Blog Post 9-Government Backdoors

The use of encryption is on the forefront of today’s national defense debate. After recent terrorist events, which may have been organized through encrypted channels, many are shocked and outraged that there are ways that terrorists can hide their information such that no one, not even the government, can access it. Before these events, many people had probably never even heard about encryption before. They probably don’t understand that it’s something that they use on a day-to-day basis, whether through the internet, mobile phones, etc. Now to many it has an evil connotation. And we are left asking what should the companies proving these services do about it. Is a company more ethically responsible for their user’s privacy or society’s safety?

The main argument for companies providing a backdoor to governments is that encryption does not allow governments to execute warrants for information. This argument makes sense to me. I would be completely against allowing the government to access our data at any time. However, allowing the government access to our data when a court warrant is served seems justified. Manhattan district attorney defended this point in a recent paper, stating “Last fall, a decision by a single company changed the way those of us in law enforcement work to keep the public safe and bring justice to victims and their families.” If we can issue a court warrant and legally obtain physical evidence in a case, we should certainly be able to do this with digital evidence. However, it appears that this is impossible.

In previous encryption systems, Apple would retain a key that could be used to unlock customer’s data in the case of a search warrant. This seems perfect, a user’s data would be secure except in the case of a warrant. However, we do not live in a perfect world. What Apple found is that creating this backdoor, even if designed only to be used by them, left their system vulnerable. Eventually somebody would find a way in. This is the root of our issue. In a perfect world we could create a system that would be completely secure, except in the case of a search warrant. However, it is not possible. Once we create a vulnerability in the system, eventually somebody will exploit it. So in a perfect world, Apple could balance its ethical responsibility to privacy with its responsibility to security. Sadly, the answer to our question is not that easy, so we have to choose a side.

I have to side with Apple in this argument, that they are more responsible for their user’s privacy then what their user’s do with their system. When the argument is brought up that “isn’t saving lives or protecting our nation worth a little less individual privacy”, I say that we are not losing a little less privacy. We are losing all our privacy. Even if we trust that the government will only use the backdoors legally, we take the chance that a malicious party will exploit it. When the argument is brought up that “if you’ve got nothing to hide, you’ve got nothing to fear” I say that everybody has something to hide. Even a completely ethical person may have credit card information, company information, etc. on their mobile phone. Many people right now would say national security is worth their privacy, but if you tell them their identity might be stolen I think they would change their mind. National security is very important, but maintaining digital privacy is something that is basically necessary for most people to live normal lives. Thus I think protecting our privacy is more valuable than protecting the chance that encryption is used against national security.

 

Blog Post 8-Our Job Interview Guide

To me, the most important section of our guide is the “Things I Wish I Knew as a Freshman” section. This highlights the main points from our guide that we each felt would be the most beneficial to a Notre Dame Computer Science or Engineering freshman reading our guide. This is probably cheating a little bit for this question, so I’ll look at some of the other sections of our guide I feel would be very helpful to an incoming student. One key section is the “When to Start Preparing” section. This has some advice that I could have certainly used, as I probably started preparing for my career a little to late. The “How to Prepare” section would also be very useful. I took a “learning as you go” approach to preparing for my interviews. I didn’t really know how to prepare for my first couple of interviews, but learned through the experience of these early interviews. This meant that I knew what I was doing by the time of my later interviews, but probably could have performed better on the early interviews if I knew how to prepare better. This section had some great tips, such as researching the company and position beforehand so you can answer certain questions better. It also had some great resources for preparing for technical interviews. Probably the best advice I got for this is to utilize the mock interviews that the Career Center runs. I didn’t know these existed (probably because I ignore too many emails). These would have been great to work out the kinks of interviewing and learn how to best prepare.

I think the University’s Computer Science and Engineering department prepares students well for the workforce. I think it is tough for a department to completely prepare students. Since Notre Dame isn’t a technical school, it really isn’t fair to spend an excessive amount of time preparing students for a certain type of job. Students will have too varied of a future career path to do this. As a place of learning, I think the University should not focus too heavily on preparing us for work. It should be a goal, but scholarly pursuits should be the main focus.

While not a main goal, preparing students for the workforce has to at least be a goal. It would be a disservice for students to be left completely in the dark for what will be required of them in the “real world.” I think the department does a good job with this. Professors will often stress skills that will be the most important in the workforce. There was one complaint I had for the department that they have actually fixed for later graduating classes. I often felt that the order of our classes didn’t really fit well with the skills that we needed for technical interviews. The main problem is that we take our “Design and Analysis of Algorithms” class our senior year, while many people are taking technical interviews. The issue is that this is one of the main classes that are tested in these interviews and we have not completed it by that point. However, future graduating classes will be taking this class earlier. I believe this shows that the University does care about preparing students for interviews and the workforce.

 

Blog Post 7-Therac-25

There were two main causes for the Therac-25 accidents. One was the actual software controlling the machine, which had bugs that would cause fatal errors. Another key issue was that there was no hardware responsible for handling fatal errors, which basically all safety-critical systems have. There were no interlocks or last-ditch hardware techniques to prevent catastrophic failures. These two causes combined to show us a side of software engineering that many people don’t realize exists, that software engineers are often responsible for the lives of others.

Therac-6 and 20, the previous versions of the machines, were reliant on a combination of software and hardware. Thus there were hardware interlocks in place to prevent the user from doing anything catastrophic. There was also software present that allowed for faster setup of the machine, but there were still these hardware safety measures in place. However, in the Therac-25 iteration, the decision was made to rely on software only. The hardware safety measures were completely removed, leaving the system vulnerable.

It took a while to determine the cause of the software issue; it was something that the maker of the machine couldn’t reproduce. However, an actual user was eventually able to reproduce the error. If a user selected “X-Ray mode”, the machine would take 8 seconds to set up. However, if while setting up “X-Ray mode” the user switched to “Electron mode”, the turntable would not switch over and be left in an unknown state. This seems like a simple error that would easily come up through rigorous testing, but it turns out the testing wasn’t that rigorous. There was no timing analysis performed, which would have caught the error. The fact that testing wasn’t rigorous on a safety critical system is certainly a huge issue. This issue was fixed in an update, but then another patient was overdosed due to a completely different error. The company behind the product seemed completely inept at making safety critical systems.

As we can see from this case, there are certainly unique issues that software developers face when working on safety-critical systems. Most people don’t really think of developers as being responsible for people’s lives; they think of them as people that make games or websites, where bugs will at worst cause monetary loses. However, people don’t realize that today software is basically in everything, certainly including safety-critical systems like airplanes or pacemakers. The software developers behind these projects are responsible for people’s lives. I think a main challenge for these developers is to not become too detached. It is very easy when coding to forget that a mistake you make could lead to loss of life! This is probably not the first thing you are thinking of when typing code into a machine, because you are so detached from the actual user, but you must remember this.

However, I believe most of the responsibility is bore by the project manager. It was the project leaders of AECL that were responsible for people’s lives. They couldn’t cut corners on developer skill or testing level. One of the first thing a good project manager will do at the beginning of a project is determine the risk of the project. This is so they can determine what level of corners they can cut. On safety critical systems, this is essentially zero. So it’s tough to blame the unexperienced and unqualified programmer in the case of Therac-25. The blame is on the managers who decided to use this type of programmer and decided to not test rigorously.

Blog Post 6: Diversity in the Tech Industry

Is the lack of diversity a problem in the technology industry? I think the answer to this question depends on the scale of the problem you are attempting to tackle. Are you looking at the diversity problems of individual firms in the technology industry, or are you looking at diversity in the industry as a whole? I believe that both problems are something that need to be addressed, but come from different causes and thus have different solutions. If an individual firm is having a diversity problem, like having significantly lower numbers than the industry average, the firm must look inward to see if there are any cultural biases. However if we are addressing the industry wide problem, like the technology industry having lower minority representation then other industries, we must look at our culture as a whole. What ingrained problems do we have in our society to cause these issues?

There are certainly cases where companies can fall behind industry standards in terms of minority representation. It’s on the company to recognize a problem, which is often the hardest part, and then rectify that problem. This problem can be very hard to address, as it can be deeply ingrained in company culture. The Forbes article gives a good framework for attempting to fix this problem in a company’s culture. The first step is to get an outside source to assess the company’s culture for discrimination. This is extremely important. Since the problem stems from inside the company, attempting to fix it with only company resources might prove fruitless. Outside training is often important, as many employees will have cultural biases without even realizing them. The rest of the steps deal with programs aimed at improving minority workers already at the company, but I want to focus on these first two steps. Programs to aid minorities are certainly important, but I think the programs focused toward’s non-minorities are more pertinent to our problem. The first step is to remove the cultural biases at a company, allowing the company to achieve higher diversity. Then a company can focus on its minority programs.

Now when the scope of our question changes from individual firms to the industry as a whole, the cause of our problem changes and thus our solution must be different. Unlike a problem at an individual company, the problem at the industry level isn’t necessarily a fault of the industry. There may be cultural problems inherent in the tech industry, but I do not believe that is why we see such a large lack in diversity as compared to other fields. I believe it it is because of cultural problems across society as a whole. There is certainly a stigma of the typical “tech person”, and there are certainly groups that are left out of this stigma. One example is women. Since society typically thinks of women as less tech-oriented then men, we see less women pursuing tech fields. It’s not because women are “worse” at tech fields, is that many don’t even think of it as an option. This is a cultural problem that doesn’t need to be addressed at the industry level, but at academia. I think Notre Dame has done a great job at this. There are many resources available for women in STEM fields, and resources that attempt to recruit women into STEM fields. In my personal experience I think it has helped. To me at least, it appears that there are more and more women studying computer science since I have been at the university. In summary the industry wide problem is not a problem that has to be solved at the industry level, it needs to be addressed by academia.

Blog Post 5: Why Startups?

This past semester I actually took a class on entrepreneurship and startups. It was a very interesting class that gave me an insight into the mind of an entrepreneur and why startups are all the rage right now. The positives when compared to a standard job are certainly convincing. You have total control of the company, taking your startup in a direction that seems interesting to you. You’re not going to end up a “cog in the machine” where you feel that your work is pointless. And there’s much greater growth potential in terms of salary and wealth. You could see the excitement in the eyes of the entrepreneurs that came and spoke with us. They really believed they were making a difference day in and day out, something that you might be hard pressed to find in a large company employee.

However there’s the darker side of startups that we really weren’t introduced to in this class, the failures. We never had someone come in whose startup had completely failed (most likely because this person wouldn’t exactly want to speak in an entrepreneurship class); it would have been nice to remind us that the majority of startups fail. Some people, the true entrepreneurs, are willing to take this massive risk early in their careers. I am not.

Not everybody is an entrepreneur. Some people, like me, feel the negatives outweigh the positives. Having a secure paying job outweigh the chance of a startup exploding in growth. Having a secure paying job outweighs getting to run your own company and the power that comes with it. I also believe that some of these positives can be greatly overstated.

As shown by the danluu.com article, even if you join an eventually successful startup you could have been more wealthy joining a large company. There’s still huge inherent risks, even if the company becomes successful, based upon how an IPO goes or your individual contract. There’s also the idea that you will be performing meaningless, uninteresting work if you don’t work at a startup. I definitely disagree with this. If you join a large company you will always be able to find meaningful, interesting work. It’s on you to find that work and move toward it in the company or when job searching. The danluu.com article shows that large companies are often doing the most innovative work in the industry. It’s up to you to find this type of work in large companies, and it can certainly be done.

In my post-graduation job searching, I really didn’t have any desire to work for or begin a startup. At this point I don’t believe the risks outweigh the benefits for me, but I can certainly see why they would for an entrepreneurial type. I was looking for more of a balance between a startup and a large company. I was looking for a small company where you didn’t feel like a “cog in the machine”, but stable enough that it didn’t really have a chance of going under during my employment. However, in the future when I am hopefully more financially stable, I could see those benefits starting to outweigh the risks. Maybe if the right opportunity arises I will join or begin my own startup.