appeal. If I rode a Tiger all I’d be thinking about is the Monty Python sketch the whole time. The Ténéré 700 has an explorer edition for 2024 which has a bigger tank and comes with luggage and such. It’s not the ideal machine for long overland treks, but it could certainly handle any surprises well enough.

If I were to give into my Tiger fixation, the new 900 Rally Pro model does the trick and would handle the days of making distance better.

Of course, given a choice I’d rather get my unsupported old Tiger sorted out and then take it!

I’ve said it before and I’ll say it again, if I had money I’d be dangerous.

from Blogger https://ift.tt/13Eg5Vq
via IFTTT

What You Need To Work in Cybersecurity: the secret sauce

I see a lot of rules based ‘quick fix’ learning opportunities in cybersecurity, and by that I mean short, intensive courses that claim to make you ready for a cyber job by taking a couple of courses. These are usually boot camp style condensed programs that promise to turn an accounting or science student into a cybersecurity practitioner in a single semester by showing you how to use tools x, y and z. They treat cybersecurity as though it’s an office job: we show you the cybersecurity rules and you follow them. You can see how well this is working by the ongoing shortage Canada faces in finding cybersecurity professionals.
I got into cybersecurity with my students in 2017 when we started chasing CyberTitan, but I brought something with us that isn’t typical in the world of STEM: a relationship with technology that is based on a willingness to hack. I don’t like the word hack, it has negative connotations to it in English that have been encouraged by the self appointed masters of STEM (the S&M part), but that willingness to iterate and work outside the expected outcomes is the secret sauce in cybersecurity that many ignore, and a major reason for why I’ve taken to it like I have.
‘Necessity is the mother of invention’ has been the motivating factor in my relationship with technology since the beginning. I moved quickly from off-the-shelf to customized solutions based on experimentation and need. WIthin six months of owning my first home computer (a VIC20), I’d figured out how to copy software using a sufficiently low noise audio deck. My first x86 Windows PC was purchased but quickly modified as I came to need more memory and processing power. By the mid-90s I was building my own computers at a time when many people didn’t own one.
This process was initially powered by curiosity, which many training programs eclipse with the promise of ‘we provide the initiative and knowledge so you don’t have to’ approach – something that has never appealed to me and a major reason why I didn’t start collecting certifications until 2001 (I’d been working in IT for a decade at that point). Schools are bad at this too. Many educators feel that it is their job to impart knowledge in a regimented format (that’s why we call them disciplines!) and assess student understanding with examples of rote learning that emphasize compliance rather than their own understanding of a subject. Many in education call this approach rigorous and disciplined – it’s how they demonstrate credibility.
The Indians have a term for austere innovation: jugaad (non-conventional, frugal innovation) which doesn’t have the pejorative connotations of the English ‘hack’. Jugaad celebrates common sense with a solutions focused approach to creative problem solving without needless bureaucracy. It emphasizes an applied approach to making technology works that is especially needed in an industry like cybersecurity where practitioners are often facing out of the box problems. WIRED recently did an article on a Ukrainian technologist who demonstrated this start-up like approach in the war with Russia. There is even an event in cyber that highlights this out-of-the-box rapid response to an unknown problem: the dreaded zero day vulnerability. Jugaad will get you much further than any amount of rote learning during a zero day attack.
Kintsugi has played a part in
my motorcycling.

There is another term in Japanese that takes the derision found in English out of making old things work. I’ve long enjoyed the concept of ‘kintsugi‘ or ‘golden joinery’, which is the repairing of old things using gold to embellish the fix rather than trying to hide it. In typical Japanese fashion it raises what is seen as banal work in the West to an artform. A concept that combines jugaad’s celebration of a fix beyond rules based approaches with kintsugi’s raising of that fix to an artform is where a good candidate for work in cybersecurity should find themselves inspired. When I started in cyber I found my  IT background helped in terms of understanding the mechanics of what was happening, but my kintsugi powered jugaad approach is what has allowed me to thrive.

This ‘secret sauce’ is often ignored in education and especially in cybersecurity adult retraining. There are some disciplines that tend to attract rules focused types, but that fixation on systemic order blinds them in the edge cases where cybersecurity often operates. Rather than retraining an accountant or rigorously compliant STEM student, I suspect that those exploring subjects like detective work in policing or creatives in the arts would find the skills they’ve honed more effective, but that doesn’t stop everyone from demanding a computer science degree for any job in the industry.
In 2019 after the Terabytches went to CyberTitan nationals we got invited on the local radio station to talk about the experience. The interviewer asked me a good question about our DIY approach to computer tech. I was annoyed at the lack of resources, but he suggested it might be what gave us an edge. He was right, we’d been jugaading and it made us mighty!

There are many jobs in cybersecurity. People who lean toward the jugaad end where they can problem solve without restrictions can find a comfortable fit in operational cybersecurity where they are monitoring real time threats, penetration testing where they are attempting to exploit a client’s system to highlight vulnerabilities, or threat intelligence which focuses on gathering reconnaissance data on threat actors. But even in the policy and compliance work, a willingness to consider and understand threats and solutions that are outside the box is a necessity.
This map of cybersecurity domains gives you an idea of the many specializations that the field offers, though I would argue that in all of them (even those up the compliance end) an ability to work from your own initiative and experience rather a rule book is essential.
Sam Sheepdog & Ralph Wolf know the score.

I sometimes describe cybersecurity types as sheepdogs. I think many in law enforcement also fit this description. You can’t send a goat to fend of wolves, but having a wolf of your own will do the trick. Early on in my transition from IT into cybersecurity I found myself leaning on IT administrative habits that don’t work in cyber, and came to realize that the jobs are very different, though the technology is the same. If you have an IT person running your cybersecurity you’re likely to be constantly surprised by the attacks you face because they tend to see systems in an architectural way rather than as an opportunity to be compromised.

It would be easy to say something silly like, ‘there are no rules in cybersecurity!’ but that’s pointlessly reductive. It would also be easy to describe all the people in it as hackers, but this isn’t true either, though a mentality that tackles problems from a place of curiosity and jugaad is far better than a rules compliant myopic who can’t see beyond the framework they maintain. At the end of all this I firmly believe that you need a bit of the wolf in you if you want to consider a career in cybersecurity. I wish more cybersecurity training and especially adult retraining would emphasize that when looking for candidates rather than demanding STEM grads often missing these skills. If it’s a formulaic job that you’re looking for, cyber isn’t it.
STEM students are often missing skills which “include teamwork, collaboration, leadership, problem-solving, critical thinking, work ethic, persistence, emotional intelligence, organizational skills, creativity, interpersonal communication, and conflict resolution.” Adding an ‘A” to STEM doesn’t fix this, incorporating an iterative, resilient, team-based problem solving mindset into STEM subjects would, but that doesn’t tend to be how we teach them.

Another piece of Canada’s cybersecurity puzzle came into focus from the last post on how our cybereducation system is broken. In response to that, Francois Guay from the Canadian Cybersecurity Network followed up with the observation that the cybersecurity talent pipeline in Canada is also in tatters.

I’ve been thinking about that post and believe all of the responses from both new cybersecurity practitioners and veterans are valid. It would appear that when you try to fix a talent shortage with rushed retraining no one trusts the results. Problems such as absurd requirements for entry level positions like asking for 5 years of experience on a tool that only came out last year or demands for that vaunted yet irrelevant computer science degree continue to strangle entry level workers coming into the field, even though they have hacked (cough) their way through our broken cyber education system to do it.
Not to sound hopelessly jugaad, but the simple solution would be to introduce cybersecurity apprenticeships that give everyone a chance to find those with the right combination of fearless curiosity, critical thinking and tenacity needed to do the job. Students with a background in science and technology might find that they are familiar with the medium that cybersecurity operates in, but that doesn’t mean they’ll be able to handle the demanding stochastic message that working in cyber demands.
I’ve always told my students that if they can bring a willingness to explore, experiment and possibly break things in the process of figuring them out, they don’t need to sweat the technicalities, I can teach them those by harnessing the curiosity they bring with them. I’ve had strong technical students fail in cyber because they lean on systemic approaches to do less. Another favourite adage of mine in the classroom is, ‘if you’re looking for a way to do less, you’ll usually find it.’ Those that want to work in a framework often do it so that they can delineate where they can stop; in other words it’s used as a way to limit their involvement. That’s no way to approach cybersecurity. If solving a problem is a nine to five gig for you, go find work elsewhere.

from Blogger https://ift.tt/J23ZnTt
via IFTTT

Cyber Education in Canada is Broken, Here’s How to Fix It

I’ve been sitting on this one for some time. What’s below is more like brainstorming than a clear solution, but I feel like it’s moving in the right direction…

The Problem: Canada’s Cyber-education system is broken – or doesn’t exist at all

I’ve been ruminating on this since virtually attending the “How to protect our children in an increasingly digital and online world” meeting by Economic Development Ontario and the Canadian Trade commission a couple of weeks ago. James Hayes from Cyber Legends is a man on a mission. His keynote was both insightful and frustrating – the main point being that Ontario (and by extension Canada)’s cyber-education ecosystem is broken. I’d go so far as to say that in most places it doesn’t exist at all; broken implies that there was something there to begin with.


This observation speaks to a cultural challenge that Canada faces. Other countries are able to leverage a collaborative approach to the asymmetrical global threat cyberattacks pose, but Canada’s history and the loose confederation it has produced creates many gaps between levels of government. Those gaps are where cybercriminals operate.


The Problem: cybersecurity, cybersafety and online privacy are barely mentioned in Canadian school curriculum and educators are some of the least digitally experienced professionals able to resolve this skills crisis

In Ontario we’ve mandated mandatory eLearning for all students, but cybersecurity only just got into the computer studies curriculum in this year’s rewrite, and what’s there is thin (it immediately devolves into personal online data awareness and ignores the many interesting technical specialities in cybersecurity). This optional course doesn’t run in most high schools (it was cancelled locally in mine), so this one mention isn’t seen by most students.

Many other provinces don’t mention cybersecurity at all even as they all depend on it every day with networked education technology delivering material in every classroom. Cyberskills are now essential skills if we want to keep the learning happening, but aren’t treated that way in our education systems. New Brunswick is the exception with a full cyber-learning pathway for students interested in heading into the field professionally. Why does that matter? There is a global shortage of cybersecurity professionals, so Canada’s usual approach of immigrating in solutions to its education failings won’t work in this case.

James mentioned teacher cyber-illiteracy in his keynote as well.

Our oblivious response to cybersecurity awareness is part of a larger problem in public education. When I first came into teaching in 2003 I was surprised to see the education system rocking early 90s information and communication technology. Throughout my career education has dragged its feet at every opportunity in terms of adopting digital transformation and the benefits it delivers. The result of this decades long drag is that people in education tend to be less digitally literate than the general population, even as they are expected to teach students essential digital skills like cyber awareness. Teachers are precisely who you want to be raising general cyberawareness and the skills needed to safely navigate our online world, but decades of status quo leadership means educators are missing the digital media literacy necessary to do it.

The Problem: we’re happy to make online edtech solutions mandatory (usually as a cost cutting measure) but a surprising percentage of the people doing it don’t think they should be held legally responsible for its safe delivery

I spoke on a panel about cybersecurity at the Canadian Edtech Summit the week before. The event had an online component so I started a poll aimed at the education administration and technology companies in attendance. Recently the SEC in the US sued a company for their failure to respond to cybersecurity problems that they were very much aware of that resulted in many clients’ data being spilled onto the darkweb. This raises an interesting policy question: should school boards and provincial education ministries be held legally responsible for cybersecurity in Canadian classrooms? Canadian educational ministries and their school boards have increasingly adopted cloud based solutions to reduces costs on what used to be locally managed technology integration, but with internet based ‘cloud’ solutions come cybersecurity responsibilities. This US decision will likely influence our lax cyber responsibility policies in Canada and I was curious what the people implementing these technologies (often poorly) thought of the potential for liability penalties for failing to protect student data (which often also includes staff and family personal data too).

I expected the people delivering online edtech (school boards, ministries, not-for-profits and private edtech companies) to recognize that cybersecurity is very much their responsibility if their technology is vulnerable online. Especially if they are going to demand that students use online learning tools. This should be especially obvious when our ‘clients’ are vulnerable sector children whose safety should be a primary concern.

Most did recognize the importance of taking responsibility for their technology delivery, but I’d love to have a chat with the quarter or so who thought they should be putting student learning online while bearing no legal responsibility for it. One of those people could well be managing your local school board‘s technology department.

If we’ve got a problem with the people delivering online edtech understanding that they are responsible for cybersecurity, we need to back the bus up and clarify those responsibilities with policy – legally binding policy.  I recently saw a memo which said data privacy wasn’t even a paid job in the school board and is done outside of regular work responsibilities by IT staff, most of whom have no cybersecurity experience. Until we begin taking public sector cybersecurity seriously we will continue to see our public services being disrupted by breaches and system failures.

NIST’s cybersecurity framework offers a technical policy approach to cybersecurity that clarifies what organizations need to do to provide viable online security. ISED has a Canadian version called ITSG-33 which is more policy focused.  This isn’t an all or nothing thing with a solution for every problem. Any time you put data online you risk being hacked, but by following these best practices you can at least know you’ve taken reasonable steps towards preventing abuse. What you want to do is get up to Tier 4 of the NIST framework where you’re proactively defending against threats, but public education in Canada can’t get out of tier two because “implementation is still piecemeal”, and no one has “the proper resources needed to protect themselves.” Our cyber failures in Canadian education are the result of both policy and a subsequent lack of funding. I’d hope that we’d follow best practices in protecting student data, but that ship sailed years ago. If that carrot isn’t available, then a legal policy stick might be the only thing left that prompts ministries and schools to make data privacy a priority.

The Problem: Public services in Canada are siloed bureaucracies that are difficult to work with

This isn’t just an education problem, it’s a
CANADA problem. Canada’s history hasn’t
produced a culture that can collaborate
against asymmetrical global threats.

During the panel talk at the EdTech summit one of the speakers said, “working with public school boards is very difficult. It can take years just to find the right person to talk to. Even if you can find that person, they’ll tell you there are no resources.” I talked to Kyle Bokyo, another of the panelists, after the event and we commiserated on this point.

There are not for profits and businesses in Canada who are attempting to provide solutions to Canada’s ongoing cyber-education failures, but attempting to engage with any public service in Canada is a a difficult prospect. If you talk to the ministries they hold up their hands and say they only manage the funding and not the implementation of cybersecurity solutions. If you talk to the regional school boards they say that they aren’t provided resources to do it.

In Canada’s uncoordinated cyber policy landscape I suspect it’s easier to play victim even as you assume greater cyber risk pushing user data into the cloud than it is to develop a coordinated response to this very asymmetrical problem. These gaps in responsibility make it easy for the people being paid to be responsible for the safety of online student data to point the finger at each other, even as breach after breach occurs.

Canada’s failure to
coordinate cyber response
is recognized as an
problem globally
.

What I learned through COVID as a classroom teacher is that the people running public education will ask all manner or ridiculousness just to maintain the illusion of a functional system. It’s what got them into their offices and they aren’t about to jeopardize that. Public education, along with other public services, are insular industries with generational employees and tightly knit networks of political operatives managing them. This might sound like immigrant complaining (and it is), but the best way to get into education ‘leadership’ is to have had family who did it, or marry into one. The next best way is to be willing to maintain the status quo at all costs. Agility and responsiveness aren’t words often applied to this sector.

Cybersecurity in the public education is dangerously under-prioritized even as we continue the rush to cloud based edtech solutions in an attempt to save money. On top of that a surprising percentage of the people delivering these solutions don’t think they should be held legally responsible for its safe delivery. This deadlock suggests that we need policy that not only enforces best cybersecurity practices in education, but also makes resources for it a requirement rather than a politically motivated failure.

But the fix needs to go further in education because we also have a responsibility for providing graduates with opportunities to learn the skills they need to survive in a rapidly changing world; something we’re not doing as many jurisdictions continue to studiously ignore cyber education. The key piece to this puzzle is policy that creates a responsive, responsible Canadian cybereducation system.

The Solution: A Viable 21st Century Canadian Education Ecosystem

As both James and Kyle mentioned in their talks, technology moves so quickly that large public services are always going to struggle to keep up, but an agile edtech sector could help with that. Startups and small businesses can pivot to keep up with technology emergence in a way that larger organizations struggle with – that’s why Google and the rest buy agility rather than trying to produce it in-house. The problem has been Canada’s pigeon hole approach which doesn’t aim to produce a coherent ecosystem of interrelated programs that provide a comprehensive Canadian shield.

As mentioned, the issue of regional school boards and provincial ministries making it difficult for anyone outside of these insular systems from collaborating with them is a key problem. We can’t leverage digitally literate industry partners if they have no way to effectively communicate with education delivery systems.

The solution is to connect the federal government with the Council of Ministers of Education, Canada and The Insurance Bureau of Canada and design a centralized approval process that connects Canadian not for profits and industry edtech expertise with provincial ministries and clears the way for access to credible cybereducation materials and best practices through internal communications with education systems across the country. Instead of individual boards doing cyber badly, a national partnership with a wide range of technology specializations and strengths would work together to build solutions at scale while also ensuring that these solutions are prioritized. This relationship would also prompt meaningful updates to curriculum instead of the current ‘in a bubble’ approach that produces material well short of what is needed to prepare graduates for our technically challenging future.

I made this graphic after last year’s CPI conference
at University of Waterloo
, where I first met James,
Cheryl and Cyber Legends.

In such an environment a startup like James’ Cyber Legends, or an internationally partnered and long running national competition like CyberTitan would pass NIST levels of cyber-review nationally and then be welcomed into a Canada-wide edtech ecosystem that works through each provincial and territorial education ministry directly into school boards. Any edtech company working outside of this framework would find itself where we all do now: on the outside unable to make any significant change. But those who meet this national standard would be considered trusted internal partners with access to federal funding and direct internal access to provincial education at both the ministry and district levels. No more trying for years to find a person who may (or most likely doesn’t) exist in a local school board who is in charge of cybereducation.

This ecosystem would reward collaboration. Members that don’t want to collaborate would find themselves removed. Those that want to do want to partner to build a more secure and digitally literate Canada would work with other members to produce complementary resources that allow teachers from all corners of the country to develop meaningful digital skills, including the difficult ones to deliver like cybersecurity.  These members would find funding and partners who ensure that their programs are successful and always ready to keep up with the impressive rate of technological change we’re all dealing with. This would also give those providing federal funding clear guidelines for who they should be supporting.

The stick would come through policy changes that are both legal and regulatory. Any school board (and by association ministry) not making use of these secure, partner provided resources for improving student data protection would find themselves both liable for any breaches, and also uninsured. Educational cybersecurity would no longer be a political blame game. Local implementation would still very much remain the purview of school districts, and ministries would remain very much in charge of funding their province or territory, but with focused federal support many of the associated expenses would be reduced through the centralization of resources. These savings would also be a carrot. With national cyber standards and partnerships that leverage the strengths of all members of Canada’s education ecosystem (federal government, private industry, national not for profit, education ministries, and local school boards), Canadian students would enjoy access to more Canadian made digital learning opportunities that raise digital fluency in a meaningful way, and they could do this while also exploring cybersecurity in a way that creates a more secure Canada. Imagine what all these cyber-aware students could do for our national security.

We have a habit of regionalizing our approaches to government in Canada, but in the face of wildly asymmetrical threats like cybercrime and (increasingly) international cyber espionage, we need to push back against this culture and build a collaborative defence. In doing so we would also create much richer digital learning opportunities in our schools that make Canada more secure and competitive in the networked, global economy.


The Solution: collaboration doesn’t end locally, regionally or even nationally in Canada

I’m attending The Global Forum for Cyber Excellence’s inaugural Global Conference on Cyber Capacity Building in Accra, Ghana at the end of November. 

“It is paramount for all nations to have the expertise, knowledge and skills to strengthen their cyber-resilience”

I’m presenting a research paper a former student and CyberTitan (Louise Turner) and I have written about the disruption quantum computing will cause to cybersecurity encryption in the coming years. Doing this research with Louise has been both eye opening and very intellectually satisfying, but after 20+ years in the classroom I’m still very much a cyber-educator first and a cyber researcher second. It’s why I invited one of the next generation of cyber professionals to write the paper with me.

Looking at the program for the conference, the lack of talent and focus on developing cyberskills both in the population and in those interested in pursuing work in the industry isn’t a Canada only problem, it’s a global one. If we can repair Canada’s internal cyber-education system, we can then work with international partners to help them do the same. The cyber battlefield inherently favours the anonymity of hackers damaging our systems with impunity for their own gain, but through collaboration the defenders could become mighty.

As the GFCE so eloquently puts it: Nations should work together and support each other with these capabilities, so that no country is left behind in their digital evolution. After all, a chain is only as strong as the weakest link.”  Look for the Accra Call: a global action framework that supports countries in strengthening their cyber resilience being announced during the conference.

from Blogger https://ift.tt/RMSG9zr
via IFTTT

A Colourful SMART Adventures Late in the Season


I’ve been going to SMART Adventures since 2018. As a way to get myself doing things on a motorcycle that I don’t get to do on the road, it’s a great opportunity to expand your riding skills. Getting experience on a variety of different bikes is never a bad thing either.


I’ve had some great days at SMART. A particular highlight was during the deepest, darkest summer of 2020 when I did a full day that started on a trials bike, moved to a brand new GS1250 and ended on a dirt bike. It was a great day of bike learning across three very distinct machines.

Last summer we managed to squeeze in a half day and it was the first time I’d done the expert riding group, which I second guessed myself on being in. Unfortunately the father who dragged his son into it wasn’t so introspective. I spent a good amount of money hoping for expert riding opportunities but the afternoon consisted of watching this kid fall off a bike too big for him that his dad kept demanding he ride, and then watching him drop the second bike we had to go back to get for him into a two foot deep puddle. We ended up spending most of the afternoon picking this kid up or riding back to the base after he broke a bike. I needed this trip to SMART to be a win after that last disappointment.


We tried to arrange a trip up in August but things got complicated (dog died, kid going to college, in-laws being difficult) and it never came into focus. I thought this would be our first year not going up to Horseshoe Valley, but Max’s reading week was at the end of October and the week before the weather looked like it might hold up, so I signed us up for an afternoon, and this time SMART nailed it, though in fairness it’s not their fault if a toxic dad wants to design a miserable afternoon.


Going this late in the season and during the school year means you’re less likely to trip over father/son drama. Max got Dave who was the instructor who taught him both ATVs and dirtbikes previously, and I got Tyler who I hadn’t had before but is an incredibly talented off road rider who also has a knack for finding where I was at in terms of skill and then keeping us at that edge throughout the afternoon – I learned tons.

Having a look around before the ride out, it’s not easy keeping the jealousy in check when it comes to SMART Adventures owner Clinton’s bike collection.


Why are y’all wearing rain jackets? ‘Cause it was raining… a lot! That’s inches deep mud.


We started with some warm ups in the bowl at the base. I’ve been on a 250 CRF Honda before but this time they had a Kawasaki KLX 300 with bar risers which fit me even better. Tyler had me doing riding with one hand while standing up (in mud), which isn’t as easy as it sounds, then rear wheel lock up braking, then both wheels coming as close to locking up the front as we could manage (in the mud). We also did logs and tires, but once Tyler had an eye in on where I was with clutch control and balance we took off into the woods, which were spectacular!


Riding in a thick ground layer of leaves is tricky. You can’t see rocks or mud underneath, but it teaches you to ride looser and float over the surprises without over correcting for them. We did a lot of kilometers through the rain and brilliant colours and the riding was never dull.

I’m always surprised at how physical proper off-roading is. With mid-teens temperatures and the rain gear on I was dripping wet with sweat. I worked hard at using my legs to grip the bike so my arms weren’t putting pressurized inputs through the handlebars. It’s a combination of balance and lower body strength that demands a lot of energy. One suggestion was to turn my feet fractionally into a corner to weight the pegs in the direction I want to go (a Clinton Smout move) and it works!

We got back for a break but before I parked the Kwak we did K turns. The idea is if you get stuck going up too steep a hill you let the bike stall in gear (or kill the motor in gear) and then roll it backwards leaning into the hill and letting out the clutch bit by bit as you turn the back end until you’re parallel with the hill (still leaning up it). The tricky bit is once you’re near parallel having backed up on the clutch, you start turning the handlebar lock to lock and the bike’s nose will fall under the twisting to face downhill. You then stand it up and roll on down. The final move was to bump start the bike. You do this by leaving it in third gear and dropping the clutch at the bottom of the hill as you sit down on the seat. It sounds like a lot of gymnastics but I got it to work on the second try. Tyler said it can really save your bacon if you get stuck on a big adventure bike on too steep a hill.


Just when I thought it couldn’t get better, Tyler went and got a couple of the new Surron electric dirt bikes out of the lockup. He gave me the bigger Storm model and then told me (jokingly) not to get it wet. We left both bikes in economy mode because of all the wet leaves over mud. Tyler described ‘S’ Mode as ‘scary’, and don’t press turbo! 

383 ft/lbs of torque in mud and wet leaves? What could go wrong?!?


I hadn’t dropped the big Kawasaki all afternoon despite the crazy conditions. I should have four times but saved it each time. Being able to practice saves is one of the best parts of SMART. I genuinely got to do things on a bike I’ve never done before, which is the whole point. Sounds ominous, right?

We got out into the woods again and both Tyler and I were down in the first five minutes, but not because the Surron was a torque monster (it’s actually easy to get the hang off). It’s the lack of clutch after riding one all day that caught me out. I was sliding down the muddy side of a trail covered in leaves and went to pull in the clutch to drop a gear, except the clutch is the rear brake and the Surron doesn’t have gears. The bike was out from under me in an instant. Here’s a pic from right after – check out that mud!


I finally got myself back on the bike after I slipped in the mud again throwing a leg over it and we went down a second time. The bike took a minute to ‘re-arm’ because I’d popped one of the brake sensors out, but Tyler figured it out and we were off again.

We made tracks after we both learned not to use the rear brake like a clutch.


That’s Tyler – ace instructor!

Interesting choice of name, great bike!

No one went down again and by the end of a forty minute blast through the woods and into the trails beyond the SMART owned land, I was getting a feel for the Surron (not Sauron from LotR). Being able to focus on riding without worrying about gears and clutches was one part of it. By the end I was getting crafty with the hand operated brakes. The other piece is the silence. When you goose it the bike roosters dirt like a mad thing, and it’s properly quick. The only noise it makes is once you’re up to speed and it’s a ghostly whine, which suited the October hallowe’en woods. I could hear rain hitting leaves as we whispered through the trees.


Where am I at with an electric dirt bike? If I owned a Surron I’d play with the settings so the energy recovery/gearing pulled a bit more and provided more of what feels like engine braking. That would have prevented the spill on the hill. So much of dirt biking is clutch though. You manipulate the clutch continuously to offer smoother power delivery, especially in tricky conditions. A dirt bike without a clutch and gearing is missing a key control, not to go faster, but to manage the power better. The throttle on the Surron felt a bit wooden after riding the big Kwak all afternoon, but that may well have been because I couldn’t feather the Surron’s power delivery with a clutch..

The upside is the silence when riding, though it isn’t really silent with that ghost whine. It did make me miss the thud of the thumper, and the simplicity of the controls (no clutch, no gears) lets you concentrate on other things, but at the cost of simplifying the riding which I have mixed feelings about.  Aesthetically, a bike having a heartbeat is pleasing, though I could get used to that ghostly howl.

The older much used Kawasaki went through all sorts of gymnastics during the afternoon without missing a beat, while the Surron needed TLC after one drop, which doesn’t bode well for its resilience. I’d describe my first time on an electric dirt bike as interesting, but they’re not ready for prime time yet. If I were to buy a dirt bike tomorrow it would be a fuel injected ICE model that is decades into its evolution rather than an ebike that’s at the beginning.


SMART was running a regional trials event that weekend and I asked Tyler about electric trials bikes, but he said most riders are still using ICE models – once again because the clutch offers much more nuanced control. I suspect electric bikes will end up adopting something like a clutch to allow for that finer control, though they don’t need gears so perhaps the clutch is simply another electronic intervention. It’s just a matter of time for this to all get worked out, but they’re not quite there yet.

As we pulled in to SMART a red fox fan across the parking lot, and I saw wild turkeys and what might have been a coyote in the woods. We clambered out of our muddy gear past 4pm and got changed before heading up the road to Vetta Nordic Spa where we put our aching muscles into various hot waters as we watched the moon rise through the skeletal trees. Yes, the rain stopped and clouds blew over pretty much the minute we stopped riding, but the weather is part of what made it such a good afternoon of riding! As a way to wrap up the riding season (it was snowing the following weekend), there are few better.


You should go!


from Blogger https://ift.tt/wALiW70
via IFTTT

A.I. Isn’t What You Think It Is

 I’ve been in a series of presentations over the past couple of months where organizations are getting frantic about catching the ‘AI Wave’. This urgent need to feel like they aren’t missing out on a fad is understandable, but like so many emerging technologies, getting ‘into it’ won’t be effective if you ignore the foundations its built on, and the foundations of AI and the technology itself are… problematic.

You can’t have ‘generative’ AI without massive data sets to train it on. This data is scraped from the internet and then fed into systems that can eventually give users “a statistically likely configuration of words” that look like an answer. That’s right, the brilliant answer you just got on a generative AI platform isn’t really an answer, it’s a cloud computer cluster giving you its best guess based on crowdsourced data. None of that stops people from thinking it’s intelligent (it isn’t), and being in a panic about missing out.

Putting the fact that AI isn’t nearly as smart as the marketing portrays it aside for a moment, large data and the cloud infrastructure that stores and delivers it are a house of cards teetering on the edge of collapse. You can’t have AI without climbing to the stop of this wobbly infrastructure. How precarious is it? Data growth worldwide is in an explosive phase of growth (partially driven by the AI fad). Our overloaded storage infrastructure is under pressure because AI uses it much more aggressively that simply storing information. AI demands fast data retrieval and constant interaction making the rise in AI particularly problematic for our stressed storage systems.

We’re facing data storage shortages in the next couple of years because of our belief that the cloud is an infinite resource. It isn’t, it’s an artfully hidden technological sleight of hand. The irony is that our digital storage infrastructure limitations will also end up limiting our current crop of AIs as well.

The staggering environmental costs that underlie our myth of an infinite digital cloud haven’t  been mentioned yet, but like many of our other ecological marketing myths (electric vehicles) pushing the messy business of how it works out of sight of the consumer is a great way to market a green future while doing the opposite. Data centres in the US consumer over 2% of all electricity in the country. There are benefits to scaling large data centres, but the trend into the foreseeable future is that the cloud will continue consuming more energy out here in the real world. That we’re increasingly throwing limited resources at building AI guessing machines tells you something about our priorities.

One of the first posts on Dusty World was about dancing in this datasphere twelve years ago. Back then I’d found a quote by Google CEO Eric Schmidt talking about the coming information revolution:

I’d make a distinction between information and data. One is useful, the other is raw binary numbers and storing the majority of it is a complete waste of time and resources. Sussing out information from data is an ongoing challenge. That doesn’t change the fact that the amount of data being generated back then wouldn’t even register on the graph below, which looks like a runaway growth curve – you can make good money from all that data.

So, we live in a world that is well into an aggressive phase of digital growth, though very few people understand how any of that works. Even as we compile more content than we have in the entirety of human history to feed the attention economy, we also decide to play a sleight of hand game with machine learning on massive datasets just to see if it’ll work.

From an educational perspective, AI is in the wild now and ignoring it will only get you and your students in trouble. If we’re going to make functional use of this progenitor of true artificial intelligence, we need to teach the media literacy around it so that people understand what it is, how it works and how best to use it to amplify rather than replace their humanity.

I’ve seen a lot of people panicking about AI taking their jobs away, but if your work output is a statistically likely configuration of words, then you’re not applying much of your vaunted human intellect to the task at hand and probably should be replaced by one of these meh AIs. But if you’re one of those humans who actually thinks, even this stunted AI can be a powerful ally. In a fight for intellectual supremacy who would you think would win?

  1. just machines
  2. just people
  3. an empowered hybrid of the two

The move here during this awkward adolescence of artificial intelligence where we’re faking it until we make it is to leverage the tool to best effect. If effective use of AI speeds up our ability to gain actionable information in the chaos of data that surrounds us, then we can more quickly move on to the next real steps in technology evolution.

The other day I described AI as we currently define it as a hack to keep classical computing ahead of the data tsunami we’re living in. At the time I was surprised by how I described it, but classical computing is reaching the limit of what it can do. For the past few years we’ve been finding speed in parallel processing such as adding computing cores to CPUs rather than making faster CPUs. We’ve also been finding efficiencies in how we manage data such as creating more organized memory caches to better feed our processors. Ultimately, I feel like generative AI in 2023 is another one of these patches. It’s a way to make our overwhelming data cloud more functional to us.

This is from a presentation I’ve been giving that attempts to bring people into a better understanding of the hype. AI (even this meh one) will replace you if you let it, so don’t!

Digital technologies aren’t going to go anywhere, but they are a ‘low resolution’ way to compute. There is also the problem of reducing the complexity of reality to ones and zeroes. Mathematical concepts can help us understand relationships, but they will always be inherently reductive; they’re never the thing itself but a simplified abstraction of it. Digital reduces the world to ones and zeroes and at some point we’ll realize that this isn’t the way.

When we run out of nanometres like we have with electronics, the next step is a big one, but it’s one we’re working on globally as a species right now. In the next decade we’re gong to figure out how to use the building blocks of nature itself to compute at speeds that classical computers can’t imagine. What will this do for our data clogged world? One of my hopes is that it will process much of that data into usable information, information that we can then use to solve this mess we’ve gotten ourselves into.

I’ll weather the current AI hype storm, but if you ask me what I’m really excited about it’s artificial intelligence realized on a faultless quantum computer. The future beyond that moves in directions I can’t begin to guess, and that is exciting. imminent and absolutely necessary if we’re going to prevent a global collapse of human civilization. Some people might get panicky about that, but they’re the same ones who think a cloud based statistical guessing machine will replace them.

from Blogger https://ift.tt/uF8RQPH
via IFTTT

Finding Your Way Around OEM’s Giving Up on Parts Support: Triumph 955i Fuel Injection Seals

With Triumph giving up on my Tiger before I’m prepared to, I’m going to document the research and give details on what works when you’re trying to keep a Triumph 955i’s fuel system working by replacing old o-rings.


This has involved a crash course in o-rings and engine operating temperatures. As I work out a fix here I’ll post details on o-ring sizing, what type works and include data on measuring the intake manifold at temperature.

It’s been all Concours for the past few weeks while the Tiger is laid up. I’m hoping to get the fuel system sorted before the snows fly and I have to wait for next year.


Here are the measurements for the upper and lower fuel injector seals. The classy move by
Triumph would be to open source publish the technical details for all the parts they no longer support so that the rest of us can get on with keeping the history of the marquee alive. With that in mind, here are the deets for the upper and lower fuel injector o-rings:


The thick ones go on top where the fuel injector meets the rail. My best guess is 3mm thick by 1.5cm outer circumference.



The skinny ones go on the bottom where the fuel injector slides into the intake manifold.


My best guess there is 2mm wide by 1.4mm outer circumference. 







Unfortunately, buying off the shelf boxes of o-rings isn’t likely to get you anything that fits. The two below from Amazon didn’t. This thing looks handy: https://www.allorings.com/O-Ring-AS568-Standard-Size-Chart.

The Tiger is a metric bike, so I’ll work in mm (if Triumph went imperial on o-ring, what the actual f***). The thicker o-ring is 1.5cm or 15mm outside diameter (OD) and (I think) about 3.5mm cross section (CS). Looking at that chart, the #203 is a 14.58mm outer diameter with a 3.53mm cross section. That makes it mighty close. What would be nicer would be if Triumph just came out and gave us the precise sizes for these parts it has discontinued. Triumph?


The thinner one is also a 1.5 (ish) mm outer diameter (15mm-ish), but the cross section is thinner – perhaps two and a bit mm, and they have a 2.62mm cross section standard o-ring size. You’d have to hope Triumph didn’t make bespoke o-rings for their fuel injectors, right? For the skinny o-ring I think I’d take a swing at the 2.62mm cross section / 14.43mm (1.443cm) size.

The All O-Rings site also has a good description of the materials you want to get your o-rings in. Nitrile and Viton are what I went with in the pointless Amazon order, but those are the materials you want in a fuel heavy application like this.


That’s the configurator (right) – pretty straightforward, but it sounds like they manufacture each order, which probably won’t make this a viable solution for someone just trying to keep their old Triumph on the road.

If only there was some kind of network of retailers who supported Triumph motorcycles who could order this parts to help their customers keep their older Triumphs rolling… some kind of ‘dealer’ network who understand how parts work and how to order this sort of thing in large enough quantities to make a profit while offering customers what they need.

RESOURCES

How hot motorcycle engines runs: https://blog.amsoil.com/extreme-heat-is-hard-on-your-motorcycle/

Buna (Nitrile or NBR) o-rings: https://sealingdevices.com/o-rings/buna-n-o-rings/

Viton vs. Nitrile o-rings: https://www.nes-ips.com/viton-vs-nitrile-o-rings/

All O-Rings https://www.allorings.com/

They have sizing tools! https://www.allorings.com/o-ring-kits-and-accessories/o-ring-sizing-tools

I’d prefer to use All O-Rings for the parts, but they might be a B2B type of thing, and I’m not a B.

Amazon’s kits:


Turns out Amazon’s shot-in-the-dark kits didn’t work either. There’s more to this o-ring sizing caper to come. I wish I could just 3d print the nitrile o-rings I was looking for (doesn’t look like it’s additive manufacturing friendly).

from Blogger https://ift.tt/Jc48aHG
via IFTTT

You Want to Teach WHAT?!? Reconfiguring Technology in Schools to Empower Pedagogy

Cybersecurity is one of the more challenging subjects to try and bring into classrooms, even though every one of them depends on it every day to function; everything from attendance to lesson content happens via networked computers in 2023.


Few people have advanced digital media fluency when it comes to using software and hardware, but that’s just the tip of the iceberg with cybersecurity. It also depends on skills from many other technical subjects that don’t get much attention in K-12 classrooms, such as software development, networking, information technology, IoT and programming, but not just high level stuff, you also need to be comfortable looking at firmware and low level coding.


Cyber skills aren’t just about leveraging these interdisciplinary technologies though, they’re also about discovering, understanding and resolving the many points of failure inherent in them. This is something most people feel very uncomfortable doing. For the vast majority of users, when technology goes wrong it’s someone else’s problem. Even for the people who build and maintain networks, the dark arts of cybersecurity cause great unease.

One of my hobbies is restoring old motorbikes. There is a strange parallel to cybersecurity in this. Many mechanics won’t touch old machines because they don’t lend themselves to modular parts swap fixes, which is how all modern shops work – technicians don’t fix things, they replace them. Diagnosing an old machine takes patience and sensitivity that many mechanics haven’t learned in our digital world of part numbers, modular engineering and timed repairs to maximize profit. I’ve talked about this before in relation to Matt Crawford’s books and I think there is a corollary with IT and cybersecurity. Many of the people who build and maintain our systems aren’t interested in how they might break, they are only interested in keeping them running as cheaply as possible. That’s good for running your enterprise system as long as there are no surprises, but not so good if you want to build something bespoke or prepare for the many nasty surprises out there.

I was thinking about this challenging situation after attempting to convince school board IT departments from coast to coast about the technical requirements of the CyberTitan/CyberPatriot competition. I’ve been told again and again by people struggling to provide IT support in schools that they won’t run VMWare or Cisco’s Packet Tracer simulator because they:

1) are viruses (they aren’t, though they are a great tool for safely examining them)

2) pose a threat to their systems. They don’t – they actually do the opposite, but training people in the arcane cyber arts scares many of the people managing IT in education.

Virtual machines are used in cybersecurity (and network building) to test software and network environments. By examining a virtual machine cyber operators can explore how a machine has been compromised and what they might try to repair it in a safe (virtual) environment. VMWare is one of the biggest players in this field, and cleaned up at last year’s cybersecurity awards, yet many board IT departments declared it a hazard. I suspect the hazard is in teaching ICT and cybersecurity best practices, and isn’t that a tragedy?

I sympathize with the IT departments I’ve communicated with. They are responsible for running complex enterprise systems that support hundreds or even thousands of users with varying levels of system access (administrators, office staff, teaching staff, building maintenance, and more). That’s more than many IT departments manage in other industries, but educational IT also has to serve tens of thousands of vulnerable sector clients (students), all of whom are coming at them with a staggering array of hardware and software without any real training on it. To make it even worse, most of them will be connecting to these systems using out of date and possibly compromised machines.

An attack surface is a concept that helps cybersecurity types better understand how a bad actor might exploit their network. The software you’re using, the hardware it runs on, the network you’re logging in from, other software installed on your device, the operating systems you’re using, and the systems that connect it all together along with all the cloud based stuff you depend on are all components of a modern attack surface, and the education one is particularly complicated.  

One of the last big network installs I did before I went into teaching was at Glaxosmithkline in the early zeroes. This was a network of hundreds of desktops, hard wired via ethernet into an onsite server that provided all the ‘cloud’ they needed. The desktops all ran the same operating system and software on identical hardware. No one on this network had internet access, closing down a massive headache in terms of attack surface (internet access in a world experiencing a digital skills crisis is a nightmare!). This kind of simplicity is a distant memory in 2023. With our rush to the cloud, attack surfaces now include all the online managed systems we so gleefully replaced our secure networks with. BYOD and off-site work only pile more complexity on.

Comparing that GSK network to any modern education network is an apples to fruit salad comparison. On any day at dozens of school and administrative sites across a board you’ve got a nearly infinite number of different devices logging in, from phones with varying software packages (most of which are probably out of date and may well contain malware) to other personal technology (tablets, laptops, etc) all peppering your network with requests that may be school related or (more often) not.

To try and mitigate this complexity inflation, many boards have dumped computers that do onsite computing (like desktops and laptops) in favour of an easier to manage (because it can’t do much) chromebooks. These simple machines can’t get infected like a fully interactive operating system can, but you’re still susceptible to fake browser extensions and compromised websites. This is usually solved by preventing users from customizing their chromebooks with extensions, further reducing what they can do.

With all this in mind, I was struck the other day by the idea that educational IT departments are missing a key component: a department focused on enabling technology empowered pedagogy (the reason we have schools… remember?). Early on in the edtech revolution we had OSAPAC in Ontario, which vetted software and created a provincial bank of safe to use software for learning digital skills in classrooms. With the rush to cloud based systems, OSAPAC evaporated and most school systems fell in with multi-nationals offering ‘walled gardens’ such as GAFE (Google Apps for Education) or the Microsoft equivalent. As this migration happened, teachers and students lost access to essential digital media literacy opportunities, especially when it comes to advanced digital skills such as 3d modelling, game design or cybersecurity.

A way to combat this skills deflation would be to create local IT support units dedicated to providing teachers with digitally enhanced student learning opportunities instead of starving us of them. I’d go a step further and suggest that the messy enterprise side of things that is such a headache should become the responsibility of the Ministry. Many cost savings and security enhancements could occur from centralizing these systems. It would also mean that students and staff moving between boards would be able to migrate more easily because everyone would be on the same systems. There would also be opportunities to collect provincial data more easily that would support better education policy, not that we like to collect data before making education policies in Ontario.

This does not mean the end of regional school board IT departments. Instead of chasing the tail of impossible enterprise expectations with insufficient funding, they would be provided by a central provincial authority with the secure standards and proper support. Imagine how much we might save if every board in Ontario isn’t reinventing the wheel over and over again with varying degrees of success.

Local school board IT departments would be entirely focused on working with their teachers to find the best hardware, software and cloud based learning opportunities based on the needs of the programs they are running. Instead of saying no and reducing technology access to enhanced pedagogical learning opportunities in our classrooms, our local IT departments would become sources of local technical expertise focused on helping public education close an ongoing digital skills crisis.

I’m writing this in a hotel room in the north end of Toronto the night before attending the Ontario Public Sector Cybersecurity conference. I want to believe that the people at this event are taking the challenges of technology enhanced education, including the tremendously difficult task of engaging with cybersecurity learning, seriously in 2023, but I fear it’s going to be all cartoons and platitudes. Here’s hoping.



from Blogger https://ift.tt/pOYXgiA
via IFTTT