Entries from December 2008
2008 has been a year of change for me, both good and bad. In Feb I was laid off by BMC and hired by SunView Software. In the process I ended 10 years of working in Identity Management and started my career in Change Management.
We took a family trip to northern CA to see my nephew graduate from high school. After that both families vacationed together at Lake Tahoe.
I took over as the Pack Leader for the Cub Scout Pack our boys participate in. My youngest son joined Cub Scouts and my oldest son crossed over into Boy Scouts.
We got a puppy, a now 5 month old Chocolate Lab named Moose. Yes, I did indeed name my dog Chocolate Moose. I simply couldn’t resist.
The weekend after Thanksgiving my father got re-married at the age of 76, demonstrating that there is always room in our lives for new beginnings.
The weekend after Christmas my father-in-law passed away. Although we end 2008 on a sad note, we are Lutherans, so for us this is a new beginning for him as well.
As we enter 2009 I am hoping for a little less change in my life.
Categories: Uncategorized
Apparently some Amazon customer got a little extra something under the tree this year:
Amazon.com Inc. last week warned customers running Windows XP that a Samsung digital photo frame it sold through earlier this month might have come with malware on the driver installation CD.
It’s interesting the Samsung isn’t saying how the malware got onto to the CD. They may have no idea.
This highlights one of the least appreciated dangers today, malware in the supply chain. From infected CDs to credit card readers with a built-in back door, 2008 saw a spate of incidents with malware being injected in the manufacturing process. It’s hard to imagine how this isn’t going to get a lot worse unless manufacturers overhaul their processes.
This also relates to a point I made previously about how a company treats its employees will affect its overall security. Low paid or ill treated workers will be much more easily tempted by bribes to slip some malware into system. The problem is made worse by outsourcing components. A security breach in a tiny sub-contractor can cause a black-eye on a major multi-national corporation.
Expect a lot more of this in 2009.
Categories: Security
Tagged: Malware, Security
A while back I wrote this post comparing the argument between Virtual Directories and Meta-directories to an argument comparing Phillips and flat-head screw drivers. I forgot about it until I noticed something interesting. Somehow a lot of readers found there way to the post from a thread comparing Java and C#. But another group of readers found arrived by searching for, oddly enough, information about Phillips versus flat-head screws.
Now I have no more interest in getting involved in the Java versus C# language debate than I am in the Virtual Directory versus Meta-directory debate.
But Phillips versus Flat-head screws? Boy have I got some opinions on that.
If you have to work with existing screws your choice has already made for you (just as if you join a project in progress you seldom get to choose between Java and C#). But if you are starting a project from scratch, you not only have to choose between Phillips and Flat-head, there is also Torx (the commercial name for hexlobular internally driven screws), square, hex, Allen (internal hex), one-way-flat-head, spline drive, etc. Just as you might consider more choices than Phillips and flat-head, you might also consider a myriad of programming languages in addition to Java and C#.
But some are clearly superior to others in certain aspects. Flat-head screws have more driving power than Phillips head screws (Phillips head screws are designed to cam-out to prevent over tightening, an intentional design feature). But flat-head screws are much harder to drive by hand due to tool slippage. This is an interesting analogy to the ease of development of C++ versus both Java and C#.
Allen and hex head screws have even more driving power than flat-head screws and are easier to user, but suffer from the limitation of needing have the exact size tool to fit the specific head size, whereas flat-head screws can accommodate a wide variety of tool sizes. This is similar to how scripting languages are often limited to use in a specific framework.
Wait, am I still talking about screws?
Categories: Programming · Virtual Directory
Tagged: C++, Flat-head, Java, Meta-directory, Phillips, Virtual Directory
December 23, 2008 · 1 Comment
Unfortunately it seems the cities and counties in the US are starting to emulate the repulsive UK practice of installing speed camera and red light ticketing systems. Some enterprising high school students in MD have found a interesting way to have fun with it:
Whenever a new, relatively unpopular technology hits the streets, you can always count on teenagers to try and exploit it for their own gain. Such is the case with speed cameras, as high school students in Maryland have begun playing the “Speed Camera Pimping Game,” wherein they attempt to punk the not-so-accurate cameras by creating faux license plates that can be traced back to peers and teachers they have it out for. The trend has parents and law officials worried, and it raises even more questions about the cameras’ usefulness.
Students at Montgomery High School in Maryland have discovered that they can duplicate the license plates of their archenemies by printing a Maryland plate template on a sheet of glossy photo paper and digging up a handy license plate character font, according to a parent speaking to The Sentinel (via /.). This may sound like a janky craft project at first, but these cameras are not sensitive enough to pick up the differences between these paper license plates and the real things. The students then tape the faux plate over their own and purposefully speed in order to be caught by the speed camera, causing the real owner of the license plate to receive a $40 citation in the mail.
It would be irresponsible of me to suggest that this same tactic be employed to send speeding tickets to the members of the politicians that approve these devices. That would be wrong.
As would actions such as these.
Categories: Freedom · Humor
Tagged: Civil Liberties, Humor, Speed Camera
Bavo De Ridder has this interesting take on Cloud Computing:
Cloud computing is cool, no doubt about that. There have never been more good looking and futuristic looking schematics been made in Visio. Thousands of presentations, workshops and even conferences have been held on the subject.
One question however has not be clearly answered yet … what about data ownership? What about privacy of that data? When your applications are running in the cloud you are also handing over your data to whoever is running the data center. How sure are you that they protect this data as they should do?
Bavo does point out some valid concerns. But I feel he goes too far when he links these concerns to the recent Microsoft Live TOS change:
Your cloud partner decides to disable a feature in their application, a feature you depend on. Does your disaster recovery plan takes this into account? This is not far fetched, in a small way this is what happened when Microsoft decided to disable anonymous comments on their Live Blog. They even did this retroactively and so revealed identity information of authors who previously had been anonymous.
While the Microsoft Live situation was a disaster for the users that had an expectation of continued privacy, there is an important distinction, namely the Golden Rule. No doubt the TOS for Microsoft Live, like all free services, are very one sided. For most free services you get the service for, well free, on whatever terms the provider dictates and you are, again, free to take your non-money elsewhere if you aren’t happy.
Commercial service providers typically provide a much different kind of contract with their paying customers. Such contracts would dictate under what conditions features could be added or removed. And there is a strong financial motivation to keep the customers happy.
Of course Bavo’s points about your provider going under or being acquired are quite valid.
Still it all comes down to risk. Successful companies don’t avoid risk. They balance risk against reward. If the cost savings with moving to Cloud Computing makes these risks acceptable then companies will consider doing it.
After all, are these risks so different from what companies take on when they contract with any provider, from payroll down to cleaning services?
Categories: Identity · Privacy · Security
Tagged: Cloud computing, Identity, Privacy, risk, Security
When thinking about anonymity (and privacy), I like to divide it into two main categories, Real Anonymity and Granted anonymity. Real Anonymity is where you don’t reveal any information that could identify yourself when performing a public act (like posting comment to a blog). Granted Anonymity is where a third party knows who you are, but “grants” anonymity based on a pre-arraigned agreement such as a TOS.
Microsoft Live customers are now discovering the main drawback to Granted Anonymity; it can be revoked (hat tip to Pamela Dingle).
I am not going to comment on this specific case, enough others will do that. But I would like to share one rule I live by:
Never say anything on the internet under a grant of anonymity that you wouldn’t say publicly as yourself.
Some of the things that can cause the grant of anonymity to be revoked include:
- Change of TOS (which seems to be the case here)
- Acquisition of your service provider, resulting in a new TOS
- Government subpoena (including private lawsuits)
- Security breach at your service provider
- A breach of the TOS on your part
Categories: Identity · Privacy
Tagged: Anonymity, Identity, Privacy
I don’t normally blog about politics, but this is just draw dropping.
Apparently there is a battle in NY to determine whether Andrew Cuomo or Caroline Kennedy will replace Hilary Clinton, who is moving from the Senate to the administration of the President Elect replacing George Bush and whose own Senate seat may be filled by the appointment of Jesse Jackson Jr.
When did nepotism become so chic in this country?
And where are voices of those who supposedly speak truth to power?
Categories: Identity
Tagged: Identity, nepotism, politics
North Carolina is seriously considering a really odious idea:
With gas-tax revenues plummeting, the state of North Carolina is looking seriously at taxing motorists for how far they drive.
Because spending less money is apparently out of the question. But wait, it gets better:
If the “road-use tax” is implemented, it would at first be simple – with the state checking your odometer annually and taxing you based on how many miles you have driven. But transportation experts say new GPS technology could allow the state to charge people different rates based on when and where they drive, in an attempt to manage congestion.
Talk of a Vehicle Miles Traveled tax has long been discussed as a necessity in a decade or so, because cars are becoming more fuel efficient, and states and the federal government are losing gas-tax revenue.
But there is now a sense of urgency about the new VMT tax. When gas hit $4 a gallon this summer, Americans sharply curtailed their driving. And when the economy cratered this fall, the driving rollback continued, even when gas prices plummeted.
Got that, in return for the right to drive in North Carolina, they would not only tax you extra on top of the gas tax you already pay, they would demand to know exactly where you drove your car.
By coincidence almost exactly a year ago I blogged here about how automated toll collection data has been used in divorce cases. Is there any doubt that this GPS data wouldn’t be used for law enforcement and civil litigation?
Of course the nanny staters get a say in the same article:
If states wanted to encourage people to continue driving fuel-efficient vehicles, the per-mile charge could vary depending on what you drive. A hybrid might be charged one-fifth-cent per mile, while an SUV might be charged a half-cent.
David Farren of the Southern Environmental Law Center said he supports a VMT tax. He said the tax would encourage people to live closer together, lessening the impact automobiles have on the environment. The government should not only encourage people to use less gas, but also to drive less, he said.
Wonderful. Not only do you pay more to lose your privacy, you get to be punished for what car you drive and where you live.
Categories: Freedom · Privacy · Skeptic
Tagged: Freedom, Gas Tax, Privacy, VMT
The WSJ explodes the story about the bailout you haven’t heard about yet: the unprecedented bailout of Christmas:
The picture of Christmas painted for Mr. Paulson by his rosy-cheeked host was bleak.
Apparently Santa’s difficulties in “producing product,” as Mr. Paulson described it, originated in a poorly understood aspect of the jolly elf’s current operations known as “Christmas list swaps,” or CLIPS.
Mr. Claus said that going back as far as anyone can remember, Christmas lists had been handled in the traditional manner. Children would draw up lists, which were left out in the evening with a glass of milk for collection by Santa’s elves; other lists would be exchanged with siblings, cousins and loved ones.
Several years ago, according to a participant who requested anonymity, some of Santa’s elves were contacted by representatives from Bear Stearns and Lehman Brothers, who persuaded the elves of the benefits of an elaborate scheme of Christmas-list securitization.
As outlined to the elves, the idea worked like this. Brokers would break each item on the Christmas lists into separate pieces and repackage the requests as securities, using a formula known as a “benevolence diffusion algorithm.” This would guarantee happiness for everybody in the world on Christmas morning. No one would lose.
Admit it. You just can’t resist reading a blog entry with “Algorithm” in the title, can you?
Categories: Humor
Tagged: Bailout, Humor
Pat Patterson points to this cool little site the purports to perform a Myers-Briggs personality test on the URL for your blog. Running it on this blog reveals the not too terribly surprising result that I write like an unfeeling bastard. I mean look at this “brain usage” diagram:
Based on that I would make Commander Data look an emotional wreck.
The site also shows an androgynous picture of me as a blogger. Except it shows me with hair, using a Mac, and drinking Jolt cola; instead of the bald, Windows using, Diet Coke addict that I really am:
A Myers-Briggs test is very spooky if you have every taken one. They often appear very accurate to the test taker. But this appearance is really a combination of some basic obvious traits taken from the test answers (or in this case language analysis) with a heavy dose of confirmation bias. In other words, people are very prone to believe things that are on the balance slightly complimentary. Note that there is no Meyers-Briggs category that just says: “you suck in general”.
For a while it was fashionable at many companies to subject applicants to a Myers-Briggs test to help determine how well their personality would match the requirements for the job, buying the risible notion that 16 categories can adequately represent the range of human personality.
There I go, being INTP again.
Categories: Skeptic
Tagged: Blogging, Myers-Briggs
