Saturday, April 30, 2005

Getting Rid of the Highly Irritating 'Swat the Fly' Ad


Picture credit: BBA
Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueThere's an ad floating around the web called 'Swat the Fly'. It's a rude piece of offal, which emanates a hideous buzzing noise every few seconds. Here's how to rid yourself of this dung, which is slightly less useful than an integrated ashtray in a child safety seat.

If you know what you're doing, edit your hosts file, which can be found in your Windows folder. You can edit the file using Windows' Notepad. Remember to make a backup in case you mess anything up. And, no, I explicitly disclaim any liability for anything you do to your machine.

Here's what my file looks like. The line with tribalfusion in it will suppress the fly from hell.

#
127.0.0.1 a.tribalfusion.com


Here's what the rest of the Internet thinks of this horrid secretion. That some marketer got the okay to distribute this Flash-based diarrhea is truly frightening.
 

When the Lawyers Come Around



Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueMy friend Pete recently changed jobs, leaving IBM's Workplace team. He's the flighty type, as his new role at Kubi Software will be his third job in twenty years.

At IBM, Pete was a senior technical lead responsible for various aspects of the Notes/Domino product offering. And when he left, he blogged a few closing thoughts on his IBM career: what attracted him to IBM (a perceived career path for technical folks) and why he ended up leaving the organization (perhaps that the technical career path wasn't quite as he'd envisioned).

In any event, after reading these posts (and pointing a few of my compadres to them), I was going to write a post about technical career paths and how they should (but seldom do) work.

Lo and behold, the posts were gone. When I emailed Pete about them, he told me about the phone call and email he'd received. Something to the effect: please don't disclose our proprietary and confidential information including opinions on our development process. So Pete obliged and pulled the two entries related to IBM.

In my opinion, there wasn't anything a bit proprietary and confidential in the posts. Just some honest impressions regarding IBM's management approach and how the technical career path could have functioned. In my opinion, IBM senior management should spend more time grokking unvarnished impressions from talented senior staff... and less time quashing criticism. But that's just me.

Update: Pete writes, "...one factual error - it was my previous post about the interview question..." that turned out to be an issue. Nonetheless, I'll stand by my impression regarding senior management.

* * *

As an aside, a brief foray onto the Kubi website indicates: (a) that they sell email workflow and collaboration software (definitely an interesting area); and (b) they secured $8 million in venture funding (which means they must be executing diligently on their product and marketing roadmap). Sometimes I really miss Massachusetts.
 

Friday, April 29, 2005

Was Integrating IE and Windows Explorer a Good Idea? Part II



Excel-web sharing of spreadsheetsThe discussion on the JOS forum related to whether Windows was poorly designed or not continues. Myron takes the general position that Windows was not poorly designed and that most security vulnerabilities in Windows are based upon buffer overflows. I disagree. Here's the latest:
(Picture credit R C Vaughn)

#1 List a security vulnerability that was caused by poor design. So far you haven't. All you've done is make vague statements.

Follow me here...

#2 How is the registry a security vulnerability? And how is it poor design? I wish Linux had a registry.

Examples: how is it that malware can write to the registry and secrete away a myriad of automatic, surreptitious startup options? Wouldn't it make sense (at least) to let the user in on that little secret? Extra credit - how is it that the default address book was programmatically accessible without some sort of authentication step, the cause of scores of email worms and untold labor hours?

#3 While one could argue that COM is very complicated, I don't think you could call it "poor design". If you think it is, please cite some specific examples.

It's a horrible design. Simply put - why do you think SOA/SOAP/UDDI/etc., for example, have de facto replaced *COM* and CORBA as the leading method for marshalling services (even localhost services)? Because *COM* and CORBA were so great? No, because they were overly complex and nightmarishly difficult to work with: i.e., poorly designed.

#4 "DLL hell" is more the fault of crappy installers than anything.

And why, then, has Microsoft dramatically evolved DLL handling by the OS over the years? It's been a huge point of weakness in the OS and you should readily admit it. They do.

#5 No, browser helper objects aren't a security vulnerability. BHO's don't magically install themselves. They are installed by a user after clicks Yes. If you disapprove of an extensible browser interface, then you must really hate Mozilla plug-ins.

And how does the average user list the installed BHO's - most of which are pure malware? How about removing them? If your Mom has a BHO polluting her machine, what's your recommendation for getting rid of it? Some third-party product? BHO's are, flat out, a security _nightmare_. Poor design: think CRUD without the RD and you've got BHO's.

#6 Mandatory access control is certainly an improvement, although I don't think it's quite ready for mainstream deployment yet. It is available in Windows via 3rd party add-ons. Either way, you can't cite this as proof that Linux is somehow "better deisgned" than Windows, since this is a fairly new addition to the Linux kernel.

Please name a third-party Win32 product that adds MAC - I've been looking for one and have not found a thing. I sincerely would like to see one for a project I'm working on.

#7 I could argue that Microsoft's ACL and Active Directory system allows for far more granularity than Unix's UGO system.

The ACL/ACE structure is quite powerful and I would agree that in many ways it is superior to the Unices approach. That said, the relative merits of ACLs are tangential to the overall security of a box... compared with, say, MAC/RBAC integrated at the kernel level.


JOS: An ongoing discussion
 

Thursday, April 28, 2005

Introducing One of the "Seven Judicial Fanatics"



Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueIf you're interested in knowing a little bit more about the "seven Judicial fanatics" (or so says "Crazy Al" Gore), I located a brief biography of Janice Rogers Brown on Wikipedia. This is an excerpt.

Janice Rogers Brown is the daughter of a family of Alabama sharecroppers. She received her B.A. from California State University in Sacramento in 1974, and her Juris Doctorate from UCLA in 1977. She has now been on the California Supreme Court for nine years.

She wrote the majority opinion upholding an amendment to the California Constitution prohibiting affirmative action for women and minorities and dissented from an opinion striking down a parental consent law for abortions.

Brown has also surprised some conservatives with traditionally liberal positions on criminal sentencing and freedom of speech. She was the lone justice to contend that a provision in the California Constitution requires drug offenders be given treatment instead of jail time.


Ayup. She's got judicial fanatic written all over her.

Wikipedia: Janice Rogers Brown
 

Time to Level Playing Field for Gun Makers



Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueThis is another classic, beautifully written article from John Lott:

Every product has illegitimate uses and undesirable consequences, but even lawsuits have had their limits. In 2002 in the U.S., car accidents killed 45,380 people and injured another 3 million, 838 children under the age of 15 drowned, 474 children died from residential fires, and 130 children died in bicycle accidents.

Fortunately, local governments haven’t started recouping medical costs or police salaries by suing auto or bicycle companies, pool builders or makers of home heaters.

All sorts of products, including cars and computers, are also used in the commission of crimes. But again, no one yet seriously proposes that these companies be sued for the losses from these crimes...

...Yet suing manufacturers for costs cities incur from gun injuries and deaths is exactly the theory behind government lawsuits by cities against gun makers. George Soros, via the Brady Campaign, has funded most of these suits...


John Lott: Time to Level Playing Field for Gun Makers
 

Wednesday, April 27, 2005

Crazy Al is Slashing Metaphors!



Click here for AmazonInternet inventor Al Gore launched another entertaining diatribe yesterday. His missives were, of course, directed towards the Republican effort to get simple up-or-down votes on President Bush's judicial nominees. You know, the way the Congress has been operating for only, oh, the last couple of centuries.

Well, Mr. Gore says that the GOP has a "lust for one-party domination.' Dammit, someone revealed the secret! Who let it out that Rove and company have a lasvicious, carnal desire to crush the Democrats beneath a spiked boot heel? Isn't the point of elections to... win?

He also noted, in what was likely a nasally and monotonal whine, the GOP's "willingness to do serious damage to our American democracy." Yes, that's exactly what I'd call trying to get the Senate to... vote. After all, voting is tantamount to... yes... crushing... democracy... beneath a spiked boot heel!

Another Gore-gasm: "This family of 7 judicial fanatics is now being stopped at democracy's gates by 44 Democratic Senators." Yes, they're being stopped at democracy's gate... by a refusal to vote! Yes, dammit, I know it makes no sense, but this is Al Gore we're talking about!

"They seek nothing less than absolute power." Alright, someone really let the cat out of the bag! How in the heck can the Republicans expect to get away with this dastardly, insidious plot to get seven whole judges a vote? After all, these seven judges represent absolute power! What could the GOP be thinking? It's ridiculous! Outrageous! Preposterous! Thanks goodness the Inventor of the Internet has rescued our Democracy!

* * *

If given a choice between trusting my children with Al Gore or trusting my children with Dennis Rodman, I'm thinking I go with Rodman.

Guardian: Gore Blasts GOP
 

Was Integrating IE and Windows Explorer a Good Idea?



Excel-web sharing of spreadsheetsInteresting side-thread -- from, yes, the JOS forum -- related to security.

(Picture credit BC Designs)

Out of curiosity, is there anyone who still thinks integrating IE and Windows Explorer was a good idea?
      comp.lang.c refugee
      Tuesday, April 26, 2005

If mean integrating a HTML rendering library into the OS I'd most definately say yes. Wether that redering library had to share code with that of a full blown state-of-the-art Internet browser , or could be restricted to a simpeler subset, remains open for discussion.
      Just me (Sir to you)
      Wednesday, April 27, 2005

I'll have to respectfully disagree with Just Me.

The concept of embedding and intertwining all sorts of interesting technologies may have helped certain (ahem) business development practices at MSFT. But it had the unfortunate side-effect of making a fundamentally sound architecture -- from Office apps to Outlook to the browser -- almost impossible.

Clean layering would have allowed MSFT's architects and engineers to build these systems upon rock-solid foundations. Instead, security is a nightmare as is troubleshooting embedded objects gone wild... or diagnosing DLL hell... or any one of hundreds of other idiosyncratic Windows issues.

IMO, the tactical zeal to aggressively pursue markets like the browser hampered the strategic vision of delivering rock-solid solutions.

But that's just me. I'm old-fashioned like that.
      directorblue Send private email
      Wednesday, April 27, 2005


JOS Forum: Win2K Security Threat
 

How eBay Fraudsters Operate



Excel-web sharing of spreadsheetsDuff on the JOS forums had an interesting description of how eBay fraudsters operate. I can't vouch for its accuracy, but it certainly sounds plausible.
(Picture credit Filtered Life)

You're wasting your time. A buddy of mine was ripped off by a laptop scam, and a few of us started looking at the rampant fraud on eBay... we managed to identify about 60 accounts that were being setup to scam people and confirmed 7 of them via auction feedback.

Response from ebay? Nothing.

The scam works like this:

- Create several accounts, buy & sell information and low value crap like recipies, ebooks, etc between these accounts.

- Leave phoney feedback for your phony auctions. (A++ Super seller! Great Laptop! A++++)

- Build up a feedback rating of 20 or so.

- Wait 60-90 days for your bogus auctions to be unviewable by other users

- Start selling laptops that don't exist.

- Disappear.

Does ebay do anything about this?

Nyet.


Has eBay been successful catching phishers?
 

Life without the Associated Press



Click here for AmazonReading the paper this morning, I was struck with an unusual thought. What would we do without the Associated Press? Well, we'd have to go without gems like this from Hope Yen on a Supreme Court ruling:

...The ruling, divided mostly along ideological lines, created a bit of an anomalous result for the conservatives Scalia and Thomas... In their opinion, Scalia and Thomas stuck to their conservative philosophy of interpreting statutes according to their strict, dictionary meaning, rather than delving into a presumed intent of Congress...


Of course, no mention of liberal Justices and their habit of using subjective, relaxed, interpretative meanings based upon extra-sensory perception or other means of divining what they thought Congress had intended.

Just conservative Judges who use a cold, strict, dictionary meaning.

Going without an AP would also mean we'd miss stool samples such as this from Noor Khan:

Afghan farmers have begun harvesting this year's opium crop, exposing the limits of a U.S.-sponsored crackdown on the world's largest narcotics industry despite claims Tuesday by President Hamid Karzai that drug cultivation was down sharply...


Of course, recall the fact that Bashir Noorzai -- the Tony Montana of Afghan Opium production -- was arrested just a couple of days ago in New York. Wouldn't it make sense to report upon the impact that his arrest might make on funding the nascent, Afghan insurgency? How it might damage the distribution channels? Or how it might hamper a reconstituted Taliban? Nope. Not if you're the AP.

The AP has had enough arrows fired at them over the past year or so -- and deservedly so. You'd think they'd have gotten the picture by now... and at least have made a cursory effort to curtail their biased tripe. But they can't seem to help themselves.

You know, a more liberal reading of the pooper-scooper laws would keep droppings like these out of the newspaper.
 

Tuesday, April 26, 2005

Fisking Security Roulette



Click here for AmazonFor security executives, CSO Online offers articles and opinions on all things security. If a topic relates to physical security, privacy, or information security, CSO Online will probably cover it.

The April 1, 2005 publication offered an anonymous column by a "real CSO". In short, the author questions the Government's current approach to national security. Ostensibly apolitical, it provides subtle jibes at the administration's spending priorities.

After reading it, digesting it, and allowing it to percolate, I started having some doubts regarding the author's assertions. Let's fisk it, shall we?

On any given day, we CSOs come to work facing a multitude of security risks... To guard against these risks, we have a finite budget of resources in the way of time, personnel, money and equipment—poker chips, if you will.

If we're good gamblers, we put those chips where there is the highest probability of winning a high payout. In other words, we guard against risks that are most likely to occur and that, if they do occur, will cost the company the most money... So lately I've been wondering—as I watch spending on national security continue to skyrocket, with diminishing marginal returns—why we as a nation can't apply this same logic to national security spending. If we did this, the war on terrorism would look a lot different. In fact, it might even be over.


Diminishing marginal returns? How so? The country's borders are porous and a serious problem, I think most would agree. A nuclear device detonated in New York City would literally pulverize the economy and risk a global thermonuclear exchange. And a single EMP weapon detonated at altitude could literally turn the country's economy off, sending the US back into the nineteenth century.

So, I suppose we need to understand what "diminishing marginal returns" mean, when stopping a single device from entering the country could literally be the difference between, oh I don't know, the United States and, say, Haiti.

Let's assume, first of all, that the ultimate goal of security is to prevent the loss of lives. In this risk management approach, then, the first thing to look at is the leading causes of death in the United States. The total number of deaths from all attacks on Sept. 11, 2001, was approximately 2,988, according to the National Center for Health Statistics. The top 10 causes of other deaths in the United States in 2001 were the following.

1. Heart disease: 700,142
2. Cancer: 553,768
3. Stroke: 163,538
4. Chronic lower respiratory disease: 123,013
5. Accidents: 101,537
6. Diabetes: 71,372
7. Pneumonia/flu: 62,034
8. Alzheimer's disease: 53,852
9. Kidney disease: 39,480
10. Suicide: 30,622

The 9/11 deaths were classified within a category called assaults/homicides, which was the 13th leading cause of death at 20,308.


I'm guessing that you picked a convenient criterion out of your... err... hat... but it's the wrong one. The 9/11 attacks were not a major contributor to deaths in the U.S. in 2001. But the attacks were absolutely devastating to the national economy and, indirectly, to the entire global economy.

$16.9 billion in total lost output for the New York City economy alone. $83 billion in direct and indirect costs, according to the GAO.

This translates to a serious impact on the livelihoods of tens or hundreds of millions of people... all caused by an attack that killed several thousands of people, but was small potatos compared to the worst-case scenarios.

Thus, there's little question that the wrong criterion was used.

The next thing to look at is spending. As I write this article, the president has just released his proposed federal budget for fiscal year 2006. The projected budget for the Department of Defense is $419.3 billion, and the projected budget for the Department of Homeland Security is $34.2 billion. Since 2001, defense spending has risen by more than 40 percent, and the Department of Homeland Security budget has roughly tripled... CSOs know how to best allocate available resources to guard against the most likely threats. We should be vocal about the need to apply that same logic to our nation's security.


And if you had access to all of the actionable intelligence, much of which I am sure is classified, perhaps you could evaluate that logic. But I'm betting you don't have such access... and therefore you are flying blind. And that's no way to run a security operation.

...For example, eight of the top 10 causes of death are health-related. If one classifies suicide as a mental health problem, then nine of the top 10 causes of death are health-related. Could those billions of dollars have saved more lives if they had been spent on health research or on making health care available to a larger percentage of the population?


Wrong criterion. Wrong... wrong... and wrong.

Probably. But, you might ask, what about the costs of another successful terrorist attack? Another terrorist attack using say, a nuclear device, could result in hundreds of thousands or maybe even millions of deaths—not to mention having a catastrophic effect on the nation's economy and environment. That's true. But ask yourself this question: Have the billions of dollars spent on additional security since 9/11 made this kind of attack impossible?


Impossible? Since when does any defensive course of action render something impossible? Never. Nothing is impenetrable. But when the very existence of the United States is at risk, every possible and reasonable avenue must be explored.

We inspect less than 3 percent of the cargo containers coming into this country. It would be catastrophic if just one of the 97 percent that aren't checked made it through with a nuclear device. Or what about the possibility of a terrorist sailing a vessel with a nuclear device on board into the harbor of New York City, San Francisco or New Orleans, or any other port city? All the money in the U.S. Treasury might not be enough to prevent that from happening.


And yet, a modest amount of R&D funding might create a sophisticated scanning technology that would make protecting ports feasible. Again, without an understanding of the actionable intelligence and all ongoing programs/countermeasures, you are simply flying blind. And your statements are therefore little more than conjecture.

In economics, there is something called the law of diminishing marginal returns, which dictates that, at some point, spending additional dollars no longer gains you as much improvement. As a nation, we have certainly reached that point with spending on security.


And you've reached that conclusion... how? Not a shred of evidence has been presented to make that case.

...If you don't want to spend money on those problems, fine. Save it instead. The U.S. Federal budget deficit is at a historic high... The money we spend fighting terrorism could be used to reduce the budget deficit and prevent future economic problems instead...

...Former Vermont Sen. George Aiken reportedly gave some now-famous advise to Lyndon Johnson during the Vietnam War. He told him, "Just declare victory and go home." It's time we did the same on terrorism. The sooner we stop spending more and more on security and start applying to other, more serious threats, the better off this country will be.


Are the government's decisions perfect? Of course not. Are you -- a person almost certainly unfamiliar with the relevant, actionable intelligence -- capable of adjudicating the government's performance? Likewise: no. Not even close.

The byline shouldn't have read "anonymous". It should have read, "Naive, anonymous, and probably partisan to boot.".

CSO Online: Security Roulette
 

Kerry vs. Hillary, part 75



Click here for AmazonLet's get it on! The accompanying picture reminds me of the old saying, "Keep your friends close... and your enemies closer."

A fuming John Kerry had "daggers in his eyes" after a fellow Democrat promoted Hillary Rodham Clinton for president — suggesting the 2004 loser is green with envy at a potential rival.

The flap was touched off two weeks ago when Clinton spoke at a Minneapolis Democratic dinner and Sen. Mark Dayton (D-Minn.) told the cheering crowd that he was introducing "the next great president of the United States."

Two days later, Kerry came over to Dayton on the Senate floor "with daggers in his eyes and said, 'What are you doing endorsing my 2008 presidential opponent?' . . . He was very serious," Dayton told the Minneapolis Star Tribune...


NY Post: JEALOUS KERRY FUMES AS DEM BOOSTS HILL
 

Al Qaqaa: Proof of MSM/DNC Bias



Click here for AmazonI've been saving this story for a while, because it's so delicious. In March, Jonah Goldberg expertly recalled the shrill rantings of the MSM/DNC (a singular noun) regarding al Qaqaa. You'll recall that al Qaqaa was, for a week prior to the presidential election, the most important story on Earth .

Al Qaqaa was the monstrous weapons cache that wasn't properly secured after Saddam fell. Or so the stories went. And it was due, one would surmise from these stories, to the ineptitude of (a) President Bush; (b) Donald Rumsfeld; (c) the U.S. Military; or (d) all of the above. Problem was... the story didn't hold water. I haven't seen many references to al Qaqaa since the election. I'm not the only one.

The New York Times splashed the news on its front page and didn't stop splashing it for a week. In all, the Times ran 16 stories and columns about al-Qaqaa, plus seven anti-Bush letters to the editor on the subject over an eight-day period. Editorial boards across the country hammered the "outrage" for days. It led all the news broadcasts. It became the central talking point of the Kerry campaign, with John Kerry bellowing his indignation at the administration's incompetence at every stump stop. Maureen Dowd wrote a column about it, titled "White House of Horrors." ...

...So, anyway, I'd forgotten about all this. Bush won the election despite the al-Qaqaa drumbeat from Kerry and his surrogates in and out of the press.

But Byron York, my colleague at National Review, didn't forget. He wondered, whatever happened to The Biggest Story on Earth? The answer, it turns out, is nothing. The Times has not run a single story about the al-Qaqaa story since November 1...


Read the whole thing. And, please, sit down while you're reading it.

Jonah Goldberg: Remember al-Qaqaa?
 

Monday, April 25, 2005

Iran: Condition Uh Oh



Click here for AmazonThe "Voice of Bahrain" reports that Iranian cleric Rafsanjani intends to run for president of Iran.

Powerful Iranian cleric Akbar Hashemi Rafsanjani declared yesterday he was set to stand again for president in the June 17 election and challenge a field of candidates so far dominated by hardliners.

"The issue of the presidency is my current preoccupation and although I would like somebody else to take this responsibility, I think I must take this bitter medicine," the charismatic cleric was quoted as saying by the official Irna news agency.

Rafsanjani has been seen as the leading contender in the race to replace incumbent reformist Mohammad Khatami, who is nearing the end of his second consecutive term in office, and a string of recent informal opinion polls have put him ahead of his potential rivals by a wide margin.


If this weren't so terrifying, it would almost be funny. Rafsanjani, of course, is the stable, seasoned Mullah who was reported to say (just after 9/11, no less) that Muslims should use nuclear weapons against Israel. And, not to worry, Rafsanjani is perfectly willing to sacrifice millions of Palestinian men, women and children, too... so long as the evil Jews are destroyed.

If a day comes when the world of Islam is duly equipped with the arms Israel has in possession, the strategy of colonialism would face a stalemate because application of an atomic bomb would not leave any thing in Israel but the same thing would just produce damages in the Muslim world...


So... Rafsanjani is going to run against a field of hard-liners. Wow. I think we need to raise the Mideast Instability Level to "Oh, Sh*t".

Gulf Daily News: Rafsanjani to run for president

Update: WND puts the story in context with its cheery reporting: Iran plans to knock out U.S. with 1 nuclear bomb (Tests missiles for electromagnetic pulse weapon that could destroy America's technical infrastructure) and Wargaming Scenario: NYC hit by terrorist nuke
 

Where, oh where, has my Editor gone?



Click here for AmazonThe Washington Post, to which we lovingly refer as WaPo, treats its readers to this enjoyable snippet in an article on Internet vigilantes.

...He said he has received thousands of dollars in donations, as well as some ominous death threats. One warning came in a handwritten letter mailed to Weisburd's house. Another letter on a Web site declared that he should be beheaded and it listed his address. For his protection, Weisburd keeps a loaded 38mm pistol in the house...


A 38mm  pistol? Good grief, that thing must be heavy.
 

The Feds visit Annie Jacobson



Click here for AmazonLGF points us to this startling read regarding Ms. Jacobson's reporting on the possible terrorist dry run on Flight 327:

So what do you say to four federal agents at your kitchen table on a bright Tuesday morning? The first thing I clarified for the agents was that, prior to my experience on flight 327, I had never heard of a “probe” or a “dry run.” For the record, I explained, I had never heard of the James Woods incident either. [In case you’re not aware, the actor James Woods flew on an American Airlines flight from Boston to Los Angeles one month prior to 9/11. Alarmed by the behavior of a group of four Middle Eastern men, Woods summoned the pilot and told him that he was “concerned the men were going to hijack the plane.” A report was filed with the FAA on Woods’ behalf but, tragically, no one followed up with Woods or the men. A few days after 9/11, several federal agents showed up in Woods’ kitchen. Woods can’t talk about what was said — he believes his testimony will be used in the trial of the supposed 20th hijacker, Zacarias Moussaoui— but, in an interview with Bill O’Reilly, Woods revealed that his flight “was a rehearsal [for 9/11] with four men.”]

Standing in my kitchen, one of the agents said, “What I can tell you is this: Mohammed Atta was one of the passengers on that flight with James Woods.” (Apparently, this information has never been made public.) With that, the agent pulled out his chair, opened his notebook and started in with his questions for me (at which point the other three agents opened up their notepads almost simultaneously).

During my meeting with the agents, what was not said was often as revealing as what was said. Naturally, the agents “were not at liberty” to tell me anything about the 13 Syrian men aboard flight 327, but they asked a lot of questions regarding my “intuition” about the situation: Intuition told me something was not right. Intuition is why I began noting the men’s actions from the get-go. And it was exactly these details in which the agents seemed most interested. One of the agents commented on the fact that I took a lot of hits in the press — that I was called a racist and a bigot simply for sticking with my gut instinct. To me, the agents’ story that Mohammed Atta had been on James Woods’ flight was a wink and a nod to the fact that it’s fine to trust your intuition. If you’re wrong, you can always stand corrected...


Annie Jacobson gets a visit from the Feds
 

Steyn on the Bolton Hearing



Click here for AmazonThe genius -- Mark Steyn -- nails the namby-pamby GOP turncoats to the wall in his latest offering, courtesy of the Chicago Sun-Times.

...who is Voinovich? What is he? Well, he's a fellow called George, and he's apparently a senator from Ohio who's on this Foreign Relations Committee. He was, alas, unable to interrupt his hectic schedule to attend either of the committee's hearings for John Bolton's U.N. nomination, but nevertheless decided last week he could not bring himself to support Bolton's nomination. ''My conscience got me,'' he said. Maybe one day his conscience will get him to attend the hearings he's paid to attend...

...As Sen. Biden put it, ''The USAID worker in Kyrgyzstan alleges that she was harassed -- not sexually harassed -- harassed by Mr. Bolton.'' This was a decade ago, in some hotel. John Bolton allegedly chased this woman down a corridor in a non-sexual manner. It's not clear from Biden whether he would have approved had she been chased down the corridor in a sexual manner, as the 42nd president was wont to do. But the non-sexual harassment was instead about policy matters relating to Kyrgyzstan...

...I'll bet Pope Benedict XVI is glad that his conclave doesn't include either Cardinal Biden or Cardinal Voinovich... Apparently, the New York Times was stunned that their short list of Cardinal Gloria Steinem, Cardinal Rupert Everett and Cardinal Rosie O'Donnell were defeated at the last moment by some guy who came out of left field and isn't even gay or female but instead belongs to the discredited ''Catholic'' faction of the Catholic Church.

...The rap against John Bolton is that he gets annoyed with do-nothing bureaucrats. If that's enough to disqualify you from government service, then 70 percent of citizens who've visited the DMV in John Kerry's Massachusetts are ineligible. Sinking Bolton means handing a huge psychological victory to a federal bureaucracy that so spectacularly failed America on 9/11 and to a U.N. bureaucracy eager for any distraction from its own mess...


The New York Times' impotent rage regarding the new Pope is best exemplified by Maureen Dowd. She of the unraveling skill-set is now almost unreadable. Bulldog at Ankle Biting Pundits, however, has mustered the energy and concentration to read her nonsense (hat tip: PoliPundit) and reports her latest brain-droppings:

Unlike Ronald Reagan and John Paul II, the vice president and the new pope do not have large-scale charisma or sunny faces to soften their harsh “my way or the highway” policies. Their gloomy world outlooks and bullying roles earned them the nicknames Dr. No and Cardinal No. One is called Washington’s Darth Vader, the other the Vatican’s Darth Vader.

W.’s Doberman and John Paul’s “God’s Rottweiler,” as the new pope was called, are both global enforcers with cult followings.


Steyn: Bolton hearing monkey biz
 

Sunday, April 24, 2005

Google Satellite Maps... and Other Sensitive Locations



Click here for AmazonHere's another high-res image of a reactor (hat tip: B) at an unspecified location. There's really no reason I can think of not to obscure the satellite images of these venues.

Photo
Refinery at an unspecified location
And here's another candidate for obfuscation: refineries.

Just a few weeks ago, the NRO's Frank Gaffney wrote about the national security concerns related to refineries:

"This nation is dangerously vulnerable to severe economic dislocation and possibly dire national-security threats as a result of its excessive reliance on imported oil and the infrastructure that transforms most of that oil into fuel for our transportation sector... the limited number of aging and, in some cases at least, increasingly dangerous refineries is but one aspect of this vulnerability..."

Once again, I'd recommend that you do as I did and contact Google to request that certain venues -- like reactors and refineries -- be rendered in extremely low-resolution.

Google Maps: Contact Google
 

Holy Shnikeys



Click here for AmazonFor the love of... I happened to revisit Tony's A.J. Quinnell page yesterday. And what I found there was truly a surprise - and a gift.

You may remember Quinnell, if only indirectly. He is the author of Man on Fire and eleven other works of "fiction". I quote the word fiction simply because so much of what Quinnell writes about is based upon historical fact.

Man on Fire, of course, was recently made into a Denzel Washington film. Washington starred as Creasy, the quiet, deadly ex-mercenary. Broken down and alcoholic, Creasy is offered a position as a bodyguard for a wealthy industrialist's adolescent daughter. When the daughter is kidnapped, all hell breaks loose in this novel of redemption and ultimate revenge.

There are no better books in the this genre. In fact, it is a travesty that any of Quinnell's books are out of print. All of them are five-star, without question.

Want a free sample? The surprise that I discovered is that Quinnell has released a Creasy short story entitled Gladiator. Read it and then buy the rest of his books.

A.J. Quinnell: Gladiator: a Creasy Short Story; Embassy of France in the US: The French Foreign Legion.
 

Saturday, April 23, 2005

Google Satellite Maps... and Nuclear Reactors



Click here for AmazonAfter noting the obfuscation of the U.S. Capitol Building in Google's satellite maps, I decided to see what else might be similarly obscured. Whether at the behest of DHS -- or simply because it makes sense -- I would expect Google to render certain areas of the country somewhat opaque.

Consider nuclear reactors, for instance. I can't think of any good reason to show high-resolution detail of a reactor and its surrounding environs. So, for the heck of it, I tracked down the reactor (and I won't mention the location) pictured above. At least, I'm pretty sure it's a reactor. Email me if you recognize it as something else ("Ross, that's an amusement park in Beaver Falls, Minnohsota, you maroon!").

In any case, I'd recommend that you do as I did and contact Google to request that certain venues -- like reactors -- be obfuscated. Let's not make a bad guy's job any easier.

Google Maps: Contact Google
 

Google Satellite Maps... and the Capitol



Click here for AmazonHere's some evidence that the folks at Google have brainstormed with the U.S. Government, or at least just DHS. And this is a good thing. The accompanying image is Google's satellite map image of the U.S. Capitol Building. Note the pixellated, lower-resolution of the Capitol building and its surrounding area. Hopefully this is indicative of serious air defenses and other countermeasures that can be used to fend off suicidal dirtbags like Atta -- who is certain to be roasting in hell at this very moment -- and company.

Google Satellite Maps: Capitol Building
 

Google Satellite Maps... and Area 51



Click here for AmazonHere's a blogger that (a) has entirely too much time on their hands; (b) an almost voyeuristic interest in Google's new satellite mapping capability; and (c) apparently thinks the movie Independence Day is a documentary.

So tonight I spied on Area 51
 

Letter to Senator Voinovich



Click here for AmazonHere's an open letter to Senator Voinovich, which has been copied to his office. I would encourage you to write similar letters (either email or hardcopy) and call his office to register your polite complaint regarding his mini-rebellion. His office phone number is 202-224-3353.

Senator Voinovich,

I would like to register my extreme disappointment with your handling of the Bolton nomination.

The U.N. has proven itself to be relentlessly corrupt, willing to prey on the innocent, and unable to marshal any meaningful support for millions of true victims throughout the world.

Into this mix is thrown John Bolton, a man who speaks his mind and will not back down to those at the UN who have such egregiously poor track records.

President Bush supports John Bolton. I expect any Republican Senator worth his salt to do the same. Here's hoping you get realigned with the President on this issue... and fast.

Many of my peers in Ohio are similarly outraged regarding your mini-rebellion. I can assure you that we will remember this incident during any campaign in which you choose to engage from this point forward. And we will work hard either for you or against you based upon these actions.

Sincerely,

Doug Ross


Contact Senator Voinovich
 

Friday, April 22, 2005

A Soundless Sound System



Click here for AmazonElwood "Woody" Norris pointed a metal frequency emitter at one of perhaps 30 people who had come to see his invention. The emitter -- an aluminum square -- was hooked up by a wire to a CD player. Norris switched on the CD player.

"There's no speaker, but when I point this pad at you, you will hear the waterfall," said the 63-year-old Californian.

And one by one, each person in the audience did, and smiled widely.

Norris' HyperSonic Sound system has won him an award coveted by inventors -- the $500,000 annual Lemelson-MIT Prize. It works by sending a focused beam of sound above the range of human hearing. When it lands on you, it seems like sound is coming from inside your head...


One use for this technology I haven't seen discussed is telephonic. In a car or on a plane, wouldn't it be nice to talk quietly into a directional microphone while listening to a caller? While handling absolutely no equipment?

Inventor creates Soundless Sound System
 

What really happened in Deadwood?



Click here for AmazonI'm a serious fan of the hit series Deadwood. And that's saying something, given that I watch about two hours of TV a week. The show is a multi-layered drama based upon real events that transpired in the late nineteenth century near Deadwood, South Dakota. The town erupted as gold fever infected the region, which signalled prospectors, charlatans, officials, hoods, and every combination thereof to attempt to take a piece of the action.

And if there's a better actor on the planet than Ian McShane, pictured above, I haven't seen him.

In any event, I just happened upon a site that distinguishes the historical from the fictional in this outstanding series:

What really happened in Deadwood?
 

The Glamor of Travel



Click here for AmazonTed Neward, who I discovered through Pete's blog has an exceptional description of the true glory of business travel. Ted is a hardcore trainer in the enterprise OO area (i.e., J2EE and .NET) and therefore has a tough, yet rewarding (on multiple levels), road to hoe.

Ted Neward: The Glamor of Travel
 

The Daily Worker: Kos



Click here for AmazonThe Daily Kos site (no link, intentionally) is the premier home of the anti-American, left bank moonbats. In a delicious irony, Kos is not only the leading paid blogging panderer for the Democratic party but also has a stunning "oh-fer" record. Every single candidate he raised funds for lost their elections... some in absolute landslides. Candidates would probably be better off paying Kos for his non-support... or perhaps his endorsement of an opponent.

And if you think I'm being a tad harsh with the "anti-American" sentiment, rest assured I'm not. Nearly every instance of death in Iraq is highlighted on his site and, in some cases, glorified while news of any victories for the Iraqi people is not-so-mysteriously suppressed. Oh, and Kos pays lip-service to our troops... while villifying them indirectly.

Charles Johnson at LGF has been playing close attention to Kos' behavior. His history of censorship and information suppression... changing links and content... are the classic tools of socialists, communists and/or leftists the world over. Kos is no different, one must assume from his behavior.

Markos Moulitsas Zuniga of Daily Kos has done his best to make it hard to find the comment he posted on April 1, 2004, about the Americans who were torn apart and hung from a bridge in Fallujah. He erased it from the Google cache and the Internet Archive, and redirects the “permalink” on the page to an unrelated page at his site, but I managed to find a URL that still works—until the Daily Koward notices our referrals: Daily Kos: Corpses on the Cover.

Every death should be on the front page (2.70 / 40)

Let the people see what war is like. This isn’t an Xbox game. There are real repercussions to Bush’s folly.

That said, I feel nothing over the death of merceneries [sic]. They aren’t in Iraq because of orders, or because they are there trying to help the people make Iraq a better place. They are there to wage war for profit. Screw them.

by kos on Thu Apr 1st, 2004 at 12:08:56 PDT


UPDATE at 4/21/05 10:06:04 pm:

To see Kos’s back-room machinations at work, click the date next to his name at the bottom of the post, which is supposed to be the permalink to his comment, and see where you end up.


Daily Kos' Elusive "Screw Them" Comment
 

Thursday, April 21, 2005

You can't coach height



Click here for AmazonHow about a 7 feet, 9 inch center? Despite his immense physical size, Sun is definitely no lock for an NBA roster slot. Just being able to look down on Shaquille O'Neal... or even Manute Bol... isn't enough in the premier league of hyper-athletes.

Sun Ming Ming, whose head measures above most door frames, follows Keith Gatlin into Fitness by Design for a late morning workout.

Ball in hand, Sun, 21, muscles his 350-pound frame into training partner Dshamal Schoetz, a 7-footer who played at Greensboro College who is nearly nine inches shorter. Sun pivots and places the ball firmly into the hoop. Swish.

Photo
Sun's grasp on a basketball resembles most people holding a softball. (Joseph Rodriguez)

Sun, who is from Harbin, China, is training in Greensboro for a shot at the NBA. His agent, Charles Bonsignore, paired the prospect up with former client and former professional basketball player Keith Gatlin. Gatlin, a managing partner with 334 Sports, a local firm that trains athletes, has worked with Sun for about five weeks.

"With his size, that intrigues everybody," Gatlin said. "He can really shoot the ball to be that size. The challenge for him now is to get mobile, to get up and down the court."

Sun also can handle the ball and has a sweet outside shot that swishes with the quick flick of his wrist. When it comes to dunking, he doesn't need to leave the ground.

Basketball, Gatlin will tell you, is not Sun's problem.

Sun's weakness is his flexibility and his lack of weight training. While playing for the Junior Olympic team and then Da Qing, his province's club squad, Sun never lifted weights and is just now building upper-body strength...


News & Record: Nearly 7-foot-9 player from China training for NBA in Greensboro
 

Wednesday, April 20, 2005

Enemy of Jihad



Click here for AmazonInteresting remarks regarding the new Pope by an LGF reader. And, no, once again the mainstream media doesn't have the story -- the blogosphere does.

From my conversations with him in the late 70s, when he was archbishop of Munich, I learned a few things about him:

1) That he hated the Nazis even during his short time in the Hitler Youth. He was a nominal member, but was exempted weeks after his compulsory joining because of his fragile health and studies in the Catholic seminary (many boys actually joined Catholic institutions to avoid service in the HJ.) His teen years had a lasting effect on him as he was able to see the difference between reality and what the Nazis taught. His love for truth and being truthful all the time stems from this early experience.

2) He was a progressive Catholic in his early year (played an important role at the 2nd Vaticanum), but the intolerance of 1968 made him change his mind. He abhorred communism and the carefree nihilist thinkings in these times and became a conservative, but not a reactionary, as many claim.

3) He saw the dangers of Islamic fanatism in the 70s already. Khomeini was a menetekel for him. At this time he didn't see Islam so much as a threat for Europe (yet), but for Asia and Africa.

4) He is more a friend of the Jews than most other Catholic priests. I remember him saying that Christians and Jews are on the same direction to salvation, just on different paths. Islam instead was an aberration that would lead humanity into a religious "dead end street" (Sackgasse was his exact word). He strongly favoured a rapprochement between the Catholic and Jewish faith, but didn't see any common ground between Christianity and Islam.

Latest proof of this was that he strongly supported John Paul II travel to Israel but did have a big headache about that voyage to Damascus. I doubt you'll see Benedict XVI visiting a mosque... ever. And he sees Turkey as a big religious threat to the judeochristian identity of Europe.

He may come across as the Great Inquisitor, but he has never refused discussion and arguments. He is firm on the "essentials" of the Catholic faith. The German Catholic professors he suspended clearly violated the essential principles of Catholicism. He is an extremely intelligent, bright personality... a bit shy with people though. He won't pretend to have the charisma of JPII.

And yes, I think, we'll see a few surprises from him in the next years. I had to chuckle when I heard the Chicoms demands today. Oh boy, they are messing with the wrong guy here.

Benedict of Nursia one restored the Christian faith in a devastated Europe. Commentators have focussed much on Benedict XV as the closest role model of Ratzinger. But I think he's much closer to Benedict XIV.

http://www.newadvent...

And yes, he loved the "Apfelmaultaschen" (pasta made with potato flour, filled with apples and powder sugar and cinnamon on top) my wife prepared for him :-)

They look like this:
http://www.donau.de/...

I guess you won't find this detail on CNN :-)


LGF Comments: Enemy of Jihad
 

Tuesday, April 19, 2005

Antiques Auction Gets Punk'd



Click here for AmazonIdea for Saturday Night Live skit:

Scene: Antiques Auction in Memphis, TN. Lester Stack is a Nashville resident visiting the convention center. He is in line, carrying a painting of Elvis Presley -- the bloated, druggy Elvis from his later years -- on black velvet in an inexpensive, seventies-style wood frame. Lester is wearing a partially tucked flannel shirt, ripped jeans, and a cowboy hat. His cheek is bulging with chaw.

He is called out of line by Marcus Whitby III, an elegantly dressed gentleman who represents St. Michael's Appraisals of Manhattan. Whitby is immaculate, from the folded blue silk kerchief tucked into his Yves St. Laurent suit, to his Bally shoes, and his Brioni tie.

After introductions are made, the filming of the Antiques Auction segment begins:

Whitby: Mr. Stack, could you tell me how you acquired this piece?

Stack: My pappy gave it to me when I moved out of the double-wide into my own trailer. He said I needed something to decorate the walls. It's my favorite piece.

Whitby: Did your father ever tell you how he came across this work?

Stack: He won it in a card game, I think. Either that or he wrestled Bobby Joe Milton for it.

Whitby: So you really don't know much about the provenance of the piece?

Stack (stumped): Uhm... I guess... not.

Whitby: Let me tell you what I can determine... (turns painting over) we can see from this label and marking that the piece was resold, probably in a pawn shop. Note the label is from "Cash's Pawn" in Corbin, Tennessee. However, if we turn the painting back over to the front, notice the faint initials of LK. This is what we, as appraisers, yearn for. The lost painting of Elvis by Lucas Krypsuwski.

You see, there have been credible rumors for decades that the genius, the master, Lucas Krypsuwski had painted a single work of Elvis in his later years on black velvet. But no one, until this point, had ever substantiated this claim. No such picture existed so far as we could tell.

But, you, sir have found something we have longed for, yearned for! The proof that the genius Krypsuwski actually created such a work before he died in the great Milan-to-Paris train wreck of 1968. Yes, Krypsuwski, who painted the unparalleled masterworks of the "Orphan Backpacker" and "Still Life with Gin & Tonic"... (pauses, almost beside himself with joy)... well, I'm flabbergasted to see this lost painting found... and in such stunning condition!

In any event, can you venture a guess as to how much you think this is worth?

Stack: Uh... a grand?

Whitby: I won't keep you in suspense. The last time a Krypsuwski came up for auction, we recommended starting the bidding at $150,000. By the time the Japanese collectors were finished fighting for it, it sold for $275,000. And that was not a special, absolutely unique work like this one.

If you were to have this insured, I would recommend that you do so for a figure of $750,000.

Stack (speechless, mouth ajar): Uh... wow, holy sh*t, I'm rich! I'm rich! I'm frickin' rich!! Hey, boss, get stuffed, I'm quittin' - I've always hated you! You suck! Take your job and shove it! And Emmie Lou... I been cheatin' on you for five years! I'm leavin' you and goin' to Vegas... gonna buy a Viper... move out of the trailer park forever... this is awesome!

(Suddenly Ashton Kutscher pops out from behind a large, nearby Armoire): Dude, Lester! See that camera? You just got punk'd! You're on MTV! Whitby, how much is this painting really worth?

Whitby: I'd recommend spending no more than five to seven dollars on it. It's absolutely, stunningly bad. Virtually worthless.

(Roll credits as shots ring out in background)
 

Why PHP and not JSP?



Click here for AmazonI found a couple of interesting articles on PHP development that I thought I'd pass on. The first, from Robert Peake's blog, relates to the justification (to the typical, corporate PHBs) a move to PHP from JSP.

An associate of mine recently asked for some metrics to help him back up their decision to move away from JSP and toward PHP. In a recent post, I looked at the fact that many major corporations are using PHP, yet we rarely hear about it. To help address some of the concerns about deploying PHP in the enterprise, this month's article in International PHP Magazine will focus on, "Enterprise PHP Coding Standards" you can enforce in your organization to ensure high-quality code...


Robert Peake: Why PHP and not JSP?

The second article comes from the consistently entertaining PHP Everywhere blog, authored by John Lim. In this post, John addresses Ian Bicking's assertion that Python "could have been" PHP. In other words, it could have been the industry's juggernaut success story... instead of PHP. John critiques that assessment (and rightfully so):

I have used Python since 1997, even before I knew PHP. I smile when Ian says that PHP 5 is barely catching up with the 1995 version of Python. That's irrelevant because what made PHP successful is not what PHP is lacking but the features that PHP has that are superior to Python. Also people continue to confuse simplicity with deficiency. Here are some of the areas where Python remains inferior, despite a 5-year headstart over PHP:

* Python is not a template language, in the sense that you cannot mix code and html easily. PHP is a wonderfully flexible in this respect.

* Python is a so-so string processing language. One reason being it treats strings as immutable. PHP has much better string processing facilities: embedded "$var in strings", mutable strings, auto-conversion of other data types to strings, output buffering, etc.

* PHP's documentation is cleaner and much easier to understand than Python's. Probably because PHP is a simpler language.

* PHP has tighter integration of a lot of web related stuff. For example, HTTP and SERVER variables...


John Lim: Python never had a chance against PHP
 

Oh, Those   Risks of Outsourcing, Part Deux



Click here for AmazonI can't even begin to speculate what would happen to the outsourcing trend if a disaster recovery center became the site of a real disaster. The Kashmir separatists know full well what's happening in Bangalore and intend to make it more of a mess than John Madden's hair.

Bangalore is starting to appear on the radar of militant groups, Indian police warned this weekend, after uncovering a terrorist plan to target IT companies in the city widely regarded as the country's technology hub.

Bangalore, which is in the southern part of India, had been considered safe from possible terror attacks by separatist groups, which so far have mostly struck in India's northern and western states. But last week, Delhi police seized evidence pointing to a possible attack on certain IT companies in Bangalore...

...Hewlett-Packard, IBM, Intel, Microsoft, Motorola and Texas Instruments. Additionally, America Online, Google and Yahoo opened centers in the city last year.


News.com: Bangalore Appears on Terror Radar
 

Monday, April 18, 2005

The Wisdom of Slate



Click here for AmazonIn reviewing my blog this evening, I noticed this intriquing Google ad on the right sidebar:

Today's Blogs
What Are The Bloggers Saying Today? The Latest Chatter in Cyberspace.
www.slate.com


Hmmm, I thought. That's pretty cool. Someone's tracking the chatter on the blogosphere. I clicked the ad and read the following:

today's blogs The latest chatter in cyberspace.

"Syria Out!"
By David Wallace-Wells
Posted Monday, Feb. 28, 2005, at 5:38 PM PT

"Syria out!": Lebanese Prime Minister Omar Karami resigned this morning, dissolving the nation's unpopular, pro-Syrian government in the face of nationalist protest that followed the assassination of former Prime Minister Rafik Hariri...


Any more timely and they'd have breaking news of the Lincoln assassination and the Russo-Japanese war. How pathetic is that?

After a bit of exploration, I happened to notice a banner ad on the clickthrough page that advertised, "Five million blogs in five minutes". Once I clicked on that link, I discovered the correct page. Pity the folks running the AdSense campaign couldn't get that right.
 
This summary is not available. Please click here to view the post.

Protecting Customer Data, Part II



Click here for AmazonThe rumbling sound you hear -- after the identity theft debacles at ChoicePoint, LexisNexis, and Bank of America -- is Congress mobilizing to take some sort of legislative action to "protect consumers".

Don't get your hopes up, though. The firms involved are, if nothing else, deep-pocketed and possessed of legions of well-lubricated lobbyists. Any resulting legislation will almost certainly be watered down and likely won't pin financial responsibility for bogus identity transactions on the firms themselves.

And we're nowhere close to having a government-administered system (run by, say, DHS) that could serve as a central registrar for identity data -- and could broker merchant-specific IDs for each consumer that would mitigate the risk of theft.

Today's bottom line is that responsibility for protecting consumer data lies with each company holding that data. That said, what can companies do to better protect the data?

Process: processes for managing the data have to be explicitly documented and enforced. Who can create the data? Who can update it or delete it? Who can read it?

People: roles for data access and management must be mapped to the approved processes. For example, consider a hypothetical role called keymaster. The keymaster is responsible for generating, retaining, and monitoring key-pairs used to encrypt and decrypt the consumer data. In other words, a field like SSN is never stored in the clear. It is encrypted using a public-key provided by the keymaster.

Consider another role called application developer. The app-developer never has direct access to the private-keys needed to decrypt sensitive fields. The app-developer uses documented requests (e.g., APIs) to code provided by keymasters to enable an application to decrypt a sensitive field.

Further, a role called auditor could monitor the use of data provided by the keymaster and the app-developer. The auditor has no direct access to the data, but can closely monitor the detailed logs generated by the other roles. The auditor could use manual and automated techniques to discover misuse of data or anomalies in data access. Presumably an auditor would have discovered the anachronistic behavior of the fake vendors who plugged into ChoicePoint's systems.

Technology: Firewalls, intrusion detection, intrusion prevention, network monitoring: in other words, all of the standard mechanisms for network security. But the processes and people that configure and monitor that technology are equally important. Logs, tools, APIs, clear delineation and separation of roles... all come together to provide a synergistic approach to protecting sensitive data.

Tens or hundreds of millions of dollars in market capitalization hang in the balance.
 

Saturday, April 16, 2005

The Blauction  Concept



Click here for AmazonIn the vein of life-caching, which I discussed yesterday, how about my concept of blauctions? Yep, this is a word I just coined - a hybrid of blog and auction. This technology would support the operation of controlled auctions on blogs.

Let's say you have a blog. A simple control panel would give you the ability to publish your own auctions... or select from categories of auctions that you would like to promote on your blog. And say your blog covers Red Sox baseball. You could give precedent to auctions of baseball cards and baseball memorabilia.

Just like eBay, the blog owner would get a cut of every sale made on his or her site.
 

Friday, April 15, 2005

Protecting Customer Data



Click here for AmazonThe Internet age's security guru, Bruce Schneier, has weighed in with his take on the recent spate of identity theft debacles (think ChoicePoint, LexisNexis, Bank of America). These high-profile incidents have resulted in Congressional rumblings for new legislation to protect privacy. In Mitigating identity theft, Schneier's take is that simply protecting identity data won't work.

The problem is not identity theft per se -- since you can't really steal someone's identity -- it is the proliferation of transactions that allow one person to impersonate another.

Proposed fixes tend to concentrate on... making personal data harder to steal--whereas the real problem is [the ease with which a criminal can use personal data to commit fraud]. If we're ever going to manage the risks and effects of electronic impersonation, we must concentrate on preventing and detecting fraudulent transactions.

...Financial intuitions [sic] need to be liable for fraudulent transactions... Credit card companies simply don't worry about verifying the cardholder or putting requirements on what he does. They concentrate on verifying the transaction. ...once financial institutions are liable for losses due to these types of fraud, they will find solutions.

Right now, the economic incentives result in financial institutions that are so eager to allow transactions--new credit cards, cash transfers, whatever--that they're not paying enough attention to fraudulent transactions. They've pushed the costs for fraud onto the merchants. But if they're liable for losses and damages to legitimate users, they'll pay more attention. And they'll mitigate the risks.


As usual, Schneier is spot on. But I'll attach a caveat: companies must do more to protect critical customer data. Until the time comes that institutions are responsible for the financial consequences of impersonation (and don't hold your breath, given their lobbyists), you'll still want to protect your SSN.

I'll post some thoughts about what companies can do to better protect customer data and to validate the transactions that use that information. Until then, suckle at the teat of wisdom and read the whole thing:

News.com: Mitigating identity theft
 

Thursday, April 14, 2005

Life-Caching



Click here for AmazonTrendwatching.com has identified a trend called life caching. What is "life-caching"? It's the emerging capabilities for...

...collecting, storing and displaying one's entire life, for private use, or for friends, family, even the entire world to peruse. ...[it] owes much to bloggers... millions of people have taken to digitally indexing their thoughts, rants and God knows what else; all online, disclosing the virtual caches of their daily lives, exciting or boring. Next came moblogging, connecting camera phones to online diaries, allowing not only for more visuals to be added to blogs, but also for real-time, on the go postings of experiences and events. And that's still just the beginning.


Trendwatching notes services like Nokia's Lifeblog, which uses the Nokia 6620 as the hub of a collection service for notes, videos, high-res (1.1 Megapixel) still photos, sound clips, etc. and is capable of delivering the life-cache to an Internet blog site.

Think Gmail's 2+ gigabyte limit and miniatured high-density MP3 players that are worn on a lanyard (like the iPod Shuffle). Microsoft Research's Rick Rashid had a neat sound bite:

...you can store every conversation you've ever had in a terabyte. You can store every picture you've ever taken in another terabyte. And the Net Present Value of a terabyte is USD 200...


Three interesting ramifications to the life-caching trend that I see:

Security - if you're able to carry around a USB flash card that centralizes your music, photos, videos, documents, etc., then security will be a huge concern. You don't want to lose the equivalent of your entire life to a stranger. So... how can you protect your data?

Privacy - publishing an increasing percentage of your life-cache to the Internet raises a variety of privacy concerns. Will the bad guys (and it's difficult to even identify who the bad guys are these days) get hold of your data in such a way as to compromise your identity, subsume your credit or otherwise cause heartache? With life-caching, the ChoicePoints of the world aren't disclosing the data the bad guys require... you are.

Counter-googling - attendant with privacy issues is the one-to-one marketing trend called counter-googling, in which legitimate companies build up directories of useful information about customers and prospects based upon the public life-caches they've assembled. Companies will know more and more about you -- even without the ChoicePoints of the world -- and will use that data to target your whims, desires and weaknesses to extract additional dough from your wallet.
 

Wednesday, April 13, 2005

Firefox's SwitchProxy



Click here for AmazonNews.com reports that RoundTwo -- formerly known as MozSource -- has re-dedicated itself to building Firefox extensions. Their contention is that the same users flocking to Firefox in droves will also be looking for safe and reliable products to enhance the Firefox experience.

They are thinking of products like SwitchProxy, which allows you to select and choose from a list of a variety of web proxies. The proxies can provide (but certainly don't guarantee) a level of anonymity for surfers by adding a layer of indirection to your surfing. The web server you're visiting, for instance, will record the IP address of the proxy... and not your IP.

Ah, but where to find anonymous proxies? The MozMonkey Forum has a lengthy thread discussing this very topic. For your viewing pleasure, I've coalesced some of the lists mentioned.

In addition, there are tools like the ProxyTester, which will examine lists of proxies and let you know the ones that are still alive and kicking. And, of course there are tools to test the anonymity services provided by these proxies: ProxyJudge and Anonymizer's Privacy Tester may fit the bill.

In any event, use these lists at your own risk - they are culled from MozMonkey and have not been checked or examined in any depth. The onus is on you to determine suitability and applicability to your particular web surfing requirements. Nuff said.

http://www.stayinvisible.com/index.pl/proxy_list
http://www.steganos.com/?area=updateproxylist
http://abcdelasecurite.free.fr/html/modules.php?op=modload
http://www.geocities.com/nothing75487548/proxy.txt
http://www.geocities.com/switchproxylist/
http://www.aliveproxy.com/socks5-list/
http://free-proxy-servers.com/
http://anoniem-surfen.eigenstart.nl/
http://www.geocities.com/switchproxylist/massive.txt
http://www.multiproxy.org/anon_proxy.htm
http://www.i-hacked.com/.../Finding-and-Using-Anonymous-Proxies-9.html


News.com: Start-up wants to improve on Firefox