Internet of Things. Yet Another Gloomy Post.

Technically, I work with Things, as in the Internet of Things.

As outlined in Everything as a Service many formerly ‘dumb’ products – such as heating systems – become part of service offerings. A vital component of the new services is the technical connection of the Thing in your home to that Big Cloud. It seems every energy-related system has got its own Internet Gateway now: Our photovoltaic generator has one, our control unit has one, and the successor of our heat pump would have one, too. If vendors don’t bundle their offerings soon, we’ll end up with substantial electricity costs for powering a lot of separate gateways.

Experts have warned for years that the Internet of Things (IoT) comes with security challenges. Many Things’ owners still keep default or blank passwords, but the most impressive threat is my opinion is not hacking individual systems: Easily hacked things can be hijacked to serve as zombie clients in a botnet and lauch a joint Distributed Denial of Service attack against a single target. Recently the blog of renowned security reporter Brian Krebs has been taken down, most likely as an act of revenge by DDoSers (Crime is now offered as a service as well.). The attack – a tsunami of more than 600 Gbps – was described as one of the largest the internet had seen so far. Hosting provider OVH was subject to a record-breaking Tbps attack – launched via captured … [cue: hacker movie cliché] … cameras and digital video recorders on the internet.

I am about the millionth blogger ‘reporting’ on this, nothing new here. But the social media news about the DDoS attacks collided with another social media micro outrage  in my mind – about seemingly unrelated IT news: HP had to deal with not-so-positive reporting about its latest printer firmware changes and related policies –  when printers started to refuse to work with third-party cartridges. This seems to be a legal issue or has been presented as such, and I am not interested in that aspect here. What I find interesting is the clash of requirements: After the DDoS attacks many commentators said IoT vendors should be held accountable. They should be forced to update their stuff. On the other hand, end users should remain owners of the IT gadgets they have bought, so the vendor has no right to inflict any policies on them and restrict the usage of devices.

I can relate to both arguments. One of my main motivations ‘in renewable energy’ or ‘in home automation’ is to make users powerful and knowledgable owners of their systems. On the other hand I have been ‘in security’ for a long time. And chasing firmware for IoT devices can be tough for end users.

It is a challenge to walk the tightrope really gracefully here: A printer may be traditionally considered an item we own whereas the internet router provided by the telco is theirs. So we can tinker with the printer’s inner workings as much as we want but we must not touch the router and let the telco do their firmware updates. But old-school devices are given more ‘intelligence’ and need to be connected to the internet to provide additional services – like that printer that allows to print from your smartphone easily (Yes, but only if your register it at the printer manufacturer’s website before.). In addition, our home is not really our castle anymore. Our computers aren’t protected by the telco’s router / firmware all the time, but we work in different networks or in public places. All the Things we carry with us, someday smart wearable technology, will check in to different wireless and mobile networks – so their security bugs should better be fixed in time.

If IoT vendors should be held accountable and update their gadgets, they have to be given the option to do so. But if the device’s host tinkers with it, firmware upgrades might stall. In order to protect themselves from legal persecution, vendors need to state in contracts that they are determined to push security updates and you cannot interfere with it. Security can never be enforced by technology only – for a device located at the end user’s premises.

It is horrible scenario – and I am not sure if I refer to hacking or to proliferation of even more bureaucracy and over-regulation which should protect us from hacking but will add more hurdles for would-be start-ups that dare to sell hardware.

Theoretically a vendor should be able to separate the security-relevant features from nice-to-have updates. For example, in a similar way, in smart meters the functions used for metering (subject to metering law) should be separated from ‘features’ – the latter being subject to remote updates while the former must not. Sources told me that this is not an easy thing to achieve, at least not as easy as presented in the meters’ marketing brochure.

Linksys's Iconic Router

That iconic Linksys router – sold since more than 10 years (and a beloved test devices of mine). Still popular because you could use open source firmware. Something that new security policies might seek to prevent.

If hardware security cannot be regulated, there might be more regulation of internet traffic. Internet Service Providers could be held accountable to remove compromised devices from their networks, for example after having noticed the end user several times. Or smaller ISPs might be cut off by upstream providers. Somewhere in the chain of service providers we will have to deal with more monitoring and regulation, and in one way or other the playful days of the earlier internet (romanticized with hindsight, maybe) are over.

When I saw Krebs’ site going offline, I wondered what small business should do in general: His site is now DDoS-protected by Google’s Project Shield, a service offered to independent journalists and activists after his former pro-bono host could not deal with the load without affecting paying clients. So one of the Siren Servers I commented on critically so often came to rescue! A small provider will not be able to deal with such attacks.

WordPress.com should be well-protected, I guess. I wonder if we will all end up hosting our websites at such major providers only, or ‘blog’ directly to Facebook, Google, or LinkedIn (now part of Microsoft) to be safe. I had advised against self-hosting WordPress myself: If you miss security updates you might jeopardize not only your website, but also others using the same shared web host. If you live on a platform like WordPress or Google, you will complain from time to time about limited options or feature updates you don’t like – but you don’t have to care about security. I compare this to avoiding legal issues as an artisan selling hand-made items via Amazon or the like, in contrast to having to update your own shop’s business logic after every change in international tax law.

I have no conclusion to offer. Whenever I read news these days – on technology, energy, IT, anything in between, The Future in general – I feel reminded of this tension: Between being an independent neutral netizen and being plugged in to an inescapable matrix, maybe beneficial but Borg-like nonetheless.

Self-Sufficiency Poetry

Our self-sufficiency quota for electrical energy is 30%, but what about the garden?

Since I haven’t smart metered every edible wildflower consumed, I resort to Search Term Poetry and random images. This is a summer blog post, lacking the usual number crunching and investigative tech journalism.

(Search terms are from WordPress statistics and Google Tools)

Direct self-consumption quota was nearly 100% last year (no preservation), and self-sufficiency was very low, with one exception: Yarrow tea.

This year we will reach 100% herbal tea self-sufficiency:

Yarrow TeamThe solar/air collector is boosting yarrow harvest – and we have yet to include its cosmic quantum free energy focusing effect in the marketing brochure.

fringe science theories
can efficiency be greater than 1

Collector, yarrow, poppy

But it also boosts vitality of other life forms:

alien energy

Slimey Aliens near collector

I cannot prove that these particular slimy aliens – edible and a protected species in Austria – are harmful as I never caught them red-handed. You just need to be careful when collecting vegetables to avoid the slimy parts.

We are self-sufficient re green ‘salad’ and ‘fake spinach’ for about half a year. Our top edible wild flowers in terms of yield are Dandelion, Fireweed, Meadow Goat’s Beard …

why does the grim reaper have a scythe

Meadow Goat's Beard

… and White Stonecrop: both tasty …

jurassic park jelly

White Stonecrop and snail

… and ornamental:

zeitgeisty

White Stonecrop, Sedum Album

With standard vegetables (accepted as edible by the majority) we did crop rotation – and the tomatoes look happiest as solitary plants in new places …

analyzing spatial models of choice and judgment

Tomatoe Plant

The Surprise Vegetable Award goes to an old heirloom variety, called Gartenmelde in German:

slinkyloop antenna
physics metaphors

Gartenmelde

Last year exactly one seedling showed up, and we left it untouched. This year the garden was flooded with purple plants in spring:

virtual zen garden

Gartenmelde in spring

There are two main categories of edible plants – and two different branches of the food chain: Things we mainly eat, like tomatoes, herbs, onion, and garlic …

old-fashioned

Garlic, tomatoes, herbs

… and the ones dedicated to alien species. Top example: The plants that should provide for our self-sufficiency in carbohydrates:

simple experiment

Potatoes

In the background of this image you see the helpful aliens in our garden, the ones that try to make themselves useful in this biosphere:

force on garden hose
so called art

Helpful Alien

But looking closer, there is another army of slimy life-forms, well organized and possibly controlled by a superior civilization in another dimension:

the matrix intro
protocol negotiation failed please try again

Slimey aliens and potatoes

microwaving live animals

This garden is fertilizer- and pest-control-free, so we can only try to complement the food chain with proper – and more likeable – creatures:

solutions to problems

Hedgehog, Potatoes

Yes, I have been told already it might not eat this particular variety of aliens as their slime is too bitter. I hope for some mutation!

But we are optimistic: We managed to tune in other life-forms to our philosophy as well and made them care about our energy technology:

so you want to be an engineer

Blackbird and air pump

This is a young blackbird. Grown up, it will skillfully de-slime and kill aliens, Men-in-Black-style.

Life-forms too quick or too small for our random snapshot photography deserve an honorable mention: Welcome, little snake (again an alien-killer) and thanks mason bees for clogging every hole or tube in the shed!

It is a pity I wasted the jurassic park search term on the snail already as of course we have pet dinosaurs:

Pet Dinosaur

So in summary, this biotope really has a gigantic bug, as we nerds say.

sniff all internet access

Bug or Feature

Blinded by the Light: Links Not Considered Click-Worthy

I promised more experimental internet poetry — here it is!

The problem: Spam comments have petered out, their number seems to scale with posting frequency. The quality of search terms for this blog has improved, and most terms are technical and dull.

I turned to untapped raw material – finally I know what last year’s web development project was good for. As predicted, views plummeted after merging three sites into one and picking a country domain. The upside is that search terms got much better.

The following ‘poem’ is built from phrases displayed in Google Search Console (formerly called Webmaster Tools) for my personal website. I am picking from search terms in the list of Impressions: which means my pages appeared in the list of results but most of them were not clicked; hence the title of this post.

~

blinded by the light
despicable me

subversive activities
inconspicuous in a sentence

blinded by the light

blended movie stream
spooky black without you

offensive security
issued by an authority that is not trusted

offensive security

how does a steel plow work
educated guess

definition of tossed
krypton
deflector

energy armor
was last opened
across the universe

prevent the details of
dubious battle

energy armor

galaxy life hacked
mathematical modelling of zombies
lest means
gloomy sunday lyrics

meaning of strangeness
toilet success hacked

letterbox company

educated sentence generator
template missing

define subversive humor
farewell letter to customers
reply all bcc
without papers

subversive (humor)

 ~

Google-Mediated Self-Poetry – Holiday Edition

A new sub-genre of my experimental internet poetry! Is Google able to capture the essence of this blog?

Rules:

  • Search your own site on Google, using site:[your site].
    This ‘poem’ is based on results from site:elkement.wordpress.com.
  • Open the first search result in a new tab.
  • Pick one phrase from this page (your own content) and note it down as a new line of the poem.
  • Open the next search result, pick the next line.
  • Editing of phrases is not allowed, and you must not re-visit the pages already processed or re-shuffle the lines.

This is so-called poetry from the first three pages of search results, as usual combined with my images.

I’ll stay away from social media for a while so you have time to digest it!

~~~

Nothing you have not seen in more elaborate fashion elsewhere
the true connection between my diverse activities

Mutant Tomatoe

a nitpicking stickler and painstaking submitter of DMCA complaints
a pioneer who did such an experiment long before the social media era

In past years I tried to eradicate it
a rotating alien-fighting device throwing darts
It is utterly exhausting

Scary Rotating Things

the phase portrait deviate from the circular shape
So what to do with all those old sites?
Steampunk seems to allude to a part of our common DNA

The tank will also be used as a cistern
shining laser light on the dark filament and analyzing the diffraction pattern
due to different spontaneous freezing temperatures of supercooled water.

ice storage

I am in need of trivia.
mentally insert black and white images inspired by Philip K. Dick‘s short stories.

Black and White

driving hansoms and communicating by wired telegrams.
We abandoned some gadgets and re-considered usage.

I finally added permanent redirects
you should try to use energy more efficiently first

Subconsciousness already takes the decision but you do not notice yet.
so there is no violation of energy conservation.

Bullerjan: Fire!!

Don’t panic – I have left the lofty heights of political analysis for now!
As a fallible human you might give in to the most intrusive requester

denying cap-and-gown costume as I detest artificial Astroturf traditions
I have a secondary super-villain identity.

Super Villain

Here is a typical example of very volatile output:
the irony of being considered a notorious link scammer

salt crystals should easily glide downwards from a tilted plane.
It’s time to compare costs again

Otherwise the grass might always be greener over there.

Green Grass, and more

 ~~~

Shortest Post Ever

… self-indulgent though, but just to add an update on the previous post.

My new personal website is  live:

elkement.subversiv.at

I have already redirected the root URLs of the precursor sites radices.net, subversiv.at and e-stangl.at. Now I am waiting for Google’s final verdict; then I am going to add the rewrite map for the 1:n map of old ASP files and new ‘posts’. This is also the pre-requisite for informing Google about the move officially.

The blog-like structure and standardized attributes like Open Graph meta tags and a XML sitemap should make my site more Google-likeable. With the new site – and one dedicated host name only – I finally added permanent redirects (HTTP 301). Before I used temporary (HTTP 302) redirects, to send requests from the root directory to subfolders, which (so the experts say) is not search-engine-friendly.

On the other hand the .at domain will not help: You can pick a certain country as preferred audience for a non-country domain, but I have to stick with Austria here, even if the language is set to English in all the proper places (I hope).

I have discovered that every WordPress.com Tag or Category has its own feed – just add /feed/ to the respective URLs – and I will make use this in order to automate some of my link curation, like this. This list of physics postings has been created from this feed of selected postings:
https://elkement.wordpress.com/category/science-and-technology/physics/feed/
Of course this means re-tagging and re-categorizing here! Thanks WordPress for the Tags to Categories (and vice versa) Conversion Tools!

It is fun to watch my server’s log files more closely. Otherwise I would have missed that SQL injection attack attempt, trying to put spammy links on my website (into my database):

SQL injection by spammer-hackers

Finally Mobile-Friendly! (How I Made Googlebot Happy)

Not this blog of course – it had been responsive already.

But I gave in to Google’s nagging and did not ignore messages in Google Webmaster Tools any longer. All my home-grown websites had a fixed width of the content pane and a fixed left sidebar. On a mobile device you only saw the upper left corner – showing the side bar and only part of the content pane.

Learning about a major Google update implemented last week I spent one night coding until the test went fine for our business website

punktwissen website, Google's test for mobile friendliness

… and for my/our other sites subversiv.at, radices.net, e-stangl.at, and z-village.net. I keep one non-responsive page: epsi.name.

This is not a guide to the perfect responsive design, I am not a professional web developer, and I don’t claim my CSS or HTML code is flawless, elegant, or processed correctly by all browsers in the world. I read this tutorial and this guide, and they provided me with clues to answer my main question:

What is the bare minimum to make a classical website
mobile-friendly according to Google’s requirements?

It also does not necessarily mean other websites are extremely difficult to read on a mobile device. There is a famous website that doesn’t meet Google’s standards although the content pane fits nicely into the width of a smartphone – if you turn it by 90° and scroll to the right … which Googlebot will not do.

In summary I did the following:

Pre-requisites: Use only CSS for formatting, especially define the layout by containers referred to in the stylesheet. Fortunately I made that move long ago.

1) Set a viewport metatag which tells the device to adapt the visible content to the width of the screen. Even if the width of the content is not fixed in a desktop browser, it is not automatically interpreted correctly on mobile devices without viewport. Actually, I was wrong in assuming that a plain old-school hardly formatted HTML text of variable width is mobile-friendly by default. In this case the content adapts to the width of the device, but Google rightly complains about too small text, and links too close together – in addition to missing viewport.

I had been intimidated by the small text / links close errors some time ago and figured I had to re-do all navigation elements. But after adding viewport, the ‘only’ thing left was to make the content break or flow so that it won’t be larger than the screen width. Text size and links were fine without any change to font size or width / height of containers for navigation links.

2) Add at least one media query to my CSS stylesheets in order to make the left side bar vanish or move if the width of the screen is pixels is smaller than a certain size. I tested with an Android device, and with Google’s tool – but mainly I was squeezing the window on a desktop PC to very small widths. For the business website I decided the sidebar is nice-to-have as it just shows recent blog posts – the same approach as used with by my current WordPress template. For some other sites it was an essential navigation pane; so I let it move to the top.

3) Make sure that all containers and images on a page resize or flow accordingly by making their styles change at the threshold width or continuously – this meant cross-checking the styles of all containers that define the layout and changing / adding style definitions depending on the screen width. I made images resizable, and text displayed left to images should flow under it at a certain width.

All My Theories Have Been Wrong. Fortunately!

I apologize to Google. They still like my blog.

This blog’s numbers plummeted as per Webmaster Tools, here and here you find everything you never wanted to know about it. I finally figured that my blog was a victim of Google’s latest update Panda 4.1. Sites about ‘anything’ had suffered, and the Panda rollout matched the date of the onset of the decline.

Other things happened in autumn, too: I had displayed links to latest WordPress blog posts on my other websites, but my feed parser suddenly refused to work. The root cause was the gradual migration of all WP.com blogs and feeds to https:// only. Only elkement’s blog had been migrated at that time; our German blog’s feed was affected two months later.

Recently also the German blog started its descent in impressions and clicks, again two months after elkement’s blog. I pondered about https URLs again – the correlation was too compelling. Then suddenly the answer came to me:

!

!!

!!!

You need to add the https URL as an additional site in Webmaster Tools.

!!!

!!

!

It was that simple. All the traffic I missed was here all the time – tucked away in the statistics for https://elkement.wordpress.com. This also answers the question I posed in my last Google rant post: Why do I see more Search Engine referrers in WordPress stats than clicks in Webmaster Tools? I had just looked in the wrong place.

I had briefly considered the https thing last year but ruled it out as I misinterpreted Webmaster Tools – falsely believing that one entry for a site would cover both the http and the https version. These are the results for both URLs – treated like separate entities by Webmaster Tools:

Results for http : // elkement.wordpress.com  – abysmal:

(Edit: I cannot use a link here and have to add those weird blanks – otherwise WP will always convert both URL and text to https automatically even if the prefix is displayed as http in the editor.)

Google traffic for http version of this blogResults for https://elkement.wordpress.com – better by a factor of 100: Way more Google traffic for the https version of this blog URLPopular pages were the first to ‘move’ over to the https entry. This explains why my top page was missing first from http pages impressions – the book review which I assumed to have been penalized by Panda as an alleged cross-link scam. In full paranoia mode I was also concerned of my adding random Wikimedia images to my poetry.

But now I will do it again as I feel relieved. And relaxed – as this Panda. Giant panda01 960______________________________

You have read a post in my new category Make a Fool of Myself. (I tried to top the self-sabotaging effect of writing about my business website being hacked – as a so-called security expert.)

Yet the theory was all too compelling. I found numerous examples of small sites penalized by Panda in a weird way. See this discussion: A shop’s webmaster makes a product database with succinct descriptions available online and is penalized for ‘key word spamming’ – as his key words are part of each product name. Advice by SEO experts: Circumscribe your product names.

Legend has it that Panda was named after a Google engineer. I figured it was because the Panda is so choosy, insisting on bamboo eucalyptus (*), just as Google scrutinizes our sites more and more. (*) One more theory I got wrong, now edited! Thanks to commentator Cleo for pointing out the mistake.