Category Archives: Uncategorized

Malware Leverage: Dan Geer on How Attackers Can Bankrupt Defenders

cumulative.jpg I keep talking about the black hats using the leverage of the Internet. Dan Geer summarizes the situation:
The thing to remember is that the attacker’s workfactor is the cost of a new variant, and as the production of variants (whether of malware or URLs) is now automated, the arms race between attacker and defender can be manipulated by the attacker to bankrupt the defender.

A Quant Looks at the Future Extrapolation via Trend Analysis, by Dan Geer, v6xi07, accessed 13 Nov 2007 “Rescaled, cumulative,” page 22,

He’s got lots of data from various viewpoints to back up that assertion.


How to Overdo Outrage

fearfulterroristmovies.jpg How to overdo outrage:
“How can you overreact when it’s your children?” she said.
Like this:
…seven Iraqi men who were passengers on a plane scheduled to fly from San Diego to Chicago on Tuesday night. Robbins was also on the plane but was so terrified the men might be terrorists that she demanded to get off, causing a delay that prompted the airline to postpone the flight until the next morning.
When you interfere with other people’s travel and basic rights on the basis of nothing more than fear and prejudice:
“He looked so mean, the way he was looking at everyone,” Robbins said. “It was very frightening, like something out of a movie.”
And no, “all I could think of was 9/11” is not an excuse. (I suppose it could have been worse. She could have said “like something out of ’24’.”)

And like this:

Citizens who have done no more than criticize the president are being banned from airline flights, harassed at airports, strip searched, roughed up and even imprisoned…

BUSH RESTRICTING TRAVEL RIGHTS OF OVER 100,000 U.S. CITIZENS, by davidswanson,, Mon, 2007-09-03 15:35

Wherever Osama bin Laden is, he must be chortling at how individuals and the U.S. government are doing more to harm Americans than he ever could have.


Metricon Slides, and Viewed as PR

comedytragedy.jpg The slides from MetriCon 2.0 are all posted now. Many good talks in there; I’ll probably comment on some more of them later.

One of the most interesting aspects was to see those with business experience try to explain to those who said "Just tell me what to count!" that counting isn’t enough. If you want business managers and executives and board to pay attention, you need to say what your counts mean.

Chatting with attendees, it became clear some of them interpreted that latter as a call to make up numbers to match whatever you wanted to sell to management. Far from it. The point is to abstract your numbers and to describe them in terms of what they mean to the business.

Continue reading

Do Mess With Texas


Steven Peisner heard about a new Texas requirement to shred documents with identifying information, and tried getting into the TX Attorney General website with bogus information:

To his surprise, Peisner was allowed to proceed (without giving the three-digit security code on the back of his credit card, no less), and within moments he had access to the site’s database. For $1 per search, he ran searches on several common last names including “Campbell,” “Smith” and “Jones,” as well as “Greg Abbott,” the attorney general.

I.D.-Theft Watchdog Finds the State of Texas is Wide Open for I.D. Thieves, by Melissa Lafsky, Freakonomics blog, 12 Jul 2007 01:59 pm

He told Abbot about this, yet when he tried it again later, logging in with the name “Ima IDThief”, it worked just like before.

The scary part is that Texas is probably no better or worse than any other state or company about this sort of thing.


Constant, Irrational Fear

2007-05-27--the-truth-about-wireless-devices.png Ain’t it the truth. The BBC broadcast a scare program about wireless Internet health concerns, based on nothing. It was bad enough that the BBC news felt compelled to contradict the story.

I can remember when newspapers did this about modems. And they were right that modems were dangerous! To traditional newspapers! Not to people.

Such alarmism is itself a risk to people, in giving them false information, and in scaring them so they’ll be more likely to make bad decisions.

If it bleeds, it leads. And if it doesn’t bleed, just pretend that it will make the reader bleed.


Graphic seen via Chandler Howell. Do follow the link.

SOX Seen as Good for IPOs

Jim Cramer of the TV Show Wall St. Confidential says SOX is doing good.
“I think it has served as a barrier the Securities and Exchange Commission always should have had,” Cramer said. “The SEC’s view is that everything can come public, provided that you disclose,” which is not protective of anyone. TV Recap: Sarbanes-Oxley Has Worked, By Staff, 2/9/2007 2:25 PM EST

He doesn’t think SOX is inhibiting IPOs; rather there were a lot of IPOs last year, and right now there aren’t many companies ready to IPO.

Maybe it’s good risk management for companies to say what they’re doing financially.


Big Trust Risk

Interesting article by Ben Stein. After singing the praises of capitalism and all it’s done for him and his family, he says:

It’s built on man’s notion that he can trust his neighbor with his money, and that if the neighbor misbehaves, the law will chase him and catch him, and that the ladder of law has no top and no bottom, that even the nobles get properly handled (Bob Dylan again) once they have been caught.

Everybody’s Business: The Hard Rain That’s Falling on Capitalism, By BEN STEIN, New York Times, January 28, 2007

Or, in other words, you can say laissez faire as much as you like, but if you don’t also have contracts, judges to enforce them, and a culture of respecting them, you don’t have capitalism.

Continue reading


For a while I’ve been saying that once we actually get going on doing something about global warming, we’ll come up with new ideas that will cascade in the same way as computing did. Trust Bob Metcalfe to be on about the same idea:

The trick, if you want actually to solve Global Warming, is to keep clear the paths of people I’ll call “techies” – scientists, engineers, entrepreneurs, and venture capitalists (including me). Techies are the people who just took 30 years to build the Internet and who will take about the same time to solve Global Warming. They will solve Global Warming mostly by developing technologies that deliver cheap and clean energy. And they will do it SOONER if we can keep alarmists and deniers out of their way, and let FOCACA ring.

Viridian Note 00485: Metcalfe on Enertech, by Bruce Sterling, 8 Jan 2007

What’s FOCACA? "Freedom of choice among competing alternatives." Metcalfe reminds us that that’s what brought us cellphones, Ethernet, and the Internet.

Continue reading

What’s Your Score?

Q: What country rates everyone who goes in and out of it, citizen or not, as to whether they are likely terrorists or criminals, won’t show its ratings to those rated, can’t be challenged about them, uses them to decide who can work for a wide variety of governments and companies, and plans to keep them for 40 years? Continue reading