Monthly Archives: July 2007

Cheatgrass, Wildfires, and Serbia

jas-07-fire1.jpg Why are there so many wildfires in the U.S. west? Cheatgrass grows where land has been disturbed by overgrazing:
So basically 20,000 public lands welfare ranchers have a death grip on science policies applied to western public lands.

comment by kt, July 17th, 2007 at 8:13 am commmenting on Why cheatgrass wins, by Ralph Maughan, Ralph Maughan’s Wildlife News, July 16th, 2007

Hey, it could be worse!
Today was the hottest day in Serbia ever since the temperature has been measured, 45 C [113 F].

If we we Serbs were truly interested in our survival as a nation, we’d be scrambling to get some modern hardware for dealing with ecological catastrophes. It’s been ten years since Milosevic sold off our forest fire-fighting aircraft and pocketed the money.

Serbia and the Flames, Jasmina Tešanović, BoingBoing, Tuesday, July 24, 2007

This is what you get when you sell off the public good and the equipment to protect it to private interests: your country burning down.

-jsq

Interactive Fact

gibson.jpg William Gibson talking about a shoe that appears in his latest novel, Spook Country:
Wired: One of the details that leaped out at me was the Adidas GSG9, named for the German counterterrorism squad. I felt certain you’d invented the shoe, but then I Googled it.

Gibson: The Adidas GSG9s were the obvious choice for the thinking man’s ninja. Nothing I could make up could resonate in the same way. There’s code in name-checking the GSG9 history — esoteric meaning. Something that started with Pattern Recognition was that I†discovered I could Google the world of the novel. I began to regard it as a sort of extended text — hypertext pages hovering just outside the printed page. There have been threads on my Web site — readers Googling and finding my footprints. I still get people asking me about “the possibilities of interactive fiction,” and they seem to have no clue how we’re already so there.

Q&A: William Gibson Discusses Spook Country and Interactive Fiction, Warren Ellis, Wired, Email 07.24.07 | 2:00 AM

So true.

And not just for fiction. As blogs and the Daily Show have made clear, it’s silly for any political candidate or appointee to think any longer that they can like on video or the witness stand about documented facts, because it’s getting easier all the time to just google them. As YouTube has already demonstrated, such interactive reality can tip elections.

I wonder if this has anything to do with why some big companies are working on suppressing the Internet and Google has put its money where its mouth is in promoting open access.

-jsq

Bill Gates Considered as Evil Primitive Bacterium

archaea-tree-woese.jpg Has Freeman Dyson become an evolution denier?

Whatever Carl Woese writes, even in a speculative vein, needs to be taken seriously. In his "New Biology" article, he is postulating a golden age of pre-Darwinian life, when horizontal gene transfer was universal and separate species did not yet exist. Life was then a community of cells of various kinds, sharing their genetic information so that clever chemical tricks and catalytic processes invented by one creature could be inherited by all of them. Evolution was a communal affair, the whole community advancing in metabolic and reproductive efficiency as the genes of the most efficient cells were shared. Evolution could be rapid, as new chemical devices could be evolved simultaneously by cells of different kinds working in parallel and then reassembled in a single cell by horizontal gene transfer.

But then, one evil day, a cell resembling a primitive bacterium happened to find itself one jump ahead of its neighbors in efficiency. That cell, anticipating Bill Gates by three billion years, separated itself from the community and refused to share. Its offspring became the first species of bacteria—and the first species of any kind—reserving their intellectual property for their own private use. With their superior efficiency, the bacteria continued to prosper and to evolve separately, while the rest of the community continued its communal life. Some millions of years later, another cell separated itself from the community and became the ancestor of the archea. Some time after that, a third cell separated itself and became the ancestor of the eukaryotes. And so it went on, until nothing was left of the community and all life was divided into species. The Darwinian interlude had begun.

Our Biotech Future, By Freeman Dyson, New York Review of Books, Volume 54, Number 12 · July 19, 2007

Has he sold out for an admittedly very fetching simile?

Continue reading

Banks Passing the Buck

It’s good that banks are trying to fight identity theft and other online fraud, but:
Internet advocacy group InternetNZ and the NZ Consumers’ Institute have both come out swinging over the New Zealand Bankers Association’s (NZBA) decision to allow victims of Internet banking fraud to be potentially held liable for losses.

New Zealand: Consumer Advocates to Fight Banking Online Fraud Liability Code, Paul Ferguson, Fergie’s Tech Blog, Tuesday, July 24, 2007, quoting Brett Winterford on ZDNet Australia.

Hm, maybe passing the buck isn’t the best way for banks to do this.

-jsq

Precision Can Hide Accuracy

target.png Metrics are good, but just because they’re precise doesn’t mean they’re useful:
I’ve been thinking a little bit about “threat/vulnerability” pairing. You know the drill, go out, get a scan – match the scan data to existing exploits, and voila! You’ve got risk.

Now regular readers and FAIR practitioners know that I don’t believe this exercise gives you risk at all. In fact, in FAIR terms, I’m not sure this exercise does much for finding Vulnerability.

My Assertion To You: The industry loves T/V pairing because it is precise. It looks good on paper, and if you’re a consultant doing it, it looks like you’ve earned your hourly rate. We love The precision of T/V pairing gives us a false sense of accuracy.

Accuracy, Precision, And Threat/Vulnerability Pairing, Alex, RiskAnalys.is, 23 July 2007

He goes on to point out you also need to consider who’s likely to attack you, as in such Threat Agents, as he calls htem, may be too stupid to use a given exploit, or too smart to use it because they’ve got a better way. He recommends some statistical analysis to help out.

I’d also recommend more basic steps, such as not using IE and shifting away from other monoculture software until you’ve got a mix of software from different sources. Those things will usually get you in trouble with sales and marketing, however, because hey, they’ve never had any problems, well, not many, and it’s not their job to fix them. The precise thing isn’t necessarily the right thing.

-jsq

Identify Theft Prevention

Here’s a useful list of mobile computing security guidelines, plus some links to collections of information loss incidents:

http://attrition.org/dataloss/,
http://breachalerts.trustedid.com/,
http://doj.nh.gov/consumer/breaches.html,
http://www.privacyrights.org/ar/ChronDataBreaches.htm

—: Information Security Policy 101 – Mobile Computing Policy,by The Trusted Toolkit, The Trusted Toolkit Blog, 23 July 2007

-jsq

Liability Waiver?

Speciality Insurance Blog points out that liability waivers, while increasingly popular, may not protect governmental entities from gross negligence claims.

That doesn’t stop governmental entities from using them even in the grossest cases:

Sec. 5. For those persons whose property and interests in property are blocked pursuant to this order who might have a constitutional presence in the United States, I find that, because of the ability to transfer funds or other assets instantaneously, prior notice to such persons of measures to be taken pursuant to this order would render these measures ineffectual. I therefore determine that for these measures to be effective in addressing the national emergency declared in Executive Order 13303 and expanded in Executive Order 13315, there need be no prior notice of a listing or determination made pursuant to section 1(a) of this order.

Sec. 8. This order is not intended to, and does not, create any right, benefit, or privilege, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, instrumentalities, or entities, its officers or employees, or any other person.

Executive Order: Blocking Property of Certain Persons Who Threaten Stabilization Efforts in Iraq , by George W. Bush, The White House, 17 July 2007

You’ve got to admire the chutzpah of promulgating a blatantly unconstitutional directive (see Fourth Amendment) and ending it with a liability waiver.

And there’s always suppressing the evidence, as in FEMA trailers outgassing formaldehyde.

Risk management includes watching what’s going on.

-jsq

Military Information Security

bagram_overview.jpg I suppose we shouldn’t be surprised that the U.S. military doesn’t seem to be any better about information security than companies or other parts of government:
Detailed schematics of a military detainee holding facility in southern Iraq. Geographical surveys and aerial photographs of two military airfields outside Baghdad. Plans for a new fuel farm at Bagram Air Base in Afghanistan.

The military calls it “need-to-know” information that would pose a direct threat to U.S. troops if it were to fall into the hands of terrorists. It’s material so sensitive that officials refused to release the documents when asked.

But it’s already out there, posted carelessly to file servers by government agencies and contractors, accessible to anyone with an Internet connection.

Military files left unprotected online, By Mike Baker, Associated Press Writer, Thu Jul 12, 8:03 AM ET

Surely they know better than this? Continue reading

Metricon 2.0

sundial.jpg
Photograph Copyright © 2007 Roy Tennant

It’s Metricon time again. Security metrics, to support business purposes, especially risk management. Well, that’s my interpretation.

Gunnar posts William Gibson’s take on the idea from his previous novel:

"We have no future because our present is too volatile.
We have only risk management.
The spinning of the given moment’s scenarios.
Pattern recognition…”

-jsq

European Firefox

xiti-200707-europe.png Here’s some good news. Firefox market share in Europe is almost 28% according to XitiMonitor. In Germany it’s 38%, and several other countries have higher usage. Opera is at 3.5% and Safara is at 1.7% in Europe.

I’d be more pleased if it was a quarter each by three different browsers, with half a dozen others taking the other quarter, but this is much better diversity than 98% IE.

-jsq Continue reading