Nota Bene

Every now and again (once every several years or so), a high-profile unpleasantness occurs in the cyberworld – some unexpected new maliciousness that fairly bowls the world over. For most ‘civilians’ it’s just the latest in a constant stream of seemingly inevitable troublesome cyber-surprises. As for my colleagues and me, we normally nod, wink, grimace, and raise the eyebrows à la Roger Moore among ourselves while exclaiming something like: ‘We’ve been expecting you Mr. Bond. What took you so long?’

For we’re forever studying and analyzing the main tendencies of the Dark Web so we can get an idea of who’s behind its murkiness and of the motivations involved; that way we can predict how things are going to develop.

Every time one of these new ‘unexpected’ events occurs, I normally find myself in the tricky position of having to give a speech (rather – speeches) along the lines of ‘Welcome to the new era‘. Trickiest of all is admitting I’m just repeating myself from a speech made years ago. The easy bit: I just have to update that old speech a bit by adding something like: ‘I did warn you about this; and you thought I was just scaremongering to sell product!’

Ok, you get it (no one likes being told ‘told you so’, so I’ll move on:).

So. What unpleasant cyber-unexpectedness is it this time? Actually, one affecting something close to my heart: the world of automobiles!

A few days ago WIRED published an article with an opening sentence that reads: ‘I was driving at 70 mph on the edge of downtown St. Louis when the exploit began to take hold.‘ Eek!

The piece goes on to describe a successful experiment in which hackers security researchers remotely ‘kill’ a car that’s too clever by half: they dissected (over months) the computerized Uconnect system of a Jeep Cherokee, eventually found a vulnerability, and then managed to seize control of the critical functions of the vehicle via the Internet – while the WIRED reporter was driving the vehicle on a highway! I kid you not folks. And we’re not talking a one-off ‘lab case’ here affecting one car. Nope, the hole the researchers found and exploited affects almost half a million cars. Oops – and eek! again.

However, the problem of security of ‘smart’ cars is nothing new. I first ‘joked’ about this topic back in 2002. Ok, it was on April 1. But now it’s for real! You know what they say… Be careful what you wish for joke about (there’s many a true word spoken in jest:).

Not only is the problem not new, it’s also quite logical that it’s becoming serious: manufacturers compete for customers, and as there’s hardly a customer left who doesn’t carry at all times a smartphone, it’s only natural that the car (the more expensive – the quicker) has steadily been transformed into its appendage (an appendage of the smartphone – not the user, just in case anyone didn’t understand me correctly).

More and more control functions of smart cars are now firmly in the domain of the smartphone. And Uconnect isn’t unique here; practically every large car manufacturer has its own similar technology, some more advanced than others: there’s Volvo On Call, BMW Connected Drive, Audi MMI, Mercedes-Benz COMAND, GM Onstar, Hyundai Blue Link and many others.

More and more convenience for the modern car-driving consumer – all well and good. The problem is though that in this manufacturers’ ‘arms race’ to try and outdo each other, critical IT security matters often go ignored.

Why? 

First, the manufacturers see being ahead of the Jones’s as paramount: the coolest tech functionality via a smartphone sells cars. ‘Security aspects? Let’s get to that later, eh? We need to roll this out yesterday.’

Second, remote control cars – it’s a market with good prospects.

Third, throughout the auto industry there’s a tendency – still today! – to view all the computerized tech on cars as something separate, mysterious, faddy (yep!) and not really car-like, so no one high up in the industry has a genuine desire to ‘get their hands dirty’ with it; therefore, the brains applied to it are chronically insufficient to make the tech secure.

It all adds up to a situation where fancy motorcars are becoming increasingly hackable and thus stealable. Great. Just what the world needs right now.

What the…?

Ok. That’s the basic outline. Now for the technical background and detail to maybe get to know what the #*@! is going on here!…

Way back in 1985 Bosch developed CAN. No, not their compatriot avant-garde rockers (who’d been around since 1968), but a ‘controller area network’ – a ‘vehicle bus’ (onboard communications network), which interconnects and regulates the exchange of data among different devices – actually, those devices’ microcontrollers – directly, without a central computer.

For example, when the ‘AC’ button on the dashboard is pressed, the dashboard’s microcontroller sends a signal to the microcontroller of the air conditioner saying ‘turn on, the driver wants cooling down’. Or when the brake pedal is pressed, the microcontroller of the pedal mechanism sends an instruction to the brake pads to press up against the brake discs.

Put another way, the electronics system of a modern automobile is a peer-to-peer computer network – designed some 30 years ago. It gets better: despite the fact that over three decades CAN has been repeatedly updated and improved, it still doesn’t have any security functions! Maybe that’s to be expected – what extra security can be demanded of, say, a serial port? CAN too is a low level protocol and its specifications explicitly state that its security needs to be provided by the devices/applications that use it.

Maybe they don’t read the manuals. Or maybe they’re too busy trying to stay ahead of competitors and come up with the best smart car features.

Whatever the reasons, the fundamental fact causing all the trouble remains: Some auto manufacturers keep squeezing onto CAN more and more controllers without considering basic rules of security. Onto one and the same bus – which has neither access control nor any other security features – they strap the entire computerized management system that controls absolutely everything. And it’s connected to the Internet. Eek!

Just like on any big computer network (e.g., the Internet), cars too need a strict ‘division of trust’ for controllers. Operations on a car where there’s communication with the outside world – be it installation of an app on the media system from an online store, or sending car performance diagnostics to the manufacturer – need to be firmly and securely split from the engine control, the security and other critical systems.

If you show an IT security specialist a car, lots of functions of which can be controlled by, say, an Android app, he or she would be able to demonstrate in no time at all a dozen or so different ways to get round the ‘protection’ and seize control of the functions the app can control. Such an experiment would also demonstrate how the car isn’t all that different really from a bank account: bank accounts can be hacked with specially designed technologies, in their case with banking Trojans. But there is a further potential method that could be used to hack a car just like a bank account too: with the use of a vulnerability, like in the case of the Jeep Cherokee.

Any reasons to be cheerful?…

…There are some.

Now, the auto industry (and just about everyone else) seems to be well aware of the degree of seriousness of the problem of cybersecurity of its smart car sector (thanks to security researchers like those in the WIRED article, though some manufacturers are loath to show their gratitude openly).

A sign of this is how recently the US Alliance of Automobile Manufacturers announced the creation of an Information Sharing and Analysis Center, “that will serve as a central hub for intelligence and analysis, providing timely sharing of cyber threat information and potential vulnerabilities in motor vehicle electronics or associated in-vehicle networks.” Good-o. I just don’t see how they plan to get along without security industry folks involved.

And it’s not just the motor industry that’s now on its toes: hours (!) after the publication of the WIRED article (the timing was a coincidence, it was reported) new federal legislation in the US was introduced establishing standardization of motor industry technologies in the field of cybersecurity. Meantime, we’re hardly twiddling thumbs or sat on hands: we’re actively working with several auto brands, consulting them on how to get their smart-car cybersecurity tightened up proper.

So, as you can see, there is light at the end of the tunnel. However…

…However, the described cybersecurity issue isn’t limited just to the motor industry.

CAN and other standards like it are used in manufacturing, the energy sector, transportation, utilities, ‘smart houses’, even in the elevator in your office building – in short – EVERYWHERE! And everywhere it’s the same problem: the growth of functionality of all this new tech is hurtling ahead without taking security into account!

What seems more important is always improving the tech faster, making it better than the competition, giving it smartphone connectivity and hooking it up to the Internet. And then they wonder how it’s possible to control an airplane via its entertainment system!

What needs doing?

First things first, we need to move back to pre-Internet technologies, like propeller-driven aircraft with analog-mechanical control systems…

…Not :). No one’s planning on turning the clocks back, and anyway, it just wouldn’t work: the technologies of the past are slow, cumbersome, inefficient, inconvenient and… a lot less secure! Nope, there’s no going backwards. Only forwards!

In our era of polymers, biotechnologies and all-things-digital, movement forward is producing crazy results. Just look around you – and inside your pockets. Everything is moving, flying, being communicated, delivered and received, exchanged… all at vastly faster speeds to those of the past. Cars (and other vehicles) are only a part of that.

All that does make life more comfortable and convenient, and digitization is solving many old problems of reliability and security. But alas, at the same time it’s creating new problems. And if we keep galloping forward at breakneck speed, without looking back, improvising as we hurtle along to get the very best functionality, well, in the end there are going to be unpredictable – even fatal – consequences. A bit like how it was with the Zeppelin.

There is an alternative – a much better one: What we need are industry standards; new, modern architecture, and a responsible attitude to the development of features – by taking into account security – as a priority.

In all, the WIRED article has shown us a very interesting investigation. It will be even more interesting seeing how things progress in the industry from here. Btw, at the Black Hat conference in Vegas in August there’ll be a presentation by the authors of the Jeep hack – that’ll be something worth following…

Smart cars can be remotely hacked. Fact. Period. Shall we go back to the Stone Age? @e_kaspersky explains:Tweet

PS: Call me retrogressive (in fact I’m just paranoid:), but no matter how smart the computerization of a car, I’d straight away just switch it all off – if there was such a possibility. Of course, there isn’t. There should be: a button, say, next to the hazard lights’ button: ‘No Cyber’!…

…PPS: ‘Dream on, Kasper’, you might say. And perhaps you’d be right: soon, the way things are heading, a car without a connection to the ‘cloud’ won’t start!

PPPS: But the cloud (and all cars connected to it) will soon enough be hacked via some ever-so crucial function, like facial recognition of the driver to set the mirror and seat automatically.

PPPPS: Then cars will be given away for free, but tied to a particular filling station network digital network – with pop-ups appearing right on the windscreen. During the ad-break control will be taken over and put into automatic Google mode.

PPPPPS: What else can any of you bright sparks add to this stream-of-consciousness brainstorming-rambling? :)

Hi folks!

This here post is the last in my mini-series from St. Petersburg. It continues the ‘places to visit‘ theme, but with a difference; for the place it describes resembles a museum, but it isn’t a museum really, I think. Or maybe it is. It claims to be one… Hmmm, whatever it is, it’s unusual, unique, and a must-see!

It is a bit like a museum or art gallery in that you’re not allowed under any circumstances to touch the… exhibits, even though they’re not really exhibits… Confused? You won’t be…

Sign: ‘He touched the exhibit/model!’ On shirt: ‘I’m being punished’

This is Grand Maket Rossiya! Maket is a Russian word with numerous, similar meanings, but choosing the right one to translate into English can be tricky. This is perhaps proved by the people behind the maket having left it as just that – maket, even though it isn’t an English word. When they describe the place on the site it’s put as a ‘layout’. They mean a scale model of the Russian landscape – a miniature version of the layout of the country, making it the smallest maket of the largest country in the world for sure. It’s also the second largest scale model of its kind in the world – behind Miniatur Wunderland in Hamburg.

This is a truly unique, mind-blowing, thoroughly enjoyable place. From the outside it’s nothing much – a not-so-large, unassuming building; inside – OMG. It’s like Dr. Who’s TARDIS! A massive miniature (!) scale model – an impossibly large kid’s toy; an impossibly large adult’s toy. Again though – not really a toy; what sort of toy is one you can’t touch? :)

Read on: railroads and highways, cities, towns and villages, factories, power stations… everything!…

There are different kinds of museums.

There are real museums (in the classic understanding of the word), there are expositions, exhibitions, installations… What other words are there for describing such events? Graffiti! Btw, good quality graffiti done in good taste – is it an exposition or installation or hooliganism? The latter I cross out since good graffiti (IMHO) is real art. Oops. Off piste before even getting on piste. I do keep doing that…

So. Museums…

St. Petersburg is ram packed full of them. It’s like the museum capital of the world.

Now, I understand that if St. P’s museums were to be compared with, say, the Louvre or the British Museum, St. P’s may lag behind somewhat. However, considering the very difficult past St. Petersburg has had, its museums are a bit of a miracle. Museums weren’t all that well supported in post-imperial times; the same goes for during the 70+ years under Communism; obviously WWII was a major setback; and of late, post-CCCP, the city’s museums have continued to be somewhat neglected with no generous state or philanthropic sponsors coming forward as they do in the West. Maybe I’m wrong. But that’s how it seems to me. Do correct me if I’m mistaken.

There I go again… OK. Back to the main topic…

In Saint Pete there are the usual suspects: the museums children visit on school trips – the typical, the bland, the traditional, the obvious. So we, naturally, decided to shake things up a bit and go alternative, rebel, renegade! We went to… the Railroad Museum!

Read on: let the pix do the talking…

Hi all!

To get high up and look down and around, say, from up a mountain… it’s always cool and beautiful. But to fly up above for panoramic views of below – it’s even better. And best of all when it comes to flying for sightseeing purposes is the helicopter. Best of all when it comes to what to check out below…: a beautiful city. Best of all when it comes to beautiful cites…: one uniquely beautiful like St. Petersburg.

So of we choppered…

Pulkovo – Petergof – Bolshaya (Big) Neva – the Neva – Malaya (Little) Nevka – Pulkovo.

I’ve nothing much to say really. But a lot to show…:

Petergof:

Read on: Bolshaya Neva and so on…

St. Petersburg in summer, especially June and July – it’s… tricky. You’ve probably already heard that there’s hardly any nighttime at all in summer, as, well, the sun – well up the northern hemisphere this time of year, just pops over the horizon for a few measly hours, before it ‘rises’ again in the wee hours of the next morning. As a result, days can seem endless; well, they almost are. And you need good thick curtains or an eye mask to get some proper shut-eye of a ‘night’.

There’s another thing: you gotta make sure you’re where you got to be before the bridges go up. If they do, and you’re not where you need to be: oops. On the other hand, these bascule bridges have their advantages: what better excuse can there be to not be where you should be (and really don’t want to be)? “Can’t make it. No really: can’t – physically. The bridges are up!”.

Like I say, Peter – it’s tricky this time of year.

It’s tricky, but it’s also awesome. Just check out some of these White Nights & bridges-up views you can get to see. Awesome indeed…

Read on: boats, canals, Neva…

There are all sorts of unusual phenomena in the world – both natural and manmade.

Sometimes they’re hunky dory and harmless, like horizontal waterfalls in Kimberley in Australia, manmade cascading falls at the Itaipu Dam, or the stunning sunsets on Santorini.

Other times they’re depressingly dreadful and destructive, like volcano eruptions, earthquakes and tsunamis.

There’s the static symmetry of mountains and volcanoes; there’s the slow and steady movement of things like tectonic plates, glaciers and snowcaps; and there’s the unpredictable though grimly inevitable things like avalanches and other such cataclysms. There are also freak, flash, or full-on floods, which come and go with intermittent regularity. Floods are what we get when the gods forget to turn the tap off when pouring a bath. So man has to intervene. He can’t get them to stop forgetting, so he has to design and construct large protective installations to drain water that’s just about to cause a flood – to make up for this godly absent-mindedness.

One place where heavenly amnesia occurs rather frequently is in the European part of Russia – just off the Gulf of Finland, especially around the delta of the river Neva. And by unlucky coincidence the city of St. Petersburg happens to be situated right there. This is a city known for its heroism, victories and imperial cultural heritage, but also, alas, water-caused catastrophes. Of the latter it’s had more than its fair share. For those interested – here.

Still interested? Then simply read the Bronze Horseman. It rules. It’s here btw, with plenty of commentary.

The short version:

St. Petersburgers naturally needed to do something about the flooding. Which is just what they did. Now, I’d heard about it before, but only recently did I finally get to see it in the flesh sun: around St. Petersburg there’s now a huge dam to protect the city from flooding. Pushkin’s poetic depictions of floods are now thankfully firmly a thing of the long-gone past – and good riddance.

Turns out, professional hydraulic designers and technicians scoff at the description ‘dam’ for this fantastic feat of engineering. They prefer: ‘complex of protective installations against flooding’. Doesn’t quite slip off the tongue, but if they insist, who am I to question it?

Now for a bit of technical data…

What was needed was a construction that would normally let reasonable amounts of water through from the Gulf of Finland into Neva Bay, but when catastrophically high waves come a-crashing in from the Baltic Sea would create a tall barrier to stop them causing a ruinous flood throughout the city. The installation also had to be able to let ocean-faring ships through on a daily basis, plus also not interfere with the delicate local marine ecology.

Plans to build the ‘dam’ were first made as far back as in the 19^th century, but construction only started in 1979 (details – here). Then of course Communism finally arrived… and at the end of the 1980s construction was halted. Fast-forward to the early-2000s and the abandoned project was resuscitated, and in 2011 it was finally completed; and what they got was something truly damtastic!

I tried to find similar flood-control dams on the net but didn’t get very far. They’re all somehow a lot smaller in size. There’s one in London, one in Holland, one on the Elbe… But they’re all tiny compared to the whopping Russian 25-kilometer dam installation. Impressed I was.

There is one anti-flood installation that’s on a par – the one being built in New Orleans. When it’s completed it will be bigger; but for the moment the one in St.P is No.1!

To the layman who may encounter the construction, it’s simply a 25-km-long highway that crosses the Gulf of Finland from bank to bank, much like that one featured in Miami Vice that connects Miami to the Keys (which is much longer – but it ain’t no anti-flood installation:). Smooth tarmac, neat markings and signposts, entry and exit roads…: nice.

Read on: Oh My Genius!!…

[*see the last-but-one paragraph.]

Of late my blogposts have been coming forth in series. There have been Kimberley 1-7, there are the Top-Places-themed posts coming up, and now, here – the first post of another series: on Saint Petersburg – the Window to Europe…

Here we go!…

First – a bit of a long-winded intro. Long-winded, moi?

For some unknown reason I recently decided to tot up the number of cities in Russia I’ve been to. I mean just cities, not towns – so, let’s say, places with at least 100,000 folks living there. And I also mean cities I’ve properly visited: in which I stayed at least a few days. Accordingly, ‘passed through’, ‘saw its airport waiting for a connection’, even ‘quickly checked out its kremlin’, etc. all don’t count.

It turns out that my total for Russia is 14 cities. Listed from west to south to north to east, they are: Kaliningrad, Pskov, Velikiy Novgorod, St. Petersburg, Moscow, Rostov-on-Don, Novorossiysk, Kazan, Saratov, Volgograd, Sochi, Yakutsk, Novosibirsk, Petropavlovsk-Kamchatski.

Of course there have been other towns and cities I’ve been to, but they don’t get included in my total due to the above-mentioned exception rules. So, ‘visited’ towns and cities not making the list include the following:

Uryupinsk, Kozmodemyansk, Dmitrov, Dubna, Kolomna, Torzhok, Kozelsk, Kem, Belomorsk, Kholmsk, Yuzhno-Sakhalinsk, Lukhovitsi, and many, many more…

I then wondered what such a list but of US cities would look like… Woh: 16! Two more than in Russia:

Anchorage, Seattle, San Francisco, Los Angeles, Las Vegas, Minneapolis, Chicago, Louisville, Dallas, Austin, Boston, New York, Washington D.C., Atlanta, Orlando, Miami.

The ‘barred’ cities and towns for the US are: Honolulu (Hawaii), Valdez (Alaska), Sedona (Arizona), Palo Alto & San Jose (California), El Paso (Texas), Page (Arizona), Key West (Florida) and many others (even our office in Woburn (Massachusetts) – disallowed!).

Hmmm, let’s see… the USA has just under double the population of Russia (320 million and 140 million, respectively). That means one city of Russia should have a coefficient of two when comparing the two nations’ visited cities… No, that doesn’t work: then I’d have been to the ‘most cities’… in Singapore! (with its population of 5.5 million, 25 times smaller than Russia).

Let’s look at some of the populations of countries whose cities I’ve visited…

Norway – five million souls, and I’ve been to two cities – Oslo, the capital, and Bergen; that is, twice as many as in Singapore. Where else?…

…New Zealand! – 4.4 million persons. We acclimatized and slowly strolled about in Auckland, and spent a night in Christchurch and closely inspected its highlights the next day. Then there was Wellington and Dunedin where we bedded down one night each, but no inspecting – so they don’t count.

Do we have a less-than-2,000,000-population country in the visited list? Yes!…

…Gabon! 1.6 million Gabonese, and I was in Libreville for a few days just six weeks ago. Cyprus! Limassol and… Nicosia and Pathos only passed by – meaning Cyprus not a competitor! (Although there’s just over a million population there). Andorra! Been, strolled, skied – 85,000. But who’s the champion? Monaco! Monte Carlo. Clear leader. 30,000 population. And I’ve been there many, many times.

So, if you take into account a city’s country’s ‘handicap’ coefficient, get to Monte Carlo. It equals 4500 cities in Russia or 10,000 towns in the US. Oh, something isn’t right there. The method’s all wrong. We could take into account economic coefficients, geographic area coefficients… but no; I’m already a bit tired of all this, and what I’ve already written turned out to be way too long…

OK, enough math mirth :).

Experimental comparison ramblings aside, recently… I was in Saint Petersburg (note to US readers: the original one)!

The splendid, saintly, seductive, sensuous, statuesque St. Petersburg. I was last there seven years ago, in the summer of 2008. We had our partner conference there. And since then every year I’d kept promising our Peterites I’d be coming back soon, but always shamefully failing to do so.

Seven years I’d been promising. In the meantime we’d opened an office there, we’d then moved to smarter premises, and now 80 KLers work there diligently for the good of the company and the world. A lot has changed, and I was always was promising but dragging my feet. Well, at last, I finally made it up there! Hurray – I’m writing this in St. P: one of the most beautiful cities in the world.

So, what have we here that was here last time? The Neva‘s still flowing through the city, there’s Nevsky, St. Isaac’s, the Admiralty building, Peter and Paul Fortress, and the Astoria; the bridges still open and Petergof is still a real crowd-puller.

Read on: What else was new?…

Hi all!

Many of you have probably noticed that I get around this globe of ours rather often. More often than not this getting around is for business (meetings, conferences, speeches, etc.), but I normally try and fit in a bit of free time too so I can go and inspect this or that place of interest nearby. Sometimes this is a mere ‘see, take pics; sorted; next!‘. Other times it’s a matter of seriously studying some seriously amazing natural and/or historical phenomena.

As I’d look at all these wonders of the world, I’d often think to myself: ‘everyone should see these’. I’d then normally get to thinking ‘what else needs to be seen in this world?’ What are the most interesting and breathtaking places on the planet? And once upon a time (many years ago) I was handed a ‘Top-100 Most Beautiful Places in the World’, or something like that. Around the same time I also saw a TV program called the ‘Тop-20 Places to See Before You Die” (again, or something like that).

After viewing both, the first thought that struck me was, ‘these ain’t right’, and it occurred to me that the writers/program makers probably hadn’t really seen much of the world at all, let alone be qualified to write lists on the best places in it. So it was there and then when I decided to intervene directly and come up with my own list – ‘of the very best and most interesting places on the planet, which all need visiting one day – if you’ve the time and cash to spare’ (or something like that).

New Zealand

More…

As mentioned in my previous post, in this one I’ll quickly go over what we didn’t see in Kimberley, but really wanted to.

Since Kimberley is a truly titanic territory, seeing it all in three days (a mere long weekend) is simply impossible. However, I was assured we did get in all the best bits of the territory. Also, another important objective was reached: Now I know where, when and specifically how inspecting the place’s natural beauty spots needs to be done. Thus, the below material should be taken as a plan of action for future visits…

So, herewith, some pointers for how best to plan and organize a sightseeing vacation in Kimberley, Australia:

– Season to visit: April-May – right after the rain season; so as to see the waterfalls at their best – in full gusto.
– Micro-timing of the trip: when there’s either a new or full moon; so as to see the tides at their best – at their maximally extreme.
– To have one or two days’ plane or coach excursions; so as to see all the sights described and photo’d in my Kimberley posts 1-6.
– To charter a ship for, say, 10 days (preferably with a helicopter, or to come to an agreement with a local chopper company).
– Sail on the ship from Broome to Wyndham (or nearby – wherever the ship can moor); so as to be able to inspect all the most significant coastal beauty.

… And those most significant coastal beauties are as follows:

1. King Cascade, somewhere on this river. (Surprisingly, the Internet has little to say about or show of this place.) It’s around 200km (as the crow flies) northeast of the Horizontal Falls. The few pics on the net are here.

Source

More…

G’day possums!

Herewith, the penultimate post in what has turned out to be a bit of a marathon travelogue series from down-under…

After lunch after our morning adventures on our last full day here, it was finally time for some retail therapy!

But not in the traditional sense of mall-traipsing + inevitable food-court submission, naturally; no malls in Kimberley. No, it’s a very specific type of shopping – of just one product. Can you guess yet?

Guys (males) – I’d recommend doing this spot of shopping either without the wife/girlfriend/daughter, or without credit cards or cash. Preferably with neither! For the product on offer here doesn’t come cheap…

The product is… the pearl! Pearls are industrially produced here at Leveque Cape.

It goes like this:

Locals here catch oyster shells, implant inside them a foreign body (I forget made of what), then put the shells into net cages and put them back in the sea. Several years later they open up the shells to find – da, daaaa – pearls!

The meat left over inside the shells is fed to hungry tourists here, and beautifully cleaned up and finished shells are also sold to them once they’ve had their fill of the oysters. Nice little side line :).

Check these pearl-farming pics out:

Shells…