Showing the flag

 

Photograph by author

Do you know National Geographic's Science of Stupid program? That's a kind of Funniest Home Videos, but with a scientific explanation of why someone hit the ground in such a painful way. It’s an educational/entertaining program, so to speak.

I thought of that program when I saw the scene shown above yesterday. A local hotel, where our team had retreated to discuss the way forward, has erected a flagpole atop a gabled roof. It’s cool to have a flag at the highest point of your building, but did they also think about the hoisting and lowering of the flag? Or did they only think of that afterwards? And then they bought a ladder, which turned out to be too short?

The top ladder appears to hang from one hook, which extends through the roof. That hook is slightly above the middle of the ladder, which could make it a nice pivot point when someone is at the top. But luckily the ladder at the top is still tied with a rope. Or no, it isn’t: that is the rope of the flag. Because that ladder is too short, they bought another one and, as it were, pushed it into the other one. Beautiful: when one moves, the other moves with it. The bottom ladder also hangs on a hook, and - if that is the only attachment point, which I don't know - then this ladder can also tip over when there’s someone at the top. All in all, I would not like to be responsible for this flag. By the way, I doubt whether it is hoisted with military precision every day at sunrise and lowered again at sunset.

Are there any Science or Stupid­-worthy events in our profession? Of course there are. It is not always cyber criminals that cause us problems. We can do that to ourselves, too. How many times have we heard about data breaches caused by organizations not having their cloud configuration in order, allowing everyone to access the data? And you may occasionally have sent an email, realizing two seconds later that the wrong name was in the to field. We all make mistakes from time to time, and depending on the nature of the mistake, it impacts our security, the privacy of our data or even business continuity.

There are all kinds of measures to prevent such errors. For example, changes are not immediately implemented in the production environment, but first in the test environment. There you can observe whether that change does exactly what it is supposed to do – no more and no less. Automated deployment then ensures that the change is sent to production exactly as it is, and is not messed up due to a human error (checkbox placed incorrectly, typo made). You can also leverage the four-eye principle and have someone watch what you’re doing. We even do that when we write notes, but then it's called a review. If I write down something that touches on technology, I like to have some technical people check whether I have written any nonsense. Just because I can come up with something doesn't mean it's feasible. I don't want to live in an ivory tower.

In that TV show you see people who have built a jumping ramp themselves and then rush towards it with their bicycles, only to find that the landing is less graceful than they expected. The voice-over, in a slightly mocking tone, provides a discussion about centers of gravity, Newton's laws and why this operation was doomed from the beginning. The message is invariably: first study the laws of nature you are dealing with and adjust your design and movement accordingly. By the way, the result depends on your skills; not everyone, once in the air, is able to obediently keep their center of gravity directly above the bicycle.

Translated into my profession, I would say: first look at rules and regulations, and take them into account during design and construction (security/continuity/privacy by design). If the system needs maintenance, check what you have to take into account and act accordingly. That may take some practice, just like a bicycle stunt. But luckily we have test environments – unlike all those unfortunate stunters.

 

And in the big bad world...

This section contains a selection of news articles I came across in the past week. Because the original version of this blog post is aimed at readers in the Netherlands, it contains some links to articles in Dutch. Where no language is indicated, the article is in English. Actually, this week there aren’t any Dutch articles, but there’s one in German.

• Outlook shares information about you with hundreds of partners (note: this article is on the site of an Outlook competitor and advertises its own product at the end, but the content still seems worthwhile to me).
• Microsoft is also being criticized in an American government report.
• Microsoft Copilot can reveal a lot of confidential information (you can skip the commercials here too).
• A ransomware attack becomes much more expensive if the backups are also affected (again with advertising, but okay).
• the hacker who single-handedly shut down North Korea tells his story here .
• criminals pose as lawyers and confront companies about allegedly violated copyrights.
• the German government gives tips for purchasing and using smart devices. [GERMAN]
• there was a commotion about a backdoor in a popular piece of open source software.