Security Pie

Since the Fluffinator is a very geeky coffee project of mine, I have posted it on home-barista. Those of you who happen to own a Mazzer Mini E grinder and are somewhat disappointed with the quality of its grind will find it very useful.

All the rest of you won’t, but may appreciate the level of myopic focus invested on diminishing returns exhibited by the people involved. And then some of you will disapprove and comment on the injustice of it all and that half of the world is hungry. Well, that is the half that picks the coffee that both you and I drink. So there – life is not fair.

More details at http://www.home-barista.com/grinders/mazzer-mini-e-grind-distribution-improvement-mods-t12954.html#p156133

At the end of every quarter, there’s this magical moment: its best time. If you are working in a sales or sales support position, you are probably connected to your mobile email device working 24×7 on getting this next deal… Lots of adrenalin in the air. It’s fun time. Unfortunately, RIM’s Blackberry network is down. In other words, no-mail-for-you…

Some BlackBerry customers in the Americas are experiencing delays in message delivery,” RIM said in a statement. “Technical teams are actively working to resolve the issue for those impacted. RIM apologizes for any inconvenience experienced by customers.”

The outage is the second for RIM in that past five days. For several hours on Thursday, users were once again not able to receive or send e-mail messages. RIM did not provide any details on what caused the outages on Thursday or Tuesday night.

Googling around, you’ll find several outage reports. Few are during this time… while it’s clear that it is only a coincidence it proves again that there’s never a good time for an outage…

So in an effort to better understand the future by reading about the past, and out of respect for Uma, I am reading a famous handbook for Samurai swords by John M. Yumoto.

In the book, Mr. Yumoto discusses the issue of counterfeiting, which apparantly rampant througout Japan at the time the swords were made. “Smiths often used friends’ names; apprentices used masters’ names and sons would use their fathers’ names.”

He quotes a legend from the smiths of Bizen Province:

The village in Osafune, in Bizen province, was known for its swordsmiths. One day Kanemitsu (金光), one of the town’s leading smiths, was enjoying a moment of rest in his shop. He suddenly found himself listening intently to the sound of the chisel of his neighbor in the shop next door.

Angrily he arose, dashed next door, and seized the sword on which the other smith had been chiseling a name.
“You were putting my name on that sword,” said Kanemitsu.

The other smith admitted that he had been doing so and apologized. “How did you know?” The guilty one asked. “Were you watching?”

“No” answered Konemitsu, “but I was listening. You used a greater number of strokes than was necessary if you had been writing your own name”.

Real Samurai use real Kanemitsu swords

A few weeks ago I gave a talk at an ISSA webcast about the importance of monitoring for data security. The Bizen province legend is a great example of monitoring data usage. Somehow, it is oddly comforting to know that data monitoring would have been as important to 14th century swordmakers as to modern day business owners.

/al

Finally a real reason to go through the headache of switching a phone company, get new apps and test ‘em. The folks at JVC developing VHS understood that. Sony did not get it at first

There is a claim that adult content was not available on Betamax (possibly because Sony would not allow it) while it was becoming readily available on VHS. Whether or not this was really a factor is a contentious topic….

(read the sotry how VHS format won here)

But then they did…  The folks at mikandi get it for sure. The killer application of all times – porn, now at a screen next to you.

There are still some open positions at the company. But beware, if you are self-righteous, ignorant and/or annoying please do not apply.

Regardless of your religion and belief, Happy Holidays!

It's all about the pie

I came across a document that was published few months ago describing Israel’s IT market in 2009.  I’ll let the readers decide if they accept the analysism but as a service I would like to point you to another source of information based on STKI’s summit presentation which is quite detailed.

I’m interested to hear your feedback on opinion.

A friend forward me the following article from the Consumerist with links to Zynga’s CEO Mark Pincus Youtube movie. So here’s what he said on the video (I guess that he did not know that someone is recording):

I knew that i wanted to control my destiny, so I knew I needed revenues, right, fucking, now. Like I needed revenues now. So I funded the company myself but I did every horrible thing in the book to, just to get revenues right away. I mean we gave our users poker chips if they downloaded this zwinky toolbar which was like, I dont know, I downloaded it once and couldn’t get rid of it. *laughs* We did anything possible just to just get revenues so that we could grow and be a real business…So control your destiny. So that was a big lesson, controlling your business. So by the time we raised money we were profitable.

Personally, I do not see ANY problem with that. In fact, despite the somehow graphic langue and maybe some over bragging, I think that Mark Pincus was/ is doing the right thing. All we have to do is wait and see how it goes…

So Yahoo! is taking down Geocities.

Still among the top 200 networks, Geocities which was up for more then a decade and was the first example of an open, simple to use, free personal Internet is now being closed. 2,000,000+ sites hosted on Geocities will be gone forever.

There are many morals for this story, but I’d like to point you to just one. Only 10 years ago Yahoo! acquired Geocities for ~ $4,000,000,000 (in stock….) to get this site.

The agreement, which combines two of the World Wide Web’s most popular destinations, would be the largest acquisition involving a Southern California Internet start-up. It also would solidify Santa Clara, Calif.-based Yahoo’s position at the head of the portal pack.

Can it happen again? Can one of today’s web-based leaders will be taken down and its content will be lost forever?

Will anyone pay such amount today?

11.22.2009 Update:

Almost a month later and the site is still pretty high on Alexa…..

Change log

11.22.2009 12:35 am Changed So Yahoo! is taking down Geocities today to So Yahoo! is taking down Geocities..

Recently, I have been enjoying the tower defense (TD) genere game on my iPhone. In the game, I try to prevent little animations of monsters from arriving at my castle and doing some malicious deeds like devouring the cute, helpless inhabitants of the castle.

Now I am not aware of any monsters that are scary, so to get into the mood I imagine that the monsters are packets with malware. Scary.

Also, since I have little experience with bows, arrows, cannons, balistrades and other primitive weapons, I imagine a sequence of firewalls, clusters of network IPS/IDS, proxies and host security apps.

After setting up the defenses, I then watch helplessly as those sinister packets slowly (but determined) make their way towards the castle eventually devouring the residents. In the world of TD you mostly fail. Success means you move onto the next level to spend time yet again watching malicious packets devouring your residents. But then nothing happens. This is where my metaphore for security as a TD game collapses:

1. In TD, you have many failed attempts and one success. As a security expert, you’d better succeed more!
2 In TD, the monsters end by eating the residents. In security, the malicious packets must create value for the hacker: either sabotage, or data theft.

In a data theft scenario, the malicious packets will have to walk back past the defenses with the data. That gives us a whole new opportunity to find and disable the attack vectors.

In security, we are usually told that building the anticipated attack trees and ensuring all branches are covered makes for a safer network. Anticipating attack paths is hard. Anticipating intent is easier (steal or damage). Adding the escape path branch to the list of monitored points just makes sense, even if TD doesn’t.

/al

According to HBP statistics, quoting the Kauffman Foundation, entrepreneurs have been key drivers of economic recovery in past recessions. In fact, since 1980, companies less than five years old have accounted for virtually all net new-job creation in the U.S.

Considering myself as an entrepreneur I read the Entrepreneurs’ Gloom Contradicts Wall Street Optimism.

The Foundation’s September 2009 study of more than 400 entrepreneurs and would-be entrepreneurs shows that 75% think the United States cannot have a sustained economic recovery without another burst of entrepreneurial activity.

Duh. Isn’t that clear? Elementary…

The following statistic tidbit got my attention:

75 percent think the United States cannot have a sustained economic recovery without another burst of entrepreneurial activity.

Duh. Isn’t that clear? Elementary…

Reading the survey summary  (pdf) the following slide was not surprising:

The US is not doing enough

I found out that many successful, talented entrepreneur that are currently in the US with  H1 visa are unable to start a business in the US, even if they willing to go through this difficult process.

The vast majority of entrepreneurs think it should be easier to start a business:

Starting a business in the US

For many entrepreneurs, starting a business in THE US, is NOT an option. You don’t need a Nobel Prize in economy to understand why the US economy need to make it easier to H1 visa holders to start a business in the US and help boost economy.