In this interview, STARWEST keynote speaker Paul Gerrard shares his perspective on the scale, variety, ubiquity, complexity, and challenge of the Internet of Things, explaining his test approach for this trend and where he thinks it might go.
Josiah Renaudin: Today I'm joined by Paul Gerrard, of Gerrard Consulting, who will be a keynote speaker at this year's STARWEST Conference. He'll be speaking with us on testing the Internet of Everything. Paul, thank you very much for joining us today.
Paul Gerrard: My pleasure.
Josiah Renaudin: First, could you tell us just a bit about your experience in the industry.
Paul Gerrard: Many years ago, I did a degree in engineering. My first job was as a civil engineer with a consulting engineering firm. What was interesting to me right away is that within a few days they said, "Well, we've no work in, but we've just had a computer delivered. Here are the manuals, go find a quiet place and go and see what you can do with it." I went from an engineer briefly to writing software for engineering company, to another engineering company as a software person and applications programmer. Then I went to an IT company. Historically, I worked as a developer through to a project manager for about ten, twelve years. For the last twenty years or so, I've been in software testing. I've done the usual grunt testing work, but primarily I've been a consultant doing test management strategy, coaching, training, the usual kind of stuff. Here I am now. Overall though, I should say that I'm still a techie at heart. I still write a lot of code. That's me in a nutshell I guess.
Josiah Renaudin: Your keynote's on something that I feel like everyone's talking about. It's something I write about a lot. It's the Internet of Things, the Internet of Everything. Why do you think it's become such a hot topic?
Paul Gerrard: The superficial answer would be that companies like IBM and Cisco and Microsoft and these very large companies are investing billions of dollars building up their business in order to make a lot more money than that. The hype that surrounds the Internet of Things, Internet of Everything, call it what you like, is derived really from the marketing effort that's going on by these big businesses. I should also say there's a big drive within the mobile community and the consumer electronics community, to take advantage of the connectivity that's now available for those smallest as well as the largest of devices out there. For example, I went to Mobile World Congress in Barcelona a few months ago. Half of the discussion, debate, the conference and the massive expo that was there, at least half of it was about the connected world and the Internet of Things, the Internet of Everything.
Interesting to me is Lee Copeland asked me, "What's the official term now?" What did I think? "Is it the Internet of Things, the Internet of Everything? What should it be?" What was interesting to me in Barcelona, was I did a search of all the topic areas and all the contents of the website for this 95,000-person conference and expo, and it seemed to me the Internet of Everything was the emerging label that we're putting on this kind of thing. There's a broader thing, too. This is probably the way I would position the whole talk and this aspect of our business, is that what was the Internet of Things, is becoming the Internet of Everything. Everything that moves and an awful lot of things that don't move are going to be connected in this wonderful world of the future. I think what's going to happen in the next few years is we'll evolve from using Internet of Things, to the Internet of Everything, to just the Internet.
The Internet as we know it will become, or will absorb, what people are currently thinking of as the Internet of Everything. That is it's going to be ten times bigger, one hundred times bigger. Who knows? No one knows. That's the point. I like the idea of it becoming just "the Internet." The Internet will accommodate all these things that are connected in the future.
Josiah Renaudin: We're seeing so many new things being connected. I was just writing the other day about a mailbox with some sort of connected device that lets you know when it's opening and closing. People even in grocery stores are using the Internet to decide, "Here's this freezer aisle, and we'll know when to up the temperature and down the temperature to make sure we're preserving different items." What are some of the most interesting objects or devices that have come from the Internet of Things that you've seen?
Paul Gerrard: There are some funny ones. A friend of mine told me about the cows on a farm. Apparently when the cows are ready to be impregnated by the bull or the vet, they walk differently. There's an application apparently, where you can embed a chip in the rump of the cow, and when it's ready it walks a bit funny. I could imagine the farmer sat in his Star Trek control center. He doesn't go in the fields anymore because he's got driverless tractors. He's got devices which monitor the weather and the temperature and the hydration of the soil and this, that, and the other. He gets an alarm saying Daisy's ready to be served by the bull. Whether there's a bull involved or not, I don't know. The way I would put it is this, is that there are hundreds if not thousands of small companies building small devices which essentially will cost a few dollars. The cost of entry to this market is the lowest it could ever be.
Myself, I built my own robot and I could control it through the Internet. I did that, I have to say, in an afternoon, from components and writing a little bit of code. The cost of entry's so low, and the number of people who are building these things is so great, that the number of applications and devices that are going to be out there in the next few years is just going to explode. Most of them will not go anywhere, but some of them will change our lives. From cows, to ships, to airplanes, to cars, to people. People having embedded systems. There's a company in Sweden that are in this game, and they require all their employees to have a little device embedded in the fleshy part of their hand. It's about the size of a grain of rice, so it's quite a painful process, and it's injected.
There was a story on the BBC where the interviewer had this process done, and he had this little device implanted in his hand. It opens doors in the office, the office knows where he is physically in the location, he can order his coffees by a wave of the hand, he can book rooms, he can do all sorts of these clever things just with this embedded chip in his hand. In some ways, we all carry these mobile devices around today, but why bother? A lot of the functionality that are on mobile devices, phones, tablets and so on, smart watches and wearables—we're going to be carrying all this kit. In fact, I think it's inevitable that the big organizations which will be offering embedded systems which you will inject in your arm or leg or wherever, and that will be your online presence defined. There seems to be no limit to where these things are going.
One other thing I would also mention is, I would like to include things like drones and 3D printers in the landscape. Drones are going to be delivering your mail, packages, body parts to hospitals, who knows where this is going to go? 3D printing, the physicality of transporting small components today but much larger objects in the future, the whole notion of transportation is going to be affected. Why ship a component when you can 3D print it? A friend of mine in Ireland, his Xerox failed. An engineer came in to fix it and they had a conversation. It was all to do with a small part. My friend said, "Could you 3D print that?" The guy said, "Maybe you could." He tracked down the data required to 3D print it and within a month, this friend of mine, he's a bit of a serial entrepreneur, he set up a business printing parts for Xerox machines. He's working in collaboration with this company who do servicing of photocopiers.
The idea for the business and the implementation of the business took just a few days, and they have it. The speed at which businesses can transform themselves from nothing to a startup is even more fast in the physical world with software enabling it. It's quite remarkable.
Josiah Renaudin: It's one of my favorite things to talk about because you think about just ten years ago, people couldn't wrap their heads around what we could do with phones today. I think 3D printing is something else that might follow that track. Ten years from here, look at twenty or twenty-five years, we'll be able to do just amazing things. We'll be able to print out things that you would never have imagined before. It's a rabbit hole I would love to get down.
Paul Gerrard: The examples in the talk, I might use it. It might be out of date before you know it, but a Chinese organization has 3D printed a car for $1,700. I don't know if I believe that or not, I need to look further into it. There's also a device I saw advertised on the web a few weeks ago, which was a device into which you put a piece of hardware. It's a hardware component and you put it into a box. It looks a bit like a microwave oven. In fact, inside it's like a milling machine. What it does is it shaves off slivers off the object inside it, and as it does that it records the profile of the object itself. What it does, it takes the data and then transmits that across the Internet to another location where there's a 3D printer waiting for that data, which prints it. In effect, it's a bit like faxing a document, but you're almost faxing a solid object. It reminds me of the Star Trek transport where people go, "Bbbbwbwbwbw" and disappear, and then reappear miles and miles away and out of the spaceship.
It's really science fiction stuff. These things are happening almost daily. Announcements are being made about smart cities and the way that cities are going to be affected and so on. It's really exciting but terrifying. One of the ideas of drones and 3D printing, whatever, you can 3D print components for a Xerox, but you can 3D print guns. The applications are both good and bad. The notion of drones is, "Well, wait a minute. That's going to change the way crime is committed." There are going to be new crimes possible with some of these advances and so crime prevention and your law enforcement agencies are going to have to really move quickly to stay on top of these things. They're a really big impact. It's not just a little software problem and some gadgets. It's going to change our world over the course of the next generation. Twenty-five years time, if I'm still around, I'll be looking forward to living in a very different world.
Josiah Renaudin: It's something we'll have to understand, adapt almost, when it gets here. We can sit and predict, but we won't really know the societal impacts, like you said, with different crimes and policing with all this stuff, until it gets here. Hopefully we can do as much as we can to prepare, but you never really know until there are drones in the air.
Paul Gerrard: It's terrifying. It's exciting, but it's also terrifying. The laws have to keep pace and as I say, law enforcement and smuggling, and both people, drugs, everything, it's affected by ... The potential is there. The moment people are putting drones up with cameras and having great fun with them, but criminals are going to do the same. It's going to happen.
Josiah Renaudin: 3D printing and drones is something I could probably talk about all day, but I want to make sure I'm not using all of your time. Can you briefly describe your seven-layer architectural model? Help me make sense of the Internet of Things that you'll be mentioning during your keynote.
Paul Gerrard: Of course. If you go to all the corporate sites, every corporation that's investing in the Internet of Things is offering their own vision of the architecture, so it's very confusing. We're still in this Betamax versus VHS situation, where no one really knows how it's going to pan out, because the standards are evolving. Having read a few books and played with some gadgets and studied some of the content from the various big players, it seems to me there's a way of, like a hierarchy, a functionality that one could define. I'm not saying it's perfect, I'm not saying it's the last word, but like all layered architecture, it's got seven levels. The notion is this. At the lowest level you have the raw device. These are the 20-cent devices that might be things like a proximity sensor or a thermometer or a gyroscope which can give you like a gimbal, which can tell you your orientation in the world and so on and so forth, and servos and motors and all that kind of stuff.
A device is at the lowest level. These things are packaged up into what I've called an object. An object might be something like the little box that you'd have in the corner of your room which contains a proximity sensor. It might have your temperature sensor in there, and humidity, whatever. This would be a little box in the corner room like your security system. Like your intruder alarm. That would be the object. All your intruder alarms spread around your house or your office or your factory, they all connect to what I've called a client, which collates all the information. and controls and registers and manages the devices and packaging to objects around your location. Maybe your TV is a client, maybe your fridge is a client. There's probably a little box sat right next to your broadband router which collates all this information. You can see that these things are often packaged in one box, one overall package.
The client will connect to a propagator. A propagator combines the content for many systems. A house might have a propagator which connects, or integrates, the information from your intruder alarm, from your heating, lighting, that kind of stuff, maybe your music, maybe the operation of the doors and windows and ventilation, all that kind of stuff. The propagator connects to the outside world. That connects across the Internet to what I've called a filter gateway, which in some ways is a bit like a firewall, but it filters the data that's coming from potentially hundreds of thousands of propagators around the world. It might be a network of farmers in a locality who are all producing milk. The filtered gateway protects the data center-based components of this architecture. Above that you have an integration level, an integrator, where you're using a fitness monitor.
You go on cycle rides and your mobile phone tracks, using GPS, your routes and speed and the height and whatever, and captures all the data to do with your ride. That ride will then be posted into the Internet through the gateway to an integration function, the company who are running your health monitoring service, and they would integrate the coordinates of your ride with Google Maps, for example. Then you could see a map of your ride as well as having the raw data and telling you the health and fitness stuff. You can see and then share your ride with other people who are using the same application, race people, and maybe even meet up and stuff like that. The integrator takes the data from an application and merges it with others to enrich and to provide a more valuable service. Finally, above integrate. In effect what the integrator does is create the ecosystem for applications to sit upon.
The application is where the real value is added. The application might also be downloaded onto your mobile phone, which actually represents a combination of device, object, client, propagator. There's a two-dimensional architecture. One which is representing the hierarchy of function, and another one which is representing the physicality of these things. Essentially the seven layers represent a hierarchy of function. Application at the top, and very low -evel devices, a thermostat, little 20-cent devices actually at the bottom. Millions of devices at the bottom, a relatively small number of applications at the top.
Josiah Renaudin: This next topic is something we touched on a little bit earlier, which are these risks that come with the Internet of Things. What are some of the major risks, whether they be societal or otherwise, that are emerging from the Internet of Things? If you could, what do you think we could do to combat these risks?
Paul Gerrard: The perception of the seven layers as I've labeled them, is just a complicated client-server Internet distributed system. In some ways, all the risks of Internet things are the same, and there's hundreds of them. What was a risk for an eBusiness application fifteen years ago, pretty much about the same. On top of that we've now added the notion of mobility and the risks of systems running on mobile phones. All those are bundled on the top. Really nothing much has changed in that respect. What has changed, is that when your device is mobile itself. Perhaps it's you as a human moving things around, or it's a driverless car. For example, that car is moving in and out of other people's networks. The car itself will have its local network. This is a mobile network, and perhaps it's that that's going to confuse people is, because it's a network that actually is moving. In your car, its network is mobile and the other cars in the smart city are also mobile.
Together they will act as a crowd. In order to optimize the moving of traffic in a city, the cars will behave as a crowd. There'd be little human intervention. These devices are negotiating and creating. There are statistical models and analytics being applied in order to optimize the routes through the city to keep all the traffic flow moving. That's great. The person sat in the driverless car will experience a wonderful short journey, and stress free and so on and so forth, but then again might not. There'll be things like, "Wait a minute. How do you test that the negotiations that are happening between these mobile devices are coming to the right conclusions?" That's the first thing. That's a very complex problem to test. It's a functional test, but at a very large scale. The number of scenarios that can be envisaged of the cars moving around the city is in the billion-billion billions.
Software always had an infinite number of potential tests, but the thing with, for example cars, is they are fantastic devices for transportation, but they're also dangerous things when they go wrong. We're drifting into a safety critical world. Simulations of systems in that world are possible. Traffic control systems have been around for many, many years. We test them, fantastic, but it costs tens of millions of pounds or dollars to test these things. The guys who are going to be building these kind of networks are not going to have that depth of resource in order to test these things. The challenge we have is to do very, very sophisticated testing with relatively poor resources. This notion of the complexity of the simulation is one aspect of it: security. You could talk for a day just about the vulnerabilities of these systems.
I can't give you so much right now, I'm still learning as everyone else is, but one aspect of this is there are security vulnerabilities at every level in the seven layers, and that's the point. It's not just that your web servers are public facing therefore we stick a firewall in the front and then maybe we're okay. Then it became more sophisticated and we know that application security is a bigger deal. The problem we will have is there will be complexity at several of these levels in every application area. It's several fold more complicated, it's several fold more vulnerable, and the capabilities of the systems we're building are also the same capabilities that hackers will make use of. There are good uses and bad uses for mobile networks. Mobile networks can interfere. Your car may be connected to the city network, or it might be connecting to someone who is tailing you. The guy who's tailing you might be directing you to a part of the world where he can rob you or steal your car.
How will you know that? Because you will have to be trusting the systems that move us around physically. Scalability, yeah. Functional testing at very high scale, absolutely. Security scenarios that we've never thought of before are going to have to be covered. This whole notion of what I've called collaboration confusion. Thinking of cars as the example, if all the cars are moving around in a perfect city environment, not a problem perhaps. I'm speculating that once driverless cars are on the streets of towns, a new sport will emerge, which is juvenile, is jumping in front of the cars to watch them stop. Playing chicken. This will go on for some time until someone gets killed. Then what? I don't know. When cars are involved in accidents or have choices to make—"Do I crash into another car or do I crash into a lady pushing a buggy with a kid in it?"—you'd hope they'd make the right choice.
Then you have more interesting things, like if I'm in a Google car and it gets out of control and it has a choice to make in a split second: "Do I crash into an Apple car or a Google car?" How will it decide? It might be better to crash into its own manufacturer's car to save on the legal fees of the dispute. I don't know. When you put your silk shirt, which is connected, into your connected washing machine, and the washing machine decides to boil your silk shirt and shrink it to half the size, who is liable? The whole legal aspect of how these devices are going to interact is just ... We really are scratching the surface. There's going to be a mountain of legislation required to deal with all the weird and wonderful ways this is going. I think testing overlaps with this considerably.
Josiah Renaudin: There are a lot of unanswered questions. It's really interesting moving forward. We've covered a lot of different things today, from the security risks of the Internet of Things to drones flying through the air, but more than anything, what major lesson or point do you hope your audience will walk away with after your keynote is done?
Paul Gerrard: Two things, I think, come to mind. One is the functional testing scale, which I've mentioned. We have technologies to execute millions of tests, checks, call them what you like. What we don't have is the ability to create them. We have a machine to run a million tests, where are we going to get the million tests from? We have to create new mental models and tools which will support our ways of modeling, in order to generate the tests to feed these tools to run these simulations. The only people who can do these simulations are in the high integrity arena, and it costs tens of millions of dollars to do some of these tests. We have to figure out a way of doing it at much lower cost. That's the first thing. The second is we have to recognize that testing just doesn't stop in the lab. In a lot of examples, the devices, driverless cars, drones, whatever, they will have to be tested in the field.
The notion of delivery into production, the delivery of live systems, live things into this new world, the risks associated with that could only be tested in the field. As one example, Barcelona have set up what they've called, I think it's called the Barcelona Urban Hub, which is basically a field test environment for companies who are bringing devices to market, and they will allow you to connect and interact with their systems within the city itself. There are some criteria you have to satisfy, which is like, is it something that will benefit the city as a whole, for a start. I think you will see the migration of the way we build and test software from it being laboratory-based, to both laboratory and testing in the field. There will be a lot of experimentation in the field. There will be continuous delivery into the field.
I think there's a real shift, this notion of shift left, of testers moving into development arena, continuous delivery, DevOps, very rapid and very highly automated processes to support our development test. It's only going one way, and I feel that that seems to be that what the Internet of Things is driving, a different perspective and a different way of thinking almost. The consequence of this is, I might I might not, but in the talk I might introduce a new way of thinking about testing that I hope will support testing in this environment. These are the things I want to leave people with, just to raise more questions than answer I think, in some ways. I think we need to get thinking seriously how this is going to turn out.
Josiah Renaudin: Absolutely. Thank you very much, Paul. I appreciate you speaking with us today about multiple different things, and he will be at STARWEST. I'm looking forward to hear more from you at your keynote.
Paul Gerrard: Thank you, it's a pleasure.
Paul Gerrard is a consultant, teacher, author, webmaster, programmer, tester, conference speaker, rowing coach, and publisher. He has conducted consulting assignments in all aspects of software testing and quality assurance, specializing in test assurance. Paul has presented keynotes and tutorials— occasionally award winning—at testing conferences on four continents. He is a principal of Gerrard Consulting Limited, the host of the UK Test Management Forum, and the Programme Chair for the 2014 EuroSTAR testing conference. In 2010, Paul won the EuroSTAR Testing Excellence Award. He's been programming since the mid-1970s and loves using the Python programming language.