Security Pie

Some of you may suspect that there is something wrong, almost Kafkaesque in nature to the above question.

Well, according to the Economist, a recent study by the good folk at University of Liege coma science group has discovered that doctors routinely mistake the level of vegetative state of comatose patients. Doctors make mistakes. Scrub. Doctors routinely make mistakes.

How many? Out of 103 patients, the doctors diagnosed 44 as vegetative. However, tests showed that only 18 were vegetative. the rest were in minimally conscience state. 4 out of the 40 diagnosed as minimally coscience were actually out of that state and able to communicate (just imagine the horror of being ignored after sleeping for years…).

Now here is the issue: Insurance companies prefer vegetative state patients because:

1. They can be disconnected (cheap)

2. They have no need for expensive rehabilitation

So, ahem, these same guys (dolts) who figured they should insure deadbeat (and temporary) homeowners on the assumtions that price will ALWAYS go up, created vehicles of investment to hide the risk which they said “will never happen” are now incented to keep those of us unlucky enough to be comatose as vegetative?

Suddenly, state owned healthcare begins to look nice (er).

On the bright side, same Economist has a story of cheaper solar cells and the successful cloning of mice.

I am a skeptic and have always been one. I believe that a healthy dose of skepticism can do wonders when trying to balance beliefs (many of which are odd: some people do believe that unicorns are real – literally real!) and reality. While odd beliefs are nice (and somewhat amusing), I would not like to base decisions on farfetched, wrong concepts. I can see the disappointment in some soon-to-be Unicorn farmers eyes.

Not all you see is as it is.

For example, take the Barnacle Geese. Here is a picture:

And take the Goose Barnacle. Here is a picture:

The similarity in color is apparent. Early Europeans, having not observed the Barnacle Goose nest, and having been oblivious to bird migrations, assumed that the Barnacle Geese emerged from the Goose Barnacle (hence the name). Furthermore there were eyewitnesses: The Welsh monk, Giraldus Cambrensis, claimed to have seen goose barnacles in the process of turning into barnacle geese in the twelfth century.

It is easy to discount this example as “dumb early peoples who did not know”. But these types of mistakes happen routinely in every discipline.

In security it is always easy to jump to conclusions. A DOS attack might also be a misconfigured device. An employee stealing data might be a risky business practice, process or habit.

The only way I am aware of to combat these mistakes is to dig deeper with methematical rigorosity. Understand not just the What (as in: what is happening) and the How (as in: how is this attack taking place) but the Why (as in: Why is this employee sending these emails).

/al

Emeco makes the famous chair below:

Emeco ran the ad below, which indeed may make a point:

My Ikea chair broke and it got me thinking about the security we get from less than stellar designs. Like chairs. Emeco has been making the navy chair since the 1940′s. Their chair works, and it is strong. It is dependable. Dependable like my Checkpoint firewall at home. Dependable unlike my less than my let-me-reset Dlink router and yes, my broken Ikea chair.

/al

For working on nailing Angelo Mozilo, former head of Countrywide.

• Thank you 1 goes to the email records: for providing proof that Angelo knew what he was doing and misled investors.
• Thank you 2 goes to the SEC: for FINALLY doing your job. Better late than never.

Angelo – May you go directly to jail and may you rot there. American dream my ass.

Let’s kick the Angelo’s new cage closed and move on to Dick Fuld and the rest of those who think our economy is their playground.

So I have recently been using a MacBook Pro (2006-2007 version) and have come to grapple with the advantages and disadvantages of Apple. Interestingly, the same types of concerns span the entirety of the Apple line of products (Ipods, Iphones, Mac books, Macs – I rarely use Mac Software so I don’t know if this is similar for their software).

Apple, IMHO, is a great device for non technical users. Apple technology is the closest approximation to an appliancized computer (think “washing machines” and “laptops”). It does what it does relatively well. But it comes at a cost: no hardware freedom. What does this mean? Well, Washing machines have lifespans of 10 years or so. For Apple appliances it seems to be 2 years (new Iphone, new Ipod, New Macbook Pro).

The accepted diatribe about this issue is that Apple provides better service than Microsoft: Say what?

On any Abit/Thinkpad/Dell (read PC) while true that hardware support comes from hardware vendors, it is mostly there. Unless the vendor goes belly up, there are drivers usually developed for quite a few years after the delivery of the hardware. Not so for Apple. Sure – it is a one stop shop – but service doesn’t exists.

(BTW – I am pretty certain that many people assume Apple provides service are the sharp ads on TV with a cool “Mac Guy” and a “Plump PC guy”. Well these ads are indeed very deceiving.)

As an example: Macbook Pro uses the Intel ICH 7M AHCI SATA II controller, which supports native command queing and 3Gb transfers. Nice hardware – right? Well yes for the marketing department, but not for the user. To enable the AHCI mode, the Intel option BIOS has to be installed. Apple does not support the option BIOS so users are stuck in IDE mode.

So much for good hardware which is – supposedly – faster than a PC. Well, it isn’t.

Built in obsolence (see http://en.wikipedia.org/wiki/Planned_obsolescence), as in using high end components but preventing their usage is a complete turn-off for me, so this will be the last Apple for me.  

/Assaf

I want to be free of accountability. I want to be Dick Fuld. I want to be Visa. I want to be Moody’s. I want to be Fair Isaacs. I want to take other people money and have no responsibility. I want to be Ken Lewis. I want to be American Express. I want to give dead beats other people’s money and make a profit. I want to suck the American people dry. I want to be Fannie Mae. I want to be John Thain. I want a million dollar office. I want to capitalize on other’s misfortunes. I want to makeoff with the savings of others. I want to be Freddie Mac. I want to be AIG. I want to be ignorant. I want to claim innocence. I want to be Mastercard. I want to print in fine letters a deal with the devil. I want you all to be subjects. I want to own FICO. I want to own your future. I want to be Experian. I want to be Trans Union. I want to be Washington Mutual. I want to fire my employees. I want to be Equifax. I want no responsibility. I want rewards. I want to be RBS. I want to create derivatives that will hide deadbeats in a cloak of A+’s. I want to be Bear Sterns. I want to be Lehman. I want to be the dollar bill. With not a care in the world. I want to be standard but not poor. I want to be Morgan Stanley. I want to be Goldman Sachs. I want to be Citibank. I want to be a collateralized debt obligation. I want to have the term debt in my name. I want to be an asset. I want to be Nationwide. I want to be bought by Ken.  I want to be Society Generale. I want to be Rick Wagoner. I want to be an American car maker. I want to be Hank Paulson. I want to waterboard prisoners. I want to be Alan Fishman. I want to be Edward Liddy. I want to be…

Who me? Nah. I just want to take advantage of the upcoming bubble. Whatever it may be.

So I like it when I can take the learnings of one field and apply it to another. When we started PortAuthority, it was clear to me that data security was important. I came from the defense industry which (for the most part) values data security more than it does systems – and for good reason: if enemies get access to confidential data, it is a very short while to losing military superiority.

However, I was disappointed and somewhat frustrated to learn that at the time (2000-2003) little thought was given by corporations to data security. Words to that effect were used, but the majority of security was dedicated to the A(vailability) in CIA and some were dedicated to the I(ntegrity). Very little (with a few exceptions) were dedicated to the C(onfidentlity).

As it turns out, what was missing was knowhow. This knowhow which is rampant across DOD corridors, was virtually non-existant in the corporate world. And the few that did understand the concepts were ex-defense employees.

So the knowhow for data security is now being built, and ever more security folk get up in the morning and say “how do I help enhance our competitive standing in the industry” vs. “how do I ensure I don’t get to clean up all the machines over the weekend”.

So – what is in this knowhow? Well, to me it appears that the knowhow consists of knowledge (theories), experience (past experiences, witnessing others, reading case studies), and language (how do I communicate to all parties involved in the activities). Or – as I will explain later – the common memories in the field (similar to the so called “muscle memory” in the organization).

Well here’s to the topic at hand: food, ”foodies” and what makes a great dish “great”.

Read the rest of this entry »

One of my lessons from selling Data Leak Prevention solutions is the necessity to keep messaging and expectations consistent throughout the protracted sales process.

Consistency of message is a cornerstone in driving the values forward and alowing the message to penetrate and be evaluted by the receiver. 

The following is a sad and brutal example of just how messaging inconsistencies can drive a dissonance in the proposed values:

“The founder of an Islamic television station in upstate New York aimed at countering Muslim stereotypes has confessed to beheading his wife, authorities said.” more at http://www.cnn.com/2009/CRIME/02/16/buffalo.beheading/.

Furthermore, the article states: “He launched Bridges TV, billed as the first English-language cable channel targeting Muslims inside the United States, in 2004. At the time, Hassan said he hoped the network would balance negative portrayals of Muslims following the attacks of September 11, 2001.”

On the TV station website (http://www.bridgestv.com/pressroom.asp) one can still find pictures of the husband and wife team with the caption:

 ”Aasiya Zubair (left), wife of Bridges TV CEO Mo Hassan (right) played an instrumental role in the creation of Bridges TV since she came up with the idea for the network.”

Killing of innocents (or any crime of assault while angered by anything) happens across all cultures. People murder other people everywhere, and sometimes quite enthusiastically (Sudan/Darfur, Congo, Miyanmar, Turkish Kurdistan, etc…).  Furthermore, the killing of women is reprehesible but happens in all countries.

But living under the pretense of prudity, of bridging gaps and confronting bigotry juxtaposed against the (to paraphrase Anthony Burgess) perception of ultra-violence of beheadings is just baffling. The dissonance just might tempt one to ask where indeed does the Middle Eastern mindset ends…

So Merrill Lynch was not a bargain as one could have gambled for… Mr Thain stepped down as head of BoA global banking and wealth management division. Apparently, Merrill Lynch, which Mr Thain once led, had a $15 billion loss in Q4, and BoA had to ask for more state aid to fund its acquisition of the Wall Street firm.

It also surfaced that Merrill accelerated some $4 billion in bonuses to staff before the completion of the government-backed takeover and that Mr Thain refurbished his office for $1.2M which include a 50k commode and a 1,400 waste basket.

Kenneth Lewis made a bad gamble: So why is Kenneth still the CEO of BoA?

Here’s my suggestion for a rule: If you have the chutzpe to go to congress to ask for my our hard earned cash, I we(?) want a letter of your resignation to accompany the request. To comply with the reduction in paper act, you could have two signature lines on the “Form X-XX: Request a bil form the govt.”: one for the request and one for the resignation.

Go home Kenneth.

So here is a distraction from the daily chore: Making Ice Cream.

I am exercising my new PacoJet processor and have noticed an abundant lack of kulfi recipes for the Pacojet. So here is mine:

1.5 litre whole milk
150 grams sugar
5 Whole cardamom seeds
30 grams pistachio nuts
a pinch saffron threads

Boil the milk (stir to prevent burning), and then cook for 45 minutes on low heat until milk is reduced by half. Add sugar to milk.

Shred cardamom seeds, pistachios and saffron threads in food processor (or use the PacoJet coup attachment) and add to milk.

Let milk cool down. For a smoother results, pass mixture through a fine mesh sieve.

Freeze to -20C in a beaker (do not overfill as mixture expands when pacotized) for at least 24 hr.

Pacotize the container and return to freezer to harden for at least 1 hour (Kulfi is better served dense and cold).

Enjoy.

PS – If you don’t own a PacoJet you could just freeze the mixture, but it won’t be as smooth.