Hacking

I am joining the ranks of self-proclaimed productivity experts: Do you feel distracted by social media? Do you feel that too much scrolling feeds transforms your mind – in a bad way? Solution: Go find an online platform that will put your mind in a different state. Go hacking on hackthebox.eu.

I have been hacking boxes over there for quite a while – and obsessively. I really wonder why I did not try to attack something much earlier. It’s funny as I have been into IT security for a long time – ‘infosec’ as it seems to be called now – but I was always a member of the Blue Team, a defender: Hardening Windows servers, building Public Key Infrastructures, always learning about attack vectors … but never really testing them extensively myself.

Earlier this year I was investigating the security of some things. They were black-boxes to me, and I figured I need to learn about some offensive tools finally – so I setup a Kali Linux machine. Then I searched for the best way to learn about these tools, I read articles and books about pentesting. But I had no idea if these ‘things’ were vulnerable at all, and where to start. So I figured: Maybe it is better to attack something made vulnerable intentionally? There are vulnerable web applications, and you can download vulnerable virtual machines … but then I remembered I saw posts about hackthebox some months ago:

As an individual, you can complete a simple challenge to prove your skills and then create an account, allowing you neto connect to our private network (HTB Labs) where several machines await for you to hack them.

Back then I had figured I will not pass this entry challenge nor hack any of these machines. It turned out otherwise, and it has been a very interesting experience so far -to learn about pentesting tools and methods on-the-fly. It has all been new, yet familiar in some sense.

Once I had been a so-called expert for certain technologies or products. But very often I became that expert by effectively reverse engineering the product a few days before I showed off that expertise. I had the exact same mindset and methods that are needed to attack the vulnerable applications of these boxes. I believe that in today’s world of interconnected systems, rapid technological change, [more buzz words here] every ‘subject matter expert’ is often actually reverse engineering – rather than applying knowledge acquired by proper training. I had certifications, too – but typically I never attended a course, but just took the exam after I had learned on the job.

On a few boxes I could use in-depth knowledge about protocols and technologies I had  long-term experience with, especially Active Directory and Kerberos. However, I did not find those boxes easier to own than the e.g. Linux boxes where everything was new to me. With Windows boxes I focussed too much on things I knew, and overlooked the obvious. On Linux I was just a humble learner – and it seemed this made me find the vulnerability or misconfiguration faster.

I felt like time-travelling back to when I started ‘in IT’, back in the late 1990s. Now I can hardly believe that I went directly from staff scientist in a national research center to down-to-earth freelance IT consultant – supporting small businesses. With hindsight, I knew so little both about business and about how IT / Windows / computers are actually used in the real world. I tried out things, I reverse engineered, I was humbled by what remains to be learned. But on the other hand, I was delighted by how many real-live problems – for whose solution people were eager to pay – can be solved pragmatically by knowing only 80%. Writing academic papers had felt more like aiming at 130% all of the time – but before you have to beg governmental entities to pay for it. Some academic colleagues were upset by my transition to the dark side, but I never saw this chasm: Experimental physics was about reverse engineering natural black-boxes – and sometimes about reverse engineering your predecessors enigmatic code. IT troubleshooting was about reverse engineering software. Theoretically it is all about logic and just zero’s and one’s, and you should be able to track down the developer who can explain that weird behavior. But in practice, as a freshly minted consultant without any ‘network’ you can hardly track down that developer in Redmond – so you make educated guesses and poke around the system.

I also noted eerie coincidences: In the months before being sucked into hackthebox’ back-hole, I had been catching up on Python, C/C++, and Powershell – for productive purposes, for building something. But all of that is very useful now, for using or modifying exploits. In addition I realize that my typical console applications for simulations and data analysis are quite similar ‘in spirit’ to typical exploitation tools. Last year I also learned about design patterns and best practices in object-oriented software development – and I was about to over-do it. Maybe it’s good to throw in some Cowboy Coding for good measure!

But above all, hacking boxes is simply addictive in a way that cannot be fully explained. It is like reading novels about mysteries and secret passages. Maybe this is what computer games are to some people. Some commentators say that machines on pentesting platforms are are more Capture-the-Flag-like (CTF) rather than real-world pentesting. It is true that some challenges have a ‘story line’ that takes you from one solved puzzle to the next one. To some extent a part of the challenge has to be fabricated as there are no real users to social engineer. But there are very real-world machines on hackthebox, e.g. requiring you to escalate one one object in a Windows domain to another.

And if you ever have seen what stuff is stored in clear text in the real world, or what passwords might be used ‘just for testing’ (and never changed) – then also the artificial guess-the-password challenges do not appear that unrealistic. I want to emphasize that I am not the one to make fun of weak test passwords and the like at all. More often than not I was the one whose job was to get something working / working again, under pressure. Sometimes it is not exactly easy to ‘get it working’ quickly, in an emergency, and at the same time considering all security implications of the ‘fix’ you have just applied – by thinking like an attacker. hackthebox is an excellent platform to learn that, so I cannot recommend it enough!

An article about hacking is not complete if it lacks a clichéd stock photo! I am searching for proper hacker’s attire now – this was my first find!

Infinite Loop: Theory and Practice Revisited.

I’ve unlocked a new achievement as a blogger, or a new milestone as a life-form. As a dinosaur telling the same old stories over and over again.

I started drafting a blog post, as I always do since a while: I do it in my mind only, twist and turn in for days or weeks – until I am ready to write it down in one go. Today I wanted to release a post called On Learning (2) or the like. I knew I had written an early post with a similar title, so I expected this to be a loosely related update. But then I checked the old On Learning post: I found not only the same general ideas but the same autobiographical anecdotes I wanted to use now – even  in the same order.

2014 I had looked back on being both a teacher and a student for the greater part of my professional life, and the patterns were always the same – be the field physics, engineering, or IT security. I had written this post after a major update of our software for analyzing measurement data. This update had required me to acquire new skills, which was a delightful learning experience. I tried to reconcile very different learning modes: ‘Book learning’ about so-called theory, including learning for the joy of learning, and solving problems hands-on based on the minimum knowledge absolutely required.

It seems I like to talk about the The Joys of Theory a lot – I have meta-posted about theoretical physics in general, more than oncegeneral relativity as an example, and about computer science. I searched for posts about hands-on learning now – there aren’t any. But every post about my own research and work chronicles this hands-on learning in a non-meta explicit way. These are the posts listed on the heat pump / engineering page,  the IT security / control page, and some of the physics posts about the calculations I used in my own simulations.

Now that I am wallowing in nostalgia and scrolling through my old posts I feel there is one possibly new insight: Whenever I used knowledge to achieve a result that I really needed to get some job done, I think about this knowledge as emerging from hands-on tinkering and from self-study. I once read that many seasoned software developers also said that in a survey about their background: They checked self-taught despite having university degrees or professional training.

This holds for the things I had learned theoretically – be it in a class room or via my morning routine of reading textbooks. I learned about differential equations, thermodynamics, numerical methods, heat pumps, and about object-oriented software development. Yet when I actually have to do all that, it is always like re-learning it again in a more pragmatic way, even if the ‘class’ was very ‘applied’, not much time had passed since learning only, and I had taken exams. This is even true for the archetype all self-studied disciplines – hacking. Doing it – like here  – white-hat-style ;-) – is always a self-learning exercise, and reading about pentesting and security happens in an alternate universe.

The difference between these learning modes is maybe not only in ‘the applied’ versus ‘the theoretical’, but it is your personal stake in the outcome that matters – Skin In The Game. A project done by a group of students for the final purpose of passing a grade is not equivalent to running this project for your client or for yourself. The point is not if the student project is done for a real-life client, or the task as such makes sense in the real world. The difference is whether it feels like an exercise in an gamified system, or whether the result will matter financially / ‘existentially’ as you might try to empress your future client or employer or use the project results to build your own business. The major difference is in weighing risks and rewards, efforts and long-term consequences. Even ‘applied hacking’ in Capture-the-Flag-like contests is different from real-life pentesting. It makes all the difference if you just loose ‘points’ and miss the ‘flag’, or if you inadvertently take down a production system and violate your contract.

So I wonder if the Joy of Theoretical Learning is to some extent due to its risk-free nature. As long as you just learn about all those super interesting things just because you want to know – it is innocent play. Only if you finally touch something in the real world and touching things has hard consequences – only then you know if you are truly ‘interested enough’.

Sorry, but I told you I will post stream-of-consciousness-style now and then :-)

I think it is OK to re-use the image of my beloved pre-1900 physics book I used in the 2014 post:

The Future of Small Business?

If I would be asked which technology or ‘innovation’ has had the most profound impact on the way I work I would answer: Working remotely – with clients and systems I hardly ever see.

20 years ago I played with modems, cumbersome dial-in, and Microsoft’s Netmeeting. Few imagined yet, that remote work will once be the new normal. Today I am reading about Industry 4.0, 3D printing, the Internet of Things, and how every traditional company has to compete with Data Krakens like Google and Amazon. Everything will be offered as a service, including heating. One consequence: Formerly independent craftsmen become preferred partners or subcontractors of large companies, of vendors of smart heating solutions. Creative engineering is replaced by calling the Big Vendor’s hotline. Human beings cover the last mile that robots or software cannot deal with – yet.

Any sort of customization, consulting, support, and systems integration might be automated in the long run: Clients will use an online configurator and design their systems, and possibly print them out at home. Perhaps someday our clients will print out their heat exchangers from a blueprint generated on Kraken’s website, instead of using our documentation to build them.

Allowing you to work remotely also allows everybody else in the world to do so, and you might face global competition once the barriers of language and culture have been overcome (by using ubiquitous US culture and ‘business English’). Large IT service providers have actually considered to turn their consulting and support staff into independent contractors and let them compete globally – using an online bidding platform. Well-known Data Krakens match clients and freelancers, and I’ve seen several start-ups that aspire at becoming the next matching Kraken platform for computer / tech support. Clients will simply not find you if you are not on the winning platform. Platform membership becomes as important as having a website or an entry in a business directory.

One seemingly boring and underappreciated point that works enormously in favor of the platforms is bureaucracy: As a small business you have to deal with many rules and provisions, set forth by large entities – governments, big clients, big vendors. Some of those rules are conflicting, and meeting them all in the best possible way does not allow for much creativity. Krakens’ artificial intelligence – and their lawyers and lobbyists – might be able to fend off bureaucracy better than a freelancer. If you want to sell things to clients in different countries you better defer the legally correct setup of the online shop to the Kraken Platform, who deals with the intricacies of ever evolving international tax law – while you become their subcontractor or franchisee. In return, you will dutiful sign the Vendor’s Code of Conduct every year, and follow the logo guidelines when using Kraken’s corporate identity.

In my gloomy post about Everything as a Service I came to the conclusion that we – small businesses who don’t want to grow and become start-ups – aspiring at Krakenhood themselves – will either work as the Kraken’s hired hands, or …

… a lucky few will carve out a small niche and produce or customize bespoke units for clients who value luxurious goods for the sake of uniqueness or who value human imperfection as a fancy extra.

My personal credo is rather a very positive version of this quote minus the cynicism. I am happy as a small business owner. This is just a single data-point, and I don’t have a self-consistent theory on this. But I have Skin in this Game so I share my anecdotes and some of the things I learned.

Years ago I officially declared my retirement from IT Security and global corporations – to plan special heat pump systems for private home owners instead. Today we indeed work on such systems, and the inside joke of doing this remote-only – ‘IT-style’ – has become routine. Clients find us via our blog that is sometimes mistaken for a private fun blog and whose writing feels like that. I have to thank Kraken Google, begrudgingly. A few of my Public Key Infrastructure clients insisted on hiring me again despite my declarations of looming ignorance in all things IT. All this allows for very relaxed, and self-marketing-pressure-free collaborations.

  • I try to stay away, or move farther away from anything strictly organized, standardized, or ‘platform-mediated’. Agreements are made by handshake. I don’t submit any formal applications or replies to Request for Proposals.
  • “If things do not work without a written contract, they don’t work with a contract either.”
  • I hardly listen to business experts, especially if they try to give well-meant, but unsolicited advice. Apply common sense!
  • Unspectacular time-tested personal business relationships beat 15 minutes of fame any time.
  • My work has to speak for itself, and ‘marketing’ has to be a by-product. I cannot compete with companies who employ people full-time for business development.
  • The best thing to protect your inner integrity is to know and to declare what you do not want and what you would never do. Removing the absolute negatives leaves a large area of positive background, and counter the mantra of specific ‘goals’ this approach lets you discover unexpected upsides. This is Nassim Taleb’s Via Negativa – and any career or business advice that speaks to me revolves around that.
  • There is no thing as the True Calling or the One and Only Passion – I like the notion of a Portfolio of Passions. I think you are getting to enjoy what you are learning to be good at – not the other way around.
  • All this is the result of years of experimenting in an ‘hyperspace of options’ – there is no shortcut. I have to live with the objection that I have just been lucky, but I can say that I made many conscious decisions whose ‘goal’ was to increase the number of options rather than to narrow them down (Taleb’s Optionality).

So I will finally quote Nassim Taleb, who nailed as usual – in his Facebook post about The New Artisan:

Anything you do to optimize your work, cut some corners, squeeze more “efficiency” out of it (and out of your life) will eventually make you hate it.

I have bookmarked this link for a while – because sometimes I need to remind myself of all the above.

Taleb states that an Artisan …

1) does things for existential reasons,
2) has some type of “art” in his/her profession, stays away from most aspects of industrialization, combines art and business in some manner (his decision-making is never fully economic),
3) has some soul in his/her work: would not sell something defective or even of compromised quality because what people think of his work matters more than how much he can make out of it,
4) has sacred taboos, things he would not do even if it markedly increased profitability.

… and I cannot agree more. I have lots of Sacred Taboos, and they have served me well.

Ploughing Through Theoretical Physics Textbooks Is Therapeutic

And finally science confirms it, in a sense.

Again and again, I’ve harping on this pet theory of mine: At the peak of my immersion in the so-called corporate world, as a super-busy bonus miles-collecting consultant, I turned to the only solace: Getting up (even) earlier, and starting to re-read all my old mathematics and physics textbooks and lecture notes.

The effect was two-fold: It made me more detached, perhaps more Stoic when facing the seemingly urgent challenges of the accelerated world. Maybe it already prepared me for a long and gradual withdrawal from that biosphere. But surprisingly, I felt it also made my work results (even ;-)) better: I clearly remember compiling documentation I wrote after setting up some security infrastructure with a client. Writing precise documentation was again more like casting scientific research results into stone, carefully picking each term and trying to be as succinct as possible.

As anybody else I enjoy reading about psychological research that confirms my biases one-datapoint-based research – and here it finally is. Science says that Corporate-Speak Makes You Stupid. Haven’t we – Dilbert fans – always felt that this has to be true?

… I’ve met otherwise intelligent people, after working with management consultant, are convinced that infinitely-malleable concepts like “disruptive innovation,” “business ecosystem,” and “collaborative culture” have objective value.

In my post In Praise of Textbooks with Tons of Formulas I focused on possible positive explanations, like physics being an ultimate training for your typically slow rational decision making and analysis engine. It takes hard work and dedication at the beginning to make it work effortless. You train yourself to recognize patterns and to think out of the box when trying to find the clever twist to solve a physics problem. However, it might be difficult to convey my message as hackneyed Thinking out of the box has entered the corporate vocabulary already.

Perhaps the explanation is really as simple as that we just need to shield ourselves from negative effects of certain ecosystems and cultures that are particularly intrusive and mind-bending. So this is my advice to physics and math graduates: Do not rely on your infamous analytical skills forever. First, using that phrase in a job application sounds like phony hollow BS – as unfortunately any self-advertising of social skills does. Second, these skills are real, but they will decay exponentially if you don’t hone them.

6 volumes on all of Theoretical Physics - 1960s self-consistent series by my late professor Wilhelm Macke

The Stages of Blogging – an Empirical Study

… with sample size 1.

Last year, at the 4-years anniversary, I presented a quantitative analysis – in line with the editorial policy I had silently established: My blogging had turned from quasi-philosophical ramblings on science, work, and life to no-nonsense number crunching.

But the comment threads on my recent posts exhibit my subconsciousness spilling over. So at this anniversary, I give myself permission to incoherent reminiscences. I have even amended the tagline with this blog’s historical title:

Theory and Practice of Trying to Combine Just Anything.

Anecdotal evidence shows that many people start a blog, or another blog, when they are in a personal or professional transition. I had been there before: My first outburst of online writing on my personal websites predated quitting my corporate job and starting our business. The creative well ran dry, after I had taken the decision and had taken action – in the aftermath of that legendary journey.

I resurrected the old websites and I started this blog when I was in a professional no-man’s-land: Having officially left IT security, still struggling with saying No to project requests, working on our pilot heat pump system in stealth mode, and having enrolled in another degree program in renewable energies.

The pseudonymous phase: Trying out the new platform, not yet adding much About Me information. Playing. In the old times, I had a separate domain with proper name for that (subversiv.at). This WordPress blog was again a new blank sheet of paper, and I took the other sites offline temporarily, to celebrate this moment.

The discovery of a new community: The WordPress community was distinct from all other professional communities and social circles I was part of. It seems that new bloggers always flock together in groups, perhaps WordPress’ algorithms facilitate that. I participated with glee in silly blogging award ceremonies. However, I missed my old communities, and I even joined Facebook to re-unite with some of them. Living in separate worlds, sometimes colliding in unexpected ways, was intriguing.

Echoes of the past: I write about Difficult Things That I Handled In the Past – despite or because I have resolved those issues long before. This makes all my Life / Work / Everything collections a bit negative and gloomy. I blogged about my leaving academia, and my mixed memories of being part of The Corporate World. It is especially the difficult topics that let me play with geeky humor and twisted sarcasm.

The self-referential aspect: Online writing has always been an interesting experiment: Writing about technology and life, but also using technology. As philosophers of the web have pointed out, the internet or the medium in general modifies the message. I play with websites’ structure and layout, and I watch how my online content is impacted by seemingly cosmetic details of presentation.

Series of posts – find our favorite topic: I’ve never participated in blogging challenges, like one article a day. But I can understand that such blogging goals help to keep going. I ran a series on quantum field theory, but of course my expertise was Weird Internet Poetry … yet another demonstration of self-referentiality.

The unexpected positive consequences of weird websites – perhaps called ‘authentic’ today. They are a first class filter. Only people who share your sense of humor with contact you – and sense of humor is the single best criterion to find out if you will work well with somebody.

Writing about other people’s Big Ideas versus your own quaint microcosmos. I have written book reviews, and featured my favorite thinkersideas. I focussed on those fields in physics that are most popular (in popular science). My blog’s views had their all-time-high. But there are thousands of people writing about those Big Things. Whatever you are going to write about, there is one writer who cannot only write better, but who is also more of a subject matter expert, like a scientist working also as a science writer. This is an aspect of my empirical rule about your life being cliché. The remaining uncharted territory was my own small corner of the world.

Skin in the Game versus fence-sitting. Lots of people have opinions on many things on the internet. The preferred publication is a link to an article plus a one-liner of an opinion. Some people might really know something about the things they have opinions on. A minority has Skin in the Game, that is: Will feel the consequences of being wrong, personally and financially. I decided to focus on blogging about topics that fulfill these criteria: I have 1) related education and theoretical knowledge, 2) practical hands-on experience, 3) Skin in the Game. Priorities in reverse order.

The revolutionary experiment: Blogging without the motivational trigger of upcoming change. Now I have lacked the primary blogging impulse for a while. I am contented and combine anything in practice since a while. But I don’t have to explain anything to anybody anymore – including myself. I resorted to playing with data – harping on engineering details. I turn technical questions I get into articles, and I spend a lot of time on ‘curating’: creating list of links and overview pages. I have developed the software for my personal websites from scratch, and turned from creating content to structure for a while.

Leaving your comfort zone: I do edit, re-write, and scrutinize blog postings here relentlessly. I delete more content again than I finally publish, and I – as a text-only Courier New person – spend considerable time on illustrations. This is as much as I want to leave my comfort zone, and it is another ongoing experiment – just as the original stream-of-consciousness writing was.

But perhaps I will write a post like this one now and then.

Pine trees in Tenerife.

Same Procedure as Every Autumn: New Data for the Heat Pump System

October – time for updating documentation of the heat pump system again! Consolidated data are available in this PDF document.

In the last season there were no special experiments – like last year’s Ice Storage Challenge or using the wood stove. Winter was rather mild, so we needed only ~16.700kWh for space heating plus hot water heating. In the coldest season so far – 2012/13 – the equivalent energy value was ~19.700kWh. The house is located in Eastern Austria, has been built in the 1920s, and has 185m2 floor space since the last major renovation.

(More cross-cultural info:  I use thousands dots and decimal commas).

The seasonal performance factor was about 4,6 [kWh/kWh] – thus the electrical input energy was about 16.700kWh / 4,6 ~ 3.600kWh.

Note: Hot water heating is included and we use flat radiators requiring a higher water supply temperature than the floor heating loops in the new part of the house.

Heating season 2015/2016: Performance data for the 'ice-storage-/solar-powered' heat pump system

Red: Heating energy ‘produced’ by the heat pump – for space heating and hot water heating. Yellow: Electrical input energy. Green: Performance Factor = Ratio of these energies.

The difference of 16.700kWh – 3.600kWh = 13.100kWh was provided by ambient energy, extracted from our heat source – a combination of underground water/ice tank and an unglazed ribbed pipe solar/air collector.

The solar/air collector has delivered the greater part of the ambient energy, about 10.500kWh:

Heating season 2015/2016: Energy harvested from air by the collector versus heating-energy

Energy needed for heating per day (heat pump output) versus energy from the solar/air collector – the main part of the heat pump’s input energy. Negative collector energies indicate passive cooling periods in summer.

Peak Ice was 7 cubic meters, after one cold spell of weather in January:

Heating season 2015/2016: Temperature of ambient air, water tank (heat source) and volume of water frozen in the tank.

Ice is formed in the water tank when the energy from the collector is not sufficient to power the heat pump alone, when ambient air temperatures are close to 0°C.

Last autumn’s analysis on economics is still valid: Natural gas is three times as cheap as electricity but with a performance factor well above three heating costs with this system are lower than they would be with a gas boiler.

Is there anything that changed gradually during all these years and which does not primarily depend on climate? We reduced energy for hot tap water heating – having tweaked water heating schedule gradually: Water is heated up once per day and as late as possible, to avoid cooling off the hot storage tank during the night.

We have now started the fifth heating season. This marks also the fifth anniversary of the day we switched on the first ‘test’ version 1.0 of the system, one year before version 2.0.

It’s been about seven years since first numerical simulations, four years since I have been asked if I was serious in trading in IT security for heat pumps, and one year since I tweeted:

Social Debt (Tech Professional’s Anecdotes)

I have enjoyed Ben Horowitz’ book The Hard Thing About Hard Things. Farnamstreet’s review is perfect so I will not attempt at writing one. I will focus on one idea I found most intriguing.

I read Horowitz’ book as an account of dealing with hard decisions in general, about having to decide alone, about personal accountability, about having to pick the lesser of two evils.

The idea that stuck with me in particular is Management Debt, and Horowitz also blogged about this.

… management debt is incurred when you make an expedient, short-term management decision with an expensive, long-term consequence.

You accumulate Management Debt if you try to fix an organizational issue quickly by acting inconsistently. Horowitz’ example: You might give an employee a raise in order to stop her from leaving the company. But she had discussed her plans with another employee who then wonders why she stayed; so she feels pressed to explain the reason to him. Then others learn how to blackmail you in order to get a raise, etc..

From my short stint as a manager I am familiar with such situations but I rather like to extend the concept to Social or Political Debt. I believe that we, as human social animals, tend to focus on resolving the conflict right in front of you, rather than considering seemingly abstract consequences in the future.

I am thinking of the expert bombarded with all kinds of requests. As a professional it is hard to avoid them: People who to want to pick your brain and just like to have 5 minutes so you can glance over their problems. For free. Trying to help all of them – on top of working with paying clients – would be the equivalent of trying to copy a full book at the photocopier but yielding to anybody who wants to copy just a single page.

As a fallible human you might give in to the most intrusive requester just to get rid of him or her. You think that explaining your seemingly cold-hearted rationale would take more time and would be more emotionally taxing than just fulfilling the request.

But those people will return with more problems, and their acquaintances will, too. You have incurred debt, and there is interest rate. The moment of refusal might be difficult though, in particular with requests in the blurry area between business and private. How to say No to that alleged or self-declared old friend?

I am a believer in 1) Stating clearly what you don’t want and don’t do (rather than focusing on the positive) without feeling the need to explain yourself and 2) “Principles” – a short list of your values, or guiding principles you always follow. Both need need to be ingrained in your mind so that you react accordingly in case you receive those e-mails and calls out of the blue.

The paradoxical or sad thing is that explanations are most often futile. There are many good reasons – both ethical and business-wise – for not jumping onto such requests. The obvious one being limited time and treating all clients equal, but the best one in my point of view being the value of true expertise: Based on years of experience you might only need five minutes to solve a problem that requires somebody else doing days of research. That’s exactly why those first minutes might be the most valuable.

I am speaking from experience although such things fortunately did happen to me rarely. But when they did, it was freaking me out. I once got a call from an unknown lawyer who was in the middle of installing his very own Public Key Infrastructure; he started asking technical questions before introducing himself. I tried to explain that I was actually charging people for such services, and that I assumed he did not do legal counselling for free either. His response was that he was maintaining all his IT stuff by himself – just this topic was too complicated for him so he needed advice. So services should be free if a professional solves a particularly tricky problem. This defies common sense.

I also thought I had a killer argument, non-refutable. I am actually providing technical information on ‘the internet’ for free – the same sort of answers or materials I would charge clients for. The difference is that I am not obligated to do this, so I pick this case by case. I believe in open-source-style sharing in a community of like-minded members. I am a believer in demonstrating skills in real time instead of showing off certificates – it goes without saying this might include giving away some valuable advice for demo purposes at the start of a business relationship.

Unfortunately, this demo-for-business argument that is used too often by people who want to milk your know-how forever – just testing how far they can go – without ever really considering a ‘business relationship’. As soon as you tell them the answer to the next question will not be free of charge anymore, they suddenly stop asking.

Fortunately, I get enough feedback by providing so much detailed information for free!!. A few people who don’t get it would not shatter my confidence. Interestingly, people who still challenge me (But then you don’t have time for me??) are those whom I would not consider part of any ‘sharing’ communities or get their spirit in the slightest. I think all those issues belong in the category: Either you get it immediately and communication is based on tacit understanding what is normal and appropriate – or all explanations are in vain.

Many years ago I had been asked literally if I would like to work for free. Corporations send out request for proposals and ask for lots of free concepts and presentations – until they have gathered enough know-how from all the potential vendors invited so that finally they have learned enough from the ‘pitches’ and can do the whole project on their own. Finally I had my antennas finely tuned to all your typical manipulations methods (I have already told X you will do [unpaid honorable engagement] Y – if you don’t, this will get me into serious troubles!). Many people are driven by short-term impulses, not by malice (I have to solve this problem or my boss will kill me!) and they respond to logical arguments: What would you say if you were a paying client and find out that I do free consulting for other people at random? Some manipulators are hopeless cases though, especially if they think they provide something in return that is actually less than useless to you.

Horowitz’ war stories resonated with me more than I expected. He emphasizes dealing with organizationally or psychologically difficult issues head-on. I read his advice as: Better act sooner than later, better state the ugly truth upfront. Better take some decision at all, even if it is just 55% versus 45%. Communicate clearly, don’t use fluffy phrases. Sometimes people explicitly appreciated my way of saying No immediately and unambiguously, instead of endless dithering and not trying to hurt anybody which seems to have become fashionable in times of Networking and You Will Always Meet Two Times.

wine-clarity

Searching my own images for own that would represent both mental clarity as well as difficult decisions – I zoomed in this one immediately. (Vineyards close to my home village, evening at the beginning of May.)

Although this is tagged with ‘rant’ it should not be interpreted as what I actually consider pointless and energy-draining – endless rants about common practices in your industry sector that you cannot change but have to live with. I am in the Love It, Change It, Or Leave It camp. I have also been writing about the past, and often a single annoying event of that sort had made me shift gears.

I believe the best – and most productive – way to cope with weird requests is to either: Respond clearly and immediately using a standardized I-don’t-do reply, then ignore them as an accidental, misguided question that just happened to end up in your inbox; or: to analyze if an aspect of your previous communication might have invited such inquiries, and improve your future communications. And don’t aim at being liked by anybody, anytime.

Anatomy of a Decision (1)

Four years ago I tried something new – I took a decision and started communicating it (some half-baked version of it) without having worked out a detailed plan. One year later I started this blog, reflecting on the journey and this decision. So I celebrate the 4 years anniversary with shameless, self-indulgent nostalgia – reblogging myself. Besides, you might have noticed I did not write much blog posts lately in the personal essay / opinionated piece genre. Perhaps because I don’t want to repeat myself. And I commit the cardinal sin in the visual age – not even an image!

We Should Get Lost Sometimes – Nicholas Carr on Automation and Us

The Glass Cage is about automation’s human consequences. It is not intended to be your typical book about robots taking our jobs for better or for worse.

Carr gives an intriguing account of the history of automation and robotics nonetheless – from Luddites to Google’s self-driving cars. What we have known intuitively is backed up by research: We cannot all fund robotics startups, and the number of new jobs created through automation has always been low. In spite of success stories of people ‘making money online’ it is the providers of infrastructure (the ones Jaron Lanier calls Siren Servers) who actually make money. Technology changes faster than humans do, taking a ride on Moore’s law – but Carr is not a believer in technology that will automagically serve all humankind:

It strains credulity to imagine today’s technology moguls, with their libertarian leanings and impatience with government, agreeing to the kind of vast wealth-redistribution scheme that would be necessary to fund the self-actualizing leisure-time pursuits of the jobless multitudes.

He wonders why Google has mastered to build a self-driving car – a task once considered too difficult to be automated by any computer ever – but yet didn’t develop software that stops people from texting while driving. Perhaps because stopping distractions would run counter their business agenda?

More disturbing than the effect on employment is the way automation may impact our skills, illustrated by the history of avionics. We have come a long way since …

… the deep entanglement between human and mechanism was an elemental source of flying’s thrill,

… and pilots felt physical feedback from the machine. The books starts with a personal anecdote about Carr’s missing the sense of control and involvement when driving an automatic.

The Glass Cage is a poetic metaphor for the pilot’s cockpit. Carr returns to a topic he had dwelt upon in The Shallows: the role of maps and clocks as an essential layer put between us and space or the flow of time. In glass-cage-like workplaces former machine operators or soldiers turn into technicians reading and manipulating representations of the world. Automation and tools done right would still give us the feeling to be in control. Electronic airplane controls should rather resemble the older mechanical controls. Clunky yokes that provide sensory information let the pilot feel physical resistance – and are superior to sci-fi-style joysticks. Carr distinguishes between tools that work like mechanical extensions to our body – using the scythe as a prime example – and software-based technology that is experienced as a kind of implacable, alien force that lies beyond our control and influence. Quoting from a 1910 book on aeronautics, designing a plane to be operated is

… a trade-off between stability and maneuverability. The greater a plane’s stability, the harder it becomes for the pilot to exert control over it.

Pioneers as the Wright Brothers voted for a plane unstable as a bicycle, giving the pilot utmost freedom. Carr tries to do technology optimists justice – he is never sarcastic or derisive. He traces the hopes put into ‘software’ back to philosopher Alfred North Whitehead:

“Civilization advances by extending the number of important operations which we can perform without thinking about them.” Whitehead wasn’t writing about machinery. He was writing about the use of mathematical symbols to represent ideas or logical processes— an early example of how intellectual work can be encapsulated in code. But he intended his observation to be taken generally.

‘Automation’ can thus be understood in a very broad sense. I have written about Newton’s geometrical proofs that even Richard Feynman found very hard to reproduce. Now we have been spoilt by the elegant code-like symbols of calculus. Do really miss out if we not haven’t acquired such ancient skills? Carr believes so as we are human beings made to interact with the world directly, not via a cascade of devices and abstractions. A physics professor who has embarked on “a self-imposed program to learn navigation through environmental clues”  finally concluded that the way he viewed the world had palpably changed. Architects felt that they needed to stay away from electronic help or bring in the computer late so that the creative process is not (mis-)guided too early. A photographer tells his story of returning to the darkroom as he felt that the painful manual process forces him to make more conscious and deliberate choices – with a deep, physical sense of presence. The main point here is that these are not sentimental crusaders but people who simply wanted to do their jobs well.

… the real sentimental fallacy is the assumption that the new thing is always better suited to our purposes and intentions than the old thing.

Skills that come easy to an expert are learned the hard way: Pilots’ skills correlate with the time they have spent flying without the aid of automation. Neuroscience provides evidence of dedicated assemblies of neurons developed by such deliberate practice. Automation would remove complexity from jobs and thus opportunities to hone our skills. A recurring theme of the book is how automation erodes what makes us human in the best way – even if we might object: Carr quotes surprising findings by Csikszentmihalyi (of The Flow fame). When people were polled about their current mood at various time they …

… were happier, felt more fulfilled by what they were doing, while they were at work than during their leisure hours. In their free time, they tended to feel bored and anxious. And yet they didn’t like to be at work.

Psychologists call this unfortunate desire for what you ‘actually’ don’t want miswanting. One explanation is that people might pretend to prefer leisure over work as this is the socially acceptable behavior. An ethnographer confirmed Csikszentmihalyi’s theory by giving an account of an ancient tribe:

The Shushwaps did not have to wander to survive. They built villages and developed “elaborate technologies for very effectively using the resources in the environment.” They viewed their lives as good and rich. But the tribe’s elders saw that in such comfortable circumstances lay danger. “The world became too predictable and the challenge began to go out of life. Without challenge, life had no meaning.” And so, every thirty years or so, the Shushwaps, led by their elders, would uproot themselves.

If I had to pick the main virtue venerated in this book – it would be accountability. The soldier dropping a bomb via clicking a mouse feels less responsible.

The congeniality of hand tools encourages us to take responsibility for their use.

The outlook on future wars is gloomy: Automated weapons may save lives, but may at the same time increase the likelihood of wars – just because of that. Machines effectively make moral decisions in everyday life already: Robotic lawn mowers already do it when not sparing small animals a human operator might have spotted.

Who determines what the “optimal” or “rational” choice is in a morally ambiguous situation? Who gets to program the robot’s conscience? Is it the robot’s manufacturer? The robot’s owner? The software coders? Politicians? Government regulators? Philosophers? An insurance underwriter?

I believe that ‘futurists’ might not be convinced though. What Nicholas Carr considers specifically human and worth being protected might strike tech enthusiasts as a shortcoming to be fixed by extending and transforming our bodies and minds. Critics might say Carr resorts to poetry in the last chapter in order to circumvent these questions elegantly. The physicist turned stone-age pathfinder said that …

… “primal empiricism,” struck him as being “akin to what people describe as spiritual awakenings.”

Which is something you can either relate to immediately and intuitively, or dissect it analytically. It strikes a chord with me, but trying to explain it any further leads to Wittgenstein-y struggling with reality:

Only through work that brings us into the world do we approach a true understanding of existence, of “the fact.” It’s not an understanding that can be put into words.

Google’s self-driving cars challenge the distinction between explicit knowledge – that can be cast into code (or words) – and tacit intuitive knowledge of processes. It seems that that this artificial boundary is pushed more and more into the realm of the so-called genuinely human. Carr uses a sonnet by Robert Frost called ‘Mowing’ to demonstrate that

a poet’s scrutiny of the world can be more subtle and discerning than a scientist’s.

As a scythe enthusiast I am biased but he really couldn’t have chosen a better example:

It was no dream of the gift of idle hours, Or easy gold at the hand of fay or elf: Anything more than the truth would have seemed too weak To the earnest love that laid the swale in rows

Again, I think these lines will perhaps not speak to modern life hackers. Domestic automation would turn our homes more into workplaces – programmed, and dominated by metrics. We apply the

the bureaucratic ideals of speed, productivity, and standardization to our relations with others.

Algorithms collect data that lend themselves to quantitative analysis. Our formerly ‘continuous’ selves are turned into a collection of disjointed junks presented on social medias timelines which deprives us of options for changing our minds and thus for personal growth. Again I remember the proverbial clock from The Shallows, discretizing time. Making technology invisible and unobtrusive is not a solution but just the final stage of a gradual development:

It obscures the way we’ve refashioned ourselves to accommodate the technology.

I have adopted technology as a professional, but sometimes also to respond to changes in the way we socialize today with everyone expecting to manage their lives through screens. Technology, especially networked one, fundamentally changes society. Already the power grid had a subtle impact on engineering culture, business culture, production, and finally living. You cannot fool yourself, and remain independent and self-sufficient in your spare time and just use technology if you have to. Carr states that self-reliance was once considered the mainstay of character. He advocates getting lost sometimes in contrast to Google Maps’ visions:

“No human ever has to feel lost again.” That certainly sounds appealing, as if some basic problem in our existence had been solved forever. And it fits the Silicon Valley obsession with using software to rid people’s lives of “friction.” But the more you think about it, the more you realize that to never confront the possibility of getting lost is to live in a state of perpetual dislocation. If you never have to worry about not knowing where you are, then you never have to know where you are. It is also to live in a state of dependency, a ward of your phone and its apps.

I read Walden at about the same time as Carr’s book – and I am reminded of this quote by Thoreau:

It is a surprising and memorable, as well as valuable experience, to be lost in the woods any time. … In our most trivial walks, we are constantly, though unconsciously, steering like pilots by certain well-known beacons and headlands, and if we go beyond our usual course we still carry in our minds the bearing of some neighboring cape; and not till we are completely lost, or turned round—for a man needs only to be turned round once with his eyes shut in this world to be lost—do we appreciate the vastness and strangeness of nature. … Not till we are lost, in other words not till we have lost the world, do we begin to find ourselves, and realize where we are and the infinite extent of our relations.

I can relate, your mileage may vary. The Wright Brothers; first powered flight HU98267

Looking Foward to ‘The Glass Cage’ – Random Ambiguous Thoughts

On September 29, Nicholas Carr’s book The Glass Cage – Automation and Us will be released. I have quoted Carr’s writings often on this blog, and his essay All Can Be Lost: The Risk of Putting Our Knowledge in the Hands of Machines might anticipate some of the ideas he is going to explore in this upcoming book.

I read non-fiction books with specific questions in mind. In order to sort out these questions upfront, I am writing a post that may turn out incoherent.

I sense an ambiguity that might be typical for many so-called knowledge workers that spend most of their working hours in front of a computers. We feel some playful affection to the gadgets we use but silently we dread our growing dependence on them – and we seek escape in dreaming up alternate realities – as working as artisans, with real stuff.

If you believe the geek turned craftsman is just a cliché – read this story about a software developer turned carpenter:

This is when I realized that I’d rather be looking through the window of a cool building, than the window of an LCD laptop.

 

Hadn’t technology evolved in the way it did in the past decades my job would be fundamentally different or not exist at all. I define the ability to work with clients in a remote fashion as an absolutely essential part of my job, and I am determined to prove that it is not only the IT industry and companies like Automattic whose way of working has been transformed: We have recently started our first heat pump planning project that will not include any on-site meetings. So I am not in a position to question the [allow for a buzz word] disruptive nature of technology.

But proliferation of working remotely cuts both ways: I have been able to do my IT security troubleshooting for clients ‘anywhere on this planet’ – so of course professionals living in countries with lower loving costs, and this lower hourly rates, could do as well!

However, I am not interested in following that train of thoughts. Probably I am too optimistic but I think I was able to constantly move my professional slef away from anything to-be-standardized. I have seen attempts to standardize consulting failing too often. So I am still waiting for the human-like bot to replace me. Consulting is people’s business no matter how much technology helps to mediate it – just as social media is a success because of the social part.

But I cannot deny that automation became an essential part of my personal version of the alternate artisanal reality: In the last two posts I mentioned my playing with database servers – all targeted to further automating data collection and evaluation for heat pump systems.

Would I want to stand outside in the cold and reading off data from a display myself for hours?

To some extent I probably would. I am eager to read The Glass Cage especially because of this quote:

Drawing on psychological and neurological studies that underscore how tightly people’s happiness and satisfaction are tied to performing meaningful work in the real world, Carr reveals something we already suspect: shifting our attention to computer screens can leave us disengaged and discontented.

It took me a time to realize that the reasons I use in defence of automation are all tied to my work. I have never been your typical computer freak or early adopter of gadgets who is interested to play with new technology ‘just because’. I am rather reluctant of using many appliances that are said to make our lives so much easier and allow us to ‘focus on what we really want’ and ‘get rid of the repetitive grunt work’.

I use a scythe to cut the grass. We don’t have an egg cooker, an electrical bread cutter, or a dryer. I could say I am just energy-conscious or trying to avoid clutter – but these are actually positive side-effects.

The shocking truth is that I like some healthy dose of simple, repetitive work. This even extends to the professional sphere: Against the mantra of focussing on your core business I do accounting and controlling – gleefully. This includes some boring data entry that better interfaces between those distributed software systems might do away with.

Most of the computer technology I finally got to use also as a consumer was actually driven by professional needs. I purchased my first cell phone as I wanted to be available for clients. I am thinking about the purchase of a tablet just because I could test some tools for managing digital certificates. I am considering a better internet connection to handle parallel remote sessions.

But wait – I have loved my Kindle eReader and I was a rather early adopter. However, I loved it because it was a 1:1 replacement of its real-life counterpart – a device just for reading: no internet, no e-mails, and no social media and sharing of inspirational snippets quoted out-of-context.

Is this because I am not a digital native?

In my first jobs as an experimental physicist and materials scientist about 95% of my job was repetitive grunt work: Cutting slices from crystals, grinding and polishing samples of material, adjusting optical components, waiting in front of a not-yet-computerized machine to see the paper coming out, take that paper and copy the curve using semi-transparent sheets, entering data, entering more data, being interrupted by some nasty sound as something broke, spending the next hours repairing the diamond wire saw or the leaky vacuum equipment.

Watching crime shows like CSI makes me laugh: They did a splendid job on making standardized lab work look so cool and sci-fi-style. We used to joke about create an image video for our research showing off the fancy colored laser beams in the dark lab – but that was meant satirical.

Femtosecond Laser and Pulse Compressor - Optics Lab - INRIM

This is why optics labs attract visitors at universities’ open days. (Image by Giorgio Brida, Wikimedia)

This combination of 5% thinking hard about the problems and drawing conclusions and 95% lab work was absolutely fine for me. If all repetitive, boring work – manual or computer-based – would be taken away from us, what would happen? Not to our professional selves devoid of jobs but to our human selves?

We could focus on the remaining hard and interesting problems, realize our potentials as humans, don’t we? We would be able to create and take decisions non-stop – until the bots will take over. But I am not quite sure if I would enjoy creating and deciding all the time. I imagine it could feel like jumping from hyperlink to hyperlink and skimming texts instead of reading a long piece.

I have read Life Hacker’s Bible recently – Tim Ferriss might answer you would finally have time to travel the world or learn to dance the tango, after you would have fully outsourced (that is: automated) your self-running internet business. World economy or crisis thereof, job options, realistic development of technology aside: Is this what the majority of people really want?

As I said, I am aware of the ambiguity and those pesky where-to-draw-the line questions. For sure I want high-tech surgery, perhaps a international expert or an AI-driven robot operate on me over that high-bandwidth connection. But I will keep mocking biometric keys for house doors, and sensors that turn on the light if I clap my hands.

Are my clinging to some boring work and my inconsistent argumentation just a shortcoming of our currently carbon-based species – to be replaced or extended by transhuman partly virtual-silicon-whatever beings? I read some books by transhumanists and radical technology enthusiasts – and they did not speak to me. I think I could re-iterate their arguments – this is the necessary pre-requisite for substantial criticism – and they seem to be self-consistent.

But I cannot yet track down why I don’t follow even less radical claims about the benefits of automation and technology. I always imagine myself being among the last human beings fighting the machines in a dystopian future. Perhaps I have seen too many movies or not enough of the good ones.

Anyway, I am waiting for Mr. Carr’s insights.

HAL9000.svg

HAL9000” by CryteriaOwn work. Licensed under CC BY 3.0 via Wikimedia Commons