The Internet of... Things

Welcome, internet-connected reader, as this week I pour scorn on the idea of Internet-connected everything.

"The Internet of Things" was an industry buzzword just a short few years ago, a little after our obsession with describing anything involving a query as "Big Data" had waned. The Internet of Things was poised to deliver a web of interconnected... things, which presumably you do something useful with that you couldn't do before. Or maybe not: it's difficult to see why it's useful for my washing machine to connect itself to the Internet when I still have to walk up to the thing to put laundry into it.

What's more, there are good reasons for not connecting anything to any kind of network unless it absolutely has to be: any sort of network connection opens up entire classes of security vulnerabilities which otherwise wouldn't exist. Thus we have massive botnets out there which run on the compromised software in networks of security cameras, and are available for rent on the dark web to attack websites of your choice. If you want some random script kiddie in a place you've never heard of to find a way to take over your toaster and try to mine Bitcoins on it every time you toast a bagel, then feel free to hook it up to the Internet. Otherwise, maybe don't.

As you may have guessed by now, like many in the software industry, I'm skeptical of the need or benefit of networking such devices, or putting software in places that it doesn't really need to be. Unlike almost any other field of engineering, reliability isn't getting any better in software, and security attacks are getting ever more imaginative. Software has the power to do amazing things quickly, and to change and mould itself to new problems at lightning speed. Ironically, these are the very qualities which lead to software being difficult to use, unreliable and vulnerable to security exploits. In a former job, I worked with hardware engineers: us software folks were under no illusions that these were the "proper" engineers, and we were just pretend hackers in white coats. And if you like this paragraph, stay tuned for my forthcoming memoir ;-).

I was inspired to fear the Internet of Things even more this week, because our landlords saw fit to fix the broken lock on our front door by replacing it with a "smart lock":

This thing opens with a fingerprint or a numeric code, automatically locks itself after a timeout and when the door shuts, and can optionally automatically unlock when it determines your phone is nearby. And you can connect it to the Internet so you can get alerts when someone enters or leaves the house.

But there's software involved here, so most of this stuff is undesirable, and the rest of it only partially works. Of course, there are published security attacks on and vulnerabilities in this lock; the fingerprint sensor works sporadically (everyone knows only Apple have ever made a truly reliable fingerprint sensor, which is mostly an issue with patent law); the automated locking is too sensitive and often activates the lock before you shut it. It's reasonably cool to be able to walk up to the house and just get in with a fingerprint, but you always need to carry a key anyway given that the thing runs on AA batteries and it'll die at some point. Sigh.

Of course, this week the news has been full of tech layoffs, and a certain nutcase going crazy with his new $44B purchase. It's interesting to note how different employment law is here in the US compared to the UK, and what kind of power that gives employers. Or, put another way, in the UK we actually have employment law, whereas over here there is very little regulation. Most employment in the US, including here in California, is what's called at-will employment, which basically means there's no such thing as an employment contract, and your employer can terminate you without reason or notice. This is, of course, especially nefarious if your residency in the country is dependent on a visa that's tied to your employment. Put another way, any of those laid-off folks that were at Twitter or Meta and were here on an L-1 visa now have 60 days to get out of the country, and those who were here on an H1-B visa have 60 days to find a new job and complete the visa transfer process. Tenuous eh?

On that happy note, I'm off to try and get the lock talking to the toaster so I can get some toast made automatically as I approach the house. If some Bitcoins get mined in the process, so much the better!