This week’s GigaOM Research Tweets, and my first customer timeline.
April 25th & 26th
287 Kent Ave, Brooklyn, NY 11211
Abstract Submission Deadline: January 19th
What does it mean that digital technologies are increasingly a part of...
This week’s GigaOM Research Tweets, and my first customer timeline.
The baseband OS on mobile devices is a frightening mess: incompletely understood and very insecure:
Every smartphone or other device with mobile communications capability (e.g. 3G or LTE) actually runs not one, but twooperating systems. Aside from the operating system that we as end-users see (Android, iOS,PalmOS), it also runs a small operating system that manages everything related to radio. Since this functionality is highly timing-dependent, a real-time operating system is required.
This operating system is stored in firmware, and runs on the baseband processor. As far as I know, this baseband RTOS is always entirely proprietary. For instance,the RTOS inside Qualcomm baseband processors(in this specific case, the MSM6280) is called AMSS, built upon their own proprietary REX kernel, and is made up of 69 concurrent tasks, handling everything from USB to GPS. It runs on an ARMv5 processor.
The problem here is clear: these baseband processors and the proprietary, closed software they run are poorly understood, as there’s no proper peer review. This is actually kind of weird, considering just how important these little bits of software are to the functioning of a modern communication device. You may think these baseband RTOS’ are safe and secure, butthat’s not exactly the case. You may have the most secure mobile operating system in the world, but you’re still running a second operating system that is poorly understood, poorly documented, proprietary, and all you have to go on are Qualcomm’s Infineon’s, and others’ blue eyes.
The insecurity of baseband software is not by error; it’s by design. The standards that govern how these baseband processors and radios work were designed in the ’80s, ending up with a complicated codebase written in the ’90s - complete with a ’90s attitude towards security. For instance, there is barely any exploit mitigation, so exploits are free to run amok. What makes it even worse, is that every baseband processor inherently trusts whatever data it receives from a base station (e.g. in a cell tower). Nothing is checked, everything is automatically trusted. Lastly, the baseband processor is usually the master processor, whereas the application processor (which runs the mobile operating system) is the slave.
So, we have a complete operating system, running on an ARM processor, without any exploit mitigation (or only very little of it), which automatically trusts every instruction, piece of code, or data it receives from the base station you’re connected to. What could possibly go wrong?
With this in mind, security researcher Ralf-Philipp Weinmann of the University of Luxembourg set out to reverse engineer the baseband processor software of both Qualcomm and Infineon, and he easily spotted loads and loads of bugs, scattered all over the place, each and every one of which could lead to exploits - crashing the device, and even allowing the attacker to remotely execute code. Remember: all over the air. One of the exploits he found required nothing more but a 73 byte message to get remote code execution. Over the air.
It sounds like the background for a Daniel Suarez-like scifi novel about an evil genius crashing the world’s economy by controlling the cell phones of politicians, bankers, and security personnel, and causing a stock market and financial market crash by making cell phones execute trades, steal money from bank accounts, and to fund his organization’s terrorism.
After a count of all absentee ballots, Pam Wetherbee has been declared the winner in Beacon’s Ward 3 City Council race by 6 votes, down from the 9 votes on election day.
This means that the Beacon Democrats have a clean sweep in the City Council elections this year, as reported earlier (see Democrats With Strong Showing Win Control Of City Council).
I’ve known Lee since 2004, I think, when a bunch of us put together an impromptu event in London called ‘Social Tools in the Enterprise’, which was surprisingly early. We’ve remained close ever since, although less so in the past few years, since the Reboot conference closed down. He was co-founder of Headshift, which merged a few years ago with Dachis Group. Lee is one of the deepest thinking folks out there, and since he’s left Dachis this year he’s headed in new directions.
About Lee Bryant
Lee is passionate about using social technology to put humans front and centre of the way we do things in the Twenty-First Century. He has been playing with words and computers since the age of 10, but it was in the mid-1990s, whilst working in international politics and diplomacy, that he discovered the immense power of the internet to influence and orchestrate change. He believes social networks, not bureaucracies, are the organising principle of the current era, and is excited about further exploring new forms of highly connected organisations. He is the co-founder of Post*Shift.
Stowe Boyd: You wrote a post recently, ‘The Shift Has Happened. What Comes Next?’, in which you make the case that the ideas of social business have become mainstream, but that culture is still lagging. You wrote,”I think we under-estimated the sheer level of inertia and resistance to change that exists in many companies.” Is accelerating cultural change what comes next?
Lee Bryant: Yes, I think it is. Whilst the basic social technologies are now regarded as normal within a business, and there is some awareness of the general benefits that more social working can bring, I think the real change we have been pursuing with social business for the past decade has barely begun. The technology and its growing acceptance by workers makes possible new forms of organisation and new forms of orchestrating labour, and this is what we see as the next stage of the challenge to improve business. At the same time, without such changes, the technology will not really fulfil its promise.
Cultural change cannot, I believe, come about through change programmes as they are currently conceived. There is little value in promoting ‘values’ and behaviours without addressing the deep structure of companies and the habits and culture this creates. We need to be more radical in asking how we would re-create companies today if we started from scratch, because I think we now have the social, cultural and technological platforms on which to do a much better job. In fast-growing markets, we see a lot more experimentation, loose structure and rapid change, because they are on a fast growth curve. Organisations often become institutions when they reach their peak and want to protect what they have, and optimise it to death, rather than continue innovating. This often works, but over the long term it is the most vulnerable position to take in the face of emerging threats, and I think many large corporates and institutions have never been so vulnerable.Cultural change cannot, I believe, come about through change programmes as they are currently conceived. There is little value in promoting ‘values’ and behaviours without addressing the deep structure of companies and the habits and culture this creates. - Lee Bryant
If our thesis about social technology and human business is correct, then we should be able to create better, more flexible and adaptive organisations that are more successful than the incumbents they challenge. But for existing large firms, I think a key challenge is how to create a protected space within which they can nurture new structures and new ways of working before their entire existence is challenged by fast-growing startups who are focused on value creation not preservation.
So, yes, cultural change is key, but there is a lot more to it than just change programmes or values (or indeed technology). It is about re-thinking how we orchestrate labour and other inputs to create entirely new models of the firm.
SB: I recently argued (see Metaphors matter: Talking about how we talk about organizations) that a good starting point for deep structural change in the organization is to reevaluate strategy and how closely it articulates with other activities. Basically, if a company is built around top-down, strategic planning instead of emergent, action- and experiment-oriented strategic learning, then working socially is stymied.
LB: Interesting piece, and I like the idea that we can choose our metaphors to suit the analytical need at the time - in a sense each of the organisational metaphors in that piece holds true to an extent. But I am not sure I agree with the idea that strategy is a good place to start for deep structural change. For me, a logical place to start is to work within the current strategic framework to show how people can organise better to get things done, partly because this is less disruptive than re-thinking the strategy, but also because it shows that the big change here is how business can be better and more professional for any given goal than if it proceeds as currently organised. When firms and managers are more comfortable with this new way of working, then I would move on to an emergent strategy development process, but even then I see a role for the experience and wisdom of true leaders to add value to emergent strategic ideas coming up from below. The big win here is how work happens and how value is created, rather than a new approach to setting strategic goals for the firm.
SB: I’ve been advocating the idea of deep culture extrinsic to any specific business, a new business culture based on social principles which subsume to some extent replace organizational culture. One of the effects of the new fast-and-loose work compact is that people are less connected to the business, and businesses are certainly less devoted to their employees. What are your thoughts on that?
LB: I think this is happening to an extent anyway. Talented people are far less loyal to organisations, because there is little these organisations can provide that modern workers need, except in highly specialised areas of the economy where it is not possible to work on cool stuff alone or even in small groups. Developers, for example, tend to have working practices and culture that is independent of any organisation, and to their credit they often try to maintain coding standards, documentation, use of repositories, etc, even when their current company does not care and simply wants to cut corners to ship product. They take pride because they are professionals, much in the same way lawyers and other professions used to.
There is nothing at all wrong or selfish about doing business to seek a profit. The act of real value creation is close to alchemy and should be highly prized. The problem, I think, is that too much corporate business is not in the least about value creation, but rather has short-term stock price or capital enhancement goals. If entrepreneurs, technologists, makers, etc., can all maintain their own values and standards and own a working culture that is more professional and focused on value-creation than the managers who populate large companies, then it is good for all of us.
SB: Yes, I agree. I believe we need to reënage with our own work, personally, and build a deep culture with other individuals committing to its principles, the new ethos of work: mastery, autonomy, and the regard of those you respect. I believe that this broad and deep culture will become more important than the shallow and narrow cultures of businesses.
LB: I think we are seeing signs of this already. Developers value the respect of other developers more than the approval of their bosses, and much of the discretionary extra work they put in is to satisfy a deeper sense of professionalism, rather than just fulfilling the brief. Mastery, autonomy and doing things that don’t scale are all ideas that I see more and more, and you only have to look at the consumer world to see that people value craft over mass-produced cheaper products, and craft requires a new culture of work, rather than the dominant Taylorist approach.
SB: As you may know, the central thesis of the Socialogy series is ‘How do you think a scientifically-grounded understanding of people as social beings will change business in the future and how?’ Can you give your take on that?
LB: There is so much we have learned over recent years about motivation, incentives, identity formation, group behaviour, shared cognition and a range of other cross-disciplinary topics that relate to human behaviour, but so little of it has translated into better business. We are way beyond any pretence that classical economics, supply and demand, rational actor theories, etc., have anything much to offer in understanding the world and better serving the needs of human progress. But we still live under the yoke of financial management ideas where the goal of business is just to incrementally increase shareholder capital, despite the fact this is leading us away from value-creating innovation and towards low-risk efficiency and optimisation plays. I really hope that as we understand ourselves and others better, and accept that finance is an input to business, not its master, that we will come up with so many new ways to make people’s lives slightly better, and create value in the process. You might say it is the next frontier of business, because in a sense this is what most current trends are about, from big data to behavioural economics and ‘everything as a service.’
SB: We have to break the stranglehold of false ideologies disguised as economics, and replace it with bioeconomics?
LB: I don’t know about bioeconomics specifically, but the world around us and our place within it sure has a lot to teach us in terms of everything from husbandry of resources through to adaptation, evolution and ecosystems. Economics is, as suggest an ideological worldview, not a scientific one, and that is a problem. There are other scientific (and social scientific) fields that are probably more relevant to the future of business than classical economics.
SB: Thanks, Lee. Great to talk.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. I’ve been compensated to contribute to this program, but the opinions expressed in this post are my own and don’t necessarily represent IBM’s positions, strategies or opinions.
Moving a lot of posts from stoweboyd.com to underpaidgenius.com, so if you have a link that breaks you may want to look over there. Poetry, social criticism, politics, art, movie criticism, etc., is back there where it started out originally. So far I’ve reached 29 September 2013. I’ll do a month every week until I get back to the way things used to be, before I tried to post everything here at stoweboyd.com, which got to be too much, even for me.