Category Archives: Ponderings

Antisocial Security

1 Reply

A while ago I pondered starting a weblog devoted to security. I occasionally feel the need to write something about this subject and I was worried that my one loyal reader would probably get bored stiff if I wrote too much in amongst my generally pointless rants.

My problem is that I know more about security than you. I am pretty safe in saying this unless you are one of a handful of people, all of whom I could name and none of which would be reading my weblog. Don’t get me wrong – If you are an expert in Linux, I bet you know tonnes more about Linux security than I do and I know 12 year olds who know more about modern hacking tools and methods than I ever will. The problem is that these specialisms don’t make good all around security experts; experience and exposure does and if nothing else, I have a lot more of that than most.

I got an email from an old adversary of mine today and part of my reply got me thinking about how I view a profession I used to be very much involved with. I quote:

“My former industry is full of self-publicists who are dreadful at
what they do; I care nothing at all for them and their paranoia
fuelled money making machine. I’ll stick with breeding camels and
just drag myself back into security when I need to eat occasionally,
but even so I don’t much think that will last.”

I’d like to write about security. As an odd kid working out better ways of nicking things or how to open locks I wasn’t meant to open, I have always been interested in the topic and I have devoted most of my adult life to it. When I was at school and a teacher of mine suggested that I manage the school computer systems as an alternative to trying to pull them to bits to see how they worked; I had no idea that a few years later I would be in the position to happily ignore fax requests for help from the FBI because they refused to give me a cool baseball cap or getting hate mail for working with the government to get Universities to prosecute hackers under the then new Computer Misuse Act (an action on my part which was  very misunderstood since I was actually more on the side of the students trying to make sure that they received a fair trial where the Rules of Evidence applied). Incidentally, we haven’t even hit the 1990s nor the start of the Internet in the UK yet.

I am not blowing my own trumpet here, I don’t like blatant self publicity and it’s certainly a bad trait in a security person anyway. That said, I am going to talk about me. It’s my weblog and if you don’t like it, then stop reading. I am making a point that I don’t like being told I am wrong by somebody who got a degree in Computer Security from Wigan Polytechnic in 2005 and then spent a few months getting a bunch of commercial “qualifications” consisting of seemingly random letters from computer-equipment manufacturers and then gets employed by some company and given a job title with the word manager, or consultant in it.

In my previous jobs I was surrounded by ’em. I’d go to meetings to be told I was wrong by people who didn’t  have a clue what they were talking about. I wasn’t wrong, I am rarely wrong about things I profess to know something about. At BT, we had a chap who I will call John (mostly because that is is name). He didn’t go to University, he didn’t have a single security qualification and he knew very little about computers, networks or telephony. He had, however, spent more than 10 years as a soldier in Northern Ireland on constant active duty. I had been told by my colleagues that John was a jobsworth and something of a tosser and although his job was to give security advice for high-profile projects, he shouldn’t be consulted. I ignored them and decided to talk to him one day  about a system I was building for one of the country’s biggest banks. It was a pretty good design and there weren’t too many flaws that I could see but as soon as he saw it, he started asking questions that other people hadn’t thought of and prompted me to make a lot of changes for the better. He didn’t know about anything like as much about technology as the people I was surrounded by but he did have a much better appreciation of security in general and he knew what questions to ask and wasn’t afraid to ask them. Although he doesn’t know it, it was him who prompted me to get more military training to increase my skill set. I would say thanks but he’ll never  read this; I don’t think he knows how to use a web browser.

It’s become an odd industry. We are talking security here and security is meant to be quite important in the modern world. There are billions of pounds flying around the world at any given moment and as you see every time the government accidentally sells a few million people’s personal details at a carboot sale, there are people who actually worry about this sort of thing. Who is protecting all this money? Who’s looking after your personal  details? Generally speaking, it’s the people with the Wigan Poly degree I am afraid. They don’t have a clue what they are doing and in the rare cases where somebody who does have a clue gets to contribute, the babbling rabble who are shouting out “We can do it for you on a Linux box for 50p” will win the day anyway since it all ultimately comes down to money.

I am not going to start a security weblog. I am not sure there is much I could write that hasn’t already been butchered by the Wigan Polytechnic Press. I may still write about security things but I will just do them as normal rants.

Now you know.

Wake up and smell the dewberries.

Leave a Reply

I am not writing very much at the moment but as an additional aid to my procrastination I have decided to write a few weblog entries. In the public interest I should mention that they will mostly be nothing but self-indulgent, procrastination-fuelled intellectual-masturbation and I will warn you when I have passed this brief phase and return to my normal sardonic ranting. If it helps, I will flag them all with the tag “Masturbation” so you can safely ignore them.

Apropos nothing; today I smell of Cherry and Almond and as I was putting this gloop of a shampoo on my hair earlier I started to wonder what had happened to The Body Shop’s dewberry range. Back in the early 90’s, White Musk and Dewberry were the Body Shop’s two original smells and the country stank of them. I am fairly certain that this was the thing that introduced our obsession with smelling like berries but the original source seems to have vanished from our memory altogether.  Bring back dewberry! Just not quite as much as before.

http://www.guardian.co.uk/business/2007/sep/12/genderissues is quite a sweet article on Body Shop dewberries.

Welcome to Facebook; please leave your self-respect at the door.

1 Reply

This morning, as I have increasingly found myself doing, I logged into Facebook to see who had invited me to groups that I will never join and who had invited me to add applications that I will never use. There was nothing – Soooo, being slightly bored and random I found myself looking at my own profile. There was a box on it which asked people to click whether they were interested in me or not (although it didn’t say interested in what way… Which is odd in itself). I investigated this further, but in order to proceed I had to invite some friends to join the application, 10 to appear on something or other and at least 20 to appear on listings. At the cost of not appearing on any searches I eventually found a skip button and found the bits which would tell me whether any of my friends were interested in me. They weren’t. For a brief moment there my self-esteem levels dropped and I felt a little miffed that not a single one of my 148 friends found me in any way interesting.

There is another bit that I had never seen before too, though where do these boxes come from? I am sure I ignore and block most applications I am invited to join. The other section was something called “Compare People” in which your friends compare you with their other friends, in order to produce league tables.

The top of this section told me the rankings of lots of my friends in categories such as Hottest (Laura), Smartest (Johanna), Most Desirable (Johanna), Best Personality (Johanna) and Best To Work With (Johanna). In case you were wondering, it also tells me that this apparent all around Goddess called Johanna is also the most organized and the most punctual. It doesn’t tell me that she is the most likely to be mistaken for an 8 year old Munchkin which is where I would list her (Nothing personal Johanna, I love you, but you won’t ever have to pay an adult fare until you are about 30).

This unusually large section now moves onto “Where do I fit?” and proceeds to give me rankings that my friends have given me.

This is where my friends ranked me:
Pos Category win%
1st is more confident 100%
1st is a better listener 85%
1st is funnier 83%
1st is more famous 100%
1st has a better profile picture 100%

3rd is more likely to win in a fight 83%

Right! I object! I can accept “More Famous” (though I would correct it to infamous) and I can feel flattered by some of the other ones but what is this 3rd “Is more likely to win in a fight”? Which of my friends couldn’t I beat in a fight? Why do my friends think I would lose these fights? WHAT ARE THEY THINKING? I SHOULD CORRECT THEM AT ONCE!

Aaah, and here’s the rub… I am falling for the psychological hooks of social networking, something that Facebook are very quickly mastering and overtaking Myspace in leaps and bounds with (Oi, leave my trailing prepositions alone). I am starting to compare myself to other people on the site and being tempted to do something about it – Next I will be writing about it in a weblog, and urging more people to vote for me or something and then I will be part of the whole social networking avalanche and heading quickly towards the shitty coloured pile at the bottom of the mountain.

I have found the “hide box” button, I no longer see the application and I am no longer tempted to go deeper into its bowels to see a full breakdown of who has placed me where, and why; nor am I tempted to rank my friends or be mean to the ones who ranked me differently to how I would have liked.

Facebook… You can have my intimate personal details but for now, at least, you can’t have my soul.

My Day

1 Reply

No don’t worry, I haven’t gone completely mad. The title was meant to be somewhat sarcastic.

Somebody commented that I didn’t update my weblog very much so I thought I would respond. I don’t update my weblog very much because I don’t really have anything of much interest to babble about that seems to fit into a weblog. I don’t want to go all Stephen Fry and write undoubtedly interesting articles (he calls them blessays I think) which are simply too long to read and I don’t want to write 10 posts a day describing every bowel and bladder movement I have like a lot of other bloggers seem to. After all, I use IRC for that.

Mostly I write something when I feel I have something to say that may interest my regular audience of 3 or 4 readers or the few random people that the search-engines pull in after a few weeks. I don’t write it immediately – I wait a few days and if I haven’t forgotten about it then there is a possibility that it may actually be worth a few minutes writing it down and maybe worth a minute for somebody to read. This isn’t to say that every post will be interesting but hey, I try.

To try and add some value and interest to this post, I think I will add some things that wouldn’t really have warranted a post of their own…

Firstly – I was wrong, and the controller of Radio 2 was right. When he announced that Chris Evans would be taking over the afternoon drive-time slot I was one of those grouchy folks who said that they’d never listen to it again. The controller chap told us to give him a chance and we may be surprised but nooo, I didn’t believe him. In the end, I forgot it was Evans presenting the show and accidentally listened to it and, amazingly, I carried on doing so. I am never going to become a Chris Evans fan but I have to say I don’t hate him and he really does do a very good show.

Oh yea, and since I am babbling – I am reading all these things about Microsoft and Vista’s “Kill Switch” for unlicenced copies with amusement. Every one of my copies of Vista is licenced and legal and this is a novelty to me. It’s almost become a slightly perverse hobby watching people complain at Microsoft getting more and more evil while I sit in my little cloud of smug, legal self-satisfaction at it not being my problem at all. It’s rather nice not having to keep up to date on all the little cracks and workarounds to stop Microsoft breaking my computer any more than they already have.

Right! That’s it… Shoo now, get back to whatever you were doing, don’t let me get in your way.

Accuracy be damned!

2 Replies

I don’t see myself as a Luddite but something about the obsession for accuracy these days is starting to piss me off. When I was being educated, on the occasional times I deigned to attend that is, there was always some bright spark who could quote Pi to god knows how many decimal places. To my mind, Pi is generally 3.14 – Usually, I am more than happy with Pi being 3.

Bear with me, this is going somewhere.

It’s all the fault of the sodding electronic calculator. See back when I was younger than I ever really was, there were slide rules, and a slide rule looked like this:

sliderule-pi.jpg

I appreciate that many people reading this won’t have ever used a slide rule in anger, but the principal behind them is that most of the time, you more or less guess the answer, as opposed to have it displayed to 9 decimal places in monocolour LCD lettering. Look up a little from here… See the third scale down? Just to the right of the 3? There’s Pi marked. It’s marked roughly between 3.1 and 3.2 – It’s about 3.15 in fact. If you want to multiply Pi by 3 you pop the two numbers together on the correct scales and read off about 9.45 on the result scale; if you want to multiply it by 30, you multiply that by 10 in your head… If you want to multiply it by 3 million, you do the same only with more zeroes and your error rate has gone up considerably, but it doesn’t matter much really, does it?

Why is this annoying me? Apart from the fact that I want to shoot people who can quote Pi to more than 6 places? Well it’s the post office, that’s what it is. They have digital scales now, and when the parcel you are posting weighs 501 grammes, they charge you for over 500 grammes. Generally speaking by that point, I just rip a corner off and make them re-weigh it but even so, when did we become so obsessed with this “down the nearest gramme” accuracy? I don’t like it. Make them stop. I am not even going to start ranting about their new letter size measurement devices which very much depend on the operator’s skill at getting parcels through a little plastic measuring slot – Well I am not going to rant YET, at any rate.

I want markets back where they plonked stuff on scales and weighed it in pounds. If it was 4.4 pounds, and cost 30p a pound, they’d charge you about £1. 30 because that was roughly what 4.4 * 30 is (a slide rule would confirm this to you, if you were to ask it, especially a W.H.Smiths one with the little clear slider thing missing like most of them are these days). These days they pop things on digital scales, tell the scales that the things you want cost 78p per 100 grammes, and when it weighs 264.5g it prints a label that says £2.08 (yes, the bastards round it up too).

I blame the Common Market.