NU President Carter May Earn $1.5 Million Per Year by 2023

(p. B1) LINCOLN — The University of Nebraska Board of Regents extended President Ted Carter’s contract by three years on Thursday, potentially keeping the university’s top leader in Nebraska through 2027.

Carter’s new contract, approved unanimously, also raises his base salary by 3% this year and adds a second deferred compensation package to incentivize the president to stay at NU.

In all, Carter’s total compensation could top $1.5 million beginning in 2023.

. . .

Regents also awarded Carter, a former superintendent of the U.S. Naval Academy, a $105,000 performance bonus for the (p. B1) 2021-22 academic year.

That amount is less than the $140,000 he was eligible to receive; Carter hit 89% of the benchmarks set for him by the board last year after first- to second-year retention numbers fell at several NU campuses.

For the full story, see:

CHRIS DUNKER, Lincoln Journal Star. “NU President Given Raise, Extension.” The Omaha World-Herald (Friday, August 12, 2022): B1-B2.

(Note: the online version of the story was updated Sept. 18, 2022, and has the title “Regents approve contract extension, pay raise for NU president.”)

Log4j Open Source Bug Created “Endemic” Risk for “a Decade or Longer”

Continuing worries about the Log4j software bug are consistent with my skepticism of open source software, Openness to Creative Destruction. You can find a brief discussion in the chapter defending patents.

(p. A6) WASHINGTON—A major cybersecurity bug detected last year in a widely used piece of software is an “endemic vulnerability” that could persist for more than a decade as an avenue for hackers to infiltrate computer networks, a U.S. government review has concluded.

. . .

“The Log4j event is not over,” the report said. “The board assesses that Log4j is an ‘endemic vulnerability’ and that vulnerable instances of Log4j will remain in systems for many years to come, perhaps a decade or longer. Significant risk remains.”

. . .

Security researchers uncovered last December a major flaw in Log4j, an open-source software logging tool. It is a widely used piece of free code that logs activity in computer networks and applications.

For the full story, see:

Dustin Volz. “‘Endemic’ Risk Seen In Log4j Cyber Bug.” The Wall Street Journal (Friday, July 15, 2022): A6.

(Note: ellipses added.)

(Note: the online version of the story has the date July 14, 2022, and has the title “Major Cyber Bug in Log4j to Persist as ‘Endemic’ Risk for Years to Come, U.S. Board Finds.”)

My book, mentioned above, is:

Diamond, Arthur M., Jr. Openness to Creative Destruction: Sustaining Innovative Dynamism. New York: Oxford University Press, 2019.

Spreading Smallpox Inoculation to Impress Voltaire

(p. A15) Dimsdale had been summoned by Catherine the Great to inoculate not only the empress herself but also her 13-year-old heir, the Grand Duke Paul.

. . .

As Lucy Ward dramatically relates in “The Empress and the English Doctor: How Catherine the Great Defied a Deadly Virus,” Catherine’s invitation was a high-stakes affair, a testament to Dimsdale’s writings on the methodology of smallpox inoculation and his reputation for solicitous care. His Quaker upbringing had encouraged a brand of outcome- rather than ego-led practice.

. . .

As devastating as smallpox was, for the empress herself and the grand duke who would succeed her to personally undergo inoculation was a risk to both patient and doctor. On the success side stood immunity from the disease, an almost holy example for Catherine’s people, and as-yet-untold riches for her nervous doctor. On the other side, not only the fact that all Russia would refuse the treatment if their “Little Mother” died, but also a disaster for Dimsdale and the son who had accompanied him. Geopolitics came into play too—if things went wrong, some would interpret it as a foreign assassination.

. . .

With a happy result for her and her less-robust son, Catherine sets about publicizing the success. Dimsdale receives the equivalent of more than $20 million and a barony. Bronze medals are cast of Catherine’s profile, reading “She herself set an example.” It helps that Catherine was competitive beyond reason: “we have inoculated more people in a month than were inoculated in Vienna in eight,” she wrote to Voltaire, determined to beat Empress Maria Theresa’s efforts.

For the full review, see:

Catherine Ostler. “BOOKSHELF; Inoculate Conception.” The Wall Street Journal (Thursday, June 23, 2022): A15.

(Note: ellipses added.)

(Note: the online version of the review was updated June 22, 2022, and has the title “BOOKSHELF; ‘The Empress and the English Doctor’ Review: Inoculate Conception.”)

The book under review is:

Ward, Lucy. The Empress and the English Doctor: How Catherine the Great Defied a Deadly Virus. London, UK: Oneworld Publications, 2022.

Private Sector Scores 10 Points Higher Than Government on Customer Experience Index

(p. A4) . . . the government customer experience has improved over time. Federal agencies and programs in 2021 earned an average score of 62.6 points out of 100 in the Customer Experience Index, an annual ranking produced by Forrester Research Inc. The score was the highest federal average the market research company reported since it began studying government in 2015.

But the federal customer experience average still lags 10.7 points behind the private-sector average on the Forrester index.

“There have been people in the federal government doing good [customer experience] work for years,” said Rick Parrish, vice president and principal analyst at Forrester. “The problem is the improvements haven’t been big enough, or fast enough.”

For the full story, see:

Katie Deighton. “Bureaucracy Studies Why It’s So Frustrating.” The Wall Street Journal (Wednesday, April 20, 2022): A4.

(Note: ellipsis added.)

(Note: the online version of the story has the date April 19, 2022, and has the title “White House Presents Plan to Fix Federal Customer Experience.”)

A Driving Goldfish Shows “Smart” Adaptive Intelligence

(p. A1) Ronen Segev is out to clear the goldfish’s bad reputation.

“Many times people come to me and ask me, ‘We thought that [a] goldfish has a three-second memory span.’ This is incorrect. It’s very important to make this point,” he said. “Fish are smart, even goldfish.”

His case rests on a viral video he tweeted last month of a goldfish driving a water-tank-equipped robotic vehicle down the side of a street and inside his lab at Ben-Gurion University of the Negev in Israel. The roboride was part of a scientific study to test whether goldfish had the mental acuity to navigate a terrestrial environment toward a target using a machine. The six goldfish that took part in driver’s training passed their test.

. . .

(p. A9) “The ability to change in response to a changing environment, it’s so important to survival,” said Kelly Lambert, a neuroscientist at the University of Richmond in Virginia, who has trained rats, but not fish, to drive. “The flexibility is what is so amazing about a brain. If you had a brain that was fixed, if anything changed in the environment—we’re done.”

Dr. Segev, a neuroscientist who has been studying fish cognition for 16 years, didn’t hold back on the menu of challenges he devised for his goldfish. His aim was to show that animal brains aren’t inferior to human ones; they’re just different because they evolved in a different environment, he said. Animal brains are flexible enough to adapt to new situations, a fundamental characteristic of all brains, neuroscientists say.

He put a goldfish in a tank aboard a robot outfitted with computer-vision software that tracked the fish’s movement. When the fish moved inside its plexiglass pool, the robot moved with it. The fish had to learn that when it swam right, the robotic vehicle moved in that direction too.

The fish had to use their new cognitive skills to find a target, a pink board inside a lab. In return for hitting their mark, the fish got rewarded with a pellet of food.

For the full story, see:

Daniela Hernandez. “In This Fish Story, a Goldfish Drives a Vehicle Down the Street.” The Wall Street Journal (Monday, February 7, 2022): A1 & A9.

(Note: ellipsis added.)

(Note: the online version of the story has the date February 6, 2022, and has the title “How Do You Teach a Goldfish to Drive? First You Need a Vehicle.”)

Open-Source Volunteers “May Not Have Sufficient Resources to Prioritize Security”

(p. A15) The recent discovery of a vulnerability in Apache log4j, a widely used open-source software tool, has exposed a significant security issue with our digital world.

. . .

We’ve had security issues with open-source software occur every couple of years, including the Heartbleed Bug in 2014 and the npm Left-Pad Vulnerability in 2016. According to the Cybersecurity and Infrastructure Security Agency, in 2020, two of the most routinely exploited information-technology vulnerabilities were related to open source.

One of the primary reasons for these vulnerabilities is that popular open-source software such as log4j is often maintained by volunteers who may not have sufficient resources to prioritize security. But these volunteers aren’t to blame. What appears to be an esoteric technical problem is actually one of funding and the sustainability of the entire digital ecosystem. While some open-source projects are supported by companies and nonprofit organizations, other pieces of code are maintained and released by people who struggle to monetize their work. The open-source security problem is, at its core, a tragedy of the commons. When the underlying health of our digital infrastructure is unsound, the whole system suffers.

For the full commentary, see:

Eric Schmidt and Frank Long. “Protect Open-Source Software.” The Wall Street Journal (Friday, January 28, 2022): A15.

(Note: ellipsis added.)

(Note: the online version of the commentary has the date January 27, 2022, and has the same title as the print version.)

Boeing Maximized Short-Term Profits Instead of Long-Term Quality (and Profits)

(p. A19) Boeing remains one of America’s leading manufacturers, but it is reduced in reputation as well as equity. The “fall” that Mr. Robison’s subtitle alludes to is the corrosion of a culture that had emphasized quality.

. . .

Mr. Robison is upset that Boeing followed the unremarkable philosophy of the Business Roundtable (recently revised under woke pressure) that the first duty of any company is to its shareholders. He says that Boeing focused on metrics that “tend to favor investors over employees and customers.” This is an easy but misworded critique. In the long term, the interests of shareholders and customers are aligned. A manufacturer that disregards either customers or employees will eventually not have profits to distribute.

In fact, Boeing forgot that its long-term success depended on its reputation for superior engineering. Executives like Alan Mulally, project leader in the 1990s for the costly but highly successful Boeing 777, were passed over for the top job. The corporate metamorphosis was accelerated by the 1997 merger with rival McDonnell Douglas. The executive suite was colonized by such figures as McDonnell’s Harry Stonecipher, a Jack Welch protégé who was explicit about changing the culture. His intent, he said, was to run Boeing “like a business rather than a great engineering firm.” Increasingly that meant doing whatever it took to hike the share price. Phil Condit, the CEO who orchestrated the merger, pushed his managers to quintuple the stock in five years, which suggested that his eye was on Wall Street and not on the planes.

. . .

Test flights showed a tendency for the MAX to pitch up. Designers corrected the problem on the cheap, with software that pushed the nose down. Somewhat perilously, a single sensor measuring the angle of the wings against oncoming air could force the plane into a downward trajectory. An optional cockpit indicator—alerting pilots that the sensor might be faulty—was not included on cheaper models. And the sensors, which sat outside the plane, were vulnerable to bird strikes or improper installation.

. . .

. . ., the FAA, as Mr. Robison shows, was compromised by years of having adapted its regulatory role to promote manufacturers. Even after the first plane went down, it kept the MAX flying—despite an agency analysis predicting more crashes.

For the full review, see:

Roger Lowenstein. “BOOKSHELF; Downward Trajectory.” The Wall Street Journal (Monday, Nov. 29, 2021): A19.

(Note: ellipses added.)

(Note: the online version of the review has the date November 28, 2021, and has the title “BOOKSHELF; ‘Flying Blind’ Review: Downward Trajectory.”)

The book under review is:

Robison, Peter. Flying Blind: The 737 MAX Tragedy and the Fall of Boeing. New York: Doubleday, 2021.

“Overwhelmed” Volunteers Struggle to Fix Log4j Bug in Open Source Software

In Openness to Creative Destruction, I argue that open source software has severe drawbacks, compared to a system where firms receive higher profits for selling better software. The severe Log4j bug, discussed in the quoted passages below, is an example that strongly supports my argument. Blog entries posted on Dec. 17 and on Dec. 25 also discussed the Log4j bug.

(p. B6) Gary Gregory, a volunteer for the Apache Software Foundation, is spending time off from his day job glued to his computer, striving to help contain the harm from a security flaw in the Log4j tool underpinning much of the digital economy.

. . .

Mr. Gregory, who works from the dining-room table in his Ocala, Fla., home, fueled by black coffee and accompanied by his hound-pit-bull mix, Bella, said he is overwhelmed with hundreds of requests for help from businesses. While Apache is trying to assist companies in updating their systems, he said, the nonprofit’s resources are limited.

“This puts to the forefront the whole issue with open-source [software] and commercial users,” said Mr. Gregory, who is on the Apache Logging Services Project Management Committee of 16 elected members who vote on changes to the software. “The expectations are somewhat out of whack.”

. . .

Many developers rely on the free Log4j framework to help record data such as users’ behavior and applications’ activity in software built with the Java programming language. Cybersecurity experts say the inclusion of the open-source logging tool within so much interconnected software—often embedded without developers’ knowledge—yields a threat that spans economic sectors and national borders.

. . .

Cybersecurity firm Mandiant Inc. said it has observed Chinese government hackers trying to exploit the flaw.

After Apache released its planned patch on Friday, Mr. Gregory said he worked through the weekend on a new update along with other volunteer software developers in Japan, New Zealand, Virginia and Arizona. Unveiled Monday, the new version disabled a problematic software module by default and removed a message-lookup feature that could be used to exploit the flaw.

The Apache volunteers are designing another update to Log4j for users who rely on an older version of the Java programming language, meaning more work for Mr. Gregory while he is on vacation from his day job.

“That translates to me getting five hours of sleep last night,” he said of his time off. “Some of the other guys got two or three.”

For the full story, see:

David Uberti. “Fight Against Bug Relies on Volunteers.” The Wall Street Journal (Thursday, December 16, 2021): B6.

(Note: ellipses added.)

(Note: the online version of the story was updated Dec. 15, 2021, and has the title “Global Fight Against Log4j Vulnerability Relies on Apache Volunteers.”)

My book, mentioned above, is:

Diamond, Arthur M., Jr. Openness to Creative Destruction: Sustaining Innovative Dynamism. New York: Oxford University Press, 2019.

Hackers from China Seek to Exploit the Open Source Log4j Software Bug

In Openness to Creative Destruction, I argue that open source software has severe drawbacks, compared to a system where firms receive higher profits for selling better software. The severe Log4j bug, discussed in the quoted passages below, is an example that strongly supports my argument. A blog entry posted on Dec. 17 also discussed the Log4j bug.

(p. B1) Hackers linked to China and other governments are among a growing assortment of cyberattackers seeking to exploit a widespread and severe vulnerability in computer server software, according to cybersecurity firms and Microsoft Corp.

The involvement of hackers whom analysts have linked to nation-states underscored the increasing gravity of the flaw in Log4j software, a free bit of code that logs activity in computer networks and applications.

Cybersecurity researchers say it is one of the most dire cybersecurity threats to emerge in years and could enable devastating attacks, including ransomware, in both the immediate and distant future. Government-sponsored hackers are often among the best-resourced and most capable, analysts say.

“The effects of this vulnerability will reverberate for months to come—maybe even years—as we try to close these doors and try to hunt down all the actors who made their way in,” said John Hultquist, vice president of intelligence analysis at the U.S.-based cybersecurity firm Mandiant Inc.

. . .

(p. B6) Researchers find the Log4j flaw particularly worrying because the free Java-based software is used in a broad range of products. It can be found in everything from security software to networking tools to videogame servers. The exact number of users of Log4j is impossible to know, but the software has been downloaded millions of times, according to the organization that builds it, the Apache Software Foundation.

The attack works reliably and is trivial to exploit, security researchers say. Although downloadable patches have already been made available, experts and U.S. officials said they expected the flaw to remain a problem for the long haul because some organizations will be slow to update their systems or might neglect to do so entirely.

“It’s a surprise it’s not more widespread,” said Adam Meyers, senior vice president of intelligence with CrowdStrike, a U.S.-based cybersecurity firm, which said they had detected Iranian actors leveraging the Log4j flaw. “The question that everyone is asking is, ‘What aren’t we seeing?’”

For the full story, see:

Robert McMillan and Dustin Volz. “Hackers Leap on Flaw in Log4j Software.” The Wall Street Journal (Thursday, December 16, 2021): B1 & B6.

(Note: ellipsis added.)

(Note: the online version of the story was updated Dec. 15, 2021, and has the title “Hackers Backed by China Seen Exploiting Security Flaw in Internet Software.”)

My book, mentioned above, is:

Diamond, Arthur M., Jr. Openness to Creative Destruction: Sustaining Innovative Dynamism. New York: Oxford University Press, 2019.

Open Source Log4j Software Bug “Poses a Severe Risk”

In Openness to Creative Destruction, I argue that open source software has severe drawbacks, compared to a system where firms receive higher profits for selling better software. The severe Log4j bug, discussed in the quoted passages below, is an example that strongly supports my argument.

(p. B1) The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an urgent alert about the vulnerability and urged companies to take action. CISA Director Jen Easterly said on Saturday, “To be clear, this vulnerability poses a severe risk.”  . . .  Germany’s cybersecurity organization over the weekend issued a “red alert” about the bug. Australia called the issue “critical.”

Security experts warned that it could take weeks or more to assess the extent of the damage and that hackers exploiting the vulnerability could access sensitive data on networks and install back doors they could use to maintain access to servers even after the flawed software has been patched.

“It is one of the most significant vulnerabilities that I’ve seen in a long time,” said Aaron Portnoy, principal scientist with the security firm Randori.

. . .

(p. B2) The software flaw was reported late last month to the Log4j development team, a group of volunteer coders who distribute their software free-of-charge as part of the Apache Software Foundation, according to Ralph Goers, a volunteer with the project. The foundation, a nonprofit group that helps oversee the development of many open-source programs, alerted its user community about the vulnerability on Dec. 9 [2021].

“It’s a very critical issue,” Mr. Goers said. “People need to upgrade to get the fix,” he said. Log4j is used on servers to keep records of users’ activities so they can be reviewed later on by security or software development teams.

Because Log4j is distributed free, it is unclear how many servers are affected by the bug, but the logging software has been downloaded millions of times, Mr. Goers said.

For the full story, see:

Robert McMillan. “Software Flaw Spurs Race to Patch Bug.” The Wall Street Journal (Monday, December 13, 2021): B1-B2.

(Note: ellipses, and bracketed year, added.)

(Note: the online version of the story was updated Dec. 12, 2021, and has the title “Software Flaw Sparks Global Race to Patch Bug.”)

My book, mentioned above, is:

Diamond, Arthur M., Jr. Openness to Creative Destruction: Sustaining Innovative Dynamism. New York: Oxford University Press, 2019.

Demand for Oil and Gas “Will Remain Robust for Years to Come”

(p. B1) The leaders of the world’s largest oil companies said Monday [Dec. 6, 2021] that demand for the products they make will remain robust for years to come even as the world attempts to transition to lower-carbon energy sources.

The chief executives of Exxon Mobil Corp., Chevron Corp. and Saudi Arabian Oil Co., speaking at the World Petroleum Congress in Houston, said that while the world needs to address the risks posed by climate change, global economies cannot function without fossil fuels.

“Oil and gas continue to play a central role in meeting the world’s energy needs, and we play an essential role in delivering them in a lower carbon way,” Chevron CEO Mike Wirth said Monday. “Our products make the world run.”

. . .

(p. B2) Jeff Miller, chief executive of Halliburton Co., said Monday that the world’s underinvestment in oil and gas since 2014—years in which international spending was 50% below historical norms—is leading global markets to an era of scarcity.

. . .

Just a few weeks ago, some market observers had predicted crude prices could soon hit $100 a barrel for the first time in seven years, on the back of a strengthening demand recovery and sluggish growth in oil supplies.

For the full story, see:

Collin Eaton and Christopher M. Matthews. “Demand for Fossil Fuels Seen Lasting for Years.” The Wall Street Journal (Tuesday, December 7, 2021): B1-B2.

(Note: ellipses, and bracketed date, added.)

(Note: the online version of the story was updated Dec. 6, 2021, and has the title “Demand for Oil, Gas to Remain Robust for Years, Energy Leaders Say.”)