Saturday, May 17, 2008
Tuesday, May 13, 2008
Something else is missing... need a pointer
Was thinking today... since school and university have come and gone(from my perspective), and family are in a different hemisphere; why is it so difficult to find or stumble across a mentor in this industry or even in this life? Is it just when you are younger that you feel like there are people around and above you who know what's going on, or have a plan? Once one becomes more self aware do we see everyone stumbling along together? One wonders what structure or guidance we as a society will need or will cling to to ensure cohesion, or what will emerge in the place of organised religions in the West?
Where are the few who espouse 'enlightened self-interest' and 'non-zero sum games' for the world? Why is it not immediately obvious in our leaders and politicians? What is broken and how can we fix it? ( I tend to start these days with http://www.ted.com/ or the http://www.worldchanging.com/book/ )
Unfortunately Information Technology is extremely lacking in individuals who can offer wisdom and guidance, presumably being such a young discipline/art itself?
Life is difficult to figure out in this generation of mass media with a constant bombardment of encoded information which mainly focuses on mass materialism and consumption. Is it any reason that graffiti and street art has tried to fill the gap left by the press, advertising and the media at large.
Everything has sped up. Most people are disembodied from themselves and society. What could you prescribe? Diet, exercise, preventative mental health, meditation, different types of education, emotional intelligence...etc?
If you would like to be a mentor please send a S.A.E. to PO BOX 564 :)
I probably need my own personal technical version of one of these guys: J Krishnamurti, Anthony DeMello, Eckhart Tolle, Matthieu Ricard... or maybe an aggregate avatar of all of them that follows you online or is a 3d hologram buddy in real life ;)
Note: The image above is of the 3d holographic shark who assists the kid in one of Discovery's 2057 programs. An episode that happens to focus on a city wide virus that gets in to everything including digital signage. Not on my shift I tells ya!
Monday, May 05, 2008
How much is enough?
Is IT Security/Technology Risk Management a discipline or an art, is it subjective or objective? ( Is information technology deterministic or just overly complex? )
Are IT systems and frameworks closed systems? What comparable frameworks or systems (through which value transits) must defend against sentient attackers who attempt to subvert, control or disable services?
Can organisations quantify the value of information in motion or at rest within their managed footprint? Can they independently verify/audit the flows and data objects present? Somehow the bad guys have a better appreciation for CPU, disk and BW and SERVICE than we have!
Does it come down to simple economics? How to incentivise and penalise?
Surely 'Critical Infrastructure' should be held to extremely high standards by an independent body of technical auditors?
Does it really come back to accountability? Do we/they/us/them need to get burned badly (which the miscreants don't want either!) before we are enlightened...
Can the little guys afford the head count of the big boys? (big boys who actually sometimes have *less* of a clue about their systems than the little guys in the first place!). Is it possible that sink-holing traffic centrally in the cloud will give us the visibility/control we have hoped for? Thin offices perhaps staffed with 'thin' people :)
For me it comes back to a simple paradigm. You can't manage what you can't measure. We need to return to atomic units via reductionist thought. This is what I hope shall come with cloud and utility computing. Can you or the cloud provider "afford" NON-integral CPU, DISK, FLOWS, BW, KILOWATTS... runaway code.. such that it now becomes a billing issue? Once IT shops in enterprises start properly implementing "charge-back" rather than a flat rate service we may see some changes.... this coupled with a metric/cost applicable to shared infrastructure such as network fabrics, DNS, NTP, control planes etc...
How can we secure a service when we can't even charge for a service?
Billing 2.0, Utility 2.0, Employment 2.0
Are IT systems and frameworks closed systems? What comparable frameworks or systems (through which value transits) must defend against sentient attackers who attempt to subvert, control or disable services?
Can organisations quantify the value of information in motion or at rest within their managed footprint? Can they independently verify/audit the flows and data objects present? Somehow the bad guys have a better appreciation for CPU, disk and BW and SERVICE than we have!
Does it come down to simple economics? How to incentivise and penalise?
Surely 'Critical Infrastructure' should be held to extremely high standards by an independent body of technical auditors?
Does it really come back to accountability? Do we/they/us/them need to get burned badly (which the miscreants don't want either!) before we are enlightened...
Can the little guys afford the head count of the big boys? (big boys who actually sometimes have *less* of a clue about their systems than the little guys in the first place!). Is it possible that sink-holing traffic centrally in the cloud will give us the visibility/control we have hoped for? Thin offices perhaps staffed with 'thin' people :)
For me it comes back to a simple paradigm. You can't manage what you can't measure. We need to return to atomic units via reductionist thought. This is what I hope shall come with cloud and utility computing. Can you or the cloud provider "afford" NON-integral CPU, DISK, FLOWS, BW, KILOWATTS... runaway code.. such that it now becomes a billing issue? Once IT shops in enterprises start properly implementing "charge-back" rather than a flat rate service we may see some changes.... this coupled with a metric/cost applicable to shared infrastructure such as network fabrics, DNS, NTP, control planes etc...
How can we secure a service when we can't even charge for a service?
Billing 2.0, Utility 2.0, Employment 2.0
Saturday, May 03, 2008
"Toffler-esque", wondering about IT churn?
An interesting look at employee churn, and very apt in the IT arena, methinks:
"Employees – especially the most talented ones – are not “dating around” and moving from place to place in search of the Perfect Company at which they can grow old and retire at. They’ve already aced the first four rungs of Maslow’s hierarchy and are in search of self-actualization: the instinctual need of humans to make the most of their abilities and to strive to be the best they can."
http://thedailywtf.com/Articles/Up-or-Out-Solving-the-IT-Turnover-Crisis.aspx
Thanks Wade. All we have to worry about now is the predictions of Malthus.
"Employees – especially the most talented ones – are not “dating around” and moving from place to place in search of the Perfect Company at which they can grow old and retire at. They’ve already aced the first four rungs of Maslow’s hierarchy and are in search of self-actualization: the instinctual need of humans to make the most of their abilities and to strive to be the best they can."
http://thedailywtf.com/Articles/Up-or-Out-Solving-the-IT-Turnover-Crisis.aspx
Thanks Wade. All we have to worry about now is the predictions of Malthus.
Wednesday, April 30, 2008
Phrase of the day...
Reading away in some offical blueprint documents for a client ..... came across the phrase "opportunistic use of automation"... tee hee.
Definition of opportunistic from my Mac's 'Dictionary and Thesaurus':
Definition of opportunistic from my Mac's 'Dictionary and Thesaurus':
opportunistic |ˌäpərt(y)oōˈnistik|
adjective
exploiting chances offered by immediate circumstances without reference to a general plan or moral principle : the change was cynical and opportiunistic.
Tuesday, April 15, 2008
Internet Infrastructure Report from Arbor
Nearly forgot to read/listen to this this year. Sound ain't great, would have expected more from the guys, however the content is worth a listen or the report a read.
PDF below:
http://www.arbornetworks.com/index.php?option=com_content&task=view&id=1034&Itemid=525
Monday, April 14, 2008
Screwing with perception.. quality
So basically time stops and challenges peoples perception of reality. Wonderful really.
Friday, April 11, 2008
Microsoft end to end rebuttle, trust me
From: http://www.microsoft.com/mscorp/twc/endtoendtrust/default.mspx
http://tinyurl.com/53psbo "Establishing_End_to_End_Trust.pdf"
The word transitive is not used once though hinted at. Let me preface the below rant with the fact that I don't have the answer(s). As pointed out in the article on Page 7: "As noted below, there are historic, economic, social, and political forces that suggest a well-constructed regime is better than none at all, especially in light of the challenges we face on the Internet and the desire of people to be more secure in their daily lives"... and "We must create an environment where reasonable and effective trust decisions can be made." Agreed.
However: ( Christ their lingo could do with some updating and accuracy though... read on... !)
Apparently sloppy code, the pace of technology, a bloated, incestuous, self-serving IT industry lacking in basic engineering discipline (around tolerances and expected usage) coupled with complexity, default permit, cost of massive parallel attacks, jurisdictional immunity.. yadda, yadda has *nothing* to do with our current predicament.... it's *all* about end-to-end trust... hmm subjective or objective guys? I'm hoping end-to-end includes dependencies relating from transitive trust...
Apparently though "Experience shows that most cybercriminal schemes are successful because people, machines, software, and data are not well authenticated and this fact, combined with the lack of auditing and traceability, means that criminals will neither be deterred at the outset nor held accountable after the fact. Thus the answer must lie in better authentication that allows a fundamentally more trustworthy Internet and audit that introduces real accountability"
Page 4 "But staying the current course will not be sufficient; the real issue is that the current strategy does not address effectively the most important issue: a globally connected, anonymous, untraceable Internet with rich targets is a magnet for criminal activity—criminal activity that is undeterred due to a lack of accountability.".... hmmmm yeah but what about http://geer.tinho.net/ieee.geer.0606.pdf
Geer:"Everything about digital security
has time constants that are three or-
ders of magnitude different from the
time constants of physical security:
break into my computer in 500 mil-
liseconds but into my house in 5 to
10 minutes."
Geer:"Human-scale time and rate con-
stants underlie the law enforcement
model of security. The crime happens
and the wheels of detection, analysis,
pursuit, apprehension, jurisprudence,
and, perhaps, penal servitude then,
paraphrasing Longfellow, “grind
slowly, yet they grind exceeding
fine.” In other words, law enforce-
ment generally has all the time in
the world, and its opponent, the
criminal, thus must commit the
perfect crime to cleanly profit from
that crime."
Geer:"If the physics of digital space and
digital time mean we ally ourselves
with the intelligence world view
and not the law enforcement world
view, we have to ask ourselves two
things: is the price of digital sur-
veillance a bearable price for the
benefit of digital safety? And, if so,
what is the unit of digital surveil-
lance? What do we watch—people
or bits?"
Back to Microsoft:Establishing_End_to_End_Trust:..
Page 8: Mis-use of the word hacker "external hackers with access to their systems, in large part because a hacker ".. will they ever learn or at least work harder for a little respect? Apparently "device-to-device authentication" will foil the "hackers"... and scripting attacks facilitates "thus making anyone an “expert” hacker; and the amount of data that can be stolen is limited only by bandwidth. "(Page 10)
Page 8: "robust management tools" are predicated on trusted management tools and one would hope them to be robust to begin with :)
Page 8: "depending on the threat level" , define threat and what metric is employed to address the level?
Page 8: "flooding and probing attacks"... is probing an attack?
Page 8: "Autonomous defense would be possible if, for example, packets likely to be malicious (because they are reliably identified as coming from a dangerous source) could be dropped shortly after entering the network or at a computer’s interface to the network." erm, a self-defending network by virtue of a firewall?
Page 8: "Even the intractable insider threat could be more successfully addressed because better audit tools would make it easier to identify suspicious access patterns for employees in a timely manner." ok so this is anomaly detection now via trust?
Page 8: "The authentication of identity, device (and its state), software, and data could be used to generate trust measurements that could also be used to reduce risk to the ecosystem." don't get me started although 'trusting the state' is a good concept, trust measurements spins me out considering 'trust' is somewhat boolean or a nominal measurement :)
Page 8: Apparently "one of the reasons that large enterprises manage risk relatively well is that they have dedicated IT staff implementing risk management programs." hmmmmm.... so throw some people at the issue and get the job done 'relatively' well :)
Page 8: Here comes the NAP pitch "Yet there is no chief information officer for the public, and no mechanism for protecting the broader Internet by taking best practices from enterprises, such as Network Access Protection, and applying those practices to the public." What about FIRST, NSP-SEC, Arbor, Internet Motion Sensor, Network Telescopes and ISPs in general? Ummm... NIST? SANS? Sorry guys Net Neutraliy vs extreme ISP Hostility with NAP?.. the oul' internet would break methinks... erm... we don't all conform on the endpoints ladies and gents, good luck on that one... the internet is a superorganism that is evolving its immune system. Surveillance and telemetry is the first step.
Page 8: We can fix it all "With better authentication and audit, dynamic trust decisions could be made (based upon, for example, the state of a machine) and Internet service providers could use network access controls to limit the activities of “untrustworthy” machines until they were updated."
So Internet wide NAC/NAP is the answer, don't let the "bad guys" or "bad nodes" on in the first place and kick em' off if they're bad(tm)
Page 9: Hmm, "Second, absent the ability to identify and prove the source of misconduct, there can be no effective deterrent—no effective law enforcement response to cybercrime and no meaningful political response to address international issues relating to cyberabuse." true.
Page 10: "Because all software operates in an environment defined by hardware, it is critical to root trust in hardware." hmmmmmm "If machines did a machine-to-machine-based authentication rooted in TPM keys before allowing a network connection, then one could arguably exclude unapproved machines from accessing network resources. Using new cryptographic techniques, this can be done in privacy-compliant ways." hmmmm cold boot?
Page 14 states: "As the firewall continues to diminish in importance, it is important to focus on protecting data as opposed to simply protecting the machines that store such data." Not sure I'd use this phrase rather that the focus from all sides is moving up the stack, but by no means obviating the need for firewalling.
Page 15: "standardizing audit data formats and tools".. erm syslog? http://www.loganalysis.org/sections/standards/index.html
Page 15: "one can call or send mail to millions of victims, but the time and cost makes this infeasible. " ye think? yeah SPAM is really on the decline, NOT! Micrsofts Penny Black project made sense though... http://research.microsoft.com/research/sv/PennyBlack/
Ok at this point I give up or this will get too long..... the whole section on F.Audit Page 14/15 is purile and so far behind the times it's scary... they need to look outside of their Microsoft shaped box in Redmond.
No mention of the network.
As Ranum states on http://www.beastorbuddha.com/ "The Internet applications stack depends heavily on ARP and DNS and those protocols depend on a tamper-free network. It’s just silly to think your end-point can secure itself if the network fabric is untrustworthy! If the network is untrustworthy, it’s “game over, man!” as Private Hudson would say."
At the end of the piece a question is posed "can we maintain a globally connected, anonymous, untraceable Internet and be dependent on devices that run arbitrary code of unknown provenance?"... Apparently if the answer is no, then " we need to create a more authenticated and audited Internet environment"... DOH!
"it is important to address all of the complicated social, political, economic, and technical issues raised to ensure we end up with the Internet we want, one which empowers individuals and businesses, and at the same time protects the social values we cherish. " Agreed but which *we* is that? And do we want backwards compatibility?
http://tinyurl.com/53psbo "Establishing_End_to_End_Trust.pdf"
The word transitive is not used once though hinted at. Let me preface the below rant with the fact that I don't have the answer(s). As pointed out in the article on Page 7: "As noted below, there are historic, economic, social, and political forces that suggest a well-constructed regime is better than none at all, especially in light of the challenges we face on the Internet and the desire of people to be more secure in their daily lives"... and "We must create an environment where reasonable and effective trust decisions can be made." Agreed.
However:
Apparently sloppy code, the pace of technology, a bloated, incestuous, self-serving IT industry lacking in basic engineering discipline (around tolerances and expected usage) coupled with complexity, default permit, cost of massive parallel attacks, jurisdictional immunity.. yadda, yadda has *nothing* to do with our current predicament.... it's *all* about end-to-end trust... hmm subjective or objective guys? I'm hoping end-to-end includes dependencies relating from transitive trust...
Apparently though "Experience shows that most cybercriminal schemes are successful because people, machines, software, and data are not well authenticated and this fact, combined with the lack of auditing and traceability, means that criminals will neither be deterred at the outset nor held accountable after the fact. Thus the answer must lie in better authentication that allows a fundamentally more trustworthy Internet and audit that introduces real accountability"
Page 4 "But staying the current course will not be sufficient; the real issue is that the current strategy does not address effectively the most important issue: a globally connected, anonymous, untraceable Internet with rich targets is a magnet for criminal activity—criminal activity that is undeterred due to a lack of accountability.".... hmmmm yeah but what about http://geer.tinho.net/ieee.geer.0606.pdf
Geer:"Everything about digital security
has time constants that are three or-
ders of magnitude different from the
time constants of physical security:
break into my computer in 500 mil-
liseconds but into my house in 5 to
10 minutes."
Geer:"Human-scale time and rate con-
stants underlie the law enforcement
model of security. The crime happens
and the wheels of detection, analysis,
pursuit, apprehension, jurisprudence,
and, perhaps, penal servitude then,
paraphrasing Longfellow, “grind
slowly, yet they grind exceeding
fine.” In other words, law enforce-
ment generally has all the time in
the world, and its opponent, the
criminal, thus must commit the
perfect crime to cleanly profit from
that crime."
Geer:"If the physics of digital space and
digital time mean we ally ourselves
with the intelligence world view
and not the law enforcement world
view, we have to ask ourselves two
things: is the price of digital sur-
veillance a bearable price for the
benefit of digital safety? And, if so,
what is the unit of digital surveil-
lance? What do we watch—people
or bits?"
Back to Microsoft:Establishing_End_to_End_Trust:..
Page 8: Mis-use of the word hacker "external hackers with access to their systems, in large part because a hacker ".. will they ever learn or at least work harder for a little respect? Apparently "device-to-device authentication" will foil the "hackers"... and scripting attacks facilitates "thus making anyone an “expert” hacker; and the amount of data that can be stolen is limited only by bandwidth. "(Page 10)
Page 8: "robust management tools" are predicated on trusted management tools and one would hope them to be robust to begin with :)
Page 8: "depending on the threat level" , define threat and what metric is employed to address the level?
Page 8: "flooding and probing attacks"... is probing an attack?
Page 8: "Autonomous defense would be possible if, for example, packets likely to be malicious (because they are reliably identified as coming from a dangerous source) could be dropped shortly after entering the network or at a computer’s interface to the network." erm, a self-defending network by virtue of a firewall?
Page 8: "Even the intractable insider threat could be more successfully addressed because better audit tools would make it easier to identify suspicious access patterns for employees in a timely manner." ok so this is anomaly detection now via trust?
Page 8: "The authentication of identity, device (and its state), software, and data could be used to generate trust measurements that could also be used to reduce risk to the ecosystem." don't get me started although 'trusting the state' is a good concept, trust measurements spins me out considering 'trust' is somewhat boolean or a nominal measurement :)
Page 8: Apparently "one of the reasons that large enterprises manage risk relatively well is that they have dedicated IT staff implementing risk management programs." hmmmmm.... so throw some people at the issue and get the job done 'relatively' well :)
Page 8: Here comes the NAP pitch "Yet there is no chief information officer for the public, and no mechanism for protecting the broader Internet by taking best practices from enterprises, such as Network Access Protection, and applying those practices to the public." What about FIRST, NSP-SEC, Arbor, Internet Motion Sensor, Network Telescopes and ISPs in general? Ummm... NIST? SANS? Sorry guys Net Neutraliy vs extreme ISP Hostility with NAP?.. the oul' internet would break methinks... erm... we don't all conform on the endpoints ladies and gents, good luck on that one... the internet is a superorganism that is evolving its immune system. Surveillance and telemetry is the first step.
Page 8: We can fix it all "With better authentication and audit, dynamic trust decisions could be made (based upon, for example, the state of a machine) and Internet service providers could use network access controls to limit the activities of “untrustworthy” machines until they were updated."
So Internet wide NAC/NAP is the answer, don't let the "bad guys" or "bad nodes" on in the first place and kick em' off if they're bad(tm)
Page 9: Hmm, "Second, absent the ability to identify and prove the source of misconduct, there can be no effective deterrent—no effective law enforcement response to cybercrime and no meaningful political response to address international issues relating to cyberabuse." true.
Page 10: "Because all software operates in an environment defined by hardware, it is critical to root trust in hardware." hmmmmmm "If machines did a machine-to-machine-based authentication rooted in TPM keys before allowing a network connection, then one could arguably exclude unapproved machines from accessing network resources. Using new cryptographic techniques, this can be done in privacy-compliant ways." hmmmm cold boot?
Page 14 states: "As the firewall continues to diminish in importance, it is important to focus on protecting data as opposed to simply protecting the machines that store such data." Not sure I'd use this phrase rather that the focus from all sides is moving up the stack, but by no means obviating the need for firewalling.
Page 15: "standardizing audit data formats and tools".. erm syslog? http://www.loganalysis.org/sections/standards/index.html
Page 15: "one can call or send mail to millions of victims, but the time and cost makes this infeasible. " ye think? yeah SPAM is really on the decline, NOT! Micrsofts Penny Black project made sense though... http://research.microsoft.com/research/sv/PennyBlack/
Ok at this point I give up or this will get too long..... the whole section on F.Audit Page 14/15 is purile and so far behind the times it's scary... they need to look outside of their Microsoft shaped box in Redmond.
No mention of the network.
As Ranum states on http://www.beastorbuddha.com/ "The Internet applications stack depends heavily on ARP and DNS and those protocols depend on a tamper-free network. It’s just silly to think your end-point can secure itself if the network fabric is untrustworthy! If the network is untrustworthy, it’s “game over, man!” as Private Hudson would say."
At the end of the piece a question is posed "can we maintain a globally connected, anonymous, untraceable Internet and be dependent on devices that run arbitrary code of unknown provenance?"... Apparently if the answer is no, then " we need to create a more authenticated and audited Internet environment"... DOH!
"it is important to address all of the complicated social, political, economic, and technical issues raised to ensure we end up with the Internet we want, one which empowers individuals and businesses, and at the same time protects the social values we cherish. " Agreed but which *we* is that? And do we want backwards compatibility?
Thursday, April 10, 2008
Counterpoint to the generational divide...
So my Mum sends me this email. She was only introduced to the Internet in 2000.
"I suspected something was running in the background. And fssm32.exe was quoting 92-95 under CPU usage. I googled "fssm32.exe and CPU usage" and found this:
http://www.geekstogo.com/forum/fssm32-exe-taking-all-CPU-resolved-t5718.html
which was exactly my problem. I had had an error message from F-Secure saying it
couldn't connect to update. I updated it manually, after a few tries, and ran a
scan.
It told me I had two trojan keyloggers, and listed them in the TIF but said it
couldn't delete. But they didn't show up under my identity. I found them under
the Admin identity, and deleted them. But of course when I rebooted and ran a
scan, they were back, only this time in a .dbx of the administrator. The
Phishing Email folder. So I deleted both .dbx (me and the admin, who are the
same person) cos I knew new folders would be recreated in Outlook. Then I ran
"Window Washer" with "bleach" (which means it overwrites files three times) and
included 'free space', as well as TIF and the rest ... Then rebooted and ran
F-Secure again.
When F-Secure said I was clean, I confirmed it with two online scans --
TrendMicro and Panda. The sluggishness has disappeared. And CPU for fssm32.exe
is now saying 02 or 03 when I have only Outlook open. I'm *assuming* for now
that if there were any files still in registry, that F-Secure should be telling
me. Maybe I shouldn't assume.
On the F-Secure info page about the type of trojan, it said I'd better change
all my passwords when I was sure I was clean.
I have "HijackThis" but am nervous of using it without guidance.
The problem *seems* to be related to Windows Automatic Updates. I'm set to
Automatic, but when I checked last night, it downloaded 9 Updates, which was a
shock. No idea at all how that happened. I'm still set to Automatic Updates."
Noice huh?
"I suspected something was running in the background. And fssm32.exe was quoting 92-95 under CPU usage. I googled "fssm32.exe and CPU usage" and found this:
http://www.geekstogo.com/forum/fssm32-exe-taking-all-CPU-resolved-t5718.html
which was exactly my problem. I had had an error message from F-Secure saying it
couldn't connect to update. I updated it manually, after a few tries, and ran a
scan.
It told me I had two trojan keyloggers, and listed them in the TIF but said it
couldn't delete. But they didn't show up under my identity. I found them under
the Admin identity, and deleted them. But of course when I rebooted and ran a
scan, they were back, only this time in a .dbx of the administrator. The
Phishing Email folder. So I deleted both .dbx (me and the admin, who are the
same person) cos I knew new folders would be recreated in Outlook. Then I ran
"Window Washer" with "bleach" (which means it overwrites files three times) and
included 'free space', as well as TIF and the rest ... Then rebooted and ran
F-Secure again.
When F-Secure said I was clean, I confirmed it with two online scans --
TrendMicro and Panda. The sluggishness has disappeared. And CPU for fssm32.exe
is now saying 02 or 03 when I have only Outlook open. I'm *assuming* for now
that if there were any files still in registry, that F-Secure should be telling
me. Maybe I shouldn't assume.
On the F-Secure info page about the type of trojan, it said I'd better change
all my passwords when I was sure I was clean.
I have "HijackThis" but am nervous of using it without guidance.
The problem *seems* to be related to Windows Automatic Updates. I'm set to
Automatic, but when I checked last night, it downloaded 9 Updates, which was a
shock. No idea at all how that happened. I'm still set to Automatic Updates."
Noice huh?
Tuesday, April 08, 2008
Sentence of the day, even if I do say...
To a colleague today about IT security and information assurance.
"theory" looking for visionary leadership in a world gone sour with an inverted pyramidal house of cards being built on yet smaller physical footrprints with sedimentary protocols forming ingrained foundations whereupon we dance with virtualisation in expanded cyberspace with even less capacity for visibility and management, let alone surveillance and optimsation. L2/L3/L2 -> Ethernet/IP-MPLS/VPLS... ESX/VSwitch/Windows = layers of complexity, layers of code, and yet fully fledged OS's pushed further away from the networking stack... abstracted in to inner space.....
Sunday, April 06, 2008
Great talk by Richard A. Clarke at Source Boston 2008
As Ranum et al have been banging on about for ages, Richard has actually been in the belly of the beast! (I think I'm gonna go read Richard's book, a "fictitious" account of state sponsored cyber-terrorism.)
Saturday, April 05, 2008
Safety for kids and a trip to Mars?
Kids:
I have been looking for something like this for a while to point parents towards to help them with some direction around their children's online activities.
It's a scary topic when you delve deeply in to tech, how to protect the kids. Personally I think parents should key log kids machines, but what about outside the home?
http://www.google.com/intl/en/landing/familysafety/
Mars:
Virgin and Google team up to go to Mars.
http://www.google.com/virgle/index.html
I have been looking for something like this for a while to point parents towards to help them with some direction around their children's online activities.
It's a scary topic when you delve deeply in to tech, how to protect the kids. Personally I think parents should key log kids machines, but what about outside the home?
http://www.google.com/intl/en/landing/familysafety/
Mars:
Virgin and Google team up to go to Mars.
http://www.google.com/virgle/index.html
Tuesday, March 25, 2008
ipv6 trix
More notes for myself for future reading, mesh, mobility and stuff...
Google v6 Tech Talks
http://tinyurl.com/2afeqc
What the US is missing by ignoring v6
http://www.infoworld.com/article/08/03/12/11NF-ipv6_2.html
Google v6 Tech Talks
http://tinyurl.com/2afeqc
What the US is missing by ignoring v6
http://www.infoworld.com/article/08/03/12/11NF-ipv6_2.html
Monday, March 24, 2008
Sunday, March 02, 2008
Anchored in time and tech, need new flows
Information Technology is fluid. IT is a capability whos ultimate goal stays the same, i.e. that of managing information. Unfortunately its operating environment, rules and players constantly change. Essentially what is being dealt with is a 'sliding window' of services constantly being built, tweaked and evolved on a platform of aging non-modular equipment and code.
Sliding windows suffer from extreme lag when they are consistently anchored by non-modular, non-extensible technology *and* people. We find ourselves constrained generally by the long tail of the process, thus consuming inordinate amounts of time and resources which could be better allocated and more productive elsewhere.
One of the foremost problems facing our society today from a technological perspective is not power consumption, general acceptance, awareness or learning, it's actually that of being trapped in the past, the near past. We are not so much trapped per se, but beholden to the constraints imposed upon us by the previous architects, engineers, management and chosen technologies. One must ask oneself, why be so short sighted? Did they really have a choice? Did they not factor the costs to maintain and deal with change? How does one manage change in an environment where the priorities seem to change daily and technology evolves almost independently while we wait for the darwinian champion of the 'most adaptable' to succeed.
Once more we should look to nature to see what the criteria for success are in an ever changing environment. Perhaps with this technological challenge we will be more aware of the interconnectedness and influence we exert in the evolution of cyberspace. What is it that we can manage? What is it that we can measure? Either the code needs to start taking care of itself or we need to embrace more fully an old engineering paradigm of loosely coupled replaceable sub-components. I would enjoy seeing both more! Don't get me wrong we will always need specialists and specialist systems, just built more-so from re-deployable units or resources. I am not advocating a monoculture, but a viewpoint or perspective on how we build considering the future caretakers of our digital creations from the outset.
At this point let me ask you a direct question dear reader; how many projects or times has legacy code, legacy infrastructure or tightly coupled systems thrown a virtual spanner in the works?
Virtualisation itself has started to offer some of the desired benefits alluded to above in relation to extensiblity and modularity, but many in management or leadership roles cannot tell you why or how virtualisation will and can benefit us, just that everyone else is doing it and it saves on the power bill.
Until we have our grey goo, a version of true utility computing whereupon perhaps we can 'pour' more computing in or on, or have any node re-purpose itself on the fly as another role, we will continue to build ourselves in to cul-de-sac's of wasteful practices. How much time and resources are spent trying to manage, measure or repair (while excessively consuming energy) the wrongs of the near past in our IT footprints.
We waste fossil fuels needlessly all the time within IT, but we also waste human capital trying to clean up after an unconscious breed of Information Technology 'professionals' who haven't seen the obvious staring them right in the face... survival of the most adaptable! Corporate memory just like public memory is short lived, however techs just like civil servants see the politics at play and the players only trying to further themselves. There is a new breed coming, an undercurrent of massively distributed techs with instant communication and new paradigms slowing trying to strip away the ineffectual practices of old. If you are the equivalent of a paper(email) shuffler in the office, adding no value, watch out I tells ya'... the language and sands are shifting and buzzwords just don't cut it any more!
Friday, February 15, 2008
My path, your path?
It exists inside. The gateless gate. It is already there. There is no path. It begins and ends within. There is no formal path. Some need training. Some need challenges. Some need to allow themselves to see further only to see closer. Whether lay or not is not the issue. Practice is all around. Formality can assist, can speed the path. It however is a pathless path, a gateless gate. We have already stepped through. The point at which one embarks on the journey is when they have both left and arrived. You get what I'm saying? YOU are awake already, once you question and ask if you are awake! The next step is only the depth, path and continuing effort or style. Sometimes thinking too much is destructive. Sometimes not thinking at all is destructive. To find the middle way is to have walked the edge and reached many extremes. Extremes cannot be found in comfortable places. The most uncomfortable places are in the mind, not in a geographical space, place or time.
My 0.02 brain cycles worth... my subjectivity is built from "our" objectivity and your subjectivity ;)
My 0.02 brain cycles worth... my subjectivity is built from "our" objectivity and your subjectivity ;)
Thursday, February 14, 2008
Simplicity
What is it that defines us?
What is the most important thing to us in our short existence?
What is the thing we should cherish most in our lives?
What do we have from birth to death and has the power to colour our lives for better or for worse?
Easy.... our minds, our consciousness...
So why do we neglect something so deeply important to our quality of life and base existence?
Surely we need to engage in some form of mind training or develop more tools to address and deal with our perception of reality?
Cmon' guys, why allow a crazy world to passively pollute our minds unnecessarily, why not focus a little bit on awareness and mindfulness. Start by observing yourself. Then take the time to quietly observe others without judging. Remove yourself from your preconceptions and look with clearer neutral eyes. Perceive from a neutral standpoint and quieten your monkey mind for a moment.
A good, easily digested, palatable first step in this modern age are talks online by people like Mattheau Ricard http://www.youtube.com/results?search_query=matthieu+ricard+happiness&search_type= and Anthony De Mello.
http://goldfusion.wordpress.com/2007/08/22/tony-de-mello-videos-online/
What is the most important thing to us in our short existence?
What is the thing we should cherish most in our lives?
What do we have from birth to death and has the power to colour our lives for better or for worse?
Easy.... our minds, our consciousness...
So why do we neglect something so deeply important to our quality of life and base existence?
Surely we need to engage in some form of mind training or develop more tools to address and deal with our perception of reality?
Cmon' guys, why allow a crazy world to passively pollute our minds unnecessarily, why not focus a little bit on awareness and mindfulness. Start by observing yourself. Then take the time to quietly observe others without judging. Remove yourself from your preconceptions and look with clearer neutral eyes. Perceive from a neutral standpoint and quieten your monkey mind for a moment.
A good, easily digested, palatable first step in this modern age are talks online by people like Mattheau Ricard http://www.youtube.com/results?search_query=matthieu+ricard+happiness&search_type= and Anthony De Mello.
http://goldfusion.wordpress.com/2007/08/22/tony-de-mello-videos-online/
Tuesday, February 12, 2008
3 IS the magic number - Mobile, Mesh, Multicast
Real time feedback loops to help the world.
a) have a read of this, link from Wade(bit long but worth it):
http://www.cityofsound.com/blog/2008/02/the-street-as-p.html
b) watch this from a Multimedia perspective to round out the concepts
http://www.albinoblacksheep.com/flash/epic
c) as I'm reading Arthur C Clarke's "The Light of Other Days" http://en.wikipedia.org/wiki/The_Light_of_Other_Days
it hammers the point home. Transparency. The multitude of data already out there. Our re-interpretation thereof. Intent. Information management and the integrity thereof. Interdependence demonstrated. Wake up. Welcome to the future. See the MESH. Feel the quantum foam ;)
a) have a read of this, link from Wade(bit long but worth it):
http://www.cityofsound.com/blog/2008/02/the-street-as-p.html
b) watch this from a Multimedia perspective to round out the concepts
http://www.albinoblacksheep.com/flash/epic
c) as I'm reading Arthur C Clarke's "The Light of Other Days" http://en.wikipedia.org/wiki/The_Light_of_Other_Days
it hammers the point home. Transparency. The multitude of data already out there. Our re-interpretation thereof. Intent. Information management and the integrity thereof. Interdependence demonstrated. Wake up. Welcome to the future. See the MESH. Feel the quantum foam ;)
Tuesday, January 15, 2008
Subscribe to:
Posts (Atom)