Monday, June 30, 2008

So true

Saturday, June 21, 2008

Verizon report says it all...

I'll let Richard from TaoSecurity sum it up:

Thursday, June 12, 2008


MCP(Management Control Plane)
CP(Control Plane)
DP(Data Plane)

...should all be separate or as near as, especially in Tier1/2/3 ISP, INEX etc...

however why not try...with a global botnet to BGP announce your local SRC address for all DNS root servers sequentially while including BGP malformed/exploits with decreasing TTLs from the hopcount down to the first layer 3 hop. Lather. Rinse . Repeat. (including multipathed repsonses)


Wednesday, June 11, 2008

Where does IT fit?

Sunday, June 08, 2008


Nothing to see here yet, move along. Just thinking out loud about convergence.

Friday, June 06, 2008

How do you teach a child that fire is hot?

How do you teach management and the 'old guard' of IT about router root kits?

How do you teach Mom and Pop about 'drive-by pharming'? (mine excluded :)

How do you teach kiddies that 'bad people' exist and 'bad things' should not be looked at on the internet without prematurely shattering their innocence or attempting to remove their access to the internet?

Well. You don't. Manage to the edge and offer a managed service. Remove default permit.

Thursday, June 05, 2008

Information Technology and Security

Sunday, June 01, 2008

Architecture by any other name

Physics and space-time compression in cyberspace? What is the cost model, fundamental units and atomic entities in IT and are they static? Would buildings or other structures look or be designed differently if they were intended to run software that inherently changed their function and application, or if they had to resist sentient attackers and unforeseen loads? Viva la revolution!

Architecture definition from the Oxford English Dictionary in OSX.
architecture |ˈärkiˌtek ch ər|
1 the art or practice of designing and constructing buildings.
• the style in which a building is designed or constructed, esp. with regard to a specific period, place, or culture : Victorian architecture.
2 the complex or carefully designed structure of something : the chemical architecture of the human brain.
• the conceptual structure and logical organization of a computer or computer-based system : a client/server architecture

It isn't great practice to argue by analogy, but when the terminology inherent in a concept, system or discipline heavily borrows and indeed fragments an existing well defined discipline, it is hard not to use the fundamentals of the original discipline as a starting point. This post will focus on the relationship between information technology architecture and traditional architecture (though may be applied to biotech and nanotech in the future once the ubiquity of IT is also reached in these fields).

When the grey goo starts spreading it will be too late to fire the "architect".

Two things to remember throughout this post a) the fact that traditional architects must be licensed in most countries and are held accountable and responsible for what they produce and how and b) materials science does not accelerate at the pace that information technology does.

Rather than re-invent the wheel let's look at the traditional field of the roles of architects and structural engineers:

"1 - Architects are generally responsible for design of buildings used primarily for everyday use by people. Structural engineers are responsible for design of a wide range of structures, such as bridges and power plants, for which an architect is not usually involved.

2 - Architects are responsible for design of the building shape, layout and appearance. Structural engineers are responsible for design of the building elements (foundations, columns, beams) that support all other building elements.

3 - In general, the results of architecture are visible when the building is completed. In general, the results of engineering for buildings are not visible after construction.

4 - When the owner hires an architect, the architect manages the overall design process. For buildings, structural engineers most often works for the architect. In general, the architect defines parameters (criteria) that the structural engineer must use for design of the structural elements.

5 - The structural engineer uses relatively complex mathematics and computer software for design. The architect uses graphical techniques primarily, along with basic math. "

"Having IT, business analysts, and subject matter experts involved is important and necessary, but none of those three groups understands information and knowledge at a sufficiently deep level to offer truly creative and innovative alternatives that make information and knowledge systems work across the whole enterprise."

And a comment from Trilochan Chhaya in response to a related post :

"Information and Technology.........
Knowledge and Architecture.........
Information and Technology have existed for ages,and have challenged the Creativity of the Humans all the time.

Fortunately, it needs a creative thought to change Information to Knowledge and Technology to Architecture."

Let me get back to this one as I ran out of time. But if you are in any way IT inclined, you probably know where I am going already... and as an aside,

Combine "internet 0", with nanotech/nanofabrication... yes there is indeed "Plenty of Room at the Bottom"

Twitter'ish musings...

    Come join me on Twitter