2008 has been a year of change for me, both good and bad. In Feb I was laid off by BMC and hired by SunView Software. In the process I ended 10 years of working in Identity Management and started my career in Change Management.
We took a family trip to northern CA to see my nephew graduate from high school. After that both families vacationed together at Lake Tahoe.
I took over as the Pack Leader for the Cub Scout Pack our boys participate in. My youngest son joined Cub Scouts and my oldest son crossed over into Boy Scouts.
We got a puppy, a now 5 month old Chocolate Lab named Moose. Yes, I did indeed name my dog Chocolate Moose. I simply couldn’t resist.
The weekend after Thanksgiving my father got re-married at the age of 76, demonstrating that there is always room in our lives for new beginnings.
The weekend after Christmas my father-in-law passed away. Although we end 2008 on a sad note, we are Lutherans, so for us this is a new beginning for him as well.
As we enter 2009 I am hoping for a little less change in my life.
Apparently some Amazon customer got a little extra something under the tree this year:
Amazon.com Inc. last week warned customers running Windows XP that a Samsung digital photo frame it sold through earlier this month might have come with malware on the driver installation CD.
It’s interesting the Samsung isn’t saying how the malware got onto to the CD. They may have no idea.
This highlights one of the least appreciated dangers today, malware in the supply chain. From infected CDs to credit card readers with a built-in back door, 2008 saw a spate of incidents with malware being injected in the manufacturing process. It’s hard to imagine how this isn’t going to get a lot worse unless manufacturers overhaul their processes.
This also relates to a point I made previously about how a company treats its employees will affect its overall security. Low paid or ill treated workers will be much more easily tempted by bribes to slip some malware into system. The problem is made worse by outsourcing components. A security breach in a tiny sub-contractor can cause a black-eye on a major multi-national corporation.
Expect a lot more of this in 2009.
Unfortunately it seems the cities and counties in the US are starting to emulate the repulsive UK practice of installing speed camera and red light ticketing systems. Some enterprising high school students in MD have found a interesting way to have fun with it:
Whenever a new, relatively unpopular technology hits the streets, you can always count on teenagers to try and exploit it for their own gain. Such is the case with speed cameras, as high school students in Maryland have begun playing the “Speed Camera Pimping Game,” wherein they attempt to punk the not-so-accurate cameras by creating faux license plates that can be traced back to peers and teachers they have it out for. The trend has parents and law officials worried, and it raises even more questions about the cameras’ usefulness.
Students at Montgomery High School in Maryland have discovered that they can duplicate the license plates of their archenemies by printing a Maryland plate template on a sheet of glossy photo paper and digging up a handy license plate character font, according to a parent speaking to The Sentinel (via /.). This may sound like a janky craft project at first, but these cameras are not sensitive enough to pick up the differences between these paper license plates and the real things. The students then tape the faux plate over their own and purposefully speed in order to be caught by the speed camera, causing the real owner of the license plate to receive a $40 citation in the mail.
It would be irresponsible of me to suggest that this same tactic be employed to send speeding tickets to the members of the politicians that approve these devices. That would be wrong.
As would actions such as these.
Bavo De Ridder has this interesting take on Cloud Computing:
Cloud computing is cool, no doubt about that. There have never been more good looking and futuristic looking schematics been made in Visio. Thousands of presentations, workshops and even conferences have been held on the subject.
One question however has not be clearly answered yet … what about data ownership? What about privacy of that data? When your applications are running in the cloud you are also handing over your data to whoever is running the data center. How sure are you that they protect this data as they should do?
Bavo does point out some valid concerns. But I feel he goes too far when he links these concerns to the recent Microsoft Live TOS change:
Your cloud partner decides to disable a feature in their application, a feature you depend on. Does your disaster recovery plan takes this into account? This is not far fetched, in a small way this is what happened when Microsoft decided to disable anonymous comments on their Live Blog. They even did this retroactively and so revealed identity information of authors who previously had been anonymous.
While the Microsoft Live situation was a disaster for the users that had an expectation of continued privacy, there is an important distinction, namely the Golden Rule. No doubt the TOS for Microsoft Live, like all free services, are very one sided. For most free services you get the service for, well free, on whatever terms the provider dictates and you are, again, free to take your non-money elsewhere if you aren’t happy.
Commercial service providers typically provide a much different kind of contract with their paying customers. Such contracts would dictate under what conditions features could be added or removed. And there is a strong financial motivation to keep the customers happy.
Of course Bavo’s points about your provider going under or being acquired are quite valid.
Still it all comes down to risk. Successful companies don’t avoid risk. They balance risk against reward. If the cost savings with moving to Cloud Computing makes these risks acceptable then companies will consider doing it.
After all, are these risks so different from what companies take on when they contract with any provider, from payroll down to cleaning services?
When thinking about anonymity (and privacy), I like to divide it into two main categories, Real Anonymity and Granted anonymity. Real Anonymity is where you don’t reveal any information that could identify yourself when performing a public act (like posting comment to a blog). Granted Anonymity is where a third party knows who you are, but “grants” anonymity based on a pre-arraigned agreement such as a TOS.
Microsoft Live customers are now discovering the main drawback to Granted Anonymity; it can be revoked (hat tip to Pamela Dingle).
I am not going to comment on this specific case, enough others will do that. But I would like to share one rule I live by:
Never say anything on the internet under a grant of anonymity that you wouldn’t say publicly as yourself.
Some of the things that can cause the grant of anonymity to be revoked include:
- Change of TOS (which seems to be the case here)
- Acquisition of your service provider, resulting in a new TOS
- Government subpoena (including private lawsuits)
- Security breach at your service provider
- A breach of the TOS on your part
I don’t normally blog about politics, but this is just draw dropping.
Apparently there is a battle in NY to determine whether Andrew Cuomo or Caroline Kennedy will replace Hilary Clinton, who is moving from the Senate to the administration of the President Elect replacing George Bush and whose own Senate seat may be filled by the appointment of Jesse Jackson Jr.
When did nepotism become so chic in this country?
And where are voices of those who supposedly speak truth to power?