I have been publishing this blog since July of 2009. Since retiring from IBM in 2019 the frequency of my posts has declined greatly as new interests have taken over. I am however still interested in writing on technology topics in general, even though they may no longer be software architecture related.
I will therefore no longer be posting on Software Architecture Zen from today (5th February 2026). I have consolidated my web presence to just one blog (https://petercripps.photography) where, as well as photography, I will post stuff on technology and creativity. Please do follow me on there.
I have migrated a number of posts from Software Architecture Zen to this blog but will leave the entire contents online (until such time as WordPress decide to delete them I guess). You will still be able to access them at: https://softwarearchitecturezen.wordpress.com
Composite Image Created using OpenAI, DALL-E and Adobe Photoshop
Sir Michael Parkinson, who died in 2023 [1], was a much loved UK chat show host who worked at the BBC between 1971 and 1982, again between 1998 and 2004 and finally for a further three years at ITV until 2007. During that time “Parky” interviewed the great and the good (and sometimes the not so good [2]) from film, television, music, sport, science and industry. I remember Saturday nights during his first stint at the BBC not feeling complete unless we had tuned into Parkinson to see which celebrities he was interviewing that night. I was sad to hear of his passing last year but also grateful I had lived at the time to see many of his interviews and appreciate his gentle but probing interview style.
Last week however we learnt that just because you are dead, it does not mean you cannot carry on doing your job. Mike Parkinson, son of Sir Michael, has given permission to Deep Fusion Films to create an exact replica of his late father’s voice so he can virtually host a new eight-part, “unscripted series” [3] called Virtually Parkinson. The virtual Parky will be able to interview new guests based on analyses of data obtained from the real Parkinson’s back catalogue [4].
Deep Fusion Films was founded in 2023 and makes a big play about its ethical credentials. On its website [5] it says it aims to “establish comprehensive policies that promote the legal and ethical integration of AI in production”. Backing this up, their virtual Parky will be created with the full support and involvement of Sir Michael’s family and estate.
So far, so ethical, right and proper, however…
Only last year, concerns over the use (and potential misuse) of AI in the film industry led to a strike by actors and writers. Succession actor Brian Cox made the statement that using AI to replicate an actor’s image and use it forever is “identity theft” and should be considered “a human rights issue” [6].
Hollywood stars like Scarlett Johansson, Tom Hanks, Tom Cruise and Keanu Reeves, have already become the subject of unauthorised deepfakes and in June of this year the Internet Watch Foundation(IWF) warned that AI-generated videos of child sexual abuse could indicate a ‘stark vision of the future’ [7].
Clearly, where Deep Fusion Films are right now, i.e. producing ethically sourced and approved imitations of celebrities voices, and where AI generated porn is threatening to take us are poles apart but…
Technology always creeps into our lives like this. A small seemingly insignificant event which we find amusing and mildly distracting entertains us for a while but then suddenly, it has become the way of all things and has fallen into the hands of ‘bad actors’. At this point, there is often no going back.
Witness how Facebook started out as an innocuous site called Facemash, created by a second-year student at Harvard University called Mark Zuckerberg, that compared two student photos side-by-side to determine who was “hot” and who was “not.” Actually this was always a questionable use case in my opinion, but I guess an indication of what went down as acceptable behaviour in Ivy League universities of the early 2000s!
Today Meta (who now owns Facebook) is the seventh largest company in the world by market capitalisation worth, at the time of writing, $1.497 T [8]. Zuckerberg’s vision for Meta, outlined in a letter to shareholders this August, is that it will become a virtual reality platform that merges the physical and digital worlds forever transforming how we interact, work, and socialise [9]. Inevitably a major part of this vision is that artificial intelligence (or even, if Zuckerberg gets his way, artificial general intelligence) will be there to “enhance user experiences”.
Facebook, and now Meta, is surely the canonical example of how a small and seemingly insignificant company from the US east coast has grown in a mere 20 years to become a largely unregulated west coast tech behemoth with over three billion active monthly users [10].
If Facebook was just used for sharing pictures of cats and dogs that would be one thing but, during its short history, it has been found guilty of spreading fake news, changing voting behaviour in key elections around the world, affecting peoples mental health as well as spreading violent and misogynistic (and deepfake) videos.
It seems like we never learn. Governments and legal systems around the world never react fast enough to the pace of technological change and are always playing catchup having to mop up the tech companies misdemeanours after they have occurred rather than regulating against tech companies in the first place. Financial penalties are one thing but these pale into insignificance alongside the gargantuan profits such companies make and anyway, no amount of fines can undo the negative effects they and their leaders have on peoples lives.
So how does the rise of the tech behemoths like Facebook, Google and X presage what might happen in the creative industries and their use of technology, especially AI?
I don’t know what proportion of a Hollywood movies costs goes to actors salaries. It is obviously not the only cost or even the largest cost however with actors like Tom Cruise, Keanu Reeves and Will Smith able to command salaries for a single film in excess of $100M [11] salaries are clearly not insignificant. It must be very tempting for movie producers to be thinking why not invest a bit more in special effects and just create a whole new actor from scratch. After all, that’s precisely what Walt Disney did with Mickey Mouse who never got paid a dime.
How long is it before we cross a red line and a movies special effects goes the whole way and uses CGI to create the characters in a completely AI scripted and generated film? Huge upfront costs (for now, but these will drop) but no ongoing costs of having to pay actors for re-runs or streaming rights etc.
I don’t know how long it might take or whether we will ever get there. Maybe the technology will never be good enough (unlikely) or maybe we will wake up to what we are doing and create some sort of legal/ethical framework that prevents such things occurring (equally unlikely I fear).
We are beginning to rub up against some pretty fundamental questions not just about how we should be using AI, especially in the creative industries, but also what it actually means to be human if we let our machines overwhelm us to the extent that our creative selves are usurped by the very things that creativity has built.
This is a hugely important question which I hope to explore in future posts.
Anyone following the current Web3/cryptocurrency/NFT debate will know that last week 26 computer scientists, software engineers and technologists ‘penned’ a letter to various U.S. Congressional leaders warning them of the risks of a “technology that is not built for purpose and will remain forever unsuitable as a foundation for large-scale economic activity”.
The letter urged the recipients to “resist pressure from digital asset industry financiers, lobbyists, and boosters” and to take an approach that ensures “the technology is deployed in genuine service to the needs of ordinary citizens”.
This is quite an explosive claim and one that has, not unexpectedly, drawn the fire (and the ire) of the Web3 diehards. Some of the less inflammatory comments include:
Their professional work has nothing to do with cryptocurrencies, blockchain or finance so so I’m not seeing why they’re a signatory.
They don’t even have real tech experts they are a joke. Much like… who claims to be a “software engineer” but is spreading an insane amount of disinformation.
Many liars like you… making “assumptions” and “guesses” on something you just don’t understand at all.
… doesn’t want us all to know what a clown they are.
Why don’t you setup a debate and make your points with crypto community.. instead of blatantly spreading half-truths about crypto and their use cases. It’s such a shame that instead of becoming a topic of discussion, you guys want to turn it into us vs them.
Whilst I don’t claim to have the tech credentials of the group who signed this letter, as a former software engineer and software architect with some experience of permissioned blockchains (in a previous life I worked with Hyperledger Fabric) as well as a healthy interest in “responsible tech”, I do feel duty-bound to weigh in here.
First off I absolutely applaud the intent of this letter. I especially agree with “Not all innovation is unqualifiedly good;not everything that we can build should be built”. As a long time advocate (and practitioner) of teaching ethics as part of technology courses I truly believe that all technologists should at least have a basic understanding of value-sensitive design when building new products and services; especially those that have a large software component (and what doesn’t these days).
I also agree with the statement that a blockchain based Web3 is very much a “solution in search of a problem”. To understand why this is the case consider the origins of Bitcoin, still the dominant and arguably most successful use of blockchain to date. Bitcoin was launched in 2008 at the height of the financial crisis with the intent of being “a purely peer-to-peer version of electronic cash [that] would allow online payments to be sent directly from one party to another without going through a financial institution”. In other words, the use case for Bitcoin was to do away with banks and other financial institutions. Given the historical context of the time this may have seemed like a ‘good thing’ however the underlying intent was really to remove the trust that those failing institutions were meant to provide by encoding it in software instead. But is throwing tech at what is basically human and/or systemic failure a good thing and ever going to work out well? As Bruce Schneier (one of the signatories to the letter) says “What blockchain does is shift some of the trust in people and institutions to trust in technology. You need to trust the cryptography, the protocols, the software, the computers and the network”.
Put another way, is building (or trying to) systems that negate the need for trust in human interactions the correct and ethical thing to do? When we try to use technology to patch-up business, regulatory and societal problems then surely our moral compass has become seriously damaged. Yes, it’s a problem but I am not convinced the solution is a read-only, immutable ledger with smart contracts having the final say in what can and cannot be added to the ledger. Maybe the greed and immoral behaviour of the banks is what should really be addressed?
Web3 is sometimes erroneously referred to as the “new Internet” when it is, at best, an iteration of the current Internets application layer adding features such as immutability, decentralisation and smart contracts into the mix. Web3 advocates claim this will lead to a new nirvana that will finally allow content creators to break free from the chains of the Web 2.0 social networks allowing everyone to be recompensed for their work and their art in tokens or cryptocurrencies. For those less enthusiastic, Web3 is a techno-libertarians wet dream which will be no more decentralised, community-driven, secure, and private than anything else that is VC funded.
Whilst it is now de facto the case that Webs 1 and 2 are more or less entirely controlled by a few gatekeeper companies (Google, Facebook, Amazon, Netflix et al) we need to ask who owns or builds the infrastructure that Web3 will depend on and how are these current gatekeepers somehow suddenly going to disappear? Someone still has to build the servers and the chips that go in them, the routers, firewalls and networks that allow the servers to talk to each other and write and operate the software that glues all this hardware together. Is all of this is just going to disappear in Web3 or become open source? No, like it or not, it is going to continue to be controlled by the same large corporations. In addition we are also going to get the new Web3 corporations that are being formed right now by the likes of Jack Dorsey, Balaji Srinavasan, Peter Thiel and Marc Andreessen who are all pumping their millions into this utopianist scheme. They are seeking to control and own Web3, just as they came to own its predecessors and don’t really care who is going to get hurt in the process.
The notion that in Web 3, users and builders alike can earn money and make a good living is pure fantasy. Sure, there are a few well publicised cases of people selling art work as NFTs but these are either established artists who have large followings already or part of elaborate whitewashing schemes that help the already-rich and well-connected (mostly white male collectors collecting other white men) to profit, thus serving as nothing more than a speculative finance instrument that will ultimately crash and burn like all other Ponzi schemes.
We should all be concerned when a small (relatively speaking) group of people are dictating what our society will be like without the majority either understanding or, even worse, caring? A bit like some of the side effects of the web, we’ll only realise when it’s too late (yes, I’m looking at you Facebook/Meta).
But, back to that letter. Although I agree wholeheartedly with its intent what I doubt is the ability of those who it has been sent to in actually being able to do anything about the problem. The letter implores the (US) leaders to “take a truly responsible approach to technological innovation” but is this really going to cut the mustard? After all these same leaders cannot even control guns in their own country so what chance is there in controlling a technology that I imagine most have little or no understanding of?
Further, even if something could be done in the US what chance for the rest of the world? After all, blockchains are hardly just a US phenomenon. The tech hegemony enjoyed by the US is ending and the likes of China and Russia are equally capable of building blockchains. Whilst I agree that we do indeed need to “act now” to protect ourselves this needs to be at a global, not just a US, level. Responsible technologists all over the world need to be highlighting the negative impacts of permissionless blockchains and not just guiding their leaders in how to deal with them but explaining to everyone else what the potential downsides of such technology could be.
In 1939 the scientist Albert Einstein wrote to President Roosevelt warning him of a different technology issue, that of nuclear fission and the fact that Germany may be working on a new weapon that utilised this, the atom bomb. This letter led to the US creating the Manhattan Project which resulted in it developing its own bomb. As we now know the final result of that letter was not great in that it led to the US detonating two such bombs over Hiroshima and Nagasaki in Japan.
In 1939 when Einstein wrote his letter the US had both the power and the money to go it alone in addressing that particular issue. In today’s interconnected world where America’s power is on the wane that is no longer possible. What is needed instead is a global initiative whereby new technologies that could fundamentally reshape our world in a negative way are thoroughly vetted and assessed before they are released on its unsuspecting citizens for it is they, not the VC’s who can afford to splash their billions on these high-risk ventures, who will be the ultimate losers.
So what would I actually do? Three things.
Tech leaders around the world should lobby their political representatives on the potential dangers of Web3 if left to market forces and technologists to design and build.
Everyone needs to educate themselves on at least the basics of this technology as well as the benefits and the dangers.
Education institutions at all levels should instigate basic ethics programmes that teach young people the critical thinking skills needed to understand the potential impacts of technology on their lives to help them decide if that is the kind of world they want to grow up in.
Am I being idealistic? Maybe. At least though what this letter, and hopefully others like it, will do is open up the discussion which we all need to have if we want to have some influence on the the way this life-changing technology will affect us and our children.
The Watching “Eye” of the HAL 9000 Computer from 2001 – A Space Odyssey
I like to think (it has to be!) of a cybernetic ecology where we are free of our labors and joined back to nature, returned to our mammal brothers and sisters, and all watched over by machines of loving grace.
The last verse of Richard Brautigan’s 1967 poem, All Watched Over by Machines of Loving Grace, has a particular resonance during these dark and uncertain times caused by the COVID-19 pandemic[1].
The poem, which was also the name of a BBC documentary series by Adam Curtis[2], speaks of a time when we can return to nature and that mammals and computers will live together in “mutually programming harmony” with machines taking care of all our needs.
Things haven’t quite turned out like that have they?
In some kind of warped way maybe our machines are taking care of our needs but are they things we really need taken care of? If by “meeting our needs” we mean machines whose algorithms predict and dictate our shopping choices (Amazon), influence our voting behaviour (Facebook), satisfy our sexual preferences (Tinder, Grindr) or find us cheap rides and accommodation (Uber and Airbnb) then yes, maybe we have reached a mutually programmed harmony. I’m not sure that is exactly what Brautigan had in mind though.
If we think the “machines of loving grace” part of the poem have not quite happened in the way Brautigan predicted it could be that the “all watched over” part is about to become only too true however.
China, where the current coronavirus variant, SARS-CoV-2 originated, was already building the worlds largest social credit system whereby all citizens are given points from which the authorities make deductions for bad behaviour like traffic violations, and add points for good behaviour such as donating to charity. The full system is being rolled out during this decade at which point all citizens will be forced into using the system and everything from credit worthiness to political allegiance will be ‘measured’, not just by the system but by your peers as well. If trust is broken in one place restrictions will be imposed elsewhere meaning the untrustworthy will have reduced access to everything from jobs, to foreign travel, to bank loans and the internet.
Now, as a way of tracking peoples freedom of movement as its citizens come out of the coronavirus lockdown, the government has, through the ubiquitous Alipay and WeChat platforms, developed a “health code” service. This assigns users a colour-coded status based on their health and travel history plus a QR code that can be scanned by authorities. If you have a green code you are allowed to travel relatively freely. A yellow code indicates that the holder should be in home isolation, and a red code says the user is a confirmed COVID-19 patient and should be in quarantine. In China, which is not exactly known for its liberal attitude toward privacy, this may be acceptable as the price to pay for relative freedom of movement however as talk of such apps being rolled out in western liberal democracies start to become news, its citizens may not be quite as accepting of such uses of private data.
A similar system in South Korea that sends emergency virus text alerts has already revealed some embarrassing revelations about infected people’s private lives. These include a text saying “A woman in her 60s has just tested positive. Click on the link for the places she visited before she was hospitalised.” For many people the texts, whilst intended to be helpful, are creating a climate of concern by revealing a little too much personal information including revelations about extra-marital affairs.
At a country level there are already plentiful supplies of open data that allow apps such as this one to track COVID-19 statistics by country. The fact that we have systems and organisations that publish such data is to be applauded and should be seen as a good thing in providing us all (if we can be bothered to look) with plentiful amounts of data to help us come to our own conclusions and combat the unfortunately equally plentiful supply of fake news that abounds on social media about COVID-19. However once such data starts to get more personal that becomes a different matter.
Dominic Cummings, the Prime Ministers chief advisor, hosted a meeting at Downing Street on 11 March with technology company leaders to see how they could help develop an app to tackle COVID-19 and on Easter Sunday the UK government confirmed plans for an app that will warn users if they have recently been in close proximity to someone suspected to be infected with the coronavirus. Meanwhile Apple and Google have announced a system for tracking the spread of the new coronavirus, allowing users to share data through Bluetooth technology.
Four questions immediately arise from this situation?
Should we trust corporations (especially Apple and Google) to be handling location data identifying where we have travelled and who we might have been close to?
Can we trust the government to handle this data sensitively and with due regard to our privacy?
What happens if not enough people use these apps?
Once the pandemic is over can we trust the government and corporations to disable these functions from our phones and our lives?
Let’s take these one at a time.
First, are Google and Apple to be trusted with our private data? Historically neither exactly have a clean slate when it comes to protecting private data. In 2014 third-party software was used to steal intimate photos of celebrities from Apple’s cloud service iCloud, forcing the company to expand it’s two-step authentication service. More recently Hacker News revealed that Apple suffered a possible privacy breach in 2018 due to a bug in its platform that might have exposed iCloud data to other users.
Google’s failed social networking site Google+, which had already suffered a massive data breach in 2018 that exposed the private data of more than 500,000 Google+ users to third-party developers, was shut down earlier than planned in April 2019 following the discovery by Google engineers of another critical security vulnerability.
Despite the breaches of security suffered by these companies it is probably true to say that they have a deeper understanding of their platforms than most companies and government agencies. Putting something temporary in place during this potentially existential threat to society is probably not a bad thing however what happens once the pandemic is over then becomes critical.
Can we trust governments to behave properly with how they handle this data? Again governments do not have a good track records here. Edward Snowden, in his memoir Permanent Record, reveals the extent of the mass surveillance that was taking place on US citizens by the National Security Agency from 2010 and beyond. If even democratically elected governments do this what chance for the dictatorial regimes of Russia and China? Even during these unprecedented times we should not be too hasty to give away the freedoms that we enjoy today without knowing the extent to which our data could be compromised. As John Naughton explains here there are ways of doing non-intrusive tracking of COVID-19 but to do so our smartphones have to be a bit, well, smarter. This is also a good reason why here in the UK, parliament should be recalled, even in virtual form, to ensure decisions being made in this area are challenged and subject to proper scrutiny.
Next, what happens if not enough people use the apps, either because they don’t trust the government or because not everyone has smartphones or they simply can’t be bothered to install the app and make sure it is active? It is estimated that in order for this to work there must be at least a 60% take up of the app. Can governments somehow enforce its usage and penalise users in someway if they don’t? Maybe they rule that only those who have smartphones with this app installed and active are the ones who will be allowed freedom of movement both to work, socialise and meet with other family members. Whilst this may encourage some to install the app it would alsonput a huge burden on police, the authorities and maybe even your employer as well as shops, bars and restaurants to ensure people moving around or entering their buildings have apps installed. Also, what about people who don’t have smartphones? Smartphone ownership here in the UK varies massively by age. In 2019, 96% of 25-34 year olds owned smartphones whereas as only 55% of 55-64 year olds owned these devices and only 16% (figures only available for 2015) of people over 65 owned them. How would they be catered for?
Finally, what happens when the pandemic is over and we return to relative normality? Will these emergency measures be rolled back or will the surveillance state have irrevocably crept one step closer? Recent history (think 9/11) does not provide much comfort here. As Edward Snowden says about the US:
“The two decades since 9/11 have been a litany of American destruction by way of American self-destruction, with the promulgation of secret policies, secret laws, secret courts, and secret wars, whose traumatising impact – whose very existence – the US government has repeatedly classified, denied, disclaimed, and distorted.”
Will our governments not claim there will always be a zoonotic-virus threat and that the war against such viruses, just like the “war on terror” will therefore be never ending and that we must never drop our guard (for which read, we must keep everyone under constant surveillance)?
An open letter published by a group of “responsible technologists” calls upon the NHSX leadership and the Secretary of State for Health and Social Care to ensure new technologies used in the suppression of Coronavirus follow ethical best practice and that if corners are cut, the public’s trust in the NHS will be undermined. The writer Yuval Noah Harari, who is quoted in the open letter by the data campaigners, warns that such measures have a nasty habit of becoming permanent. But he also says this: “When people are given a choice between privacy and health, they will usually choose health.”
Once the surveillance genie has been let out of its bottle it will be very difficult to squish it back in again allowing us to return to times of relative freedom. If we are not careful those machines which are watching over us may not be ones of loving grace but rather ones of mass surveillance and constant monitoring of our movements that make us all a little less free and a little less human.
COVID-19 is the disease caused by the 2019 novel coronavirus or to give it its World Health Organisation designated namesevere acute respiratory syndrome coronavirus 2 or SARS-CoV-2.
No longer available on the BBC iPlayer but can be found here.
This is meant to be a blog about technology not politics but forgive me if I deviate slightly from the norm to comment on probably the most dramatic event in the UK since the war. At around 6am this morning it was officially announced that 51.9% of the UK had voted to leave the European Union. Within minutes the pound went into free fall and the FTSE 100 index fell by more than 8%. Just before 9am the prime minister, David Cameron, resigned saying he would step down in October by the time of the Conservative party conference.
As I sit here typing this, I look out of the window at my garden, the sun is shining and nothing much seems to have changed since yesterday. For my generation, the one that had free university education, final salary pensions and the ability to fairly easily get on the housing ladder probably not a lot will change. In the short term our investments will go down, our houses may decrease in value and our German cars may become more expensive but in what time we have left on this earth I’m pretty sure we will not find ourselves starving or homeless.
For the millennial and subsequent generations however this may not be the case. This is the generation that is already drowning in student debt with little ability to buy their own houses and have a secure future. As a parting blow to that generation* we have now taken away their right to the freedom of movement to live and work in 27 other European countries. We are about to remove the protections they have from European laws covering their human and working rights and we are threatening to cut off the free flow of immigration that has contributed both economically and culturally to the lifeblood of this country, certainly in my lifetime. All for what? To save ourselves £8 Billion a year which for even a higher rate tax payer only equates to something like £100 a year in income tax and National Insurance.
So what to do? As my friend Jeremy Walker says in this post let’s use this time to take stock of where we are and where we want to go as a nation. Let’s not allow the nationalists and “little Englanders”to dictate our future. As this referendum has shown, politics is important and impacts all of our lives. One week ago a British politician was murdered because what she believed in did not tie in with the beliefs of someone else. Hopefully that is an isolated incident that will not be repeated. As a nation we now need to work together more than ever if we are to navigate our way through the choppy waters we are all going to face for the coming months and years.
Just a few short weeks ago I and several hundred other people attended TEDx Brum where the theme was the Power Of Us. In both the speakers and the attendees it was heartening to see such an array of ages, gender, race, genre and opinions – diversity in every spectrum that all fed into the aim of the conference. After yesterdays historic and game changing referendum result we now need more than ever “the power of us” to pull together as a nation and to work with, rather than against each other.
Last Saturday (11th June) Birmingham held its very own TED conference, TEDx Brum – Power of Us, at its Town Hall in Victoria Square. To say this was one of the most incredibly well organised events I have ever attended is a major, major understatement. Everything about TEDx Brum was just superbly well designed; from the beautifully laid out and printed program of events (below) to the military like precision of the event itself where a continuous stream of speakers and performers came out on stage and wow’ed the audience with their passion and the power of their messages.
Lauren Currie, one of the speakers at this years conference, has summarised why this event was so different and greater than its #PowerOfUs hashtag here. For me, her point ‘no painting-by-numbers’ really sums up why this was such a different conference from ones I, and I’m sure many others at the event, have attended before.
“It was a conference that wasn’t about ‘meeting new people’ or ‘learning new things’ – which are very middle-class objectives for actions. Nobody had an objective of getting new business cards. No speaker had slides full of ‘tweetable wisdom’. These weren’t presentations that had been done a thousand times before to a thousand different conference halls – this was new and real. There was no existing structures justifying themselves. Only the new, the vibrant and the experimental – at a stage where we can start to test and adjust and adapt and copy.”
Anyone who has watched a TED talk at ted.com will know that the presentation skills of the speakers are absolutely top-notch and something any of us that does public speaking, no matter how small or large the audience, aspires too. I can honestly say that every single one of the speakers and performers at TEDx Brum could easily have presented at a full blown TED and exceeded the very considerable speaking skills of those presenters. Whether it was @AdnanSharif1979 telling us about the horrors of forced organ donation (and why we should all sign up to be organ donors), @AnisaHaghdadi, founder of @beatfreeks telling us we needed to “build the thing that builds more things” or the heartfelt and incredibly brave talk by @JayneHardy, founder of Blurt who got a standing ovation for speaking about her own struggles with depression, everyone spoke with total and absolute passion and dedication to their own cause as well as the wider one of unleashing the #PowerOfUs.
As @ImmyKaur the curator of TEDx Brum says in her introduction to this years conference:
“Birmingham is an archetype of the future many cities face. This future will not come without hard work, disruption and genuine collaboration. We will need to come together across our traditional sectors and divides to create, imagine and build the future together. We must unleash the true #PowerOfUs to catalyse this transformation.”
There are lots of truly amazing things happening in Birmingham right now. I was part of an event a few weeks ago whose aim is to pull together the tech community in Birmingham and its wider surrounds. All of these strands need to come together to make the change that this great city deserves and which is long overdue. Here’s to the #PowerOfUs and all the great people in Birmingham that are making this happen.
I’ve recently been spending a fair bit of time in hospital. Not, thankfully, for myself but with my mother who fell and broke her arm a few weeks back which has resulted in lots of visits to our local Accident & Emergency (A&E) department as well as a short stay in hospital whilst they pinned her arm back in place.
An elderly gentleman walks past an NHS hospital sign in London. Photograph: Cate Gillon/Getty Images
Anyone who knows anything about the UK also knows how much we value our National Health Service (NHS). So much so that when it was our turn to run the Olympic Games back in 2012 Danny Boyle’s magnificent opening ceremony dedicated a whole segment to this wonderful institution featuring doctors, nurses and patients dancing around beds to music from Mike Oldfield’s Tubular Bells.
Olympic Opening Ceremony NHS Segment – Picture Courtesy the International Business Times
The NHS was created out of the ideal that good healthcare should be available to all, regardless of wealth. When it was launched by the then minister of health, Aneurin Bevan, on July 5 1948, it was based on three core principles:
that it meet the needs of everyone
that it be free at the point of delivery
that it be based on clinical need, not ability to pay
These three principles have guided the development of the NHS over more than 60 years, remain at its core and are embodied in its constitution.
NHS net expenditure (resource plus capital, minus depreciation) has increased from £64.173 billion in 2003/04 to £113.300bn in 2014/15. Planned expenditure for 2015/16 is £116.574bn.
Health expenditure (medical services, health research, central and other health services) per capita in England has risen from £1,841 in 2009/10 to £1,994 in 2013/14.
The NHS net deficit for the 2014/15 financial year was £471 million (£372m underspend by commissioners and a £843m deficit for trusts and foundation trusts).
Current expenditure per capita for the UK was $3,235 in 2013. This can be compared to $8,713 in the USA, $5,131 in the Netherlands, $4,819 in Germany, $4,553 in Denmark, $4,351 in Canada, $4,124 in France and $3,077 in Italy.
The NHS also happens to be the largest employer in the UK. In 2014 the NHS employed 150,273 doctors, 377,191 qualified nursing staff, 155,960 qualified scientific, therapeutic and technical staff and 37,078 managers.
So does it work?
From my recent experience I can honestly say yes. Whilst it may not be the most efficient service in the world the doctors and nurses managed to fix my mothers arm and hopefully set her on the road to recovery. There have been, and I’m sure there will be more, setbacks but given her age (she is 90) they have done an amazing job.
Whilst sitting in those A&E departments whiling away the hours (I did say they could be more efficient) I had plenty of time to observe and think. By its very nature the health service is hugely people intensive. Whilst there is an amazing array of machines beeping and chirping away most activities require people and people cost money.
The UK’s health service, like that of nearly all Western countries, is under a huge amount of pressure:
The UK population is projected to increase from an estimated 63.7 million in mid-2012 to 67.13 million by 2020 and 71.04 million by 2030.
The UK population is expected to continue ageing, with the average age rising from 39.7 in 2012 to 42.8 by 2037.
The number of people aged 65 and over is projected to increase from 10.84m in 2012 to 17.79m by 2037. The number of over-85s is estimated to more than double from 1.44 million in 2012 to 3.64 million by 2037.
The number of people of State Pension Age (SPA) in the UK exceeded the number of children for the first time in 2007 and by 2012 the disparity had reached 0.5 million (though this is projected to reverse by).
There are an estimated 3.2 million people with diabetes in the UK (2013). This is predicted to reach 4 million by 2025.
In England the proportion of men classified as obese increased from 13.2 per cent in 1993 to 26.0 per cent in 2013 (peak of 26.2 in 2010), and from 16.4 per cent to 23.8 per cent for women over the same timescale (peak of 26.1 in 2010).
The doctors and nurses that looked after my mum so well are going to be coming under a increasing pressures as this ageing and less healthy population begins to suck ever more resources out of an already stretched system. So why, given the passion everyone has about the NHS, isn’t there more of a focus on getting technology to ease the burden of these overworked healthcare providers?
Part of the problem of course is that historically the tech industry hasn’t exactly covered itself with glory when it comes to delivering technology to the healthcare sector (I’m thinking the NHS National Programme for IT and the US HealthCare.gov system as being two high profile examples). Whilst some of this may be due to the blunders of government much of it is down to a combination of factors caused by both the providers and consumers of healthcare IT mis-communication and not understanding the real requirements that such complex systems tend to have.
Have a clear monetization strategy and understand your customers’ willingness-to-pay.
Know the rules and regulations.
Figure out what your unfair competitive advantage is.
Of course, these are strategies that actually apply to any industry when trying to bring about innovation and disruption – they are not unique to healthcare. I would say that when it comes to the healthcare industry the reason why there has been no Uber is because the tech industry is ignoring the generation that is in most need of benefiting from technology, namely the post 65 age group. This is the age group that struggle most with technology either because they are more likely to be digitally disadvantaged or because they simply find it too difficult to get to grips with it.
“Venture capitalists are too busy investing in Uber and things that get virality. The reality is that selling to older people is harder, and if venture capitalists detect resistance, they don’t invest.”
Matters are not helped by the fact that most tech entrepreneurs are between the ages of 20 and 35 and have different interests in life than the problems faced by the aged. As this article by Kevin Maney in the Independent points out:
“Entrepreneurs are told that the best way to start a company is to solve a problem they understand. It makes sense that those problems range from how to get booze delivered 24/7 to how to build a cloud-based enterprise human resources system – the tangible problems in the life and work of a 25- or 30-year-old.”
If it really is the case that entrepreneurs only look at problems they understand or are on their immediate event horizon then clearly we need more entrepreneurs of my age group (let’s just say 45+). We are the people either with elderly parents, like my mum, who are facing the very real problems of old age and poor health and who themselves will very soon be facing the same issues.
“For healthcare in particular, the timing for a game changer couldn’t be better. The industry is coping with upheaval triggered by varied economic, societal and industry influences. Empowered consumers living in an increasingly digital world are demanding more from an industry that is facing growing regulation, soaring costs and a shortage of skilled resources.”
Rather than fearing the new generation of cognitive systems we need to be embracing them and ruthlessly exploiting them to provide solutions that will ease all of our journeys into an ever increasing old age.
At SXSW, which is running this week in Austin, Texas IBM is providing an exclusive look at its cognitive technology called Watson and showcasing a number of inspiring as well as entertaining applications of this technology. In particular on Tuesday 15th March there is a session called Ageing Populations & The Internet of Caring Things where you can take a look at accessible technology and how it will create a positive impact on an aging person’s quality of life.
Also at SXSW this year President Obama gave a keynote interview where he called for action in the tech world, especially for applications to improve government IT. The President urged the tech industry to solve some of the nation’s biggest problems by working in conjunction with the government. “It’s not enough to focus on the cool, next big thing,” Obama said, “It’s harnessing the cool, next big thing to help people in this country.”
President Barack Obama speaks during the 2016 SXSW Festival at Long Center in Austin, Texas, March 11, 2016. PHOTO: NEILSON BARNARD/GETTY IMAGES FOR SXSW
It is my hope that with the vision that people such as Obama have given the experience of getting old will be radically different 10 or 20 years from now and that cognitive and IoT technology will make all of out lives not only longer but more more pleasant.
* Unicorns are referred to companies whose valuation has exceeded $1 billion dollars.
… for everyone to predict what will be happening in the world of tech in 2016. Here’s a roundup of some of the cloud and wider IT predictions that have been hitting my social media feeds over the last week or so.
Hybrid will become the next-generation infrastructure foundation.
Security will continue to be a concern.
We’re entering the second wave of cloud computing where cloud native apps will be the new normal.
Compliance will no longer be such an issue meaning barriers to entry onto the cloud for most enterprises, and even governments, will be lowered or even disappear.
Containers will become mainstream.
Use of cloud storage will grow (companies want to push the responsibility of managing data, especially its security, to third parties).
Momentum of IoT will pick up.
Use of hyper-converged (software defined infrastructure) platforms will increase.
Next up IBM’s Thoughts on Cloud site has a whole slew of predictions including 5 reasons 2016 will be the year of the ‘new IT’ and 5 digital business predictions for 2016. In summary these two sets of predictions believe that the business will increasingly “own the IT” as web scale architectures become available to all and there is increasing pressure on CIOs to move to a consumption based model. At the fore of all CxO’s minds will be that digital business strategy, corporate innovation, and the digital customer experience are all mantras that must be followed. More ominous is the prediction that there will be a cyber attack or data breach in the cloud during 2016 as more and more data is moved to that environment.
No overview of the predictors would be complete without looking at some of the analyst firms of course. Gartner did their 2016 predictions back in October but edged their bets by saying they were for 2016 and beyond (actually until 2020). Most notable, in my view, of Gartner’s predictions are:
By 2018, six billion connected things will be requesting support.
By 2018, two million employees will be required to wear health and fitness tracking devices as a condition of employment.
Through 2020, 95 percent of cloud security failures will be the customer’s fault
Forrester also edged their predictive bets a little by talking about shifts rather than hard predictions.
Shift #1 – Data and analytics energy will continue drive incremental improvement.
Shift #2 – Data science and real-time analytics will collapse the insights time-to-market.
Shift #3 – Connecting insight to action will only be a little less difficult.
To top off the analysts we have IDC. According to IDC Chief Analyst Frank Gens:
“We’ll see massive upshifts in commitment to DX [digital transformation] initiatives, 3rd Platform IT, the cloud, coders, data pipelines, the Internet of Things, cognitive services, industry cloud platforms, and customer numbers and connections. Looked at holistically, the guidance we’ve shared provides a clear blueprint for enterprises looking to thrive and lead in the DX economy.”
Predictions are good fun, especially if you actually go back to them at the end of the year and see how many things you actually got right. Simon Wardley in his excellent blog Bits or pieces? has his own predictions here with the added challenge that these are predictions for things you absolutely should do but will ignore in 2016. Safe to say none of these will come true then!
The role of the Security Chief will include risk and culture.
Process, process, process will become a fundamental aspect of your security strategy.
Phishing-Data Harvesting will grow in sophistication and catch out even more people.
The ‘insider threat’ continues to haunt businesses.
Internet of Things and ‘digital exhaust’ will render the ‘one policy fits all’ approach defunct.
Finally here’s not so much a prediction but a challenge for 2016 for possibly one of the most hyped technologies of 2015: Why Blockchain must die in 2016.
So what should we make of all this?
In a world of ever tighter cost control and IT having to be more responsive than ever before it’s not hard to imagine that the business will be seeking more direct control of infrastructure so it can deploy applications faster and be more responsive to its customers. This will accentuate more than ever two speed IT where legacy systems are supported by the traditional IT shop and new, web, mobile and IoT applications get delivered on the cloud by the business. For this to happen the cloud must effectively ‘disappear’. To paraphrase a quote I read here,
“Ultimately, like mobile, like the internet, and like computers before that, Cloud is not the thing. It’s the thing that enables the thing.”
Once the cloud really does become a utility (and I’m not just talking about the IaaS layer here but the PaaS layer as well) then we can really focus on enabling new applications faster, better, cheaper and not have to worry about the ‘enabling thing’.
Part of making the cloud truly utility like means we must implicitly trust it. That is to say it will be secure, it will recognise our privacy and will always be there.
Hopefully 2016 will be the year when the cloud disappears and we can focus on enabling business value in a safe and secure environment.
This leaves us as architects with a more interesting question of course? In this brave new world where the business is calling the shots and IT is losing control over more and more of its infrastructure, as well as its people, where does that leave the role of the humble architect? That’s a topic I hope to look at in some upcoming posts in 2016.
Happy New Year!
2015-12-31: Updated to add reference to Simon Wardley’s 2016 predictions.
I’ve lost track of the number of times I’ve been asked this question over the last 12 months. Everyone from CIO’s of large organisations through small startups and entrepreneurs, academics and even family members has asked me this when I tell them what I do. Not surprisingly it gets asked a lot more when hacking is on the 10 o’clock news as it has been a number of times over the last year or so with attacks on companies like TalkTalk, iCloud, Fiat Chrysler and, most infamously, Ashley Madison.
I’ve decided therefore to research the facts around cloud and security and even if I cannot come up with the definitive answer (the traditional answer from an architect about any hard question like this usually being “it depends”) at least point people who ask it to somewhere they can find out more information and hopefully be more informed. That is the purpose of this post.
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
Note that that this definition makes no statement about who the cloud service provider actually is. This definition allows for clouds to be completely on premise (that is, within a companies own data centre) and managed by companies whose business is not primarily that of IT just as much as it could be the big ‘public’ cloud service providers such as Microsoft, IBM, Amazon and Google to name but four. As long as there is network access and resources can be rapidly provisioned then it is a cloud as far as NIST is concerned. Of course I suspect the subtleties around this are lost when most people ask questions about security and the cloud. What they are really asking is “is it safe to store my data out on the internet” to which the answer very much is “it depends”.
So, let’s try to get some hard data on this. The website Hackmageddon tracks cyber attacks around the world and publishes twice monthly statistics on who is being hacked by whom (if known). Taking at random the month of August 2015 there were 79 recorded cyber attacks by Hackmageddon (which as the website points out could well be the tip of a very large iceberg as many companies do not report attacks). Of these there seem to be no attacks that are on systems provided by public cloud service providers but the rub here of course is that it is difficult to know who is actually hosting the site and whether or not they are clouds in the NIST definition of the word.
To take one example from the August 2015 data the UK website Mumsnet suffered both a distributed denial of service (DDoS) attack and a hack where some user data was compromised. Mumsnet is built and hosted by the company DSC a hosting company not a provider of cloud services according to the NIST definition. Again this is probably academic as far as the people affected by this attack are concerned. All they know is their data may have been compromised and the website was temporarily offline during the DDoS attack.
Whilst looking at one month of hacking activity is by no stretch of the imagination representative it does seem that most attacks identified were against private or public companies, that is organisations or individuals that either manage their own servers or use a hosting provider. The fact is that when you give your data away to an organisation you have no real way of knowing where they will be storing that data or how much security that organisation has in place (or even who they are). As this post cites the biggest threat to your privacy can often come from the (mis)practices of small (and even not so small) firms who are not only keeping sensitive client information on their own servers but also moving it onto the cloud, even though some haven’t the foggiest notion of what they’re doing.
As individuals and companies start to think more about storing information out in the cloud they should really be asking how cloud service providers are using people, processes and technology to defend against attackers and keep their data safe. Here are a few things you should ask or try to find out about your cloud service provider before entrusting them with your data.
Let’s start with people. According to IBM’s 2014 Cyber Security Intelligence Index 95% of all security incidents involve human error. These incidents tend to be security attacks from external agents who use “human weakness” in order to lure insiders within organisations to unwittingly provide them with access to sensitive information. A white paper from the data security firm Vormetric says that the impacts of successful security attacks involving insiders are exposure of sensitive data, theft of intellectual property and the introduction of malware. Whilst human weakness can never be completely eradicated (well not until humans themselves are removed from data centres) there are security controls that can be put in place. For example insider threats can be protected against by adopting best practice around:
User activity monitoring
Proactive privileged identity management
Separation-of-duty enforcement
Implementing background checks
Conducting security training
Monitoring suspicious behaviour
Next cloud providers need to have effective processes in place to ensure that the correct governance, controls, compliance and risk management approaches are taken to cloud security. Ideally these processes will have evolved over time and take into account multiple different types of cloud deployments to be as robust as possible. They also need to be continuously evolving. As you would expect there are multiple standards (e.g. ISO 27001, ISO 27018, CSA and PCI) that must be followed and good cloud providers will publish what standards they adhere to as well as how they comply.
Finally what about technology? It’s often been said that internet security is a bit like an arms race where the good guys have to continuously play catch up to make sure they have better weapons and defences than the bad guys. As hacking groups get better organised, better financed and more knowledgable so security technology must be continuously updated to stay ahead of the hackers. At the very least your cloud service provider must:
Manage Access: Multiple users spanning employees, vendors and partners require quick and safe access to cloud services but at the same time must have the right security privileges and only have access to what they are authorised to see and do.
Protect Data: Sensitive data must be identified and monitored so developers can find vulnerabilities before attackers do.
Ensure Visibility: To remain ahead of attackers, security teams must understand security threats happening within cloud services and correlate those events with activity across traditional IT infrastructures.
Optimize Security Operations: The traditional security operations center (SOC) can no longer operate by building a perimeter firewall to keep out attackers as the cloud by definition must be able to let in outsiders. Modern security practices need to rely on things like big data analytics and threat intelligence capabilities to continuously monitor what is happening and respond quickly and effectively to threats.
Hopefully your cloud service provider will have deployed the right technology to ensure all of the above are adequately dealt with.
So how do we summarise all this and condense the answer into a nice sentence or two that you can say when you find yourself in the dreaded elevator with the CIO of some large company (preferably without saying “it depends”)? How about this:
The cloud is really a data centre that provides network access to a pool of resources in a fast and efficient way. Like any data centre it must ensure that the right people, processes and technology are in place to protect those resources from unauthorised access. When choosing a cloud provider you need to ensure they are fully transparent and publish as much information as they can about all of this so you can decide whether they meet your particular security requirements.
So, the future has finally arrived and today is ‘Back to the Future Day‘. Just in case you have missed any of the newspaper, internet and television reports that have been ‘flying’ around this week, today is the day that Marty McFly and Doc Brown travel to in the 1980s movie Back To The Future IIas dialled into the very high-tech (I love the Dymo labels) console of the modified (i.e. to make it fly) Delorean DMC-12 motor car. As you can see the official time we can expect Marty and Doc Brown to arrive is (or was) 04:29 (presumably that’s Pacific Time).
Back to the Future Delorean Display
Depending on when you read this therefore you might still get a chance to watch one of the numerous Marty McFly countdown clocks hitting zero.
Most of the articles have focussed on how its creators did or didn’t get the technology right. Whilst things like electric cars, wearable tech, drones and smart glasses have come to fruition what’s more interesting is what the film completely missed i.e. the Internet, smartphones and all the gadgets which we now take for granted thanks to a further 30 years (i.e. since 1985, when the first film came out) of Moore’s Law.
Coincidentally one day before ‘Back to the Future’ day I gave a talk to a group of university students which was focussed on how technology has changed in the last 30 years due to the effects of Moore’s Law. It’s hard to believe that back in 1985, when the first Back to the Future film was released, a gigabyte of hard disk storage cost $71,000 and a megabyte of RAM cost $880. Today those costs are 5 cents and a lot less than 1 cent respectively. This is why it’s now possible for all of us to be walking around carrying smart devices which have more compute power and storage than even the largest and fastest super computers of a decade or so ago.
It’s also why the statement made by Jim Deters, founder of the education community Galvanise, is so true, namely that today:
“Two guys in a Starbucks can have access to the same computing power as a Fortune 500 company.”
Today anyone with a laptop, a good internet connection and the right tools can set themselves up to disrupt whole industries that once seemed secure and impeneterable to newcomers. These are the disruptors who are building new business models that are driving new revenue streams and providing great, differentiated client experiences (I’m talking the likes of Uber, Netflix and further back Amazon and Google). People use the term ‘digital Darwinism’, meaning the phenomenon of technology and society evolving faster than an organization can adapt, to try and describe what is happening here. As Charles Darwin said:
“It’s not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.”
Interestingly IBM is working with Galvanise in San Francisco at its Bluemix Garage where it brings together entrepreneurs and start ups, as well as established enterprises, to work with new platform as a service (PaaS) tools like IBM Bluemix, Cloudant and Watson to help them create and build new and disruptive applications. IBM also recently announced its Bluemix Garage Method which aims to combine industry best practices on Design Thinking, Lean Startup, Agile Development, DevOps, and Cloud to build and deliver innovative and disruptive solutions.
There are a number of Bluemix Garages opening around the world (currently they are in London, Toronto, Nice and Melbourne) as well as local pop-up garages. If you can’t get to a garage and want to have a play with Bluemix yourself you can sign up for a free registration here.
It’s not clear how long Moore’s Law has left to run and whether non-silicon based technologies, that overcome some of the laws of physics that are threatening the ongoing exponential growth of transistors in chips, will ever be viable. It’s also not clear how relevant Moore’s Law actually is in the age of Cloud computing. One thing that is certain however is that we already have access to enough technology and tools that mean we are only limited by our ideas and imaginations in creating new and disruptive business models.
Now, where did I leave my hoverboard so I can get off to my next meeting.
Software Architecture Zen 