Slashdot Mirror
Vint Cerf: CS Programs Must Change To Adapt To Internet of Things
chicksdaddy (814965) writes "The Internet of Things has tremendous potential but also poses a tremendous risk if the underlying security of Internet of Things devices is not taken into account, according to Vint Cerf, Google's Internet Evangelist. Cerf, speaking in a public Google Hangout (video) on Wednesday, said that he's tremendously excited about the possibilities of an Internet of billions of connected objects. But Cerf warned that it necessitates big changes in the way that software is written. Securing the data stored on those devices and exchanged between them represents a challenge to the field of computer science – one that the nation's universities need to start addressing. Internet of Things products need to do a better job managing access control and use strong authentication to secure communications between devices."
"Internet of things" sounds like some retarded proprietary crap from some big-name company
But until lawsuits make fixing things more affordable than ignoring the gaping holes, you're going to be playing guinea pig. That's just the free market at work.
You teach core and theory and you apply it to whatever the current fad is. It is preposterous for a computer science program to be geared directly to some "thing" that is currently popular or will be.
College is about learning theory and how to apply it, it isn't a vocational program.
What exactly are the upsides of having my fridge, toaster, microwave oven, sock drawer or fork connected to the internet?
My Internet-enabled fridge needs to be developed using proper security procedures which are ummm.... not applicable to any other field such as SCADA or medical database systems that are already in place. Who's smoking the crack here, the journalists or Cerf? I'm betting it's the journalists and that he's misquoted and/or being quoted out of context. Too lazy to RTFA of course...
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Is this really a CS thing? Isn't it an IT thing? Isn't this type of security their problem? Where CS security is at a much lower level?
Wow, whatever you do, please at a minimum lookup "SQL injection" before ever writing a line of internet-connected production code.
"First they came for the slanderers and i said nothing."
Its bad enough that mobile phones and tablets are forced into early obsolescence (I have 2 perfectly viable Transformer Prime Infinity tablets, they're awesome...they just don't get updated anymore. Yes, in that particular case its easy for me to flash in a custom ROM, and I do that, but thats not easy for the average joe, and its not nearly as easy across all devices).
When its a phone its one thing...freagin waste, but at least they're mostly cheap-ish, contract or not. A fridge? A washer/dryer? A car? Smart TVs? Those are another story. And often they get few to no updates. No only is it annoying that features you paid for become useless so quickly, but THAT is a security risk. They'll never get patches or security fixes after the first few months.
If anyone wants to know what specific changes he suggests universities implement, don't bother watching the movie, he doesn't mention it. The interviewer never gives him the chance.
The interviewer does however ask him who the mother of the internet is.
"First they came for the slanderers and i said nothing."
He's not really saying that CompSci programmes should be tailored for Internet of Things. What he's saying indirectly but perfectly clearly to those who are aware of the appalling state of networking security in recent years is that university-level tuition needs to buck up and face the music, because the people they have been releasing into the field are totally inept at designing secure systems. The hundreds of thousands of security problems spread right across the whole Internet speak for themselves.
It's a very important message, and hopefully it will resonate with more than a few CompSci departments. IoT is just being used as an excuse for releasing a high-profile message from a respected person about the very unsatisfactory state of developer competence in the area of secure systems.
Regarding your second point about education versus vocational training, you are right about that, but secure software design and cryptogtaphy are not subjects for vocational training, but very strongly in the domain of CompSci. You have to understand the fundamentals, not just know which functions to call.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
The most explosive *recorded* invention in the history of mankind was the printing press.
And it set Europe on fire.
But this led to the Renaissance.
You can't put the genie back in the bottle.
What is going on now with the internet and mobile devices and communication in general --- like the printing press or like radio or television --- is going to upset the status quo in 57 different ways.
Embrace these ways, understand how they will be used for good (yes --- if you think citizens are upset, just imagine how upset tyrants and governments are --- people in power hate change) ----
Communication advances always causes flowers to bloom --- any heartache always looks dumb and old fashioned in a decade of hindsight, because it yields new freedoms and rights that were never expected. If you doubt this, why do civil right continue to grow and governments to ever more tend to the welfare of their people?
Priest: "Universe from nothing, no laws of physics, sped up time"+ huge discrepancies. Creationism? No. Big Bang Theory
I reject, fundamentally, the idea that 'The Internet of Things' means that every device in one's home should outwardly face the Internet. There is plenty of opportunity for layering. An IP enabled refrigerator can be connected to the internet through some far more secure routing device.
Security zoning functionality and monitoring technology for security purposes needs to see far, far more development than it does at present. Perhaps there are entities and forces out there that don't want us to have security zones and have devices on our home networks actively sniffing and moderating our internal traffic, but we certainly are entitled to that and should make it happen.
That is what computer science programs should concentrate more on, not securing everything as if every single 'thing' is entitled to, or needs to, face the outside world on the public Internet.
"the internet of things" is a reductive concept. It's an unnecessary abstraction layer that just puts more barriers between the programmer and the device. We should be **getting rid of** concepts like this in CS not adding them...
**of course** CS programs have the problems TFA listed...here on /. we know CS programs have areas from improvement
what I object to is the entire notion of "the internet of things" as being a concept worth repeating...it's a nothing phrase that just confuses people
when educating, we need to have concrete theory not hype language
Thank you Dave Raggett
Computer Science has absolutely NOTHING TO DO WITH ANY INTERNET, of "things" or otherwise.
Computer Science needs to change its name so everyone that thinks they know what a computer is can stuff it up their ass. Because CS has nothing to do with computers, and nothing at all to do with software or programming. The "Computer" in "Computer Science" is not, I repeat, is not synonymous with the thing you call "computer" that's on your desk or lap. It means simply "calculator," i.e. one who calculates, or, precisely, that which computes, or to make it really simple for them, that which reckons. They should call it Reckoner Science. Then no one would be confused, no one would fantacize about studying it (because they just love their computer!!) when they go off to college in a year or so, and HR morons would stop requiring CS degreed Windows Administrators or help desk monkeys because that is ridiculous. Mechanics don't need Mechanical Engineering degrees, Nurses don't need an M.D., and corporate america does not need specialized mathematicians furiously installing java browser plugin security updates on all the machines on their network. Think of Computer Sciece as math... then you'll understand how stupid everyone sounds when they say anything about Computer Science. Be a programmer if you want. Programmers do not need a Computer Science degree, or any degree for that matter.
I'm just going put this here:
The Admin and the Engineer
So far as it goes, what he says is true: this 'internet of things' will represent a major challenge to secure and problem if not secured; further, if the present state of security tells us anything, we sure as hell aren't prepared for it, much less what we do right now.
Fundamentally, though, treating it as a 'security' problem is making a dangerous and conceptually limiting mistake. "Security" ensures that a system operates as intended, provides only the access and capabilities intended to various parties, and so on. It Does Not specify who those parties are. Bad news, kids, based on everything we've seen so far, and how everything that was bad on the internet is even worse on 'mobile' and so on, do you really think that even perfect security would do much more than keep small-time criminals from inconveniencing 'respectable' advertisers and subscription-service pushers?
Unless you think that cellphones were some sort of abberation, totally different from everything else because, um, reasons; 'internet of things' is just a polite way of saying "EULAs, crypto bootloaders, 'consumer behavioral marketing', and who knows what else, baked into every device large enough to support some kind of NIC".
Yes, Cerf is correct in that having the 'internet of things' work out slightly better than "Hey, let's sell SCADA to home users!" would be a pretty good idea; but that's not even close to good enough. 'Security' just means that the wishes of the system creater are being followed. Do you think those wishes will be to your benefit?
Need more of trades like learning in schools with teaching with real work skills not theroy with teachers who have been in the Ivory tower for years
At times there can be big software bugs or all of kinds of rush hacks just to get it working much less security issues.
well we need to drop the need college to get jobs part / have of all the non degree classes add up to some thing.
Poor guy, he's so adored but he literally has nothing left.
99% of what network admins do is control access and require authentication. 99% of what's "on the internet" isn't on the internet.
I just don't see what's different for my Fridge compared to my company's intranet.
Yeah...just like Telegraph machines "became" telephones...and a whole ***new way of communicating*** was invented!
You sound like a salesman...like a TED Talk...or maybe a "tech evangelist"
First, we don't need to invent a new word to describe "sea change"...the words "sea change" or any number of synonymous phrases used daily work just fine.
2nd, computing has ****never**** been about "just desktops and servers"
3rd, your understanding of "computing" is fundamentally incorrect
we design devices to accomplish user tasks...we use all available technology (and maybe invent some new stuff) mitigated by cost
"the internet of things" is just a B.S. marketing way to say "making devices that use updated technology to its fullest"
stop it...just stop forever...there is absolutely no reason to ever say the words "the internet of things"...or "connectivity meme"....they are redundant concepts that conjure abstractions needlessly so people who don't understand technology can think they sound smart
Thank you Dave Raggett
A friend told me he wishes for the crapper's flush to be linked to the coffee pot. Smart algorithms will detect his habit of taking a crap on the morning and then preparing coffee, so flushing the toilet should trigger coffee brewing on the right hour ranges, and if the pot is not full of coffee already. Taking a dump is a proxy for presence detection, but also for the intent of drinking coffee.
I suggested that the powers-that-be will spy on him by detecting droppings falling into the water as well as analyzing the shit and storing detailed, minute-precise reports for decades.
The "Internet of Things" is, I think, driven mainly by manufacturers who want people to have an excuse to buy their new thing, which everybody already has, and works fine. Maybe universities should be teaching smartwatch programming too!
No. Universities should teach programming and technology basics. If corporations want to try to convince us all that we need an Internet-connected stapler, they aren't going to go looking for university graduates that have an IoT degree! They'll figure it out all on their own, with people who have ordinary computer science degrees, or even with people who don't have a comp sci degree.
Right after people learn to break up their code into actual functions instead of the standard multi-thousand line long garbage. Oh and of course give everything meaningful names. Can't forget to tell people to actually check their warnings ETC. (I'm sure everyone here that's a programmer/SE/developer can easily expand on all the crazy shit they've seen people do which would come way before this.)
Did you know 80 to 90% of the moderators on slashdot wouldn't recognize a troll even if one dragged them under a bridge.
Apparently what the Internet needs most is yet another buzzword so nebulous, context free and ill defined nobody really understands what it is your talking about.
If "Internet of things" means home automation the technology has been around for decades yet remains a small niche market. "you can ..." scenarios are fun and cool and functional and all yet tend to impart very little useful value to the owner. I don't need or want Internet connected thermostats, light bulbs and toasters. As for security we can't even communicate securely. Email, Telephone/SMS are wholly insecure and trivially spoofed by anyone. Securing a mythical buzzword is not a problem I chose to spend my time perusing.
No one has ever made a safe or lock that could not be broken and no one will ever make a software system that cannot be hacked. The battle between good and evil will never end. This has been the battle of humanity since the beginning. The best we can hope for is to limit the evil of hacking to a dull roar. A hacked Internet connected freezer can spoil hundreds of dollars worth of food or a hacked clothes dryer may set somebody's house on fire. Up until now, only a tiny number of hacks have caused real physical damage. Until the possibility of real physical damage is eliminated for all practical purposes, the so-called "Internet of Things" will be a novelty for the vast majority of people.
A sufficiently advanced simulation is indistinguishable from reality.
So what does he want CS students to learn? Embedded system programming? Control theory? Labview? System safety engineering? Mechatronics? Robotics?
Maybe, but it's high time that when it comes to teaching Networking, IPv6 starts replacing IPv4 as the taught protocol, so that it gets applied more going forward, and does not tie newer graduates to older technology that's hit its limits ages ago
At the CS level, replace IPv4 w/ IPv6 when it comes to teaching TCP/IP and networking
Internet of Things is just a marketing buzzword. Newsflash. We altready have an international network of things. It's called 'internet' and it connects 'computers'.
'Things' can be general purpose computers or any other electronic device that is able to run TCP/IP software.
Ahhh, the sock drawer...
So, it has come to this.
If you give your sock drawer access to the internet, it will hack it's way into the means to put the Large Hadron Collider into turbo boost overdrive, all in order to rip the fabric of space-time to open a portal into Demon Murphy's demension/domain(of Murphy's Law infamy), have a Massive Black Hole FedEx'd into our solar system, and Earth would get sucked into Demon Murphy's Domain, making Hell look like Paradise.
All to hide the true facts about all of those missing socks that we always blame on the washer or dryer.
The upsides are a lie, to answer your questions...but remember to be especially wary of the sock drawer!
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
Hacker's Paradise.
What happens when you are hacked, pwned, 'gamed' 12 ways from Sunday, and have to disconnect to clean up and straighten out the mess?
Is it really worth it at this point in time? Not for me, no way!
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
Personally i think that you miss the point. It's not about security in the real world, it's about the economics of security. No manufacturer will put an advanced security system into dirt cheap consumable devices. It is a joke to even consider iot for most stuff. It's an '80s fantasy that just has no economical value if applied as blindly as the idea suggests.
One of the mayor benefit of a structure like iot is agencies can spy on everything more easily. The question is why we should consider this to be something we are ok with.
That's a false premise. You ASSUME that computer science program is responsible for the lack of security in products because they don't teach security. The fact is businesses that build these products do not promote security because it will cost money. Do you honestly think that some guy who graduates with a CS degree is responsible? Put another way, where do all these security experts get their training?
Use of stored procedures should be enforced at all times. Nothing is worse than letting web hackers to attempt to use SQL. That they were stupid enough to use some overly complex klidge based in an old printer control codes is proof enough of they and their managements unsuitability for building systems.
THANK YOU! Mod post up!!
Yeah because it's not the responsibility of your business to have standards and QA when writing code.....
make the C levels PERSONALLY on the hook for the cost of fixing any security problems unless it can be shown that ALL good security practices were followed.
Any person using FTFY or editing my postings agrees to a US$50.00 charge
For far too long, computing has been about desktops and servers.
Unless you're calling mainframes servers, you seem to be ignoring the most basic, oldest and (until very recently) the most extensive application of computers: doing masses of calculations for business in house.
Apart from a few technology companies here and there, does anyone really want the "Internet of Things"? I have yet to hear someone say, "Gosh, I wish my washing machine were internet-capable". Yes, I understand that tech firms can come up with all sorts of scenarios where they can try to convince us that this technology will be useful, but what have you really gained with an internet-ready appliance, apart from yet another vehicle for advertisement?
Proverbs 21:19
Sounds like a bunch of Windows computers
Thank you Dave Raggett
If you need to depend on QA, then you already suck as a programmer. QA is only a nice double-check for code that is already good.
"First they came for the slanderers and i said nothing."
some overly complex klidge based in an old printer control codes
What on earth are you talking about? What old printer codes?
"First they came for the slanderers and i said nothing."
XML is based on the SGML printer control tag markup "language."
No $170,000 for you (which is low anyways if you are any good.)
Fascinating, I've never heard anyone claim that SGML was for printers. Wikipedia says the purpose was to make machine parsing of large datasets easier.
"First they came for the slanderers and i said nothing."
Heh, sorry if you're bitter about your wage.
"First they came for the slanderers and i said nothing."
It IS a stupid name. We have "smart" cities and devices, but Internet of Things always reminds me of dumb terminals.
The abbreviation is even worse: IoT
tempus fugit