Thursday, December 31, 2009

Perl has made me fat and happy

I’ve found that I have trouble learning other languages. I start a project to learn another language and out of necessity it has to be simple. But once I start on it I quickly start thinking about how much easier and faster I could get it done in perl.

Wednesday, December 16, 2009

Context-free Abstract Security Scale

crunge: I would like to propose a metric for security - the context-free abstract security scale. Its unit will be the Mitnik. It is a logarithmic scale based on the natural log so something rated at 8 Mitniks is about 2.7183 times as secure as something rated at 7 Mitniks.
radsy: seems fair
adam_vollrath: there are a few metrics out there, government certification of platforms and junk like that
crunge: So when someone asks "How secure is OpenBSD out of the box?" you can answer with confidence, "11.8 Mitniks".
adam_vollrath: sounds dangerously misleading. and funny, i assume you're being funny
crunge: But this is abstract, and context-free so anything can be compared against anything else.
crunge: to be able to compare anything to anything else you need a measure with no inherent meaning. Meaning really screws up graphs.
crunge: It'll revolutionize the industry
tonymec: crunge: this scale would have to evolve, as today's stuff is a lot more secure (hopefully) than what was used X decades ago. However log(1) is 0 in any log base, so "normal" security would have to be kept at 0 mitniks, pushing yesterday's stuff, if it doesn't change, farther and farther into the negative, like identical answers to an IQ test give you a far worse score than they did your parents a generation ago.
crunge: Can you imagine the value to Pen Testers? They can walk in, sum up the Mitniks based on their evaluation and then itemize the gain in Mitniks based on implementing their recommendations
crunge: and IT managers can plot growth in Mitniks as policies are implemented. You'd be able to quantify ROI on buying that new IPS
crunge: tonymec: even better. It would be based on the average which would of course be determined by the Pen Testers. I smell a business model paradigm shift.
adam_vollrath: now you just need to create synergy between stakeholders
crunge: adam_vollrath: oh yeah, and crowdsource it.

Tuesday, December 15, 2009

I Won a Naming Contest

I Won a Naming Contest

Kooky, I didn’t realize it until Frank got an email to me today. Word, I dig champagne.

Those who deal with security on a regular basis should take a look at Seccubus. It’s one thing to do a scan today and know about the vulnerabilities on your network today, but wouldn’t you like to know about a new potential risk as soon as possible?

Monday, December 7, 2009

Way to Protect Me Wamu/Chase/Whoever

So I get a notice saying my ISP failed to charge my CC on file. I go to check it out and the number they have on file is for a card that is supposed to be dead, it was replaced when the mag stripe wore out, maybe a year ago.

Both cards have apparently been active this last year.

Thursday, December 3, 2009

Noxious Cloud Computing

Ah, buzzwords. I generally dismiss them because they don’t really mean much and I should probably just dismiss Cloud Computing but I can’t. The term makes me angry. That might sound silly but I think it’s justified. Web 2.0, AJAX, and Long Tail are also buzzwords but they don’t make me angry. When people try to put those buzzwords into practice it’s really no big deal, they’re just subscribing to a fad and eventually it falls out of fashion. No big deal.

Cloud Computing is different. What is Cloud Computing? It’s where your processing and data is in The Cloud. What the crap is The Cloud? As a network professional I feel I’m qualified to answer this question simply, succinctly, and thoroughly. The Cloud is a symbol a network diagram. It represents The Internet. It looks like a cloud. It looks this way because the Internet is nebulous.

That’s all it is. If you’re using Cloud Computing your computing is happening out there, in that part of the diagram: the one representing The Internet. There’s one key thing that separates Cloud Computing from traditional Internet hosting and services. With traditional Internet hosting and services your pictures are on flickr or photobucket, your email is with yahoo or hotmail or gmail, and your shopping is through ebay or amazon. With those services your have more or less fixed resources and your stuff lives on some servers somewhere.

With Cloud Computing, where’s your stuff? Do you know? I hear people say, “Oh, my pictures exist in the cloud.” Well, where are they? They’re in the cloud. It seems to me that people think that in the cloud means their resources are everywhere and will be accessible from anywhere. When your stuff is in the cloud it apparently means it can never be inaccessible, or lost, or stolen.

The reality is that in the cloud means that you don’t know where your resources are. That’s not to say that you should, either. If your grandpa uses picassa for his pictures he doesn’t need to know where the files live or it’s preserved (although it’s to his benefit to be able to know how his data might be lost). Google probably doesn’t want your grandpa to know how the backend of picassa works because that might represent a security risk.

I’ll selectively borrow from Wikipedia what doesn’t challenge my rant:

In concept, it is a paradigm shift whereby details are abstracted from the users who no longer need knowledge of, expertise in, or control over the technology infrastructure “in the cloud” that supports them.

What does that mean? It means when your data is in the cloud it somewhere on the Internet and you neither know nor care where. That’s not to say it’s somehow more accessible, more available, or more secure. It just means users don’t know. And not knowing is fine but before Cloud Computing your grandpa didn’t know where his pictures were and he knows no more or no less now that Cloud Computing is here.

I guess saying Cloud Computing sounds cooler and smarter than, “On the Internet, somewhere.” What it sounds like to me is that you don’t know but either are afraid to say you don’t know or don’t realize you don’t know. I think this Cloud is really a fart - it smells terrible and will hopefully disperse soon.

Rode 11 Miles

Needed to get my car serviced but still go to work. Didn’t want to ask anyone to drive me there and back. Luckily the auto shop is only 5.5 miles from work so I threw my bike in the back of my car, drove to the shop, then rode to work.

All told, 11 miles today with some hills on the way back. I tried to just push harder instead of downshifting and was successful some of the time. I’m please overall.

Also, if you’re in the San Diego area, Mira Mesa Automotive, owned by Jim Boucher (Boo-shay) does good work and they don’t mess around with you.