Bruce should go into standup:
First London and then Glasgow. Who are these idiots? It there a Special Olympics for terrorists going on in the UK this week?
— Terrorist Special Olympics in the UK, Bruce Schneier, Schneier on Security, 2 July 2007
Only it’s apparently not just in the U.K., considering the lame excuses for terrorists that DHS has dug up. Anyway, laughing at them seems more appropriate than fearing them.
-jsq
Is the heyday of media and entertainment conglomerates behind us?Soundsl like they’re scared of the long tail and are trying to buy it up to co-opt it. Hm, why does that remind me of telephone companies? Continue readingA panel of industry analysts and bankers discussed this and other deal making questions as part of a PricewaterhouseCoopers event here Tuesday, with several of them arguing that conglomeratization has no real benefits, especially in the digital age.
“Consolidation in the old media world destroys value,” said Laura Martin, founder and CEO of Media Metrics LLC. “They are buying stuff (and audiences) because they don’t know what else to do.”
— Media conglomerates in the past, panel says By Georg Szalai, Hollywood Reporter, 27 June 2007
Building in a fire-prone area should be no different from
building in a flood plain or a hurricane alley:
We need to begin looking at fire the way we view rivers. No one should be permitted to construct homes in the “fire plain” any more than we permit home construction in a river flood plain. The flood plain is as much as a part of the river as the normal flow channel. And a similar situation exists for fires. There are many ecosystems where the likelihood of a fire in a hundred year period is extremely high—building homes in such “hundred year fire plains” is as foolish as building a house in a hundred year river floodway.Seems simple enough. The article says that only Oregon has zoning laws similar to this. Insurance isn’t mentioned in the article, but one of the commenters brings up wildfire insurance, as in maybe homeowners can build in the woods, but they have to buy wildfire insurance. And maybe in some areas they can’t get that, either, and they just can’t build. Continue reading— Guest Opinion: George Wuerthner’s On the Range; Land Use Planning Must Address Wildfire Plain By George Wuerthner, New West, 18 June 2007
Speaking of
Black Swans,
here’s an interesting point in a review of
Nassim Nicholas Taleb’s book on that subject:
Why do we base the study of chance on the world of games? Casinos, after all, have rules that preclude the truly shocking. And why do we attach such importance to statistics when they tell us so little about what is to come? A single set of data can lead you down two very different paths. More maddeningly still, when faced with a Black Swan we often grossly underestimate or overestimate its significance. Take technology. The founder of IBM predicted that the world would need no more than a handful of computers, and nobody saw that the laser would be used to mend retinas.
— The perils of prediction, From The Economist print edition, May 31st 2007
If a casino sees a black swan (a really big winner), it’s likely to escort that person off the premises permanently, and maybe have a few words with whichever card dealer or one-armed-bandit programmer let that happen. If ordinary people hear somebody saying a really destructive event is likely to happen, they’re likely to call him a mad dog, no matter how good his data.
Yet black swans happen. While by their nature they’re hard to predict precisely as to time or place, it’s good risk management to admit they can happen and to have a plan for that eventuality.
-jsq
A ROW IS BREWING between a bunch of bloggers who took cash from Microsoft marketing outfit and stodgy old media types who take their bribes in less obvious ways.Well, wonder no more.The row started on Friday when the ValleyWag revealed how some “star boggers” had taken some cash from Federated Media to repeat some Microsoft sloganeering in copy on their websites.
Michael Arrington tells all how his Techcrunch site became “people-ready”. Gigaom’s Om Malik talks about when a business becomes “people ready”. Others named and shamed include Paul Kedrosky and Matt Marshall of Venture Beat, as well as Fred Wilson, the blogger-investor. Ads with the Volish motto appear on the blogger’s site.
— Boggers embroiled in Volish bribery kerfuffle, Old media lecture the new, By Nick Farrell, The Inquirer, Monday 25 June 2007, 14:02
-jsq
Sometimes suing your customers produces blowback:
Former RIAA target Tanya Andersen has sued several major record labels, the parent company of RIAA investigative arm MediaSentry, and the RIAA’s Settlement Support Center for malicious prosecution, a development first reported by P2P litigation attorney Ray Beckerman of Vandenberg & Feliu. Earlier this month, Andersen and the RIAA agreed to dismiss the case against her with prejudice, making her the prevailing party and eligible for attorneys fees.Does it help a company or an industry’s reputation when its customers sue back? Is this good risk management?The lawsuit was filed in the US District Court for the District of Oregon late last week and accuses the RIAA of a number of misdeeds, including invasion of privacy, libel and slander, and deceptive business practices.
— Exonerated defendant sues RIAA for malicious prosecution By Eric Bangeman, Ars Technica, June 25, 2007 – 04:40PM CT
-jsq
It looks like
technological security isn’t the only kind disorganized in government.
The latest GAO report about wildfires seems like more smoke than fire:
This testimony summarizes several key actions that federal agencies need to complete or take to strengthen their management of the wildland fire program, including the need to (1) develop a long-term, cohesive strategy to reduce fuels and address wildland fire problems and (2) improve the management of their efforts to contain the costs of preparing for and responding to wildland fires.
…
For cost-containment efforts to be effective, the agencies need to integrate cost-containment goals with the other goals of the wildland fire program–such as protecting life, resources, and property–and to recognize that trade-offs will be needed to meet desired goals within the context of fiscal constraints.
— Wildland Fire Management: A Cohesive Strategy and Clear Cost-Containment Goals Are Needed for Federal Agencies to Manage Wildland Fire Activities Effectively, GAO-07-1017T, U.S. General Accounting Office, June 19, 2007
How about a strategy for integrating wildfire planning into subdivision planning, or cost allocations from homeowner wildfire insurance?
Continue reading
It’s not enough just to measure:
…most metrics that we security folks come up with are well boring are effectively useless to upper management. At best they are focused on technical management such as the CIO and CSO. Like much of the rest of our industry, we metrics folks have again failed to relate our services to the business at large.You need metrics that are comparable across companies, that subsume enough information to be interesting, and that are easy to explain to executives. Something like the Apdex performance measurements. Performance and security are more intertwined than most security people yet realize. And network performance people have been dealing with selling their measurements to management for some time now. Security folks might want to see how it’s already been done.— Attacking Metrics by arthur, Emergent Chaos, 20 June 2007
-jsq
Shades of SOX complaints: the U.S. GAO
reports that
the Federal Information Security Management Act (FISMA)
is failing:
When we go out and conduct our security control reviews at federal agencies, we often find serious and significant vulnerabilities in systems that have been certified and accredited. Part of it, I think, is just that agencies may be focusing on just trying to get the systems certified and accredited but not effectively implementing the processes that the certification and accreditation is supposed to reflect.
— Q&A: Federal info security isn’t just about FISMA compliance, auditor says, Most agencies still have security gaps, according to Gregory Wilshusen, by Jaikumar Vijayan Computerworld, June 14, 2007
Sounds like they haven’t implemented numerous simple security measures that were known before FISMA, they don’t have processes to do so, and they don’t adequately report what they’re doing, even with FISMA. What to do?
Continue reading
Bruce Schneier examines the notorious sippy cup incident in which
a mother was told she couldn’t take a cup of water for her infant
through airport security, and gets right to the point:
Why is it that we all — myself included — believe these stories? Why are we so quick to assume that the TSA is a bunch of jack-booted thugs, officious and arbitrary and drunk with power?Yes, why is that? Continue reading— TSA and the Sippy Cup Incident, Bruce Schneier, Schneier on Security, 18 June 2007