Friday, 30 June 2006

Chris Pirillo just mentioned onstage (at Gnomedex) that he wrote: TechMeme Hacked!!

Also - noted the launch of blaugh.com. Cool. The un-official comic of the blogosphere.



Add/Read: Comments [0]
GnomeDex | Random Stuff
Friday, 30 June 2006 08:48:18 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Wednesday, 28 June 2006

Time sure flies when you're having fun (or when you're working like crazy). I can't believe it's already here: Gnomedex starts Thursday evening, and I'll be heading to Seattle Thursday afternoon to check into the hotel and disconnect from the rest of the world and plug into the ultimate geek fest. It looks to be a very interesting and exciting time. I am sure Chris and Ponzi will once again outdo the past shows.

If you'll be there, let me know. My mobile number is over on the right side of this blog, as is my email address. Or just comment here.



Add/Read: Comments [4]
GnomeDex | Geek Out | Random Stuff
Wednesday, 28 June 2006 21:20:54 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Monday, 19 June 2006

Now, this is a great idea. Heard about it today on Startup Nation (which is a great radio show and podcast, by the way):

VocationVacations allows people to test-drive their dream job completely risk-free.  A VocationVacation isn’t job-shadowing, and it isn’t a fantasy camp. Instead, “Vocationers” work one-on-one with a credentialed mentor to see what their dream job is really like.  Currently, the company offers more than 200 packages in 31 states – and is growing each month including: TV producer, brew master, dog trainer, B&B owner, professional photographer, comedy club owner, race team pit crew member, baseball team general manager, chocolatier, sports announcer, white water rafting outfitter, animal shelter director, costume designer, talent agent, horse trainer, wine maker, baker, private investigator, film events producer, cheese maker, wine retailer, fishing outfitter, wedding coordinator and many more.

See what might fit your desires with their Dream Job Finder.

Looks very interesting. I'll have to dig into this and maybe try something out.



Add/Read: Comments [0]
Random Stuff
Monday, 19 June 2006 22:40:42 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Sunday, 18 June 2006

I called my dad this evening to wish him happy Fathers Day and we talked for a while, which was cool. We don't get to do that as often as we'd like sometimes, and I always enjoy chatting with him about whatever's going on. Right now they're busy completely renovating a house they bought - like as in gutting the whole thing and redesigning and rebuilding. Quite the project.

Anyhow, it's Father's Day, and it's a complicated day for me. When I called my dad passed along my wishes to him, he reflected them back to me. I think he knows how important that is to me, or at least I hope he does. Most people don't know about me being a dad, and the whole story behind that. I don't often get a chance to talk about Brian, my foster son whom I adopted several years back. He died about six years ago. Some people would say he died of depression. Suicide's a hard word to say out loud in context. It's been a journey, both before and since he died.

The one things that's kept me going in the years since is the group of guys Brian knew before he died, people whose lives he touched enough for them to stick around and hang out with me from time to time, even these many years later. They're all older now, adults out on their own in one way or another. One's on an aircraft carrier on the Pacific today. Another is driving a big rig to southern California right now. Others are here in town going to college and working, still others have moved on, and so it goes. In their own ways, they each stay in touch. I am proud to call them my friends.

A co-worker sent me a quick email on Friday, and it has to be one of the most thoughtful, nicest things anyone's said to me in quite a while. And she didn't send it because she works in HR and has to do these things. She sent it because she really cares. She remembered and went out of her way to say something. You can't put a value on that...

"Just want to reach out to you with a few words given that Father’s Day is Sunday.  I hope that you celebrate knowing that you’ll forever be a Dad.  And not only did you touch your son’s life, but you continue to touch the lives of those boys with whom you interact today, and this blessing should be celebrated. May the times you spent with your son fill your heart always."

I am grateful today for friends that care, for Brian's friends that have stuck around over the years, and for the time I had the opportunity to spend with him, however short and however difficult. I hope he's in a better place. I am sure he is.

To all the dads out there, hug your kids, no matter how old or young. And to those of you with dads, if you haven't made that phone call yet or dropped by to say hi, you still have a few minutes and it doesn't have to happen just one Sunday a year. Make the call. Pay the visit. Today or tomorrow, it all counts for the same.

Happy Father's Day.



Add/Read: Comments [2]
Personal Stories
Sunday, 18 June 2006 18:01:17 (Pacific Standard Time, UTC-08:00)
#  Trackback

Note: The game described in this article is no longer available.

Dead-mans-tale1Come Monday/Tuesday time-frame we should see the new Windows Live Messenger IM client move out of beta and into general "gold" release (it's the new name for what was previously called the MSN Messenger client).

Also starting up at apparently the same time is a cool movie-centric promotional method tying the film and the new software together. Using your Windows Live Messenger IM client, chat and play interactively with Billy Bones and Jack Sparrow, and then recruit someone else to help you continue to uncover secrets. Dead Man's Chest is the name of the second Pirates of the Caribbean movie, which is set to show in theaters starting on July 7th. Dead Man's Tale is an online pirate IM adventure.

As of Sunday afternoon, the "Billy Bones" IM persona was not actually online, but something tells me it will be very soon.

Arrrrrr!! This could be fun.

Meanwhile...

(found via LiveSide.net)



Add/Read: Comments [24]
Tech
Sunday, 18 June 2006 17:38:11 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Saturday, 17 June 2006

logo.jpgI first discovered and wrote about Pandora some time back, in December or so. Well, since then the Pandora crew has been hard at work and there's more new features that make the great thing they'd developed even better.

To re-cap, Pandora lets you enter the name of a musical artist, and it creates a "station" of similar, complimentary music based on the original selection. That music streams and plays in the web-based player like a radio station. And it's complete songs that play, not just clips. You can also rate the tracks and there are links to do things like buy from iTunes or Amazon. You can also take discovered songs you especially like and create new stations from those.

In a nutshell, use Pandora and you'll find lots of music you'll like that you'd never find otherwise.

But anyhow, about the new stuff...

On the Pandora blog just yesterday they announced some new features, one of which is called Backstage. It's a back-end into much of the information that drives Pandora. Here is how they describe it:

We created Backstage as your door to the music universe that lies behind Pandora. Search for an artist or song to start your exploration.

... whenever you hear a song you love, just click the song, album, or artist name to learn more. That click will take you "backstage" where you can browse an entire universe that tells the story of more than twenty thousand artists and their collected works.

Sample entire CD's, read about the history of your favorite bands, look at artist photos, build your musical profile, buy albums and tracks from iTunes or Amazon, and get all kinds of great recommendations for songs, albums, and artists you might enjoy.

Find something you like? You can create a new station with just a single click. Have some time on your hands? Just want to browse? Want to settle a bet about how many albums The Cure released in the 80's? Hop over to http://www.pandora.com/backstage and search for your favorite artist or song to get started.

Very cool stuff.

There are some other feature tweaks to the main Pandora interface, too. You can now rate a song with a single mouse click. Just mouse over the song you want to rate, and click the thumb (up or down) graphic that pops up. They've also added the ability to create a new station from any artist you encounter while listening. Just click the song menu and select "New Station: from artist" and Pandora will instantly create a new station for you.

And if you're wondering how the Pandora team does all that music comparison and correlation so you can find music you like, well guess what? It's a people-driven process, not automated. No wonder it works! Learn more about the people that manage the musical cataloging here.



Add/Read: Comments [0]
Random Stuff | Tech
Saturday, 17 June 2006 12:08:26 (Pacific Standard Time, UTC-08:00)
#  Trackback

What podcasts do you listen to? Which ones actually keep you coming back?

Honestly, there are so few podcasts out there that I can stand to listen to anymore. I deleted a whole slew of podcast subscriptions the other day because I felt like I was wasting massive amounts of time on those occasions when I did listen, and because many of them have simply turned me off completely and therefore got skipped over and never listened to (and honestly that's most of them).

What are my pet peeves? Okay, here's my harsh list for what will cause me to kill the audio before the podcaster even gets started.

  • Any podcast that opens with anything even remotely like "your speakers are about to blow up" or "warning, "the sound you're about to hear may cause damage." Give me a break. Everyone says that, and the only potential damage is me pushing a pencil through my ear to drown out the un-original intro.
  • Don't say "welcome to the world of (anything)." That's as lame as the movie trailers that start with "In a world..." People laugh and cringe at the same time. And it's sad when cringing is accompanied by uncomfortable laughter.
  • Open your show with "blahblah podcast" plus the date and then never use the word podcast ever again. Use of the word "podcast" more than once in any single sentence, or in more than one sentence in a row should be a felony. Agh. I know it's a freakin' podcast, it's not like it magically found its way onto my computer - I had to do all kinds of work to find it and access it. Tell me something I don't know and (here comes the 'o' word again) original.
  • As much as it might mean to you, chances are nobody else especially wants you to pontificate about how you and your girlfriend celebrated her 31st birthday this past weekend. In fact, your girlfriend probably doesn't want you saying it either...
  • Podcasts about podcasting. Uh, yeah.
  • Crappy indie music. Note that I have nothing against independent music if it's good. But any music that's bad (indie or otherwise) is bound to drive away listeners. The operative word is 'crappy.' If you played "We Built This City" on your podcast opener, I'd probably click the 'Close' button, too.
  • Repetition
  • Repetition
  • Repetition
  • Seriously, you don't need a blog entry with the same copy/paste text on the page for every episode. I'm reading to see what's different, not what's the same. I already unsubscribed from the podcast, don't tempt me to do the same with the blog.
  • Snot noises (sniffling, etc). Seriously, blow your nose or take a decongestant or something.
  • "So I thought I would talk about something like that and so ummm yeah so uh I am going to talk about that now..." GAH!

They can't all be that bad...

Anyhow, my new goal is to find 10 awesome podcasts that attract, deserve and retain my attention. Let me know if you have suggestions.



Add/Read: Comments [4]
AudioBlogging | Blogging | Random Stuff
Saturday, 17 June 2006 10:14:26 (Pacific Standard Time, UTC-08:00)
#  Trackback

Not exactly my typical blog topic, but I found this to be very interesting, and somehow I think people like Bill and Melinda Gates might think so, too.

It certainly might be worth putting some serious thought and effort into. Is this possibly the changing face of education?

The Fairhaven School in Upper Marlboro, MD is not your typical school. Instead of the standard educational model, this private school takes a radically different approach - Kid-powered learning, if you will. 73 students and a few teachers have turned the traditional model on its proverbial head. Done right, this could be a powerful form and method of education. It sure looks like the kids are well-educated, smart and (perhaps most importantly) involved in their world.

There's a DVD that a film maker made about the school and its students, and you can view the trailer here:



Add/Read: Comments [1]
Random Stuff
Saturday, 17 June 2006 08:14:36 (Pacific Standard Time, UTC-08:00)
#  Trackback

Love it. The bathroom: It's not just for laptops anymore.

Introducing iCarta (click to view larger size). Thank goodness there are people out there inventing these things and making a zillion dollars as a result. Is it really that simple? Who the hell funds these things, anyhow?

ICarta

Specs:

  • 4 Integrated high performance moisture-free speakers deliver exceptional
    clarity and high quality sound
  • Charges your iPod while playing music
  • Audio selector allows you to play iPod shuffle or other Audio device
  • Integrated Bath tissue holder that can be easily folded as a stereo dock
  • Requires AC Power (AC Adapter included)
  • Easy to remove from Wall Mount


Add/Read: Comments [0]
Random Stuff | Tech
Saturday, 17 June 2006 07:23:47 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Friday, 16 June 2006

Okay, so the video of the Bellagio style fountain show with Diet Coke mixed with a bunch of Mentos was cool. But what happens when you mix them up in your body? Makes for some serious gas, I guess.

Wonder no more. Here's yet another video where the subject performs another Mentos experiment that succinctly proves the theory (click to view the video):

Pepsi-girl

Thanks, Sean.



Add/Read: Comments [0]
Random Stuff | Humor
Friday, 16 June 2006 19:42:50 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Thursday, 15 June 2006

Stellarium-logoStellarium is a free open source planetarium program for your computer. It shows a realistic sky in 3D, just like what you see with the naked eye, binoculars or a telescope.

It is being used in planetarium projectors. Just set your coordinates and go.

If you're at all into telescopes or the night sky, this one's for you.

in version 0.8.0:

sky

  • over 120,000 stars from the Hipparcos catalogue with info
  • asterisms and illustrations of the constellations
  • images of nebulae
  • realistic Milky Way
  • very realistic atmosphere, sunrise and sunset
  • the planets and their satellites

interface

  • a powerful zoom
  • time control
  • multilingual interface
  • scripting to record and play your own shows
  • fisheye projection for planetarium domes
  • spheric mirror projection for your own dome
  • graphical interface and extensive keyboard control

visualisation

  • equatorial and azimuthal grids
  • star twinkling
  • shooting stars
  • eclipse simulation
  • skinnable landscapes, now with spheric panorama projection

customisability

  • add your own deep sky objects, landscapes, constellation images, scripts...

 

Click the image to view a full size screenshot:

Stellarium1

More great screenshots here.

Add/Read: Comments [0]
Random Stuff
Thursday, 15 June 2006 21:42:22 (Pacific Standard Time, UTC-08:00)
#  Trackback

What are you doing this July 4th? Well, if you're in the area (meaning the Pacific Northwest) and have a little "crazy" built up inside, here's your invitation to join me and a few of my pyro-friends as we spend the day setting up a big-ol' public fireworks display and firing it off for a community here in northwestern Oregon.

And I don't mean the fireworks you buy at the store or over on the reservation. I mean the real-meal-deal -- a commercial fireworks show bought and paid for by a town for the community.

Come on -- You know that hidden pyro deep down inside is clawing around in there, just trying to get out. You know you can't help it. You must give in. Say yes and experience the smoke, explosions and flames that go into getting those huge aerial displays off the ground and into the air. Or just help dig and bury equipment and then sit back and watch from the best seat in the house. Your choice.

In other words, come spend the 4th of July this year with us. It will be fun.

So - What exactly do you get/have to do?

Well first of all, you don't have to do anything you don't want to. Many people who come to help out are much more interested in setting up and watching the show than actually lighting it off, which is fine. Crew-members (yes, you'll get to truthfully tell people you're on the Pyro crew woohoo!) do everything: Install the mortars (4- and 5-inch mortar tubes for this show), load all the shells (hundreds of them), get trained on how this stuff works and - most importantly - how to be safe (training by yours truly), and finally we actually light the show and man the fire extinguishers - or whatever you are comfortable with. Then we clean it up and head out. By that time, it's been a long, fun day.

On the day of the show, after setup (read: manual labor involving shovels and dirt) is completed, we'll do some knowledge and safety training where you'll get to learn how the components work when you light them, and generally what to expect. It's fun. And fact is, not a lot of people get to do this kind of thing. So, this is my open invitation to the people who read this. Assuming you're 18 or older and you've not been convicted of a felony or are otherwise restricted from handling explosives (seriously, that's a hard-set rule from the feds and there's this piece of paper you'll sign saying you're cool), and assuming you don't show up drunk or anything (again, safety), it's a great time.

So, yeah... If you can talk the significant other into it (or bring him or her with ya), and you're up for it and not like completely freaked out by fire, explosions and lots of noise and smoke, let me know by sending me an email or giving me a call. Both the email link and the phone number are over there on the right side of the page (assuming you're viewing this on the web site).

Links from past shows to get you acclimated and prepared:

So, if Travis' account of things doesn't completely scare you away, be sure to get in touch!

Coolio. See ya there.



Add/Read: Comments [1]
Random Stuff
Thursday, 15 June 2006 21:11:54 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Wednesday, 14 June 2006

Gnomedex 6.0I'm taking a quick break from my work-all-night-at-home mode, and I see that Chris says Gnomedex 6.0 is officially sold out in the main hall (you can still attend in the "cove" hall via video feed, though). It promises to be yet another good year for this Gnomedex show/conference/event (it will be my third). It's all happening June 29th through July 1st.

If you're attending this year, let me know (my email and mobile phone are over on the right side of the page) and let's catch up!

Also, the OPML of attendees' blogs is here.



Add/Read: Comments [0]
Geek Out | GnomeDex | Random Stuff | Tech
Wednesday, 14 June 2006 20:38:47 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Thursday, 08 June 2006

Maybe I should head to Chicago for a week.

According to Reuters, the Sheraton Chicago hotel's general manager, Rick Ueno, has devised a rather unique informal program for Crackberry addicts. Check in, hand your Blackberry over to Ueno, and detox for the rest of your time there.

Ueno... said the program which began Wednesday grew out of his own personal BlackBerry addiction. His one-step recovery was switching to a regular cell phone.

"I was really addicted to my BlackBerry. I had an obsession with e-mail," he told Reuters. "Morning and night. There came a time when I didn’t think it was healthy ... I quit cold turkey."

Ueno said he would take personal charge of any BlackBerrys or related devices guests want to surrender and place them in his office locked up until their return is requested. There is no charge.

"I run a hotel with over 900 employees and thousands of guests. I think I’m more effective. I feel better. I sleep better. My family likes it," he said of his post-BlackBerry life.

He might be onto something...



Add/Read: Comments [0]
Mobile | Tech
Thursday, 08 June 2006 13:22:03 (Pacific Standard Time, UTC-08:00)
#  Trackback

I've made three trips from Portland, Oregon (where I live) to Washington DC in the past month. I love DC, but that's enough for me for now. Especially when you add in all the other trips I've made in-between. Try expecting to fly from DC to Omaha, but getting to Chicago and finding out your flight to Omaha was cancelled, so you decide to fly to Kansas City and drive to Omaha. at 1 a.m., then five hours later you get back on a plane to fly to your next stop

Crazy. I have spent most of the past couple months on the road. Or in the air, as the case may be.

Anyhow, time for a couple days off, no matter how much I may be needed elsewhere, so I am heading up to Scranton, PA to catch back up with my friend, Mary Beth. Her brother's getting married at West Point this weekend so we'll be up that way for a couple of days. What a cool place to get married. He graduated there last year and is an officer in the U.S. Army in Arizona. It will be a fun weekend.

Then it's back home so my dogs and cat can stare at me in disdain again for a day or two. Heh.



Add/Read: Comments [0]
Personal Stories | Random Stuff
Thursday, 08 June 2006 05:34:10 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Wednesday, 07 June 2006

http://www.zachbraff.com/

Sure, he's had the Garden State blog going with an occasional post here and there for a while, but Zach Braff - one of the few actors I can actually stand to listen to (actually I think he's a rather good, decent, funny cool person) for more than five minutes at a time - has started a new blog with video and text entries. Check it out.

Needs RSS though.



Add/Read: Comments [1]
Blogging | Random Stuff
Wednesday, 07 June 2006 19:58:02 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Monday, 05 June 2006

A coworker sent me a link to a news article today, yet another one about a data breach from - you guessed it - a stolen laptop. This one was an auditor working for Ernst & Young and doing an audit of Hotels.com, and apparently the auditor (and I can't believe this) left it in his or her car and it was broken into and stolen.

So now, thousands of Hotels.com customers' personal data - meaning names, addresses and credit card information of about 243,000 people - is potentially in the hands of someone who could use it improperly. Oh, and by the way, my name is certainly on that list.

Up until today I was frustrated to no end with these events.

Now it's personal. Now I'm angry.

And get this: The theft occurred in February and Ernst & Young didn't notify Hotels.com until the first week of May. What??? And on top of that, customers were not notified until a few days ago. You've got to be kidding me...

This post contains some useful information about data breaches, packaged with a bit of a rant by yours truly about information security - or the serious lack thereof - in US companies and institutions. As a reminder, what I post here is my own opinion and not that of my employer or anyone else. I work in information and cyber security, and I care - a lot - about these issues.

There's a major attitude problem - let's call it a lackadaisical mentality - out there and it's high time someone did something about it. Lazy security means lots of helpless victims, and we're so far behind the 8-ball as a country it's downright scary. There's a fundamental "people problem" at the root of this, and no matter how much technology we throw at it, the analog physical and human components need to be addressed before any of the technical issues can be resolved.

The Privacy Rights Clearinghouse maintains an online chronology of data breaches with descriptions of each event, outlining any known data breaches that have occurred since February, 2005.

All told, as of the time I write this, there are 84,797,096 individuals whose identities are known to have been included in these data breaches. Banks, universities, health care providers, insurance companies, corporations, credit card providers... Lord only knows about the ones that have not been reported. Ugh, it's depressing. It's also ridiculous.

What bothers me the most is how often the term "stolen laptop" shows up in the list. What in the world are people doing with sensitive information stored on computers that can walk out the doors of all of these heavily regulated companies and institutions? It's insane from a security management perspective.

But then again, let's take a look at just how many US banks, universities, health care providers, insurance companies, corporations and credit card providers are certified under some kind of recognized information security management standard. Let's take the big standards - BS 7799-2 and ISO 27001 - for example.

BS 7799-2:2002 (in this case, the "BS" stands for "British Standards") has long been the recognized standard for overall security management, and the new ISO/IEC 27001:2005 international standard is basically BS 7799-2:2002 in an updated form. It's also related to ISO 17799, since we're throwing around fancy names. Ultimately it's all the same stuff, just renamed and reassigned. The 27001 standard represents a systematic approach to managing sensitive information so that it remains secure. It encompasses people, processes and IT systems.  It is used to determine and evaluate a company's security management framework and is internationally recognized as the gold standard for security.

If a company doesn't have a security management framework in place, not only is it unaware of what's happening in it's own walls, it doesn't really know whether or not it knows much of anything. Yeah, that's confusing. What you don't know is what will most likely kill you. Either way, it's negligent in this day and age not to be formally on top of information security, and that involves not just firewalls and technology, but risk assessments, people, processes, and an over-reaching management framework to ensure all the bases are covered.

Did he say "negligent?" Yes, negligent. And I mean it.

It's a lot of work to achieve and maintain the 7799/27001 certification and to hold up to ongoing audits, to be sure (just ask me or my coworkers about it some day, we live it), but it's not rocket science and for gosh sakes, IT'S IMPORTANT. And it's not about the actual certificate, it's about all the things that go into the process of getting the certificate and keeping it.

So, if you had to hazard a guess, how many agencies, institutions and companies in the United States do you think have this important and recognized certification?

Be prepared to be disappointed. Especially when compared to the number of certified organizations in other countries, like say Japan and India and Korea. Or pretty much any other developed country, for that matter. It's really quite pathetic.

Of the 2600+ organizations on the certificate register, there are only seven  (yes, that's "7") companies or organizations in the entire United States certified under ISO 27001, and only 39 have been certified in the US under BS 7799-2 and ISO 27001 combined. Keep in mind, there's overlap on the lists, as a number of companies (like ours) have converted from the British Standard cert to the ISO 27001 model, meaning we've been certified twice.

This table shows how many organizations are certified under either ISO 27001 or BS 7799-2 as of June 5, 2006. The term "organization" can mean any one of several things: companies, portions or divisions of companies, agencies, or various other other entities. I've left off most of the countries that have only one certified organization to save space.

Japan

1602

Brazil 

9

Slovenia 

2

UK 

244

Sweden

8

South Africa

2

India 

186

Spain

7

Armenia

1

Taiwan 

92

Turkey

7

Bahrain

1

Germany

57

Iceland

6

Chile

1

Italy 

42

Greece 

5

Egypt

1

USA 

39

Kuwait

4

Lebanon

1

And of the US companies, agencies and organizations on that list, only one of them is a bank (and even then it's only the information security team's component of the business). None of them are credit unions. None of them are insurance companies. None of them are health care providers. One of them is a university. A couple are government agencies - and not the same ones that have been in the news lately, that's for sure.

If you think about it (or search for it, for that matter), how often do you hear about information disclosure outside the United States? Sure, it happens, but seemingly not nearly as often. And why is it, I wonder, that in Japan there are so many certifications? ISO 9000 (the gold standard for manufacturing) is huge there, as well. 

The fact of the matter is that overall, companies and institutions in the US don't take security nearly seriously enough.

So - It's time to do something about this. Now, not tomorrow. It's already much too late, so we need to get moving. We're already in triage mode, friends.

What to do? To start, if you do business with any company that handles sensitive individual data, ask them about their security certifications. And don't accept just a SAS-70 certification as covering the bases - it only covers operations of the datacenter and has practically nothing to do with the rest of the company. Also, make sure you know specifically what any issued certifications actually cover - this is called the "scope" of the certification. Is it the entire company (usually it's not so you have to ask), or is it just a department or division? If the company is not formally certified, do they have a security management framework and a standard they follow?

Also, this is formal security management we're talking about. Don't accept lame responses like "we're covered under HIPPA" or "we get audited for Sarbanes-Oxley so that's all covered..." Sorry, that doesn't come close to cutting it. Neither of those auditing standards require a company to have a security management system in place, and neither come close to covering what's needed to ensure proper security standards are met outside of their narrowly focused scopes.

Get educated. Find out what needs to change. Demand change. Question systems that put the secrets in the hands of people who don't have a personal stake in the game. Do business wherever possible only with companies that are cognizant enough of security to formalize their program on a standard framework and which preferably have external certification of the results of that effort. I'm not kidding here. And yes - it can be done.

Unless you have a better idea (and feel free to share - comment away), that's what it will really take to create change - Market forces. We certainly can't count on the government to do anything about it - they'll just come up with vague, useless legal acts that almost always miss the mark and cost the business sector billions (take SARBOX for example). Individual action and demanding that companies get serious - and that they do so in a manner where they can be formally reviewed and held accountable - is the best real-world way to force change.



Add/Read: Comments [3]
IT Security | Safe Computing | Things that Suck
Monday, 05 June 2006 22:06:00 (Pacific Standard Time, UTC-08:00)
#  Trackback
Is it just me, or is it kinda strange (and maybe a little ironic) that "anti-freeze" and "coolant" are the same thing?

Add/Read: Comments [2]
Random Stuff
Monday, 05 June 2006 21:26:12 (Pacific Standard Time, UTC-08:00)
#  Trackback

JK posted a cool picture that turns out to be a visual representation of his weblog. So, I went to the site that creates them and made one of my own (click the image below to view full-size):

greghughes.net site graphical representation

Color Legend:

blue: for links (the A tag)
red: for tables (TABLE, TR and TD tags)
green: for the DIV tag
violet: for images (the IMG tag)
yellow: for forms (FORM, INPUT, TEXTAREA, SELECT and OPTION tags)
orange: for linebreaks and blockquotes (BR, P, and BLOCKQUOTE tags)
black: the HTML tag, the root node
gray: all other tags



Add/Read: Comments [0]
Blogging | Random Stuff
Monday, 05 June 2006 21:20:32 (Pacific Standard Time, UTC-08:00)
#  Trackback

If you ever need to find an old version of pretty much any web browser that ever existed, just go here. Anyone need a copy of IE v1.0?

Wow, a lot of the browser names on that list bring back memories, heh...



Add/Read: Comments [0]
Tech
Sunday, 04 June 2006 23:24:22 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Sunday, 04 June 2006

Diet-coke-and-mentosI know, I know - it's sooo lame to link to Internet videos, blah blah, but seriously I only link to the ones that make me go WOW... This one certainly got me to play it more than just once.

The Extreme Diet Coke & Mentos Experiments:

What happens when you combine 200 liters of Diet Coke and over 500 Mentos mints? It's amazing and completely insane.

This has to be one of the better orchestrated Intarweb videos I have seen in awhile. Two guys take 200 bottles of Diet Coke, drop a bunch of mentos in the bottles, and end up with a terrific - albeit kinda messy - display. It does cause one to wonder, though:

If I eat Mentos and drink Diet Coke will I blow up????

Watch it here. Some of the earlier tests are also viewable online. Heh.



Add/Read: Comments [19]
Humor | Random Stuff
Sunday, 04 June 2006 07:29:08 (Pacific Standard Time, UTC-08:00)
#  Trackback

Not able to register and sign up for college classes and hike on down there to learn some useful crypto skills? No problem. The University of Washington's crypto course is available online for anyone to access. And this is some truly decent content.

Practical Aspects of Modern Cryptography - course description

The full semester of class content is available online - slides, video of each class session, audio in MP3 format (there's even a podcast link) - great stuff. You'll spend some real time working through the class presentation, which means you'll be spending the time it takes to actually learn the content.

By far the best way to view the content online is with a special app you can download from the UofW web site for free. If you install their WebViewer application you can get the video and slides and instructor annotations playing all together in one nifty package. Quite excellent since they teach with - get this - a Tablet PC in real time. It's kind of like Monday Night Football for geeks. Heh.

Web-viewer-crypto-class

There's a whole slew of math and number crunching stuff in the first class sessions, but it's information that is fundamental to a complete understanding. Then the instructors move into protocols and more practical, real-world applications.

There's a TON of presentation content here. Anyone who wants to learn about cryptography for real will likely find this worthwhile. Kudos to the instructors and the University of Washington for providing this online class content. We need more complete educational stuff like this on the web. Like MIT's OpenCourseWare. Excellent.

(via Digg)



Add/Read: Comments [0]
Geek Out | IT Security | Tech
Sunday, 04 June 2006 06:34:15 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Saturday, 03 June 2006

Steve Knopper took a new Dell computer and spent 18 days infecting it with all the malware and viruses he could get his hands on. His account if the whole thing is published at Wired.

"What kind of idiot buys a computer and willingly – even eagerly – exposes it to all the malware and viruses he can? Me. I bought a Dell Dimension B110 ($468! Cheap!) and tried to kill it for more than two weeks. I clicked on every pop-up and downloaded the gnarliest porn, gambling, and hacker files I could find."

And then he returned it to Best Buy on the 18th day. Classic. Read Steve's account here.



Add/Read: Comments [0]
IT Security | Tech
Saturday, 03 June 2006 20:55:18 (Pacific Standard Time, UTC-08:00)
#  Trackback

If there is one thing I have learned lately, it's that I have been wrong all along about how to solve problems between businesses. It's become very clear to me over the past few days of industry observation that the only way way to solve a problem is to serve some form of aggressive legal notice just as soon as humanly possible. So, as part of my top-secret role as a representative of an organization I am not actually allowed to tell you about, the following notice has been formally served on America Company and its CEO.

Background: America Company has infringed on the property rights of the organization I represent, and it's obvious they have done so intentionally and without even asking or offering to cook dinner or anything. That phone call back in February where they asked if it "would be cool" to use the trademark doesn't really count - it was purely a discussion of hypotheticals and whatever was said was certainly not really meant.

So, I regret even having to go this far. It is a very difficult thing to have to do. Unfortunately, it's now officially the only acceptable way left to solve real problems...

Dear AMERICA COMPANY and RORY BLYTHE, CEO:

I am counsel to AMERICA THE OTHER COUNTRY LLC (herein referred to as "SHADOW AMERICA"). Working closely with THE UNITED STATES OF AMERICA (and its predecessor, THE COMMONWEALTH OF SALEM) as well as its various divisions and entities, SHADOW AMERICA is the creator and producer of of the ATM/NIGERIAN SCAM MACHINE and ATM/NIGERIAN SCAM CONFERENCE, and has been constructing and distributing these machines, and conducting these conferences, since 2004. As a result of our investment of time, energy and resources in the production of the ATM/NIGERIAN SCAM MACHINE and related conferences, and the associated ATM/NIGERIAN SCAM MACHINE service-marks and product trademarks, members of the industry and interested members of the public have come to associate the mark "ATM/NIGERIAN SCAM MACHINE" and the ATM/NIGERIAN SCAM MACHINE conferences with SHADOW AMERICA and THE COMMONWEALTH OF SALEM.

It has come to my attention that you have marketed a service and/or device entitled in whole or part ATM/NIGERIAN SCAM MACHINE. Through this title, you are misinterpreting and misrepresenting, and recipients are given the direct and false impression that you are providing them with SHADOW AMERICA'S ATM/NIGERIAN SCAM MACHINE device. We have received numerous complaints related to confusion among our highly confidential and sensitive list of customers surrounding your marketing materials published on or about June 3, 2006, and other similar items.

SHADOW AMERICA has a pending application for the registration of ATM/NIGERIAN SCAM MACHINE as a service mark for the production, marketing and sale of devices, namely combination ATM-scam machines, associated devices and services related thereto in various fields of technology and services. You use of the ATM/NIGERIAN SCAM MACHINE mark without our authorization or consent directly violates our exclusive rights. Selecting this title can only been seen as a deliberate attempt to trade off the good will of SHADOW AMERICA and causes confusion in the market. You mis-use, ironically, is exacerbated by your use of the term "AMERICA COMPANY" in your marketing material, which is close in language and terminology to SHADOW AMERICA, and due to the little-understood yet existing connection between SHADOW AMERICA and THE UNITED STATES OF AMERICA, your company's name further complicates matters for consumers. Moreover, such actions contribute to unfair trade practices, unfair competition and are a flagrant violation of SHADOW AMERICA'S trademark rights.

SHADOW AMERICA hereby demands that you immediately cease and desist from utilizing ATM/NIGERIAN SCAM MACHINE at the name or title of your products and/or services, and from making any further use of our mark, or any mark that is confusingly similar to it. SHADOW AMERICA further demands that you provide us written assurance within ten days that you have ceased to use such name and title and that you will refrain from using and SHADOW AMERICA marks in the future.

Any further actions by SHADOW AMERICA will depend on the nature and promptness of your response. SHADOW AMERICA will retain and reserve all of its rights with respect to your actions to date.

Very Truly Yours,

Sosu Mie
SHADOW AMERICA
(AMERICA THE OTHER COUNTRY LLC)

Rory, you've been served. Again, I blame you.

Ok. Now back to our regularly scheduled programming...



Add/Read: Comments [2]
Humor | Random Stuff
Saturday, 03 June 2006 20:07:34 (Pacific Standard Time, UTC-08:00)
#  Trackback

Adobe, which released it's PDF format as an open format a while back, has apparently shoved Microsoft with a heck of a legal mess regarding Microsoft's plan to include PDF output support directly in the Office 2007 programs.

Brian Jones, a program manager in the Office team at Microsoft, explains that they're going to have to pull PDF output support out of Office 2007.

Let me see if I have this right. Adobe opens up the PDF format and establishes a standard that needs to be adhered to. Other companies and organizations, commercial and otherwise, pick up on that and add PDF creation support to their programs, with no hassle or complaint or legal action from Adobe. Then Microsoft adds it as an output format option to the next-gen Office programs, and Adobe complains and calls out the lawyers.

That stinks. No more Adobe for me. Don't try to convince me that it's different when it's Microsoft that's involved. Adobe's been spiraling toward an almost certain death for some time and this is just another example of that. The ISO:19005-1 standard pretty much spelled out PDF as a standard, it was opened, and now the lawyers are lining up. It's too bad. I guess Adobe didn't think through the definition of "open" when they "opened" the format standard. the only things that's clear is that some portion of Adobe's team of attorneys doesn't have a clue.

So, for people who want to do PDF in Office 2007 directly, it looks like it mean a separate download and installation. At least it won't mean being forced to use Adobe Acrobat, which is and has always been a buggy, bloated piece of junk in my experience. It fails more often than it works. I was rather looking forward to native support in Office right when I installed it...

Brian Jones' blog posts on the subject are here:



Add/Read: Comments [0]
Saturday, 03 June 2006 14:00:48 (Pacific Standard Time, UTC-08:00)
#  Trackback