Sunday 29 October 2023

The influence of Gothic architecture in pigs' sexual relationships

"The Gothic Barnyard Romance"

Scene 1: A grand Gothic barn, towering spires with intricate carvings, and large stained-glass windows depicting various farm animals in regal poses. The barn is set against a backdrop of rolling green fields under a moody, overcast sky.

Narrator: "In the heart of the countryside stands a barn unlike any other. Its Gothic spires reach towards the heavens, telling tales of love and mystery."

Scene 2: Inside the barn, it's dimly lit with candle chandeliers. Pigs with ornate collars wander around, admiring the architecture.

Pigletta: (looking up at a stained-glass window) "Isn't it romantic, Oinkbert? The way the light filters through, telling tales of old."

Oinkbert: "Indeed, Pigletta. This barn has seen many romances unfold, just like ours."

Scene 3: Close-up of a carving on a stone pillar, showing pigs dancing around a maypole.

Narrator: "The walls whisper secrets of pigs from bygone eras, who waltzed under these very arches."

Scene 4: Oinkbert leads Pigletta to a secluded corner with a Gothic archway. They nuzzle each other affectionately.

Pigletta: "Oinkbert, do you think this barn, with its tall towers and mysterious shadows, influences the way we feel about each other?"

Oinkbert: "Perhaps, Pigletta. The ambiance here is certainly different. It's as if the very stones are urging us to come closer."

Scene 5: The camera zooms out, showing the grandeur of the barn. Pigs in the distance are seen dancing, their trotters tapping rhythmically on the stone floor.

Narrator: "In the Gothic barnyard, love and architecture intertwine, creating a unique romance that is both ancient and timeless."


Friday 22 March 2019

Information Security 101 - A talk on PixelsCamp V3.0

Link to the Powerpoint file: 

Dearly beloved, we are gathered here today to discuss Information Security.

Join me around the campfire and let’s start…

Mandatory "who's this guy and what's all of this about" slides.
I decided to make the presentation available to the audience beforehand to allow every participant to follow the presentation at his own pace.

Also, please note the LEGAL DISCLAIMER as I was expressing my own opinions and not the ones of my employer.

Heard in 2002: “If you’re not paying for it, you’re the product” but what does it mean?

Link to Wall Street Journal article:

It all starts it a text message “Wanna come for pizza and a movie?”

Consider the Data provided vs. Data collected.
Just some highlights:

So… what can we do about it?...

Let’s take a step back….
"Passwords are like underwear: change them often and don’t show them in public."

I have a friend that ends up losing a credit card every 3 months or less J
The downside: she has to send new credit card data for every new actions, for every product ordered, for Netflix, for Android Pay, for Parking payments.
The upside: she gets a new card every 3 months which reduces the chances of exploit

But... does this make any sense?!
It’s pretty much the same we’re asking:
"Change often, has to be complex, 12 chars, 4 symbols, a drop of blood from your firstborn child and a tear of a unicorn."
And then we blame the user when things go wrong!

And if we’re really smart, really into these SECURITY stuff, we all know we should use 2 factor authentication.

Because SAFETY!!! Yes, at its all about safety, that will keep us safe, right?

Well, no, not really…
We have been nagging users about password for the last 20 years…
But it’s never the user password to be blamed for any significant data security breaches.

We must solve this:
The consequence is personal data abuse and society being controlled by The Others (Brexit, Trump, Bolsonaro)

Lets talk about management systems

Everyone can bake a cake at home
We can handle interruptions. We can handle supply issues. Most of the time it’s a one off. We are the client, no need to meet needs or expectations.

Very small IT footprint, maybe a computer running ERP / CRM / Excel / minimal website.
You now have procedures to handle raw materials when they arrive, laws to abide, periodic maintenance on machines, financial goals. 
You’re working with a context, with shareholders, suppliers, clients, employees, neighbour, authorities…
You have to meet the needs and expectations of interested parties if you want to survive.
So we make plans.


Your supplier changes, Your target clientele changes, Your raw materials are no longer available, You have to abide to different regulations, You want to move into a different market, Your country foolishly decides to leave the EU, Your employees die, You die.
Allow me to introduce you to some nice friends…

Deming and a lovely lady.
The PDCA/CI cycle.

Management systems: Not the hero we call for, but the hero we need.
That means, defining processes, monitoring, keeping tabs on what went wrong and what went right.
But its pays off every time.
Risk is positive and negative that can and will happen.
Is all about figuring out what can change, its impact and whether we wish to mitigate or reap the benefits.

The future, as we can see it
Robotized Cake Factory, very few people.

Confidentiality, Integrity, Availability

Access (physical/ user access management)
Operations (backup pentest, scan, logs)
Network protection 
Secure software development (lifecycle) (plug the holes NIST OWASP framework libraries)

Well, no, not really.

We’ll look into a real world scenario… but first…

The ability to wing it, sometimes referred as one of the greatest Portuguese assets only provides a short term, sub-standard solution. 
It will kill you in the long run.

Up until now, fines limited to 500k
Data breaches before and after GDPR
GDPR comes with a very loooong enforcing stick. Giving people’s rights even before they realise they have them.
Huge impact on data subjects rights. Humongous!

If you lose a dead hard disk stored in a drawer for the last 3 years, that’s a data breach
If tapes go up in flames, that’s a data breach.
You have to determine a justifiable data retention policy. And then abide by it.
When the user asks for the data back you must provide it. If you lost it (and didn’t report), you’re in trouble.
If you decide on a loan, your client has the right to know your profiling algorithms.
Scope: An American company creating a user account for a Japanese guy is within the scope of GDPR (because he’s in Slovenia)
Data minimisation. Collect only the information you need. GDPR killed the big data star.
Privacy by design. Look at your software development lifecycle and include GDPR compliancy on the earliest of stages. 
When things go wrong you’re in trouble. YOU MUST ABIDE BY THESE RULES!
I’m just the messenger. You don’t have to agree we me. You can even say it’s just #ProjectFear…
But in the end, “Talk to the hand, because the judge is not listening.”

January 2019

"You can not say Information Security and Android in the same sentence with a straight face."
Who agrees with this? … It’s OK if you don’t agree with me.

The real world example with an iOS app:
Can you spot "Informed consent" on this picture?

Let’s look at the same app, developed in Xamarin, a cross platform environment...

HOUSE RULE: If you have the latest version you can shut up now and the reason is twofold: You’re still irrelevant (belong to the 3%) and that didn’t addressed the root cause.

This was a company very conscious on data privacy, they handle personal identifiable information and personal health information and have been managing for the last decades and have a quite impressive system.

What went wrong?
Requesting consent while installing, not when required.
Either you accept all of these or you don’t use the app.
Even Microsoft Office apps on Android ask for access to your phone call log, SMS content, information on machines on your corporate network. And these are high profile apps. What about low-grade, dodgy looking junk apps. Everyone’s guess.
Access to data without even hacking is the Android de facto standard.
Low visibility on what it really means
Low granularity. Fixed on the latest version? Yeah right…
Average age of operating system version is… 3.5 years and that includes 80% of devices.
By 2022 you’ll still have +30% of devices built upon a GDPR non-complaint philoshopy.

Explanation on “CONSENT” was buried on the Terms & Conditions….

.... on the Terms & Conditions….

.... on the Terms & Conditions….

.... on the Terms & Conditions….

We must fix this...
… "with a great power comes a great responsibility."

Sunday 1 January 2017

My enterprise years

Some background first; most Portuguese companies have 10 or less employees and, although I lived mainly in sunny Lisbon, this holds true across the country. It's like a country made of decades old startups where a versatile person ends up doing a lot of different tasks.

Being a polymath, I loved that environment.

It's hard to imagine a workplace where the IT Director does a huge amount of developing, network administration, logo designing and client meetings.

In the wise words of Marco Silva I was the CWO - Chief Whatever Officer in a 1,5 million euro / year company for more than a decade and enjoyed it.

It all started in the brink of the year 2000 and the world was ready to implode with the millennium bug (Y2K). People were expecting planes to fall from the skies, computers to burst into flames and half the world's money to disappear into digital sinkholes. Yes, it was fun. Most of it never happened and if anything, the whole situation ended up being a perfectly good excuse for me to spend some time on code refactoring.

A lot happened in that decade: created and managed the IT Department for a company of 25 people, developed a system for the interchange of information to process license plates and taxes for motor vehicles according to Portuguese ever changing laws. And did all that maintaining an impressive quality of service if I may say so myself.

My daily routine was filled with development in SQL, VB6, custom controls playing a great part in every solution, resorting to tricks like webscraping to bridge the gap between non cooperative government systems, killing off obsolete systems, coming up with custom document management systems and supporting the Quality Management System after we got our ISO9001 certification.

No man is an island and I had the privilege of working with some fine professionals that came and went through the years:

João Quaresma, a quiet and methodical programmer with a warm sense of humor. Always dependable, day in day out he teamed up to code the foundations of an application for the company's core business and the whole experience reminds me that although some jobs will be long and boring, in the end you'll have something solid to build up from. Having done it with a long time friend was just an unexpected bonus.

Later I met Nuno Mendonça. He's part geek, part scout, a bit of an undercover evil master and a great friend to have around when in trouble. He was my guide into the early years of all things cloud and with great PHP, WordPress and craftsmanship skills. Alongside some soldering we came up with all kinds of unexpected solutions for everyday problems like intranet dashboards, temperature control, automated data backups and network management. He's the reason why I insisted my two daughters should be in the scouts as a way to build a strong and versatile human being.

When you get to work with great people, team management ends up being a great job: you just do your best to keep your team happy and everything works out. Major lesson learned there, as IT Director I would always take the blame for everything in management meetings. If something didn't happen as expected there was no point in trying to deflect responsibilities, we would do our jobs until we found a solution. And we did it in the best work environment possible.

When information technology becomes a great part of a small company, the IT guy plays a big role in corporate client meetings and working with giants like Vodafone, Mitsubishi Motors and Mercedes-Benz really gives you some nice negotiations skills. Be kind and assertive and when in doubt ask. In the end I still believe "under-promise but over-deliver" pays every time.

Building the IT software for medium sized company is not just about technology, it is about making sure a company is efficient and effective at all levels. These are the reason of why I loved being the CWO. 

If you have read up to here, you know what  I learned along almost two decades working in a enterprise environment. Since 2012 I've been self employed doing mostly outsourcing task. Still fun, just a different flavour of fun. 

(XKCD, a weekly companion for more than a decade.)

Tuesday 14 June 2016

iPhone tip: How to connect to a SD+WiFi Card and still retain 4G connectivity

I love my Toshiba FlashAir card.

Looks like a normal SD Card, but has Wi-Fi connectivity which enables me to retrieve photos from my old and beloved Nikon D40 while on the road.

Shoot, transfer (to the iPhone), edit, publish, 100% mobile.

It replaced my ill-fated Eye-Fi card as there where soooo many things wrong on that puppy.

(photo: Alexsh, Eye-Fi Pro X2 16GB, CC BY-SA 3.0)

Eye-Fi had a great product but then got a bit too greedy and decided to start selling the same card but with different prices depending on what you wanted to use it for.

Want to connect to a public Wi-Fi access point? That's £10 extra.
Want to connect directly to the iPhone? Another extra £10.
Want to transfer video files? Another extra £10.
Want to transfer RAW files? Another extra £10.
And so on, and so on...

Their business plan was to forbid every possible use and then charge you for that and so they were basically selling you the same card under different names like "Explore X2", "Geo X2", "Pro", "Geo", "Home/Video", "Share/Video", "Explore Video", etc...

Real bloodsuckers.

To add insult to injury, we were forced to use a desktop application to talk to Eye-Fi servers and check if our bills were in order before changing the settings on the card. And it was done in Adobe Air, the most disgusting version of Flash ever to see the light of day.

Blegh, *puke*!

But, I digress...

Toshiba FlashAir. Mine is the 32GB model.
(photo ColdSleeperFlashAir (8550935359)CC BY 2.0)

My new Toshiba FlashAir card was a no-frills solution: just a SD Card that connected to my iPhone through Wi-Fi.

Finally I could shoot pictures with my DSLR favorite 50mm prime lens and have it on Instagram 2 minutes later.

The only setback was a rather technical but very annoying problem: whenever I turned the camera ON, my iPhone would connect to the FlashAir card, allowing me to get the photos but I would lose mobile data connectivity. No iMessages, no Twitter, no email, no Instagram, etc.

So, while taking photos I was completely disconnected from the internet and even after retrieving the photos I had to remember to turn the camera off before trying to post something. A real bummer.

After some testing I finally figured out how to retain mobile data connectivity while using the FlashAir card. I can now take pictures and still get that important iMessage and upload posts seamlessly. It's a bliss.

1) Turn on your DSLR camera with the FlashAir card inside

(Now follow this instructions on the iPhone)

2) Go to "Settings" / "Wi-Fi" / Connect to "FlashAir"
3) Touch the (i) on the left of the network name
4) Note the current "IP Address" (probably or similar)
5) Change "Configure IP" from "Automatic" to "Manual"
6) Enter the same IP Address you wrote down on step 4)
7) Enter "" for the Subnet Mask and leave the field "Router" empty

... et voilá!

Now the FlashAir app can show you the pictures you take in a few seconds and you still get to use the iPhone for everything else. It doesn't get any sweeter than this.

Friday 1 January 2016

Era 2015, passa a 2016.

Feliz 2016

"Era 2015, passa a 2016" ou a história por detrás da capa deste post, feita por mim e pelo Francisco Pinheiro.

Fechei 2015 com uma simpática lista de projetos executados. E porque as concretizações de cada ano são sempre fruto de esforço de várias talentos que compõem as equipas, aproveito para deixar aqui o meu abraço de agradecimento.

SBROING - Podcasts e Audiolivros

Talvez o mais inesperado dos projectos, o ano de 2015 viu nascer SBROING, um side project que se tornou uma fonte de alegrias. Destaque para a obra d' O Principezinho no ano em que saiu o filme. Falta ainda a apresentação do Projeto Rosinha, algo que deve ocorrer nos próximos dias.

Entrevista para Cidadania20

Ainda em jeito de Manual de Movimentos Cívicos, destaque para a entrevista com a Daniela Azevedo à plataforma Cidadania 2.0: a utilização das ferramentas Web centrada em Santa Apolónia e uma rua sem condições mínimas de circulação de peões.

Entrevista Público

Santa Apolónia - Fora das Linhas: Um trabalho a não perder feito pela Vera Moutinho para o Jornal Público, entrevistas em 14 paragens em torno da Estação de Santa Apolónia que comemorou 150 anos em 2015. Uma forma de dar a conhecer histórias que vivem na vizinhança de uma grande infraestrutura de transporte.


ICT2015, o maior evento de Tecnologias de Informação e Comunicação (TIC) da Europa realizou-se em Lisboa no mês de outubro, uma iniciativa da Comissão Europeia este ano promovida em conjunto com a Fundação para Ciência e Tecnologia (FCT). Estive presente no stand da APDSI, Associação para a Promoção e Desenvolvimento da Sociedade da Informação, um fórum de debate sobre a Sociedade da Informação.

Entrevista SIC Mulher

A MakerFaire de 2015, a segunda edição deste festival de "mostra e conta" foi um sucesso e ultrapassou todos os valores do ano anterior. Portugal, de forma inesperada consegue surpreender pela comunidade de makers, os novos artesãos que gostam de criar coisas diferentes. Estive presente a convite do OOZ Labs, fomos entrevistados pelo programa Faz Sentido da SIC Mulher e diverti-me imenso a explicar aos visitantes as dificuldades de pilotar um rover em Marte. A crónica da Sabrina Merlo, a representante da Makermedia, explica bem o que foram aqueles 3 dias.

Entrevista LeCool Lisboa

O que nos leva à imagem no cimo da página: para fechar o ano de 2015 o Francisco Pinheiro criou uma capa para a LeCool Lisboa com base nas capas de todas as semanas anteriores e convidou-me para a tarefa de animar o resultado final. Deixo aqui a narrativa do processo em forma de entrevista.

Wednesday 23 September 2015

VW Scandal - O escândalo dieselgate da Volkswagen.

Volskwagen Beetle, Golf, Jetta, e Passat, apanhados a fazer batota nos testes.

A VW recorria a um algoritmo de programação que conseguia perceber se o carro estava a ser conduzido na estrada ou a ser testado num banco de ensaios e mudar o seu comportamento em termos de poluição para valores 10 ou 40 vezes menores que o habitual para conseguir cumprir os limites de poluição.

A parte "TDI Clean Diesel" desta imagem foi largamente exagerada.

Como funciona?

Como programador, não consigo deixar de apreciar a elegância da solução encontrada para ativar o modo de "mentir descaradamente aos tipos da EPA": a forma como o software deteta que o automóvel não está realmente a andar a 120Km/h na autoestrada mas sim numa sala de laboratório é através da análise da posição do volante ao longo do tempo.

Estão a ver os pequenos toques de volante que damos para manter o carro em reta? Pois, isso não acontece se o automóvel estiver a circular em cima de rolos. Bingo!

Admiro a elegância da solução.
0% de ética mas 100% de elegância :)

A VW mentiu mesmo? Não pode ser um mal entendido?

Não. Ninguém consegue uma explicação credível para o software analisar as correcções no volante quando está a gerir o sistema de controle de motor/emissões. E até pode não ter sido só a VW a mentir porque todo o sistema é composto por vários empreiteiros e subcontratadores. Nunca saberemos exatamente quem sabia o quê, mas é bastante óbvio que a intenção era fazer batota nos testes.

Performance, consumos, poluição. 

Destes 3 escolham 2. Todos os motores vivem num equilíbrio entre estas três características porque quando se melhora um dos factores, é sempre às custa de impacto negativo nos outros. Ou seja, motores potentes consomem, se não poluirem, motores que emitam poucos gases nocivos terão performances fracas se não consumirem muito e etc. É o problema do mundo real se reger pelas leis da física.

Mas os motores da VW nos EUA poluem menos que na Europa?

Resposta curta: Não.

A resposta mais longa: os motores diesel que estão de acordo com as normas norte-americanas poluem menos que os europeus. Os da VW aparentemente estariam a operar com valores semelhantes às normas europeias que são mais liberais.

Mas os americanos têm normas mais rígidas que a Europa?

Os Estados Unidos da América, por tradição, gostam muito mais de motores a gasolina, tanto que não acham que exista algo de errado num Corvette com um motor de 6200 de cilindrada a gasolina para os quais nem sequer interessa referir os valores de poluição.

Corvette: serve para engatar miúdas, o ambiente que se lixe.

Mas o gasóleo era algo apenas usado em camiões feios e barulhentos. O resultado disso é que a indústria automóvel deles não tinha motores diesel minimamente interessantes e quando confrontados com os avanços dos fabricantes europeus, os lobbies das grande marcas conseguiram que o regulador (a Environmental Protection Agency) determinasse valores máximos aceitáveis muito abaixo dos valores europeus, uma forma de proteção semelhante às medidas que restringiam os vôos de aviões supersónicos de passageiros após a Boeing desistir dos seus planos para construir um concorrente do Concorde. Não tenho nada contra esse tipo de protecionismo, obviamente, parvos seriam eles se não o fizessem.
A solução que mais facilmente permitia cumprir esses limites era a AdBlue, que recorre a um sistema com um depósito adicional de ureia, uma coisa aceitável para camiões, mas vista como algo estranho para automóveis de passageiros.

"O quê, dois depósitos?!" (FOTO: Mercedes-Benz)

O que nos leva à questão do porquê...

O grupo Volkswagen apostou fortemente nos motores diesel durante as últimas décadas. Numa altura em que outras marcas como a Toyota e a Tesla investiram para conseguir progressos (e sucessos) em soluções para automóveis elétricos, a VW brandiu a bandeira que o diesel teria um grande futuro, fazendo propaganda com o Audi R15/R18 que corre nas 24H de LeMans com um motor a gasóleo, porque o consumidor acredita sempre que os sucessos na competição têm algo a ver com os veículos que conduz no dia a dia (nunca tem, mas o consumidor é, por norma, parvo).
Essa aposta forte no diesel correu bem na Europa mas o mercado norte-americano continuava a ser apetecível e a ideia de conseguir convencer os consumidores que os motores TDI eram realmente limpos sem recurso a soluções "estranhas" como o AdBlue foi demasiado tentadora.
Esta não terá sido a primeira nem a última vez que uma indústria mente descaradamente, mas quando uma empresa enfrenta multas de 37.000€ por cada um dos 11 milhões de veículos vendidos nestes anos, a situação tem contornos de calamidade. Com as acções do grupo Volkswagen a cair a pique e uma mancha indelével na credibilidade, podemos ter a certeza que será necessário repensar toda a estratégia de uma empresa e mudança para uma aposta em modelos a gasolina ou elétricos é mais do que esperada. Mas tudo isso demora tempo e é certo que alguns cortes terão de ser feitos.

O que significa para Portugal?

Nada de bom. A mentira da VW não deve afetar os motores dos nossos adorados Audis A4 e VW Passat mas quando uma empresa enfrenta multas 3 vezes superiores ao seu valor atual podemos concluir que está falida. Durante os próximos meses serão negociados os termos da multa a aplicar e veremos então o que sobra do grande gigante automóvel alemão e a fábrica da Autoeuropa em Palmela, que produz o VW Scirocco, está claramente na linha de fogo.

(Foto: VW/Autoeuropa)

Num cenário de luta pela sobrevivência da marca, os modelos desportivos não têm razão de ser e reconverter uma fábrica tem custos elevados que a fraca procura dos outros modelos não conseguirá sustentar.

Alguém sabe de cabeça quantas fábricas existem no distrito de Setúbal a depender diretamente da produção da AutoEuropa?

Claro que tudo isto tanto pode ditar o fim da Volkswagen como pode vir a ser resolvido nos bastidores e meia dúzia de manobras de relações públicas. Aguardemos os próximos capítulos.