28th March 2006: Security Czar
Scott Granneman suggests that to buy a new PC, everybody should have to take a computer security training course, and pass a test (updated and re-taken every three years), as well as forcing companies to have no more than 75% of their computers using the same OS, citing a 2003 report by Bruce Schneier and others (Computer & Communications Industry Association) on the dangers of monocultures.
It should be noted that not everybody uses the internet, which is how most viruses spread, so maybe the test should be tied to internet connections rather than PC purchases. I realise that he's not entirely serious, but there would be huge difficulties with anything like this - what would be the penalties of surfing without a license? Should a five-year-old take the test before using the computer, or the parent? Where would the burden of proof lie regarding who was using the computer at the time it became infected? Would family members be expected to "grass" on each other like the current situation with speeding tickets?
25th March 2006: CentOS vs. Tuttle
Some screw-up with the hosting of http://www.cityoftuttle.org/ meant that the domain got the CentOS3-customised version of the default Apache page (actually, not quite this one, that's the CentOS2 page, the CentOS3 page is very slightly different in small detail); the City Manager decided that CentOS had hacked his "home page" or "website" (he seems confused about the difference), and blasted CentOS support before finally admitting " I am sorry that we had to go through the process and accusations".
Fortunately, CentOS grabbed the communications here: Why every city council needs at least one geek. (and perhaps, why it needs a few fewer litigous idiots)
24th March 2006: Windows Vista - the insiders' comments
Vista 2007... The blog post itself, and at least the first third of the comments are interesting reading for an insight into the current MSFT culture.24th March 2006: Timeless Toys for Children
A great example from the Early Learning Centre about the signifcance of corporate taglines, and how they can backfire on you.
Well, it made me laugh, anyway.
18th March 2006: Rosberg
Nico Rosberg has proven himself in F3, and has already shown his colours in his debut F1 race, and in qualifying for the Malaysian Grand Prix. He looks well on form to carry on his father's career victories. I look forward to seeing how Rosberg takes on the rest of the grid over the course of this season. He is the man to watch, IMO. He is fast, and I predict that he will humiliate some of the known names on the circuit.
Qualifying positions are (or were, before engine penalties):
- Fisichella (Renault)
- Button (Honda)
- Rosberg (Williams)
- Webber (Williams)
- Montoya (Mclaren)
- Kimi (Mclaren)
- Alonso (Renault)
- Klien (RBR Ferrari)
- Trulli (Honda)
- M Schumacher (Ferrari) - engine problem
- R Schumacher (Toyota) - after engine failure
- Coulthard (RBR Ferrari)
- Barrichello (Honda) - very disappointing
- Vileneuve (BMW (ex-Sauber))
- Heidfled (BMW (ex-Sauber)) - I have great hopes for Heidfeld
- Massa (Ferrari) - Is MSC really that good?
- Speed (STR)
- Liuzzi (STR)
- Albers (MF1 (aka Jordan))
- Montiero (MF1 (aka Jordan))
- Sato (Aguiri Honda) (should he be allowed on the track?)
- Ide (Aguiri Honda)
17th March 2006: Bird Flu
(Originally on http://www.davewhitter.pwp.blueyonder.co.uk/Terrible.jpeg)
15th March 2006: Bowling
It was my birthday, I had tons of holiday to burn before April, so I took the day off work and took my family bowling (how American could I get?!). It was a bit of a gamble - the girls are very young (1.5 and 3.5 years old), so would they survive the gaps between play, or even what the game was about? Particularly the youngest, we felt that she would not understand anything that was going on, and even the 3 yr-old would have a bit of difficulty (though she had seen it on TV and had commented 'I want to do that'). As it turned out, they both enjoyed the game, and (although the girls had the barriers and help with setting up the widget to aim the ball, of course), Emily, the youngest, won the game with 107 points to my 105 points. It was a great family day out, and we all enjoyed ourselves. The victor never kept the attention span to watch any of her balls actually hit the skittles, not even when she got the first strike!
8th March 2006: Microsoft (again) - Security Certificates
I realise that Microsoft are trying to catch up with security issues; however, when I see things like this "dialog" box, provided by MS Windows, on the corporate desktop of a major Microsoft partner, I have to seriously consider what happens when the words "Windows" and "Security" are combined. What certificate am I supposed to approve / provide? I know that you want to know what happens if I hit the "More Info" button - that will surely provide the certificate analysis, with the list of trusted providers, so come on Steve, don't be silly.
That's what I thought, too - hitting that button opens the generic Microsoft Help page about what certificates are, and how wonderful they are at providing security.
From the wording, it seems that the site isn't providing security to me, but requesting a certificate from me, to authenticate myself to the site. Again, I don't have a certificate to provide, but I can still hit the "OK" button, and still get access to the site. (Oh, and if I hit the "Cancel" button, I still get access to the webpage).
This is really more scary than no security at all - a system which accepts that security can be an issue, but will still accept blank certificates. This sounds like a system which was set up in order to match certain checkboxes, but does not provide any actual security whatsoever. If the idea is to prevent access to the webpage from intruders who may have somehow accessed the intranet, then it achieves nothing; I can't imagine what else it might be supposed to provide, but I don't see how it secures the client or the server from random people (given access to the intranet) from acessing the website, from an encryption or access policy perspective.
8th March 2006: Terrorism (yet again) - Jean Charles DeMenzes
Panorama had a rather thorough investigation into the death of Brazilian Jean Charles DeMenzes tonight. I am unlikely to get the time to make a full entry on this subject, but my (very) rough notes are available. To give a very brief summary, the whole thing was a cock-up - the soldier who was detailed to track Osman Hussein was on a toilet break when Jean Charles left the same block of flats. That lead to a series of confusions, which resulted in Jean Charles DeMenzes being tracked, on the belief that he was Osman Hussein.
As I do not have the time to give a full summary of the Panorama investigation, I will summarise it with this: Steve House,
Central Operations of the Metropolitan Police states that the instruction on suspected suicide bombers is
to "shoot to incapacitate" by "shooting in the head". He denies that "shoot to the head" is the same as "shoot to kill."
I am no medical expert, but I fail to see the difference. If I was a suspect, and was "shot to incapacitate", then I would
be rather bitter. If that shot to incapacitate was in the head, then I suppose that I would not have time to feel bitter
about the price we pay for our freedom.
Israel, who have far more experience in suicide bombers, require that a bomb has been visually seen before shooting the suspect.
(I have linked to Wikipedia for information on the two suspects; that seems the simplest choice for a quick posting of an article, but I do not recommend Wikipedia as an information source. Please check your own facts elsewhere; by linking to Wikipedia, I give no particular recommendation about its accuracy)
7th March 2006: Terrorism (again)
It's scary how easily someone in Homeland Security can get permission to spy. Some old American guy pays off his credit card bill, and for such an irrational act, is a suspected terrorist. One disturbing thing about this is how the US Govt view an individual's personal transactions; more worrying, is that they can be so blatant about that visibility as to have the guy flagged as a potential terrorist.
In this kind of scenario, us Brits worrying about ID Cards seems trivial by comparison.