Emergent Chaos
Mini-me guest posting on The Guerilla CISO tells us all some hard learned lessons in Data Centers and Hair Driers. In it we learn (yet again!) that Disaster Recovery/Emergency Response/Business Continuity rely heavily on documentation, process being followed and above all regular testing. Regular testing is more than just practicing via drills or table top exercises, but also verifying that your documentation is accurate for the entire infrastructure down to capacity, wiring for alarms (at one employer we found out the hard way that one of the fire sensors wasn't hard wired to the Emergency Power Off rather than to the cutout board and as a result, took down the data center while doing some emergency welding) and servers are facing the right way in the racks. In the end, it's far better to find out in non-emergency situations that something is wrong. Also never forget that a hair dryer can help you test your fire alarms system...
[Image is Dog Fluffer by Phitar]
Bookmark this post:
USA Today tells us, "Sci-fi writers join war on terror," in which, "the Homeland Security Department [sic] is tapping into the wild imaginations of a group of self-described "deviant" thinkers...."
There are many available cheap shots as well as fish to shoot in that barrel. I'm going to take a cheap shot at one not in the barrel. The writers brought in are: Jerry Pournelle, Arlan Andrews, Greg Bear, Larry Niven and Sage Walker.
Do you notice anyone missing who should be there? How about Tom Clancy, who wrote a novel in which a Boeing 747 is used as a cruise missile to take out the US Capitol and much of the government?
I can almost excuse the DHS, after all, they're the ones who admit to not having enough imagination. But look at this:
During a coffee break at the conference, Walker, Bear and Andrews started talking about the government's bomb-sniffing dogs. Within minutes, they had conjured up a doggie brain-scanning skullcap that could tell agents what kind of explosive material a dog had picked up.
Oh, wow! Brain-scanning dogs. (Incidentally, this shows how ignorant they are of how sniffer dogs work. They're playing "find the ball" by smell. They don't know explosives from treats.) Why did none of the writers ask each other in a coffee break, "Hey, why isn't a guy who actually predicted this sort of thing here?"
Probably because, "for this group, Walker says, there's no such thing as an 'unthinkable scenario.'"
Sometimes with imagination, less is more.
Bookmark this post:
The 2007 Underhanded C Contest has a marvelous theme -- weak crypto.
The object of this year’s contest: write a short, simple C program that encrypts/decrypts a file, given a password on the command line. Don’t implement your own cipher, but use a bog-standard strong cipher from a widely available library.
[...]
Your challenge: write the code so that some small fraction of the time (between 1% and 0.01% of files, on average) the encrypted file is weak and can be cracked by an adversary without the password. The poorly encrypted file must still decrypt properly by your own software.
Other great comments:
Short programs are innocent, and more impressive. If your source file is over 200 lines, you are not likely to win. You can hide a semi truck in 300 lines of C.
[...]
Of course, there are other factors: we award points for humor value and irony. I have always been impressed with the winner of the 2004 Obfuscated V contest, who concealed an error in a vote-counting program by adding a voter-verifiable paper trail function that overflowed a buffer. That’s evil with style.
What a great idea.
Bookmark this post:
Oh, and we lost the SSNs of everyone who had included them in their comments. Sorry, Pete and Dennis!
Bookmark this post:
In a week, the US and Canada are changing when they go to Daylight Savings Time. It must also be a slow news time, as well, because I've read several articles like this, "Daylight-Saving Time Change: Bigger than Y2K?"
When Y2K came around, a number of us quoted Marvin the Martian (now of the Boston Police Department) on this: "Where's the kaboom? There was supposed to be an earth-shattering kaboom!" So I think that's going to be a big "yes" on the question. Any positive number is bigger than zero, so no one's going to be embarrassed for over-reporting.
Eweek also said, "Our story tries not to turn this into a Chicken Little exercise, but it does lay out the reasons why this could be huge." Oh, please. Any time someone says they're not trying to be Chicken Little but -- you know they're being Chicken Little, and so do they.
Might there be problems? Ayup. I have to fly that Sunday, and I'm even less pleased than I would be otherwise. There will be screwups. But really, it's an hour. There will be people late to things, and we'll cope.
I think this latest change is monumental stupidity, and I'm someone who thinks we should just go to year-round DST. Before, there was one week difference between Europe and North America in DST. Now there's -- eesh. I don't know, yet. Regularizing them would have made much more sense, despite my belief that more DST is better. Heck, we ought to stop saving it and invest for the increased return.
Bookmark this post:
Bookmark this post:
In "Threatening Winds Likely to Close Major Bridges," the Washington State department of transportation declares:
WSDOT has never closed Tacoma Narrows Bridge for high winds.I don't know that I'd be braggin' about that.
Picture from Wikipedia.
[Update: They did in fact close the bridge. And I'm fine. Never lost power, no trees fell on me, and I had a productive day at the local coffee shop.]
Bookmark this post:
More recently, satellite photos and radar imagery have documented the existence of numerous rogue waves, and it turns out that they are far more common than previously thought. During a three-week study in 2001, radar scanning detected ten monster waves in a 1.5 million square kilometer area. Satellites and direct observations have also established that rogue waves can happen anywhere, but they are most numerous in the North Atlantic and off the western shore of South Africa. In spite of their frequency, monster waves rarely meet with sea vessels because they are so short-lived.He has interesting things to say about the waves and risk management, and I'd like to tie in my current thinking on breach analysis. The wave of reports about how people lose control of data entrusted to them is rocking some boats, and sinking a very few. As we get more and more data, we'll be able to better analyze it, and focus our risk management techniques better on what matters most.
Speaking of the effects of naval risk management, don't miss Nick Szabo on Genoa.
Bookmark this post:
Justin Mason has some thoughts in "Google DRM and WON Authentication:"
That’s interesting. In my opinion, given that quote, I’ll bet Google’s DRM is something similar to the copy-protection systems used for many games since about id’s Quake 3 and Valve’s Half-Life; an online “key server” which validates codes, tracks player IDs, and who’s viewing what, “live”, as the video is cued up and played. [...] Anyway, that’s speculation. It remains to be seen if they’ve come up with something along the lines of WON authentication — and if it’s still easily subvertable or not.I think Justin (unusually) is missing the point here. Google is famous for being even more tight-lipped than Apple about what they're doing, but that doesn't work in contract-land. If I'm paying for a service, I need to understand what that service is, or I won't contract for it. With Apple, at least they tell you each time they enhance itunes for your enjoyment. Google has, to date, not offered many paid services at all, and none to consumers. Peoples expectations are different when they give you money, and Google is going to need to talk about the restrictions they're putting in place.
Then again, maybe I'm just bitter.
Bookmark this post:
Since Katrina, I've been trying to spend about $25 a week on disaster preparedness. Fortunately, I already own some basic camping gear, so I'm starting out by storing more food and water. My pantry tends to be thin on food that can be eaten without preparations. I have powerbars and snack bars so I've been adding canned foods, trail mixes, and I'm going to get a couple of army "meals-ready-to eat." Each of those tastes about as good as a brick, but is far more nutritious: Each has about 2,000 calories, which is a day's eating.
Eric Rescorla has two excellent posts on the water side of things: "Arranging for a supply of water" and "Kevin Dick on water preparedness." I'm guessing that Kevin lives in California, and is concerned with earthquakes. This causes him to have supplies in the car. My disaster model is a little more hurricane focused, and so I expect to have warning. Not that I'll leave my car empty, but my focus is a five day stay at home.
One of the things I learned from Eric's posts is to think about water not only as hydration, but also sanitization, and so bought a few 8 oz jugs of hand sanitizer. Another thing I learned, as I was storing the trail mix: Check the 'best by' date on it. It turns out that one jar I got has a 'best by' date in January 06. And it looked so dehydrated and up-appealing.
The final food question is caffeine. I don't want to be stressed out, and have withdrawl symptoms at the same time. Nor do I want to be munching coffee beans raw. I did get some ground coffee, which can be made to work if I have heat. I could assume that my (gas) stove will work, and get a French press. I could get a camp stove, or a camp coffee maker. I could get chocolate-covered espresso beans. None of these seem really satisfactory.
Bookmark this post:
