Saturday, 30 June 2012

A response to change

This is my first response to my post “Where have all the unskilled jobs gone?

It concerns paper mills and workers related to the person who responded.

I am but offering a prediction. An informed one yes, but an extrapolation.

The problem with the statement, " Big data/automation cannot replace the human element when it comes to crafting and dealing with physical manufacturing processes." Is that this is already occurring. The issue is not if this is possible, but can it be achieved cost effectively. There are already plants that offer light's out automation. It is not science fiction, it is a process that has already started and is being taken up more and more in new plants each day.

Blacksmiths, farriers and many trades have passed. These have been skilled trades that many thought could never be replaced. Computers were people once. These rooms of people would add and do calculations (even log charts) for many purposes including shipping. They were essential. In a matter of years they became obsolete and have been completely replaced by newer technologies.

For these people, it is a tragedy. More so when they do not see and react to the changes until too late.

With forethought, we can plan and be prepared.

The shame in what you have written and the true tragedy is that you have told of a dying industry. Paper plants are already becoming automated. More importantly, paper has a shelf life. We will not be using the vast volumes of paper forever.

I have linked a paper ( This is on Complete automation on paper mill warehouses. It is a decade and more old already. Old mills will be replaced slowly, new mills will start more and more to become completely automated.

We can be angry at these changes and want to have a world where we know what we do now will be a role our children may also move into, but this is not going to be the case.

The economics of machines becoming less expensive and people more allow only one determination. These types of industry will change and manual labour will vanish. For those in these industries, it is a tragedy. For the whole of society, we have more at a lower cost. I am sorry for their loss, but the gain to the many exceeds the costs.

The tragedy is not new. Just as blacksmiths and farriers bemoaned the losses they experienced, so too will many alive now.

Friday, 29 June 2012

The nature of Information Security (#infosec)

As with all aspects of business and the economy, information security is an economic function. Security can be modeled as a maintenance or insurance cost as a relative function but never in absolute terms. As such, security can be seen as a cost function that leads to the prevention of loss, but not one that can create gains (or profit). With the role of a capital investment to provide a return on investment, security is a defense against unforeseen losses that cost capital and reduce profitability.

The sanctioned lack of sharing limits the ability of markets to operate and hence to create an optimal price mechanism. From this, “Black Markets” arise where cybercrime, terror groups and other less desired elements openly disseminate vulnerabilities, exploits and compromised systems. As these groups can be shown to act rationally in the pursuit of profit maximization, the only effective long term risk minimization strategy is to reduce the incentives by making cybercrime less profitable.

The three classes of event that lead to a system being vulnerable to attack and compromise are all derived from either:

1. Human,
2. Design (or architectural), and
3. Software risks.

All risks to an information system can be expressed as a function of these three factors.

Hence, any exercise in measuring risk in an information system is an exercise in constructing systems that work within psychologically acceptable bounds.

Only when we address each of these will we make headway in the creation of economically rational risk minimization systems.

Planning in Security

Planning the Security engagement (Be it an Audit, Pen Test or review)

Security testing is a project. Treat it as one.

As the project owner, you should plan your own project. Adequate planning should include consideration of:
•    Communication with all who need to know about the engagement.
•    Any personnel to be used on the assignment
•    Background information on the customer.
•    Work to be done and the general approach.
•    The format and general content of the report to be issued.

Planning is important to ensure that results will reflect the objectives of the project.

The planning should be documented and should include:
•    Establishing engagement objectives and scope of work.
•    Obtaining background information about what is to be reviewed.
•    Determining the resources necessary to perform the audit.
•    Communication with all who need to know about the review.
•    Performing, as appropriate, an on site survey to become familiar with activities and services to be reviewed, to identify areas for emphasis, and to invite customer comments and suggestions.
•    Determine how, when, and to whom results will be communicated.
•    Obtaining approval of the work plan from all concerned parties.

My University Journey.

24 years in University and still going strong.

In my manically crazy and insane attempt to become so over-educated I cannot ever be employed in the real world I have now been officially told I have completed all requirements for the SANS Masters In Science degree in Information Systems Engineering (MSISE). For more information on the SANS Technology Institutes program, see the link.

It is a great program and one I will recommend. Here we have one down… many to go. Now I can concentrate on my second doctorate and on completing this later in the year. The research has been completed, there are around 15 papers that have been published as a result of this study and I am in the process of writing the thesis. Always a fun time.

My insanity comes from having done this before and now doing it again. I guess I am a glutton for punishment. Right now, I work for CSCSS and Charles Sturt University. Basically, I am a teacher and researcher (and writer) as I have taken myself to the point of being insanely over-qualified (and loving every minute of this).

This makes degree No. 15 complete. All’s well and I will be at the SANS Network Security Las Vegas graduation ceremony the evening of Friday, Sep 21, 2012.

That now gives me the following post graduate qualifications related to my work (post graduate only these days):

  1. CSU 5723SS Master of Information Systems Security
  2. CSU 2715IT Master of Management (Information Technology)
  3. CSU 2723SS Master of Information Systems Security
  4. CSU 5721NS Master of Networking and System Administration
  5. Newcastle University Master of Statistics (MStat)
  6. Northumbria University Master of Law (LLM)
  7. STI Master of Science (Information Systems Engineering) MSISE

I also have other qualifications, but these have little or no impact with regards to security. There are also some seeming double-ups, but the fact of the matter is that security is a wide field and training in software development does little to aid in understanding networked systems.

And later this year I complete the following:

  • CSU 2722SD Master of Systems Development
  • CSU PhD (Quantification of Information Systems Risk)

I should have already completed the Masters in System Development, it is all but one subject done and I could do that any time. Unfortunately the University discovered I was doing a Masters and a PhD at the same time and placed me on hold. Such is life.

So, next year it is looking for new fields of study and so far it looks like the masters degree in epidemiology at University College London.

Basically, applying virus and disease research to malware.

Well… back to it.

Thursday, 28 June 2012

Reversing Code Lecture 8

Here is the link to the files:


There is a Word document. Follow this through. You should be able to do this process. Contact me if you have difficulty.

Scope also covers time in security engagements

Security engagements such as audits, pen tests and reviews should be treated as a project. Ensure that you have accounted for time and maintain metrics to report on time usage. Following an engagement or project these metrics can be used to see where overruns occurred and determine if inefficiencies exist. There are a number of reasons for this other than just a simple answer of budgeting. One of these is the ability to audit the engagement or project. We can baseline the audit process itself and consequently use these metrics to both improve the process and aid in our determination problem areas.

In the event that a particular phase or engagement or project test takes far longer in one system or department within an organization then the others we can use the metrics to help point this problem out. This also provides ammunition if we need to go to management to solve the problem.

The old adage that time equals money is true in audit and compliance just as much as any other area of within business. The more efficiently we run our security program, the more effective it will be. This does not mean that we run our testing as quickly as possible as it would take instead as efficiently as possible. It is no good quickly running an ineffective test in half the time but it would take to run correctly if it does not give us the results we need. Similarly if we spend too much time auditing a system seeking perfection we will leave little or no time to audit any other systems.

Some of the aspects of time that need to be considered in the project include:

  • How long the security project will take
  • How long will it take to rectify major and minor problems
  • How long before we issue the report and how long will it be left with management before we meet with them
  • How much time it takes to run a test
  • How much time we take away from other people in the organization.

Time comes with a cost. When interviewing or working with others such a system administrators we have to remember that we are taking up their time. This is a cost. One of the reasons for collecting metrics about the project is to be able to assess the real cost of conducting the exercise. A further benefit is that this information may be used to justify the purchase or inclusion of commercial automated tools.

Weighing the cost of a system administrator who has to run a particular test several times a year to validate a control will be based on the cost of their time. If for instance they spend 100 hours a year running particular control tests and they are paid a rate of $175 per hour including benefits and office costs, the control test has cost the organization at least $17,500. If the job is particularly boring or undesirable the cost may be higher due to staff turnover. If the time to conduct these tests was cut to 40 hours per year with the purchase of a tool that cost $6,000 we have an initial saving of $11,500 with potentially greater savings in future years.

Wednesday, 27 June 2012

Researching security engagements

There are many places that the security tester needs to go to when researching prior to an audit. Some of the key research areas include:

  • The organizational policy and procedural framework as well as any standards and implementation guidelines used
  • The organization’s mission statement
  • Industry best practice guidelines
  • Legislation, regulations or standards that apply to the organization
  • Audit frameworks and guidelines including generic checklists and system specific standards and checklist from organizations such as CIS, SANS, NIST, DISA and others
  • Internal knowledge within the organization

Research is generally one of the more time-consuming aspects of both audit and security review . Successfully planning the audit, penetration test or review and in creating the checklist and scope prior to commencement will save time. Many people skimp on research time believing that they can make it up during the process. This is a fallacy. Treat any security process as a project. Although the scope may change their needs to be reasons for this change and it needs to be agreed and documented. The best way to ensure that this will occur is to formalize the process. The best way to formalize the process is to start by researching the engagement.

Even when you’re auditing or testing security the same systems research is critical. If you come back six months or a year later there will be additional vulnerabilities, frameworks may have changed, policies could be updated, legislation could come into effect and many other constraints that affect the system could now apply. A common mistake in both audits and penetration tests is to assume that nothing has changed and rerun the process using a prior scope and checklist without reviewing and updating the scope of work where needed.

The research stage provides all the material for our “How To” guidelines. Each time an audit has been conducted this material should be saved. Although it needs to be updated every time an audit occurs not all of the material will change and in fact much of what we have done compiled will also apply to other systems within an organization.

Citing references also provides authority. Psychologically people react to authority and the addition of external references makes it more likely that the report produced from the security engagement will be accepted and a fewer scope changes will occur.

Economic convergence

In a previous post I noted how the world of automation is already changing society.

Having a bent for math and statistics, I decided to take a look at comparing a couple of the jobs I mentioned in that post.

Service Workers
I started with the total costs with a prediction based on past increases for fast food workers. The data is sourced from the US Dept. of Labor and the statistics are publically available there.

The time range is from 1990 to 2025. The top of the green section provides a 5% confidence interval for the high range of total employee costs (holidays, sick days, etc.) The lower range (above the blue section) is the lower range 5% salary.

I have done the same based on calculations of robotic costs from a number of industrial robotic corporations. These range from ones I have noted and include those such as iRobot.

We see in the graph below that the overlap has already occurred.

This is much clearer in the following display where we have only the mean costs for workers and robotic devices compared.

From this, we can see that the cost of using people in the fast food industry was actually greater than automation from 2009.

We can expect those new automated systems to start moving into the city ecosystem very quickly as new markets open and the economics start to be seen.

This is of course one of the reasons some other parts of society have been changing. All of the following organizations also fall into the non-economically viable category already and would actually make more sense as an automate system:
  • Video Stores
  • Music stores
  • Book stores
  • Super Markets
  • Fast food
One reason we are not here at this point is the sunk costs that have already been invested. These existing stores and franchises do make money (although at a greater overhead) and there are costs in moving from an existing model to a new one.

That stated, I would not be looking to sink funds into a new food franchise right now. Not unless it is a little novel and far more automated.

Skilled workers
On the other side, this study has taken airline pilots as a skilled work base that could be automated. Based on the automation of many systems and the use of software for US drones, we can see the ability to replace pilots with automated systems.

We will look at the costs of employing a Pilot against an automated system. There is a requirement for a co-pilot as well and this does increment the cost.

We again see a steady rise in the cost of these highly skilled individuals.

At the same time and with the same 5% confidence intervals, we see the costs of automated robotic systems decreasing.

We see for this industry, the effects of better automated systems are having a far greater impact. The economics are rapidly converging to a point where it makes an infeasible system possible.

We do however need to change the axis as the exponential decrease in costs is far more significant in this environment.

Extending the axis, we see that for the highly skilled pilot, the estimated time for convergence is someplace between 2019 and 2022.
And a view of just the mean costs again has to be repositioned so that we can see this better.

Just looking at the mean costs again, we see that automated systems become more economically viable somewhere in the 2020’s.

The difficulty will not be the economics, but in the uptake of these systems. People will be hesitant at first, but once one airline starts changing, the economics of this process will result in a rapid convergence towards all airlines automating.

Security Audit, Review and Test Planning

For the purpose of this post, I will state, audit, as the reality is that even a penetration test is a form of audit.

Security audit planning involves all actions that need to be taken before the audit actually begins. There are five key phrases involved with audit planning.

These are:

  1. Researching the system or processes
  2. Determining the scope of the audit
  3. Formulating a strategy for the audit
  4. Creating the audit checklist
  5. Developing audit procedures and plans to ensure that the audit completes successfully.

The planning phase of any audit is arguably the most critical stage. This holds as much or more for a security audit where the results have to be justified and validated if the site under examination is to remain secure and vulnerabilities and risks are to be assessed correctly. It is in effect equivalent to the initiation stage of a project, and in fact an audit is analogous to a project in many ways. It is important to ensure that the scope of the audit is defined and agreed prior to starting the audit. A failure to agree on the scope will lead to cost overruns on may be problematic due to issues with permissions. This is one of the reasons why research is so critical. The research phase of the audit planning ensures that the audit team and management come to understand both the reason why the audit needs to occur and also the desired outcomes.

Additionally, good research will provide resources to the team that may aid in alleviating ill feelings or misgivings that often occur before an audit. Both technical staff and management commonly distrust audit teams. It does not matter whether this has occurred because of poor processes or bad feedback in the past but it does matter how the audit is handled presently. Quality research will demonstrate forethought and alleviate many of the concerns surrounding and audit.

Material collected during this phase will also go a long way to creating the “How To” component of the audit checklist. Detailing independent best practice research through the use of this document allows the others with in the organization to validate what you are doing before it occurs.

One of the real secrets of auditing is that the purpose of an audit is not to catch people out. By providing the checklist to those whose systems we seek to audit prior to the audit, we can provide them with an opportunity to rectify any control failures before we get there. In some instances the checklist may be provided weeks or months in advance of the audit date. This provides more than adequate time to allow for systems to be patched and vulnerabilities rectified.

The thing to think about is why we are doing this. Are we auditing to catch people out and get them in trouble? If so, we are unlikely to achieve any lasting results and at best technical teams will do their utmost to subvert the audit process. On the other hand if we work with the organization (ours internally or as an external party client) we will achieve better results. If you think about it, it is always better to have a system vulnerability patched before an audit. If we are waiting for the vulnerability to be mitigated or control to be implemented following an audit it may be a year before the next audit occurs. In this event it is likely that any improvements to the system will occur just before the next audit.

This could be a year later.

Ideally, the best audit strategy is a rolling audit of at least 120% of the systems selected randomly without notification. Here, a small section of the organization is tested before moving to the next. As the process is random and covers 120% of the organization, all sections will be audited yearly, but employees and contractors cannot become complacent as their systems can be audited again in any following period.

Tuesday, 26 June 2012

Cloud as a means to increase resilience

One key aspect that seems to be commonly overlooked in security is resilience.
Cloud storage is becoming less and less expensive each day. In some instances, the volumes offered (such as Google's 16TB stores) are more than sufficient to act as an organizational data store.

There are always naysayers stating that security and other issues will get in the way of cloud based storage solutions, but let us do a simple setup to make a really resilient and highly secure cloud system.

  1. For resilience to ensure that we cannot lose data even if we lose a provider or they stuff up, select two (2) providers. When we setup resilient SANS systems using RAID 10 and the like, we do this in any event. Basically, we have a mirror or a redundant system.
  2. Create a TrueCrypt (there are other alternatives as well) drive with the same key in each store. Basically, this is an online mirror, we access both drives and mirror the data equally.
  3. Setup a mirror on the two systems (e.g. Amazon Cloud and Google Drive)
  4. Start the TrueCrypt Partitions.

You could actually use a simple software mirror as well. This way, when you log into the system, the drive is mounted and logged into the secured partition.

Yes, the security of the keys matters, but what is different here to the security of a SAN other than it is more secure if than an open unencrypted disk SANS.

Done well, you can make Cloud solutions that are as secure if not more secure than a local drive. No losing access. Backup for resilience and it is anywhere you go.


Creating TC Partitions

1. Creating a TrueCrypt Volume

The following stages document the process to create a TrueCrypt volume without a hidden partition.

To create a TrueCrypt Volume, the process starts with running TrueCrypt and selecting “Create Volume”


When this button is selected, the “TrueCrypt Volume Creation Wizard” starts.


To create a partition, the “Create a volume within a non-system partition/device” option is selected and the “next” button is selected.


At this point, two (2) options are presented:

1. Standard TrueCrypt Volume

2. Hidden TrueCrypt Volume

In the event that option 1 (Standard TrueCrypt Volume) was selected, the following process would be used to create an encrypted volume partition.


The partition options may be displayed using the “select option” tab.


When a partition is selected, the user is next prompted to select an encryption option.


When a volume partition is being created, the size cannot be configured within TrueCrypt as the entire partition is encrypted.


The next stage involves adding the password that will be used to access the partition.


A short password will create a warning message as follows.


The partition is then ready to be encrypted.


Selecting the “format” button will start the creation of the encrypted partition. This will result in a warning message, which having been selected will start the format and encryption process.


The format will then begin.


If this process is allowed to complete, the following message will be displayed.


Following which the “volume Create” Page is displayed.


At this point the Volume has been created and May be accessed.


Selecting the partition allows it to be mapped to a drive.


Selecting “mount” will display the password function screen. In this case there is no hidden password.


The following screen displays the successfully mounted partition.


When this partition is mounted, it may be accessed normally.


Welcome top thinking solutions through and using technology.

Anthropomorphic–for how long?

The existing climate models separate effects in models to natural and human induced using a variety of statistical methods, but the big flaw in all these is they still do not actually have a valid natural model.

We know that the climate has and does change.

As an example, in the Holocene African Humid Period around 7,000 years ago, the Saharan desert was in fact a lush green pasture. It does not take much to understand that the climate in North Africa has changed. It changed before we started doing anything top alter it.

I will not go into the math or statistics in the models, though it is something I have written on previously,  but the thing to note here is that the climate naturally shifts.

Not over thousands of years as the climate naysayers like us to believe, but in decades. What we have no idea of is just how. What we are doing is making models that are excluding these issues.

It is not about the planet nor how we can help it or what damage we may have done in the past, it is about political control. Climate is a socially acceptable means for those with a socialist agenda to replace the agenda of war in social control.

With the carbon debate, we are moving to localized farming and cattle ranching in places such as Indonesia. This results in more deforestation with all of the ensuing issues.

If we take some such as Schmidt’s theory, we see that there is strong evidence for rapid climate change in many periods. In fact, by rapid, faster than we see currently.

Right now, we have political agendas driving some poor economic outcomes that will in effect make many people poorer with no real idea of their cogency or long term success. It is about time that we stand back and actually create some valid data models first, then maybe we can actually make a scientific statement as to what is occurring. We cannot do this now.

This is one reason we need more people trained with an objective eye and a data./math outlook. We can then look to the real issues, those we are effecting and see the cause comes in many instances to those with a political agenda.

Sometimes, it is those we believe that should be defending the very thing they are destroying such as the Greens here in Australia. The policy of localizing cattle production in countries not only impacts Australian cattle farmers, but also destroys Indonesian rainforests as land is cleared to raise cattle. A truly bad use of these areas.

[1] Schmidt, M. W. & Hertzberg, J. E. (2011) Abrupt Climate Change During the Last Ice Age. Nature Education Knowledge 2(12):11


See also:

Alley, R. B. Ice-core evidence of abrupt climate changes. Proceedings of the National Academy of Sciences of the United States of America 97, 1331-1334 (2000).

Monday, 25 June 2012

Denial-of-Service (DoS) Attacks

Often an attacker does not care if they break into a site or not, just in doing damage. A common method of achieving this is a Denial of Services Attack. DoS attacks are characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Some examples include;

  1. Attempts to "flood" a network, thereby preventing legitimate network traffic,
  2. Attempts to disrupt connections between two machines, thereby preventing access to a service,
  3. Attempts to prevent a particular individual from accessing a service,
  4. Attempts to disrupt service to a specific system or person,
  5. Attempts to “offline” a host (e.g. cause it to reboot).

Generally the methods of attack may be summarized into the following groups;

o Network Connectivity, using all ports for example

o Using Vulnerabilities (e.g. Pointing echo services to chargen services)

o Bandwidth Consumption (esp. DDoS)

o Consumption of Other Resources (e.g. memory or database overflow attacks)

Single-Message DoS Attacks

Once also known as "Nuke" Attacks these are designed to cause networked computers to disconnect from the network or crash (possibly rebooting or hanging the system).

Commonly these attacks exploit bugs in a specific operating system (OS). In general, these problems are promptly fixed by the vendor. Good patching procedures to implement the latest security patches reduce this vulnerability.

Flooding Denial-of-Service (DDoS) Attacks or Distributed DoS Attacks

A remote system is overwhelmed by a continuous flood of traffic designed to consume resources at the targeted server (CPU cycles and memory) and/or in the network (bandwidth and packet buffers). These attacks result in degraded service or a complete site shutdown.

Smurf Attacks

SMURF attacks use an intermediary to flood their victim. They spoof the victim's address and send an ICMP Ping (Echo Request) to a subnet broadcast address. Each device on the subnet will respond back to what they think is the sender (the victim) with an ICMP ECHO Reply, thus flooding their target. This rapidly exhausts the bandwidth available to the target, effectively denying its services to legitimate users

Land Attacks

LAND: set the source and destination IP address (on any packet) both to the victim's IP address. This used to kill some machines a long time ago (they'd try to send a response to themselves, and either burn a lot of cycles or end up crashing the system).

Flooding Attacks

TCP SYN Flood Attacks take advantage of TCP’s “three-way handshaking”. The attacker makes connection requests aimed at a target system. The packets have unreachable (forged) source addresses. The server is not able to complete the connection requests and, as a result, the target system wastes resources. A relatively small number of forged packets will consume memory, CPU, and applications, resulting in shutting down a server.

UDP Flood Attacks rely on UDP being a connectionless protocol. A UDP Flood Attack is achievable if an attacker can send a UDP packet to a random port on the target system and the target system responds with an ICMP packet of destination unreachable to the forged source address. By sending enough UDP packets to ports on the target system, the system will fail to respond.

ICMP Flood Attacks come in many forms. There are 2 basic kinds, Floods and Nukes (as detailed above).

An ICMP flood is usually accomplished by broadcasting either ICMP ping packets or UDP packets. The basis of the attack is to send large amounts of data to the target system. This results in it slowing down to a point where it is no longer functional.

Sunday, 24 June 2012

Where have all the unskilled jobs gone?

Let us for imagine it is 20 years from now.

Two decades have passed from today. Imagine we are now and not looking forward, the present. The technology, just emerging at this point today will be old, superseded and retro. Basically a quaint memory we all love to laugh at.

What will the world of that time be. How is it already changing, and most importantly where have all the unskilled jobs gone?

2012 has seen the introduction of the robotic pizza machine. Oovie and others started to replace the dated video store until Netflix  finally gained enough bandwidth in enough places to have replaced these physical stores in a box.

Just as the pizza stores started to be replaced by vending machines, so around 2021, the new autonomous delivery vehicles started to collect pizzas and replace the the pizza boy. You call in an order, the machine (somewhere in your city) creates the order and within 15 minutes you find it hot and perfectly cooked as you like it (and it takes your feedback and improves each and every time you order) delivered wherever you happen to be. So, there are no more delivery jobs either.

The autonomous systems work on machine time, not human time.

They work 24/7 and have little downtime (other than upgrades and they are cheap and easy to replace).

Your local McDonalds no longer hires the youth or elderly. The role of a McDonalds worker is that or an algorithm now with the requirement to place a patty on a grill, time it, flip it, time it, move it to a bun and serve it. A machine can and will do this better, faster and more consistently. Mostly, the economics of this exchange make it likely that the machine will do this for a fraction of the cost of an ideal worker, let alone a lazy or sick one.

With no holidays, no sick days, no personal time and never getting tired, machines will be the low cost alternative to service workers. The world of the future is one without the existing range of low end occupations.

In this future world, we have seen 20 years of vending machines and robotized shops gradually replacing the unskilled workers in the retail, food and service industries.

Do we remember Johnny Cabs is the movie “Total Recall” from 1990? Just imagine Johnny Pizza. An autonomous robotic vehicle with a pizza oven (or Ham Burger bar) that takes the order remotely, delivers it to your door cooked as you like it in 15 minutes or it is free?

There is no human manufacturing

In a world of 3d printers, of lights out factories and even 3d metal printing and manufacture, there is no place for an assembly worker. The car workers of the future are programmers and designers.

There is a coming divide between the skilled and the unskilled we need to address and to address now. Education is cheap in the future, but this still does not empower many people to take on the roles in a growly competitive world. Math is the most valuable of skills.

Only humans can solve some problems. Not all problems can be solved through computation and this is our only remaining edge.

The Nike of the future will not hire people in third world countries. There will be no low cost Chinese sweat shops. There will be no manufacturing in these places as it will be less expensive to make a local lights out factory. Even shoes will be printed and many times right at home.

There will be no exploitation in third world countries. We have won that battle and at the same time lost the war as there are NO low cost jobs at all in third world countries. We have replaced these people and made them obsolete. I hope those who have fought to stop the people being “exploited” are happy with their Pyrrhic victory.

Farming in 2030 will be completed in containerized systems, not farms.We will grow anything locally. There will be no “fare price” coffee or cocoa as all foods are grown locally, delivered fresh daily and completely automated.

It will be fresher, closer and better. Hydroponic towers will fill deserts and areas that we see as unable to support life and there will be no reason to support cash crop farmers. They will not exist other than for charity.

Vision in a world of  augmented reality

We look fondly back at the start of Google glass remembering those geeky people with the silly goggles and headsets the same way we in 2012 remember those with a brick of a mobile phone is the 80’s.

What we have now is a bionic system implanted to augment our seemingly inferior natural vision, hearing and other senses.

We will have the elderly climbing Everest in exoskeletons originally designed to replace wheelchairs. The future of powered suits will also aid the general community become faster, climb higher and do more without training.

Good or bad, would you choose to climb the Matterhorn if you could without risk and for a minimal exertion?

Our future reality is augmented in many ways.

Future Education

We need to stop teaching endless lines of facts and start teaching students to Think!

Why you ask? Well, we will have a personal assistant (see Watson below) that can instantly answer any natural grammar based question and recall any fact, make any simple calculation and replace any spreadsheet in  under a decade.

And it will fit into a watch sized device and talk to us using natural speech.

Remembering facts is not educating people, learning how to think and argue is what education needs to be all about. Socrates taught people to question, not to memorize. We need to do the same.

The false arguments as to why we will not have this world

It is argued that automation, robotics and computerization will not effect the near future. This is an argument that we require systems with vision, touch and hearing just like humans do.

Well, these things are here in this world.

Watson, IBMs learning machine that won Jeopardy has become an iPhone app in 2017 replacing the failing Siri 3.x. This app, working through your augmented system that delivers a visual update (similar to the visuals in the movie Terminator) will be delivered at first using contact lenses with laser imaging and cameras, then by 2020 will be implanted to offer true Bionic vision. We will go to a “body shop” periodically to get bioware updates as needed.

We also will see hologramatic images of people as real as you can imagine without them being there.

If that Johnny Pizza seems as if it was a real person and the pizza is better, Why would we order any other way?

We will learn differently. When all the facts are there, the entire Library of Congress is online and available, what will matter is the ability to access and analyze information.

In the world of the future, there are no more service jobs, no manufacturing, no low cost roles to fill. It is a world of data, design and creativity. What we need to do is start to imagine ways to make this a world that works in this future.


Rome of the empire was a place with massive unemployment. We created games to fool the masses into acceptance of their lot in life. This was a decadent and corrupt society that was derived from a far more virtuous (in relation to the later period) society than it ended.

Rome had many people unemployed and a slave based economy.

We have a future robotic society with robots taking the place of the slaves in Rome with less chance of a rebellion.

We will have masses of people who do not fit this future. Who do not learn to become the creators and long for a past of manufacturing. A people who are driven by the Gladiatorial future sports and Springer’esk entertainment of the lowest denominator.

Change starts now or we are destined to make the same mistakes we made again.


Now personally… with qualifications in Statistics, Finance and Economics, do you wonder why I have chosen to work in Information Security and big data analysis?