June 2008 Archives

Focus on the... Hate?

I've always found it obnoxious when religious leaders meddle in political affairs. It's one thing to stand up and promote values consistent with your religious beliefs, and to encourage others to support "leaders" (generic) who support those same beliefs, but this latest round from Dobson is over the line. Dobson's Focus on the Family radio series, as well as his role with the Promise Keepers organization, would suggest that he is in favor of less hate and more open cooperation. It thus seems quite disturbing that he's lashing out at Obama for a speech 2 years ago suggesting that the country cannot be run based on any one religion, noting that even if you said "the US is a Christian country" that you then have multiple denominations with varying value systems to contend with.

Don't be too concerned by this hate mongering, though. It seems that Dobson doesn't really like either candidate, and may not even vote for a presidential candidate come November. If true, why bother trying to influence people one way or another? Haven't we heard enough hate speech already in this election?

"Dobson has not backed off his statement that he could not in good conscience vote for McCain because of concerns over the Arizona senator's conservative credentials. Dobson has said he will vote in November but has suggested he might not vote for president."

Little Miss Yawning

In a follow-up to the previous 3D/4D post... a short video of her yawning. :)




Sudden Climate Change is Normal

There's an interesting article on the SciAm website today about the results of ice core analysis from northern Greenland. Apparently climate changes have happened quite suddenly in the past, and it wasn't catastrophic. Of course, the global warming worry-wart alarmists then read this research and say:

"The question that arises from such findings is: How come the Greenland ice sheet at such a low latitude has remained so stable during the present interglacial [period] until now?" says study co-author and geochemist Claude Hillaire-Marcel of the University of Quebec in Montreal. "In view of the past instability—and sensitivity to temperature—of Greenland ice, serious concerns about its future under global warming stress do emerge."

Now, call me crazy ("crazy!"), but you can't have it both ways. Now they're suddenly concerned that the Greenland ice shelf has been too stable?!?!? And then they of course link it back to the doom and gloom typical of the global warming crowd.

Just a quick note... last week Tim Russert died suddenly... this weekend it was George Carlin... who will be next? It's an old urban legend, I know, but it makes one wonder. Both were heart-related problems, too. Interesting this thing we call living, isn't it?

Little Miss in 3D! :)

| 1 TrackBack

This post has nothing to do with information security, and everything to do with being a proud father-to-be! :) We went to InfantSee4D yesterday and had a special ultrasound of our bundle of joy - in 3D and in 4D (3D+motion). We saw her yawn at the beginning, which was just the cutest thing. And then she slept, so not much motion. :) She has cute little arms and cute little legs, and apparently loves to suck on the umbilical cord, up near the placenta. It's all very cool!

Anyway, after the jump are pictures of her in 3D. I think she looks like Hanna - which is a very good thing! :)

Resist Strictly Incremental Changes

"IT consolidation is a major undertaking that can require escalating upfront capital costs to achieve long-term cost savings. It can also take between six months and two years to execute. As such, these investments often face senior executive — if not board-level — scrutiny. A business case built or vetted by a major consultancy has a better chance of approval due to higher perceived credibility of the methodologies and rigor behind the business cases built by these firms." (Source: James Staten, principal analyst, Forrester Research)

Shop and Learn about Supreme Fitness and Well BeingOne of the more common sights in enterprises is to see an incremental approach to addressing big problems. From an engineering perspective, this is fine, and really quite a good problem solving tactic. However, when it comes to making meaningful change from a security perspective, I have come to seriously question the utility of incremental changes.

Those bastards we call elected Representatives are about ready to pass telecom immunity. !!!! Apparently it isn't enough that the last 3 times the public expressed outrage. Now there's no coverage of it in the press and it looks set to pass. Please, call your Congresscritter today and demand a 'no' vote!! Illegal activities must not be sanctioned by the government, no matter who signed off on it!!! Furthermore, quashing law suits designed to reveal illicit activities is also inappropriate and detrimental to freedom and civil liberties. Just say no to telecom immunity!

Go here: EFF No Immunity site

Security is Like Fighting Ants

Have you ever had to deal with an ant infestation around your home? We've recently moved into a rental home, and our first major headache has been dealing with ants. It's apparently a seasonal thing (beginning and end of Summer), but it was still quite annoying, not to mention a bit gross. The first incursion occurred on move-in day. After having several guys help out, we grilled, and from around the door to the deck I noted a steady stream of ants that followed the trail of crumbs all the way to the nearby kitchen sink. Suffice to say, cleaning has become a much higher priority since then.

Dealing with this matter has gotten me thinking about corollaries with security. These ants are external attackers (which is now known to be our primary concern, thanks to Verizon's report), and they seem to be very motivated to get through the perimeter. Once past the perimeter, they're much harder to contain. Also, how you defend against them varies depending on your goals.

Courtesy my father, and from a rather conservative corner of the blogosphere. This article by Walter Williams provides a very pointed critique of TSA and why most of is in the security industry find the whole theater absolutely nauseating. My favorite quote:

"The bulk of the people hassled by these and other TSA procedures are law-abiding Americans who have no malicious intentions, along with a few people traveling with drugs and other contraband. The TSA routinely confiscates about 15,000 items a day from passengers, in addition to the hassle, rudeness and arrogance. With these kind of costs imposed on the traveling public, I'd like TSA to give an account of themselves, namely just how many hijackings or bombings they have prevented, along with the evidence. Americans have been far too compliant and that has given the TSA carte blanche to treat travelers any way they wish."

The Naked Warrior - The Graduate Course In Instant Strength Gains

We have a baby on the way, and so it's time to get rid of my 2-door Civic. Back in April, we decided on the Ford Escape Hybrid, but found out that they were few and far between. The 2009 models became available for ordering, so we went ahead and put in an order with the local dealer (Ted Britt, Fairfax). Ours was their first order of the '09 models, and everything seemed Jim Dandy.

Fast-forward 7 weeks to today. Our vehicle is still pending pickup in the queue for assembly. No VIN has been assigned. However, 3 vehicles ordered after ours have had VINs assigned, and are theoretically being assembled. The dealer is given no more status than this. Oh, and as if this isn't bad enough, they're being told that they'll only be allocated 9 Escape Hybrids, not the 11 originally indicated, which means that our order could be arbitrarily cancelled by Ford. This makes me wonder a couple things:
1) WTF?!?!?!?!?!!?!?
2) Why would Ford not process first in, first out, as I'm told all their other plants do?
3) Do they not realize how hard they're making it to buy an American car? Especially an American hybrid with superior technology?
4) Do they not realize that this is the last year for their tax credit, meaning there's literally no incentive for reduced/controlled production?
5) Have they not noticed that Toyota is owning the market, definitively and with force, all the while charging a heck of a lot more (fully-loaded Highlander Hybrid lists around $47k to the $35-36k for a fully-loaded Escape Hybrid)?
6) Does Ford honestly think that I can be sympathetic to the plight of the American auto industry in light of the my present experience?

Clearly, I'm a little annoyed. Let this be a warning to everyone: if the car isn't already built, don't bank on it ever getting into your hands. BTW, if anybody knows anybody at Ford Corporate, I'd love to hear an explanation of why they can't figure out how to lock in and build mine. :)

Shawn's (Amazing) India Photos

You might recall that a year ago I had the privilege of traveling to India for work (AOL at the time). This year, Shawn got to go, and for a couple weeks at that, with stops in Bangalore, Mysore, and the New Delhi to see the Taj Mahal. You should definitely check out his collection of photos as they're quite remarkable. Worthy of publication, if you ask me.

More Preggie Pics Posted

Just wanted to let those interested know that I've uploaded a few more pics of my lovely, pregnant wife (Hanna), to the Hanna Grows a Baby page. :)


The sign of a good book, for me, is when I can read straight through it in a few days. This was the case with Steve Martin's memoir, Born Standing Up: A Comic's Life. I've greatly enjoyed reading Martin's novellas (Shopgirl and The Pleasure of My Company), and found this memoir to be equally engaging and smooth reading. Sometimes you need a nice and easy read, and all of Martin's seem to fit this bill, while not being tawdry crap. That is to say, these don't need to be guilty pleasures. He uses a real vocabulary and everything! :) Notable quote from the book:

"I continued to pursue my studies and half believed I might try for a doctorate in philosophy and become a teacher, as teaching is, after all, a form of show business." (p86)

Anyway, I highly recommend this book - especially if you like that "wild and crazy guy." :) Up next: unsure, but I think it'll be Freedom House's Today's American: How Free?.

Massive heart attack, dead at age 58. That's a big loss in the media world. Of course, I've pretty much written off most of the mainstream media, but still. Still a bit surprising when people his age (or younger) kick it. More info on AOL.

My Monster Name

Surprisingly accurate? Hmmm.... ;)

Your Monster Profile
Mad Hitchhiker

You Feast On: Bananas

You Lurk Around In: Nude Beaches

You Especially Like to Torment: Boys Who Wear Make-up

Hat tip to SNolan...

2008 Goals: May Progress Report

Ok, holy cow, how did it get to be mid-June already?!?! I'm waaaaaay overdue on getting this progress report posted. In my own defense, we did move at the end of May, which took a lot of time and effort. Oh, and, we didn't have regular Internet service at home until just last week. So, it's not like we've not been doing anything at all. Quite the contrary, I've just been super-busy. D'oh!

May was a so-so month for me. It was generally busy, particularly with move-related activities. Looking back, nothing really stands out for me in terms of accomplishments. My back was sore the entire month (and still through to today, in fact), so exercise has been limited. I don't really recall reading or writing much last month, either. Oh, sigh...

In case anybody out there is interested, one of my clients is hiring an "Information Security Analyst" and is willing to pay fairly well. Full position notice is included below, after the jump. This client has been quite decent to work with and there is certainly a lot of opportunity in the environment. If you're interested, please ping me and I can help get your resume/CV to the hiring manager.

SCADA Hole, InfoSec Humor

Updated: SANS Storm Center has more info on the CitechSCADA vulnerbaility here.

The AP reports, via the Star Tribune, that Core Security Technologies has identified a significant hole in CitechSCADA software. I'm sure this will be one of many, many holes identified over the coming months and years. The security bulletin doesn't seem to be posted (though I honestly didn't look too hard).

In other news... this is funny, and oh-so-true! Read the satirical "Are you a computer security professional?". Hat tip to Anton.

Wild Weather

Just had another storm blow through... this one brought pea-sized hail along with heavy thunder and lightning, including a momentary power drop... This storm seemed to be moving very quickly, too, though perhaps not as much as the storm last week. The one on Thursday was crazy. It rained so hard that I couldn't see the driveway out the window, no more than 10 feet away. Lots of trees (big, old grandiose fauna) fell or broke in various places. The rain is good, since we were in a drought last year, but it makes one wonder: what will the weather be like over the next 4 years as things continue to change dramatically?

My alma mater, Luther College, is dealing with flooding this week. Says my roommate, who works in IT there: "the 1941 flood crested at 15.2 feet the 1993 flood was a 14.3 foot crest, and yesterday was a 17.9 ft crest." That's a fairly dramatic increase. Want to see what it looks like? Check out these aerial photographs. They're very impressive. If you don't look closely, you might think it's just a big, wide river... until you realize that it's hitting the emergency flood dikes that are a good 15' or more above the normal water level. As for Luther, I'm told there is damage to the Regents' Center (gymnasium complex) in some areas. Kind of crazy.

My original predictions of 2010 may be off by a couple years. It's starting to sound more like 2012 could be the year of interest. I base this on the belief, supported by NASA, that the magnetic poles are indeed shifting, and will undergo a complete and dramatic shift by 2012. Non-scientifically, it's also interesting to note that the Mayan prophecy most often correlated with the silliness that is the crystal skulls conspiracy also points to 2012. Previous Mayan predictions have apparently been reasonably accurate. I'm also told Nostradamus has a prediction for around 2012. Anyway... I know, I know... how much stock should one put into these conspiracies and prophecies, right? Well, I revert back to science, and point out that when the magnetic poles flip, they tend to cause big changes in the planet, based on geophysical history derived from various core samples, among other things.

Today, there is a new bit of information that, if found to be a consistent pattern, may also reinforce the thought that an ice age is coming. According to an article on slashdot, the sun has entered an extended period with no sunspot activity. The last time a true extended period of no sunspot activity occurred corresponds with the last mini ice age in the last half of the 17th century. Perhaps just one more piece of info to make us consider that there is more than just global climate change at play in the world.

Well, I've reached the point of quitting my current non-fiction reading project. I've been working on A Farewell to Alms: A Brief Economic History of the World (Princeton Economic History of the Western World) for almost 6 weeks now and read an entire 40 pages (2 chapters). It was interesting, and something I'd like to come back and read some day, but I just could not get into it. It's Economic History, after all, so not exactly engaging. I wish that I could have found a way to get through it. Unfortunately, every couple paragraphs I was falling asleep.

In order to compensate, I've decided to take up an alternative non-fiction work: Steve Martin's Born Standing Up: A Comic's Life. Thus far, I've already ripped through a couple chapters in an hour and found it quite enjoyable. I've read Steve Martin's novels and enjoyed them, so I'm glad to take on a lighter non-fiction work, even if it doesn't expand my vocabulary very much.

If you're a fan of economics and history, then you'll definitely wanted to read Farewell, while if you're a fan of stand-up comedy (and that wild and crazy guy), then you should definitely reading Born Standing Up.

In a word: *yawn* For whatever reason, I did not find the movie overly entertaining. Yes, I laughed at a few lines, and I was grossed out by the fire ants, but overall, it was really not much fun. Oh, well. If you haven't seen it, my suggestion would be to wait until it's out on DVD.

Obama NoVA Rally Tomorrow (Th 6/5)

In case anybody is in the Northern Virginia (NoVA) area and interested in seeing an Obama rally, you're in luck - there's one here tomorrow! For more info, check out his site.

So, I'm back from a couple short days as a "booth babe" for BT at the Gartner IT Security Summit. It was quite interesting, though underwhelming. I sat in on one session on Monday and of the couple hundred seats, maybe 1/8th were filled. The exhibit floor was very large, which seemed nice at first, but in walking around and talking to other vendors, it became clear that nobody was getting much foot traffic, especially the farther back you went. The layout didn't direct people down rows to look at everything, but was instead a well-spaced matrix that, while aesthetically pleasing, did not result in driving traffic to booths. It also seemed a bit nuts to me that the exhibit floor was only open for 2 hours over lunch all week, plus a single 2-hour evening session on Monday night. That's 8 hours of available exhibitor time that overlapped with email catch-up time for what is presumably targetted to the very busy CIO/CISO market.

Published in BT Initiatives

I'm happy to announce my first publication (included below). It's for my employer, so probably not a huge deal to anybody reading this, but for me it's a nice milestone. It's in the May 2008 edition of Initiatives, titled "Evolving Risk Resilience." Risk resilience is our new theme within security consulting. Since you cannot eliminate risk, you instead need to become resilient to it (sounds like a very British term - we used to call it risk tolerance, I believe, but whatever).

Howdy folks - just a quick heads-up, I'll be playing "booth babe" for BT on Monday at the Gartner IT Security Summit tomorrow (Monday 6/2) in Washington, D.C. If anybody is planning to attend, please feel free to drop by the BT booth or drop me a note so that we can meet up! :)

My Other Pages

Support Me

Support EFF


Bloggers' Rights at EFF

Creative Commons License
This blog is licensed under a Creative Commons License.
Powered by Movable Type 5.2.10