Thursday, November 23, 2006

Hint - Who or what am 'I' ?

"..idleness is lonely and demoralizing."

While many would agree with this statement taken from an essay by Paul Graham http://www.paulgraham.com/gap.html , I would challenge all facets of it.... why? or why shouldn't it be? This may be a form of mental gymnastics if you wish to contemplate this... but if you go deeper, it is in fact meaningless, tied to a concept of self, worth, value, dependence and desire.

In this modern day and age we need more idleness, reflection and less business / escapism. Idleness is not 'the Devil's playground'.

Monday, November 20, 2006

Game Over - Insert more credits....

Back in 2004 I text'ed some friends, family and colleagues after a day of banality, while waiting to board the Jetcat to Manly:

" Today I got no closer to understanding myself, the world or
existence - why am I wasting my time such?"


Since then I have been skirting the edges of that _thought_, looking deeper at other topics and perhaps shrouding it in the career I had chosen for myself - and since then have been trying to understand and fix some of the macro challenges within the construct of IT enabled organisations. I have delved in to the inner workings of the industry, looked at and compared other industries.. examined the similarities - the differences, and tried to fully grasp the complexities from 'end-to-end'. Some of the issues are unfortunately ubiquitous in many other industries.... but not necessarily near the level of complexity, naivety, lack of appraisement(data), ignorance, barrier of entry, nefariousness ( and related cost of resources for nefarious purposes...) the list goes on. Don't get me wrong, definitely a fun, playful, yet dangerous and ever evolving 'sandbox?', shame most don't get the underlying fact of the quite real and tangible intersection with the physical/natural world; for this 'virtual' world we have created, is not virtual at all, but an intrinsic part of our economy, infrastructure and daily life in more ways than the masses can comprehend. Some of the string, glue and sticky tape that holds together certain critical parts of said infrastructure and services constantly amazes me, but that is a rant for another day!

Part of me thought the answer would lie in 'front of house' or in a 'one to many' vendor based relationship... both allowing and facilitating me to grasp much more -> further and faster, if you will.... when in essence this only actually distanced me from the things I believed to be in my control, or to which I could influence, extricating me from my first hand experiences on the battlefield/battlefront. When we introduce the concept of internet time and physics, a fun question may be asked.. what use is a veteran of the 'Battle of Waterloo' in a modern war fought with drones, digital information and weaponry, and the tactics or strategies thus employed?

Note: Here one may counter with quotes from Sun Tzu, but I think you get my point :)
Note II: I am a n00b compared to RFP but he sums it up the industry well here.

I have ruminated on going back to academia to study military tactics, history, economics, statistics, computer science ( again ).... as we battle to understand and control the entity that is the internet - and the *new* challenges that go with it, such as new appreciations and understandings of the traditional concepts of physics, time and space trade-offs....things like 'crowdsourcing' and massively distributed computing.. however is this again distancing myself from the coal face? Or just walking the same path over again?

For me, working towards the assurance and overall security of these internet or IP enabled organisations, has seemed a noble goal, and I believe still is - the eternal struggle of "good vs evil" ( justifiable to oneself through the continued integral enablement and benefits of IT in industry and the global economy etc ), but have however been slipping away from myself, my real-self, and over-indulging in everything there is in modern society that gently allows us to 'escape' from the reality in which we live. The reality we ( or they? ) continue to create and mould for ourselves on a daily basis.

I may come full circle. I may not. But right now "life is short" and the answers and questions I seek are not to be generated or answered from within the construct that surrounds me. I am about to embark on a new journey to relinquish the 'I' and to perhaps find the 'We'.. who knows?

All I know is the time is now, the path is unclear.... but I do not fear it anymore!

First things, first though... I need to be with my family.

Friday, November 17, 2006

Machine and service integrity..

What if instead of worrying about compromised services and data in the short term with fingerprints/hashes of binaries and files, we applied the concept of re-use and cycling to the actual services and machines? Think TKIP or perhaps PFS for IPSEC on a macro service and machine scale?

Think load balanced web servers constantly rebooting from verified images - either sequentially or in some form of complex pre-computed pseudo-random pattern, thus reducing the potential time an attacker had on a box, service or version? I will think more about this, but VM's, load balancing and operational management would require a lot of planning, thought and overhead. Re-use of TCP connections e.g. TCP multiplexing is common now in many optimisation products/load balancing offerings.

If, as some in the industry have -> thrown the towel in per se, and are more worried about compromise, detection and time to restore a machine to an integral state - then why not take that to it's logical conclusion. Almost like a macro level Stackguard and ProPolice in OpenBSD that randomises an offset to the next addressable chunk of memory to make it harder to predict/calculate and reproduce attacks with standard results.

Let's limit the conceptual static state of a live machine ( harder for databases and synchronisation though.. ) but an interesting thought nonetheless.

Maybe you'd need a farm of diskless head-end servers the monkeys would constantly upgrade the OS/App from a bootable set of flash drives etc?

No one has addressed the issue of micro-time adequately in Information Security, rather intractability and macro-time as a defense! Please correct me if I am wrong here...

Thursday, November 16, 2006

Safety nets?

"There's always going to be a job out there if you're coherent and can put a sentence together."

Thursday, November 09, 2006

Hug the world

Today I was walking down Pitt St. in the centre of Sydney and a hippy'ish looking girl had a big piece of cardboard up above her head with 'Free Hugs' written on it in big letters.

I thought twice about it and then gave her one ;)

Most people were just staring and moving on confused, bemused and shocked. The world needs more hugs. City people don't connect enough. This was the highlight of my day.

The lowlight was that I had to think twice about it.