Whew! So, I CAN spell. I was worried.

On the 1-Nov-2025 October Recap of Cybersecurity Today, I heard something I found very interesting, and decided to look for more information. On investigation, I discovered that the panel consisted of host Jim Love, David Shipley of “Boer on Securities”, and Laura Payne of “White TOK”.

Uh, no. Obviously AI-generated, so I dug a bit deeper.

David Shipley is actually the CEO (or “head of the pack”) at Beauceron Security, a Canadian company based in Fredericton, NB which focuses on cybersecurity and user training and education. As a regular listener, I was already aware of David Shipley and some of the work they do at Beauceron - interesting stuff. And entirely predictable that an AI that frequently mangles English words and names would do the same to a French name. TIL that the Beauceron is a French dog breed, often used as a guard dog or to help herding sheep or cattle. Beautiful dogs, and apparently very intelligent and calm.

But I digress.

The panel was discussing the recent large-scale AWS outage, which resulted in widespread disruption and outages for a wide variety of services including Reddit, Snapchat, Roblox, the PlayStation Network, online banking services, and a host of others. It was bad, and highlighted a number of issues around automation, resilience, and the complexity of the interdependence of modern computer networks.

A very interesting topic, but the part I found most interesting was when Laura Payne highlighted the fact that some owners of luxury “smart beds” encountered major issues, including readjusting preferred heating temperatures up to 110 degrees F, flashing lights, and cases where the bed “stuck” at an extreme incline.

This, Laura Payne noted, should not happen. She then mentioned the “escalator principle”, and noted that when escalators loses power, they still work as stairs.

I knew the name of the company she leads, as CEO and Head of Security Consulting, and I knew that it was not “White TOK”, but when I looked for “white touque” I was surprised to find nothing, then shocked when I saw that the name of the website is https://www.whitetuque.com, and then found references to “toque” and “tuque” – neither of which I had seen before.

Could I have been spelling such a quintessentially Canadian word as “touque” incorrectly?

The horror!!

On digging, I discovered that the toque is a type of hat with a narrow brim, or no brim at all, and is now mainly known as the “traditional” chef’s hat. But not in Canada, where the term is used interchangeably with the French Canadian spelling “tuque”, to refer to what many call knit caps.

This can’t be happening!!

But then I found it! A whole section of the article addresses the spelling, and includes the phrase “also spelled tuque or touque”, along with a wonderfully Canadian discussion that included quotes like “We all know a tuque when we see one, [we just] can’t agree on how to spell the word.”

There was also a CBC poll, which asked the question: “Hey hosers – what do you call that cap on your head?”

Whew! What a relief. (Canadians are probably nodding along with me, while everyone else is wondering if I’ve gone mad...)

But where was I?

Ah. Yes. Laura Payne was discussing the escalator principle, and noted that IoT device makers should always keep this principle in mind. “A smart lightbulb should still work as a lightbulb”, and a bed should fail to “what it is without intelligence”.

Absolutely!

My response to this was about the same as David Shipley’s, who said he was going to start using this concept when speaking to, well, pretty much everyone. Rather than getting bogged down in theoretical discussions of fail-safe vs fail-secure, just talk about an escalator and everyone will understand.

Brilliant! I just wish I had thought of it. Sigh.

In the example above, a smart bed that loses it’s internet connection (however ridiculous you find the idea in the first place) should fail to flat, with no heat/cooling/lights/sounds – ie, a bed.

Well, yes. Obviously, right?

And yet they didn’t. Not because they’re stupid, or careless, but simply because they didn’t think things through in a disciplined way. They didn’t take advantage of decades of learning about reliability engineering or fault tolerance, likely because everyone in the world appears to be focused on shoving internet connectivity into everything so they can call it “smart”.

Smart products are not just “dumb” products with internet access. They should be thought of as new products, with careful thought given to understanding what it is you’re designing, what it will do, what are the hazards, what happens if it breaks – all the “usual”, dull, traditional questions which are usual, dull and traditional because they work.

But don’t get me started on the security implications of these smart devices... that’s another can of worms!

Cheers!