Slashdot Mirror
Vint Cerf: CS Programs Must Change To Adapt To Internet of Things
chicksdaddy (814965) writes "The Internet of Things has tremendous potential but also poses a tremendous risk if the underlying security of Internet of Things devices is not taken into account, according to Vint Cerf, Google's Internet Evangelist. Cerf, speaking in a public Google Hangout (video) on Wednesday, said that he's tremendously excited about the possibilities of an Internet of billions of connected objects. But Cerf warned that it necessitates big changes in the way that software is written. Securing the data stored on those devices and exchanged between them represents a challenge to the field of computer science – one that the nation's universities need to start addressing. Internet of Things products need to do a better job managing access control and use strong authentication to secure communications between devices."
"Internet of things" sounds like some retarded proprietary crap from some big-name company
But until lawsuits make fixing things more affordable than ignoring the gaping holes, you're going to be playing guinea pig. That's just the free market at work.
You teach core and theory and you apply it to whatever the current fad is. It is preposterous for a computer science program to be geared directly to some "thing" that is currently popular or will be.
College is about learning theory and how to apply it, it isn't a vocational program.
What exactly are the upsides of having my fridge, toaster, microwave oven, sock drawer or fork connected to the internet?
I don't understand why people want their $3000 fridges to be bricked by Chinese hackers. Could someone please explain it to me?
Is this really a CS thing? Isn't it an IT thing? Isn't this type of security their problem? Where CS security is at a much lower level?
I really agree that CS degrees need to teach security oriented programming. (a lower level) As you can tell, I barely have any idea what that entails. (I'm about to be a senior at a very minor league university aiming for my CS degree) They teach nothing security related so far. (We have, I think, one of the few nsa sponsored information assurance programs.. they get all the security stuff) I have not taken level 400 classes.. next up will be networking and databases. There is a chance security might be discussed.
Also, when our CS club first started meeting security was a topic we wanted to touch on since it wasn't included in our classes.
I don't think you'd have much trouble convincing our CS department if you had a curriculum to show them.
My Internet-enabled fridge needs to be developed using proper security procedures which are ummm.... not applicable to any other field such as SCADA or medical database systems that are already in place. Who's smoking the crack here, the journalists or Cerf? I'm betting it's the journalists and that he's misquoted and/or being quoted out of context. Too lazy to RTFA of course...
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
yeah, you can make things better, and hopefully it will look nothing like programming now-a-days, but it is going to take a long time
Its bad enough that mobile phones and tablets are forced into early obsolescence (I have 2 perfectly viable Transformer Prime Infinity tablets, they're awesome...they just don't get updated anymore. Yes, in that particular case its easy for me to flash in a custom ROM, and I do that, but thats not easy for the average joe, and its not nearly as easy across all devices).
When its a phone its one thing...freagin waste, but at least they're mostly cheap-ish, contract or not. A fridge? A washer/dryer? A car? Smart TVs? Those are another story. And often they get few to no updates. No only is it annoying that features you paid for become useless so quickly, but THAT is a security risk. They'll never get patches or security fixes after the first few months.
If anyone wants to know what specific changes he suggests universities implement, don't bother watching the movie, he doesn't mention it. The interviewer never gives him the chance.
The interviewer does however ask him who the mother of the internet is.
"First they came for the slanderers and i said nothing."
Mr. Cerf is so right as usual!
He's not really saying that CompSci programmes should be tailored for Internet of Things. What he's saying indirectly but perfectly clearly to those who are aware of the appalling state of networking security in recent years is that university-level tuition needs to buck up and face the music, because the people they have been releasing into the field are totally inept at designing secure systems. The hundreds of thousands of security problems spread right across the whole Internet speak for themselves.
It's a very important message, and hopefully it will resonate with more than a few CompSci departments. IoT is just being used as an excuse for releasing a high-profile message from a respected person about the very unsatisfactory state of developer competence in the area of secure systems.
Regarding your second point about education versus vocational training, you are right about that, but secure software design and cryptogtaphy are not subjects for vocational training, but very strongly in the domain of CompSci. You have to understand the fundamentals, not just know which functions to call.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
The most explosive *recorded* invention in the history of mankind was the printing press.
And it set Europe on fire.
But this led to the Renaissance.
You can't put the genie back in the bottle.
What is going on now with the internet and mobile devices and communication in general --- like the printing press or like radio or television --- is going to upset the status quo in 57 different ways.
Embrace these ways, understand how they will be used for good (yes --- if you think citizens are upset, just imagine how upset tyrants and governments are --- people in power hate change) ----
Communication advances always causes flowers to bloom --- any heartache always looks dumb and old fashioned in a decade of hindsight, because it yields new freedoms and rights that were never expected. If you doubt this, why do civil right continue to grow and governments to ever more tend to the welfare of their people?
Priest: "Universe from nothing, no laws of physics, sped up time"+ huge discrepancies. Creationism? No. Big Bang Theory
I reject, fundamentally, the idea that 'The Internet of Things' means that every device in one's home should outwardly face the Internet. There is plenty of opportunity for layering. An IP enabled refrigerator can be connected to the internet through some far more secure routing device.
Security zoning functionality and monitoring technology for security purposes needs to see far, far more development than it does at present. Perhaps there are entities and forces out there that don't want us to have security zones and have devices on our home networks actively sniffing and moderating our internal traffic, but we certainly are entitled to that and should make it happen.
That is what computer science programs should concentrate more on, not securing everything as if every single 'thing' is entitled to, or needs to, face the outside world on the public Internet.
"the internet of things" is a reductive concept. It's an unnecessary abstraction layer that just puts more barriers between the programmer and the device. We should be **getting rid of** concepts like this in CS not adding them...
**of course** CS programs have the problems TFA listed...here on /. we know CS programs have areas from improvement
what I object to is the entire notion of "the internet of things" as being a concept worth repeating...it's a nothing phrase that just confuses people
when educating, we need to have concrete theory not hype language
Thank you Dave Raggett
Computer Science has absolutely NOTHING TO DO WITH ANY INTERNET, of "things" or otherwise.
Computer Science needs to change its name so everyone that thinks they know what a computer is can stuff it up their ass. Because CS has nothing to do with computers, and nothing at all to do with software or programming. The "Computer" in "Computer Science" is not, I repeat, is not synonymous with the thing you call "computer" that's on your desk or lap. It means simply "calculator," i.e. one who calculates, or, precisely, that which computes, or to make it really simple for them, that which reckons. They should call it Reckoner Science. Then no one would be confused, no one would fantacize about studying it (because they just love their computer!!) when they go off to college in a year or so, and HR morons would stop requiring CS degreed Windows Administrators or help desk monkeys because that is ridiculous. Mechanics don't need Mechanical Engineering degrees, Nurses don't need an M.D., and corporate america does not need specialized mathematicians furiously installing java browser plugin security updates on all the machines on their network. Think of Computer Sciece as math... then you'll understand how stupid everyone sounds when they say anything about Computer Science. Be a programmer if you want. Programmers do not need a Computer Science degree, or any degree for that matter.
I'm just going put this here:
The Admin and the Engineer
So far as it goes, what he says is true: this 'internet of things' will represent a major challenge to secure and problem if not secured; further, if the present state of security tells us anything, we sure as hell aren't prepared for it, much less what we do right now.
Fundamentally, though, treating it as a 'security' problem is making a dangerous and conceptually limiting mistake. "Security" ensures that a system operates as intended, provides only the access and capabilities intended to various parties, and so on. It Does Not specify who those parties are. Bad news, kids, based on everything we've seen so far, and how everything that was bad on the internet is even worse on 'mobile' and so on, do you really think that even perfect security would do much more than keep small-time criminals from inconveniencing 'respectable' advertisers and subscription-service pushers?
Unless you think that cellphones were some sort of abberation, totally different from everything else because, um, reasons; 'internet of things' is just a polite way of saying "EULAs, crypto bootloaders, 'consumer behavioral marketing', and who knows what else, baked into every device large enough to support some kind of NIC".
Yes, Cerf is correct in that having the 'internet of things' work out slightly better than "Hey, let's sell SCADA to home users!" would be a pretty good idea; but that's not even close to good enough. 'Security' just means that the wishes of the system creater are being followed. Do you think those wishes will be to your benefit?
Need more of trades like learning in schools with teaching with real work skills not theroy with teachers who have been in the Ivory tower for years
At times there can be big software bugs or all of kinds of rush hacks just to get it working much less security issues.
well we need to drop the need college to get jobs part / have of all the non degree classes add up to some thing.
Your mom's going to be pissed when she sees what you've been doing with her computer while she's "out for the night".
I disagree strongly with your dismissal. The concept is very important, as it introduces a sea change.
For far too long, computing has been about desktops and servers. Smartphones and tablets opened it up slightly, but "Internet of Things" opens it up a whole lot more, making it understood that all the objects around us are in the process of becoming computing endpoints, communicating not only with our "computers" but also among each other.
You may not like the specific term "Internet of Things" --- I agree that it's a bit naff --- but the actual phrase doesn't really matter. What's important is the new meme that it heralds, and that's worth the neon lights.
Poor guy, he's so adored but he literally has nothing left.
99% of what network admins do is control access and require authentication. 99% of what's "on the internet" isn't on the internet.
I just don't see what's different for my Fridge compared to my company's intranet.
Yeah...just like Telegraph machines "became" telephones...and a whole ***new way of communicating*** was invented!
You sound like a salesman...like a TED Talk...or maybe a "tech evangelist"
First, we don't need to invent a new word to describe "sea change"...the words "sea change" or any number of synonymous phrases used daily work just fine.
2nd, computing has ****never**** been about "just desktops and servers"
3rd, your understanding of "computing" is fundamentally incorrect
we design devices to accomplish user tasks...we use all available technology (and maybe invent some new stuff) mitigated by cost
"the internet of things" is just a B.S. marketing way to say "making devices that use updated technology to its fullest"
stop it...just stop forever...there is absolutely no reason to ever say the words "the internet of things"...or "connectivity meme"....they are redundant concepts that conjure abstractions needlessly so people who don't understand technology can think they sound smart
Thank you Dave Raggett
A friend told me he wishes for the crapper's flush to be linked to the coffee pot. Smart algorithms will detect his habit of taking a crap on the morning and then preparing coffee, so flushing the toilet should trigger coffee brewing on the right hour ranges, and if the pot is not full of coffee already. Taking a dump is a proxy for presence detection, but also for the intent of drinking coffee.
I suggested that the powers-that-be will spy on him by detecting droppings falling into the water as well as analyzing the shit and storing detailed, minute-precise reports for decades.
The "Internet of Things" is, I think, driven mainly by manufacturers who want people to have an excuse to buy their new thing, which everybody already has, and works fine. Maybe universities should be teaching smartwatch programming too!
No. Universities should teach programming and technology basics. If corporations want to try to convince us all that we need an Internet-connected stapler, they aren't going to go looking for university graduates that have an IoT degree! They'll figure it out all on their own, with people who have ordinary computer science degrees, or even with people who don't have a comp sci degree.
Right after people learn to break up their code into actual functions instead of the standard multi-thousand line long garbage. Oh and of course give everything meaningful names. Can't forget to tell people to actually check their warnings ETC. (I'm sure everyone here that's a programmer/SE/developer can easily expand on all the crazy shit they've seen people do which would come way before this.)
Did you know 80 to 90% of the moderators on slashdot wouldn't recognize a troll even if one dragged them under a bridge.
Apparently what the Internet needs most is yet another buzzword so nebulous, context free and ill defined nobody really understands what it is your talking about.
If "Internet of things" means home automation the technology has been around for decades yet remains a small niche market. "you can ..." scenarios are fun and cool and functional and all yet tend to impart very little useful value to the owner. I don't need or want Internet connected thermostats, light bulbs and toasters. As for security we can't even communicate securely. Email, Telephone/SMS are wholly insecure and trivially spoofed by anyone. Securing a mythical buzzword is not a problem I chose to spend my time perusing.
No one has ever made a safe or lock that could not be broken and no one will ever make a software system that cannot be hacked. The battle between good and evil will never end. This has been the battle of humanity since the beginning. The best we can hope for is to limit the evil of hacking to a dull roar. A hacked Internet connected freezer can spoil hundreds of dollars worth of food or a hacked clothes dryer may set somebody's house on fire. Up until now, only a tiny number of hacks have caused real physical damage. Until the possibility of real physical damage is eliminated for all practical purposes, the so-called "Internet of Things" will be a novelty for the vast majority of people.
A sufficiently advanced simulation is indistinguishable from reality.
So what does he want CS students to learn? Embedded system programming? Control theory? Labview? System safety engineering? Mechatronics? Robotics?
I watched it live and Leo was moved to tears after it ended.
Maybe, but it's high time that when it comes to teaching Networking, IPv6 starts replacing IPv4 as the taught protocol, so that it gets applied more going forward, and does not tie newer graduates to older technology that's hit its limits ages ago
F- that. The IoT crap needs to go away. It's the same marketing hype as the "Information Superhighway" and more dangerous.
Internet of Things is just a marketing buzzword. Newsflash. We altready have an international network of things. It's called 'internet' and it connects 'computers'.
'Things' can be general purpose computers or any other electronic device that is able to run TCP/IP software.
The thing is, cryptology isn't a basic part of computer science. As a topic of C.S. students, it's not near as fundamental as algorithms; functional, imperative, and object-oriented design; compilers; networking; and discrete math (and that's just off the top of my head). It's rightfully an elective, like graphics or device drivers. The only thing I'd argue for it is that it should be offered more widely. I think it's got cachet with most C.S. students, and most would want to take it as an elective, but it's not offered enough.
Besides, the finger to point here is at people who don't know what they're doing and proceed anyway. Maybe C.S. programs need to take up "Not being a lazy fuck-up lacking in self-awareness when it comes to the limits of your knowledge" as a part of the core curriculum.
Ahhh, the sock drawer...
So, it has come to this.
If you give your sock drawer access to the internet, it will hack it's way into the means to put the Large Hadron Collider into turbo boost overdrive, all in order to rip the fabric of space-time to open a portal into Demon Murphy's demension/domain(of Murphy's Law infamy), have a Massive Black Hole FedEx'd into our solar system, and Earth would get sucked into Demon Murphy's Domain, making Hell look like Paradise.
All to hide the true facts about all of those missing socks that we always blame on the washer or dryer.
The upsides are a lie, to answer your questions...but remember to be especially wary of the sock drawer!
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
Hacker's Paradise.
What happens when you are hacked, pwned, 'gamed' 12 ways from Sunday, and have to disconnect to clean up and straighten out the mess?
Is it really worth it at this point in time? Not for me, no way!
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
Personally i think that you miss the point. It's not about security in the real world, it's about the economics of security. No manufacturer will put an advanced security system into dirt cheap consumable devices. It is a joke to even consider iot for most stuff. It's an '80s fantasy that just has no economical value if applied as blindly as the idea suggests.
One of the mayor benefit of a structure like iot is agencies can spy on everything more easily. The question is why we should consider this to be something we are ok with.
Wow, it sounds like thing Intenet of Things is going to change everything in CS then!
Will the complexity of sorting algorithms be different for "things"?
Wil compilers need to use different parsing algorithms for "things"?
Perhaps Turing machines and Pi-calculus will all be replaced by "Things" ?
Maybe some "Things" will be able to solve the halting problem and make vast swathes of computability theory out of date?
Will "things" prove the existence of NP-hard problems, or one-way functions ?
if so, I look forward to this new revolution in computer science !
otherwise -- ignore.
The designers do know how to create secure systems, they do know they should do so. The ones paying their wages don't want to waste time on security. Add more features instead. Understanding fundamentals mean jack shit when the first to market takes home the whole pot. While EULAs that tell nobody is responsible and if shit braks it's tought luck are enforceable wasting time on security is just that, a waste.
That's a false premise. You ASSUME that computer science program is responsible for the lack of security in products because they don't teach security. The fact is businesses that build these products do not promote security because it will cost money. Do you honestly think that some guy who graduates with a CS degree is responsible? Put another way, where do all these security experts get their training?
THANK YOU! Mod post up!!
make the C levels PERSONALLY on the hook for the cost of fixing any security problems unless it can be shown that ALL good security practices were followed.
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Apart from a few technology companies here and there, does anyone really want the "Internet of Things"? I have yet to hear someone say, "Gosh, I wish my washing machine were internet-capable". Yes, I understand that tech firms can come up with all sorts of scenarios where they can try to convince us that this technology will be useful, but what have you really gained with an internet-ready appliance, apart from yet another vehicle for advertisement?
Proverbs 21:19
Sounds like a bunch of Windows computers
Thank you Dave Raggett
if a larger number of Computer Science students have an opportunity to learn real-world, effective security techniques, along with exploratory research into new areas - in particular, mobile devices - then that would lead to much cheaper costs for a company to maintain proper security on their devices and/or apps.
Zontar's "touched in the head": schizophrenic multiple personality disorder http://slashdot.org/comments.p... + manic depression http://slashdot.org/comments.p... now go take those meds, you whacko!
Zontar's "touched in the head": schizophrenic multiple personality disorder http://slashdot.org/comments.p... + manic depression http://slashdot.org/comments.p... now go take those meds, you whacko!
It IS a stupid name. We have "smart" cities and devices, but Internet of Things always reminds me of dumb terminals.
The abbreviation is even worse: IoT
tempus fugit