StillSecure, After All These Years

I was reading an article in Information Week tonight about a case going to the 9th Circuit Court of Appeals about the governments right to search, seize and copy laptops and other electronic devices at our borders.  Two groups that don't often find themselves on the same side of issues, the Electronic Frontier Foundation (EFF) and the Association of Corporate Travel Executives (ACTE) have filed briefs with the court asking them to strike down a lower courts ruling that granted the government these broad powers to confiscate laptops.

As the article points out here in the US there was quite an uproar about China "slurping" laptops from people on travel there, but we seem to think it is OK for our government to do it.  Well at least our government is telling people they are doing it.  What they are not telling us is what they are doing with the data after they search or copy it.  How do we know, no US security but nevertheless confidential data is being secured and or destroyed promptly?  The government telling us "trust me" just doesn't cut it.

However, I think technology is going to pose a bigger problem for the government regardless of whether the court upholds the governments position. I think any terrorist or other bad guy would never have confidential data on their laptop that is not encrypted.  In fact with full disk encryption coming to the masses from the likes of McAfee and others, what will the government do?  Sure they can take the encrypted data to the NSA and let them brute force the keys, but that sounds impractical.  Perhaps, the TSA will demand encryption vendors to put in a back door or secret key that will allow the TSA to decrypt the data similar to what they do with the special luggage locks now.

I know what they can do. Perhaps they can go back to Checkpoint and find out for sure about those back doors that they always suspected was in their software and see if it is there for sure. If so the government can appoint Checkpoint the official encryption vendor for laptops ;-)  Just kidding of course, but really guys.  What self-respecting bad guy is not going to encrypt their data knowing the government has a right to search their laptop.  I think it makes this whole case much ado about nothing.

Image via Wikipedia

Actually they were forced to step up. Steven Musil reports that according to this NY Times article, NY State Attorney General, Andrew Cuomo has forced several of the largest ISPs including Verizon, Sprint and Time Warner Cable to institute blocking of web sites and usenet groups that traffic in child pornography. I say what took so long. For years now the ISPs have wrapped themselves in first amendment issues and claimed that they had no responsibilities for individuals communicating with other individuals. But as Musil reports, Cuomo said that at some point if they knowingly allow such illegal activity they do bear responsibility. Cuomo's office had to threaten legal action before the ISPs would agree to get involved though.

The I don't have responsibility defense used by the ISPs has been frustrating for a long time. When I was in the hosting business, some web hosts said the same thing about hosting web sites with illegal content (porn, warez, etc.). Law enforcement was quickly able to pierce that veil and get web hosts to take down illegal sites. Cuomo I think said it best, “No one is saying you’re supposed to be the policemen on the Internet, but there has to be a paradigm where you cooperate with law enforcement, or if you have notice of a potentially criminal act, we deem you responsible to an extent”.

Of course the question is: who picks what is objectionable. Child porn is easy, but what about other types of porn, gambling sites, etc. Once we put the power to filter content in a private companies hands, we entrust them to filter only what is illegal. But it would be naive to think they won't filter for their own best interests either.

While I applaud this step and give Andrew Cuomo credit for bringing the ISPs to heel, I think you have to put some process in place to make sure that legitimate and protected communications and freedom of speech is not suppressed.

In any event now the security folks can blame the ISP for why certain executives web browsing to quesitonable sites is being blocked ;-)

Image via Wikipedia

According to this article T-Mobile is none to happy about Starbucks and ATT offering free wi-fi to customers.  They have filed suit against Starbucks, claiming that according an agreement between the three companies, the transition from T-Mobile's pay for access to the ATT free access was supposed to go at a much slower rate, only it seems ATT and Starbucks have rushed things through and T-Mobile is suing mad about the lost revenue.

T-Mobile should have seen this coming. The day the ATT deal was signed, any more revenue T-Mobile ground out of their Starbucks relationship was froth on the coffee.  It is hard to beat free.

In my mind, taking Starbucks out of the T-mobile hotspot world, what is left?  Some airports perhaps, but increasingly T-mobile is a 2nd or 3rd tier carrier in the US anyway.

For a long time I have believed that the Internet could be the single biggest tool for world peace ever. By bringing people together and allowing them to share common experiences and interact in a person to person environment, the Internet is a great equalizer. This view was reinforced for me today when I read the story of G.hos.st in the NY Times. G.hos.st is a free web based virtual computer that gives you storage, email and applications available anywhere. I have just signed up for an account, so will have to tell you about how it works later.

The thing about G.hos.st for me is that it is a joint Israeli-Palestinian venture with workers from both people working together. What a surprising and great idea. What better way to bring these people together than to make them both shareholders in a joint venture and let them work together. The article talks about some of the experiences of the workers who meet sometimes in person in Israel, sometimes in a no mans land near Jericho and sometimes have to have video conferencing. But the important thing is they are working together. Can you imagine if there was more of this joint commerce taking place? It can't help but make people more trusting, knock down the barriers of ignorance and prejudice and make the world a better and safer place for all of us.

I signed up for the service just to show my support for this type of change the world initiative. If you agree with me that this is just the kind of medicine this world needs, why don't you take a moment and sign up for an account as well!

I was reading an article in the Orlando Sentinel newspaper this morning (I know who reads newspapers anymore), about how so many companies are tracking unhappy customers by monitoring blogs and even twitter messages. It reminded me of a story that Chris Hoff had a while back about Southwest Airlines monitoring his Twitter message

The story in the Sentinel had two opposite corporate views on this. One was Comcast who quickly turned a negative blog post and experience into a positive one by reaching out to the customer and fixing their problem. The customer than ran an updated blog post to commend Comcast. Much the same way Hoff did in his post on Southwest. The polar opposite of this was Spirit Airlines, whose spokesperson according to the article said, "she wasn't concerned and that Spirit doesn't let blog posts affect its policies and procedures." Well a year later that article is still the number 3 search result on Google if you pull up Spirit Airlines. It has over a 1000 comments with many people saying they didn't fly Spirit as a result. I wonder if Spirit Airlines still feels the same way about not listening to blogs?

The article mentions a few other companies that monitor blogs and twitter and message boards. It also mentions a web site called getsatisfaction.com where over 3000 companies monitor to help consumers iron out customer service issues.

They always said the pen was mightier than the sword. In todays world maybe the keyboard is too.

Fred Wilson has an interesting blog up regarding the new Google Health service. Fred filled out his personal medical information and was disappointed that he was not able to publish this data and make it public.  Fred would like to have a sidebar widget for his blog with his health profile.  Many people wrote to Fred telling him why Google does not do this.  Many of them centered on the fact that insurance companies would use this information against you to deny or limit your coverage.  Some took shots at Fred's socio-economic status saying that he didn't care if the insurance companies used it against him because he could afford to pay whatever he had to.  Fred replies that he thinks withholding or being less than open about health issues to insurance companies, investors, etc. is problematic and in a perfect world insurance companies should not be able to use this against us. In fact Fred says:

Wouldn't we all be better off with an insurance system that wasn't able to discriminate between people based on pre-existing conditions? Wouldn't we be better off if we came together to insure everyone? Wouldn't we be better off if we knew everyone's medical conditions and what treatments worked and what did not? Wouldn't we be better off if we could search for others with the same conditions to share our experiences?

I don't believe Fred feels this way because of his socio-economic status. I think Fred thinks like this because he is I assume in good health.  I wonder if Fred were suffering from some medical condition, if his views on this would change.  This reminds me of the "nothing to hide" argument that some use to justify the government trampling on our privacy rights.  If you have nothing to hide, what do you care.  I care because it is wrong.  I care about not making health records public because it is wrong.  We don't live in a perfect world.  Even taking Hillary or Obama's health plans into account, we live in a world where insurance companies can discriminate against those with pre-existing conditions for the foreseeable future.  Think about if only healthy people published their records, what would that say about people who did not publish their records?

Fred's point about searching for others with the same condition is fine, if they wanted to be found. It is inherently a persons right not to be found.  In fact today if you want to share with a person who shares a medical condition with you, you can search and usually find a group and on line community of people. What is nice is some of these people can share in these groups without revealing their identity.  It is this ability to remain anonymous that I think make these types of communities successful.

Fred recognizes that not everyone would want to share their records. I say once we start dividing society by those who do and don't we really already have imposed a penalty on those who cherish their privacy.

Forgive me for going totally off topic (hey its my blog I write what I want) but it is Sunday and not much news on security.  I wanted to write about an article I saw in the NY Times today called "Even the Insured Feel the Strain of Health Costs". The article details that with the hard economic times even people who have health insurance are being bitten by the ever rising costs of health care.  Rising premiums, covering less procedures and care and charging more for prescriptions and medical care combine to put the bite on everyone.  From my own experience here are 4 examples of how even with health insurance, medical care costs are taking a bite:

1. My wife had minor surgery in September.  It was ambulatory surgery where she went in the morning and went home that afternoon/evening.  Even though we have full PPO coverage and it was participating doctors, hospital, etc. my out-of-pocket costs after insurance were almost $3000! The surgeon received a whopping $472 from the insurance company for the operation and the hospital billed like 17k!  When I called the hospital they said they did not expect to get paid that much, but had to bill it so they could get as much as they could.  I than had to negotiate what I would pay out of pocket beyond that. I also had to pay the anesthesia, the prescriptions, etc.

2. Here at StillSecure we had to switch providers again this year because United Health Care wanted another 15 to 20% raise in premiums. In fact that is about normal for health insurance, way above the cost of living and inflation.  We pay a good chunk of our employees insurance premiums, but even so the 20% or so that we have the employee pick up gets bigger and bigger.  Plus the insurance company covers less and less.  This squeeze is frankly baffling. How can you pay more and get less.

3. I had a dental implant a few months back.  Though we pay for dental coverage, our insurance would cover a bridge or cap, but they don't consider implants necessary and would not cover any of it. I had to lay 2k out of pocket. On top of this the panoramic x-ray the oral surgeon took (which again was not covered, another 100 bucks) showed I had an impacted wisdom tooth with a cyst around it.  My dental insurance covered the wisdom tooth, but the cyst removal would be considered under my regular insurance and my dentist was not participating. In fact I could not find a participating oral surgeon in the area.  So I had to an extra $600 dollars out of pocket and of course my out-of-network deductible was $750, so I ate it again.

4. The orthodontist.  This one is perhaps the worst of all and really gets my goat.  My oldest son went for an orthodontic exam. The doctor told my wife that he would probably need braces when he gets older and that current best practices in orthodontics is to put braces on now in a phase 1 and than if necessary they put other braces on later when more of his adult teeth come in. Putting braces on now would lesson the severity of what he would need later.  OK, great lets do it, right?  Wrong!  Our insurance covers a one time payment of $1200. The dentist said if we use it now, the cost for phase 1 would be $3600.  That leaves a balance of $2400 that I have to pay.  However, if I do it without insurance he would charge me $2400 and than I could use the $1200 towards the phase 2 braces my son may need which could be up to 10k. So if we went through insurance the cost was $3600 with $2400 out of pocket or no insurance $2400 out of pocket.  What is wrong with that picture. Whether I have insurance or not, it still costs me $2400!  This is fundamentally what is wrong with our health care system.  The dentist is willing to accept $2400.  He should take the $1200 from my insurance and I should pay him another $1200.  Anything else is ludicrous and in my mind borders on criminal insurance fraud.

We need to restore sanity to the whole system. It is not just the 48 million people in this country that don't have insurance, it is also the costs of the people who do have insurance. Don't tell me that giving us greater limits to put in tax deferred health savings plan are the answer either.  Fundamentally we need the insurance companies to stop sucking the blood of the premium payers. We need the health industry to bill for what the do and what it is worth, not how to maximize what the insurance company pays and most of all we need to make sure that people can afford and receive decent health care!

BTW, if you want to read an excellent blog on this subject, Dr. Stanley Feld, Brad's dad writes a great blog on it.

My wife Bonnie and I don't get out to the movies as much as we used to. When we do it is often with the kids, so we miss out on many of the adult (no, I don't mean those kind of adult) themed movies that come out. We wait for the DVD, but even than I miss many. I compensate by watching movies on planes a lot. Recently I caught The Kingdom with Jaime Fox and We Own the Night with Marc Wahlberg and Joaquin Phoenix. Both good, powerful movies. However, last night on my way out to Vegas for Interop I watched a movie that will change my life. It is the Kite Runner, based on the book of the same title by Khaled Hosseini.

The movie tells the story of two boys growing up in pre-Soviet invasion Kabul, Afghanistan all the way up to the year 2000, with a pre-9/11 Taliban regime in charge. You can read the Wikipedia article I linked to or better yet go rent the movie or read the book (I am going to read it next) for all of the dramatic details. However, let me talk a bit about my take away from this film. First of all, like many Americans I had a pre-concieved notion of Afghanistan as a poor, backwater, backwards place that welcomed a repressive regime like the Taliban to power and were part of the Muslim world that runs from the Med through to Pakistan. Nothing distinctive and in fact lets face it, I am not sure we humanize the people who live in that part of the world, as we do Europeans or our fellow Americans. I knew little to nothing of Afghan history or lifestyle. Our American view of the world makes it hard for us to remember that children are children the world over and their lives are special. Whether it be something as simple as flying a kite or aspiring to be a writer, all children share the same dreams, hopes and challenges. Yes, in a place like Afghanistan with its ethnic tensions, there is room for a level of violence we don't often see here (but even that is BS, me living in Boca doesn't see it, but live in an inner city bad neighborhood in the US and is life any better for a child?). But parents are parents the world over and they love their children and have hopes for their children the same way you and I do. People have values they believe in and may not be the most religous, but are never the less good people.

The movie made me think about my role as a father, husband and American. The whole American immigration experience is such a great influence on the world. We have the ability to take people from anywhere and they become Americans. The father in the movie goes from being a man of power and wealth in Kabul, to working in a gas station here. The father-in-law was a general in Afghanistan, but just a lower middle class worker here. But they don't lose their identity or the pride and sense of who they are and most of all their values. They don't lose their identity into the melting pot, but we add their identities to our tapestry of life here in this country. That is the real special sauce in what makes America

That part of the world is not just full of religous extremists. There are real live human beings there who think and feel very much like we do. Yes there are incredible challenges with religous extremism to overcome, but there is a core of real people who are worthy of our efforts. At the end of the day, that is what the movie has succeeded in doing for me. It has made the Afghan people real.

When I work from my home office I usually keep CNN on in the background to keep up on the world. However, I have to say that it is just too damn depressing. A sample of today's news:

1. Gas prices continue to go up about a penny or two a day, over 30 cents in last few weeks!
2. Oil hit new highs
3. Credit card companies are raising interest rates and fees drastically
4. Food staples like wheat, rice, etc. are up from 10% and up
5. Some crazy nut in Austria locked his daughter in a dungeon for 24 years and fathered 7 children with her, one who died and he disposed of the body (This is just a disgusting story)
6. Home prices remain depressed and foreclosures remain high
7. Airlines either have to merge or go out of business

So here is one of my pet peeves about the IT world. Too many "technical" people consider themselves (pick one:) superior, smarter, more ethical, better than, their marketing counterparts. Hey people, everybody is selling something all of the time, even if it is themselves. Case in point, a recent "spat" between my bud Mike Rothman and another friend, Misha Govshteyn. Now Rothman and I go back a bit and have had our share of blog bad blood, but all in good spirit. Misha is a good guy too. Anyone who knows where to find a schmaltz herring in Houston after all can't be too bad. And my friend Farnum who serves as the peanut gallery in this story is solid as well. OK now that we have the players, lets lay out the story.

It seems that Alert Logic had a webinar titled _ Simple & Affordable PCI Compliance w/ Alert Logic. Mike thought that this was very misleading marketing from the slimy, no ethics, don't understand the real pain marketing folks at Alert. They are preying on the simpletons who are responsible for security and PCI compliance in the world and Mike delivers his full venomous wrath (according to Misha anyway, I bet Mike could be worse) on Alert Logic and their marketing team. Misha than responds with his own venomous wrath, that Rothman is literally full of baloney, a shameless self-promoter on par with Michael Savage. To add fuel to this fire comes Michael Farnum, who tells Misha in his comments that while he likes Alert Logic, "many manufacturers use their marketing as fly traps."

OK, here is my take. To Mike Rothman: come on Mike, you never did anything like that when you were a marketing guy? What are you some kind of reformed smoker? What would you have them name the webinar: "PCI is hard and our stuff can only help a little". Give it a rest. Also a little respect for the people they are marketing too. I think they realize what is what and can separate the bull from the cream. To Misha, hey at least Mike gave you some PR. I understand your frustration but instead of pointing at everyone else, say we stand by the name and that does it. Most of all to my buddy Farnum, dude, we know what you do, it is just a question of price. If those Venus Fly Trap marketing people weren't drawing people in, you would have to have a second job to feed the family and many not have the leisure time for blogging.

But seriously folks, marketing people have a hard job too. It is not that they are not technical or don't understand what is involved in PCI compliance or the like. It is their job to make these webinars appealing. I don't think most marketing people think of what they are doing is being misleading. They try to make these webinars deliver as advertised. The same way engineers try to make a product work as intended. Lets understand that it "takes a village" to develop, market, sell and support a product. Everyone has their job to do and for the most part do it the best they can and again for the most part with the highest of professional standards. Thinking that marketing people are slimy fly traps does a disservice to them, the people they market too and frankly comes across as self-serving arrogance.

I was reading Ellen Messmer's report today about the security incident over at Lending Tree. Yeah, I know another information breach by insiders case, BFD.  But I think there is something different about this one.  From what I am reading this is more a case of corporate espionage than the usual hackers for fraud and financial gain type of deal.  For a long time now we have been hearing from people like Bruce Schneier in this article talk about the front in security moving from dealing with script kiddies working for kicks to organized cybercriminal gangs that are in it for financial gain. Mostly the gain is about identity theft and gaining access to funds fraudulently.

In the Lending Tree case though there was not evidently a motive to use the ill begotten information for identity theft or fraud.  Rather they represented Glengary, Glen Ross leads.  That is the names, contacts and qualifications of people looking for mortgages.  A mortgage company would consider these leads more valuable than gold, more valuable even that gasoline!  So to my mind this is more a case of corporate espionage where a company that is competitive to Lending Tree infiltrated their networks through people, rather than technology to gain access to their corporate crown jewels. 

This sort of stealing your competitors information has been going on for decades, well before computers and cybercrime were around.  However, this is a great example of some things not going out of style.  Obtaining your competitors information is a great motive, computers are just the container where the information is kept.  Sort of like cracking a safe.  It is always easier getting into a safe if you are given the combination, than if you have to crack it yourself. 

Yet another front in the cybercrime war that security folks need to be on guard for!

When I was a kid it was fashionable to think that your mother wanted you to grow up and be a doctor, a lawyer or some other such professional. A policeman or fireman was dangerous, a sanitation worker did not have much prestige. By the time I was in college, the smarter kids were going to work on Wall Street, instead of going to medical or law school. Later during the dot com bubble, many of the best and brightest were siphoned off from Wall Street to go into technology. It is obvious that bright young adults are going to follow the money. Well if that is the case, there is no alternative but to grow up and become a hedge fund manager according to this article in the NY Times today.

Several of the most successful managers made over 3 billion dollars each last year alone! That is not that their companies cleared 3 billion, they themselves made 3 billion. In fact to make it to the list of the top 25 hedge fund managers in terms of compensation you had to earn at least 360 million dollars last year alone. Think about that in terms of the median American family income was $60,500.00 dollars last year. So ask yourself, what are you doing securing networks or whatever you do. Stop wasting your time and go get into the hedge fund business.

Seriously, think about it. Hedge funds don't manufacture or make anything, they don't sell a product per se. They manipulate money and make bets on what will go up or down. Sort of the ultimate riverboat gamblers. They aren't teaching our kids to be better people, they aren't making the world safe or making the environment better. But the rewards for what they are doing are almost beyond belief. What message does this send as a society? When I see companies that won't spend a couple of dollars to make sure that your confidential information remains confidential and than see these kind of numbers, what does this society value?

But who am I to rain on the parade of these Titans of Wall Street. I am going to go home and start working on my sons to think about thier future. Like they told Dustin Hoffman in "The Graduate", just one word - Plastic HedgeFund!

Let me get serious for a moment here.  My niece Michelle Pearl in Colorado and her boyfriend Tim are involved in the Race Across America. I am putting this up to help them help these special kids. If you find this cause worthy, please help them help others!

Local Firefighter Needs YOUR Help! Tim Case, a professional firefighter for Boulder Fire Rescue, is racing his bicycle 3100 miles this June in the Race Across America to support Camp Odayin, a camp in Minnesota for kids with congenital heart disease. www.raceacrossamerica.org Tim is affiliated with Team Strong Heart, whose goal is to raise $100,000 for Camp Odayin.  Last year Team Strong Heart placed third in the Race Across America in the 4-man relay division. www.campodayin.com Tim is collecting tax deductible donations via the Team Strong Heart website. Tim is using Pay Pal, so your donation is secure. Please visit the team website to make your donation. www.teamstrongheart.blogspot.com

What is Camp Odayin? Each year 32,000 children are born in the US with cardiovascular defects. Children with heart disease are not often afforded the opportunity to attend camp due to health risk and insurance issues. Camp Odayin is a non-profit organization dedicated to providing the camp experience to these special young people. Camp Odayin runs soley on donation and only costs the familes a $25 dollar registration fee.

Contact info: tim@timcase.net http://www.teamstrongheart.com

After reading this description of one persons experience at the Colorado caucus and now listening to how Texas chooses their Democratic delegates I am of the opinion that caucuses have outlived their usefulness.  I think people should vote, each vote gets counted and weighed the same.  No surrogates, no speeches, no chaos.  People should go into a voting both pick their candidate and move on.  There seems to be too much local yokel interference with caucus.  With technology the way it is, let the people vote!

Was looking around the news this morning trying to find something to blog about. At the same time listening to CNN drone on about the economy. Gold hit an all time hight today at $991 an ounce, crude oil at another high of $103.5, while the dollar tumbled and US manufacturing hit a 5 year low. Just not a pretty picture. My thoughts begin to wander to what effect our economy is going to have to have on the IT industry and security in particular. I have seen pundits on both sides of this question. Some say that in tough times business has to be more efficient so IT spending is likely to remain constant and may even increase. Others say that of course as budgets tighten, IT and security are going to take their share of hits. I tend to believe the second camp. Security budgets are always being squeezed even in good times, I can't help but think they will take a bigger hit in bad times. Unless you can really show a real ROI (and lets not get into the "is there an ROI with security" stuff) or there is a compliance gun to their head, I believe that companies will slash and burn their security budgets as things get tighter.

So what is the answer? Not sure, but maybe hedge your bets by devoting more to international sales on the chance that they will not be as effected as US based companies with this economy? What do you think?

Below is an article I wrote yesterday after reading an article in Wired Magazine about the Air Force policy on blogs. As a result of publishing my article, I have been contacted by a bunch of different folks on both sides of this issue.  Some commented on my blog, others wrote me privately and others I spoke to on the phone.  As a result of these interactions, I realize that it is not so much about the censorship of information contained in blogs, but the potential for security lapses and information being put out that could result in service personnel getting hurt or killed.  That is serious business for sure.  So in that context, I understand the reasoning.  I don't think it has anything to do with whether people work hard or not in the military, the only reasons for this is operational security, safety of life and limb of our brave service personnel and the success of the mission.

That being said on reflection, I think this is a great thing about being in the US and blogging.  I had a chance to speak my mind and put it out there for people to see.  Other folks had a chance to comment and vent thier opinions.  As a result, I was educated about some issues I had overlooked or not given proper weight.  Now I can post this to correct my position and go on.

Does this make me a flip-flopper?  Maybe it does, but I think it makes me wiser as well.  I think part of being a good blogger is listening to what others say and being big enough to admit if you were wrong.  So I stand corrected!

Whenever I read about China censoring internet access to its citizens, forcing Google and Yahoo to not show certain sites, I smile a smug, holier than thou smile and shake my head about how a government can do that to its people and get away with it. Why would those people put up with it?  So I must say "in a day that will live in infamy" I was very chagrined to read this article in Wired by Noah Shactman, reporting that just about any site with the word blog in it is banned from our troops in the Air Force.  From what I understand this is limited to the Air Force and not our other armed services.

I use the term our troops, not their troops, because this isn't some foreign, totalitarian country or despotic dictatorship we are talking about, where the troops have to be watched so they don't cross over to the other side.  These are the men and woman who put their butts on the line, risking their lives every day for us all to enjoy the freedom to read any damn site on the internet we want to.  The irony of these very same front line heroes who provide the blanket of freedom that we all sleep under, not being able to read any blog they feel like is not lost on me and should not be lost on you either!  If they are smart enough and good enough to protect our country they should be smart enough to be allowed to choose what they want to read on line and should have the freedom to read news and commentaries on blogs as they see fit.

The idea that we are censoring the news our service men and woman can read disturbs me on many levels. Besides what it says about a lack of trust in our troops, it also disturbs me that someone actually says "they can still access news sources that are "primary, official-use sources," said Maj. Henry Schott, A5 for Air Force Network Operations. "Basically ... if it's a place like The New York Times, an established, reputable media outlet, then it's fairly cut and dry that that's a good source, an authorized source,"  Who decides what primary, official-use sources?  It gets worse, "Often, we block first and then review exceptions," said Tech. Sgt. Christopher DeWitt, a Cyber Command spokesman. Shoot first and ask questions later, huh?  The arrogance of this galls me. If you told me this was some North Korean General or Politburo member from the old Soviet Union, I could see it in a second.  But spokespeople of the US Air Force?  Where have we gone wrong?

Some make the argument that blogs are not really media outlets. Can the people making policy at the Air Force be that naive?  Others say that there is so much BS on blogs that Air Force folks are "baited" into commenting and possibly giving away operational security information.  That sounds to me like a social engineering problem, not a blog problem.

Yeah, I know there is a war on.  Are we afraid our Air Force men and woman are going to all go to some Arabic-Al Queda web sites and be brainwashed?  Is their some terrorist worm they will get by going to a web site that spouts ideas different than "primary, official-use sources?  What scares the Air Force so much that they would take such action?  If you feel like I do about this, lets do something about it.  Lets write to the Secretary of Defense, Joint Chiefs of Staff, Congressmen, Senators, whoever, but lets return freedom of the press and freedom of speech to our troops who put their lives on the line so we can enjoy those rights!

Authors note: So based on some of the comments I have received from military types, I feel compelled to clarify. I get that the element of surprise could be lost by service members posting on blogs.  That could be lost by talking on cell phones too, instant messaging or email for that matter.  What I strongly disagree with is the blanket characterization that blogs are not newsworthy and censoring those points of view from service men and women.

Also this is not an anti-American or anti-Bush thing, so please don't wrap yourself in the flag on this.  To me it is plain and simple freedom of press and speech.  Have a no comment policy, but let people read what people say and don't tell people what are good sources of news and what are bad sources of news.

I was out in Colorado today. I filled up with gas before returning the car and paid $3.39 for regular gas.  When I landed in West Palm Beach I had to put gas in my car on the way home and paid $3.49 for regular.  When does this stop?  Is it really going to 4 bucks a gallon soon as they say?  Why stop there, 5, 6 7 bucks a gallon?  What is it going to take for us to finally say enough and do something in this country about getting off the black heroin?

So busy talking about the war, mortgages and the stock market, why aren't any of the major candidates putting out detailed plans on how we are going to move off of oil and gasoline hamster wheel that is a monkey on the back of each and every one of us.  I am fed up and not going to take it anymore!

A couple of weeks ago Parag Khanna had an article in the NY Sunday Times Magazine called "Waving Goodbye to Hegemony". I thought this was one of the most important and enlightening articles I have read in years.  For me it crystallized up my own thoughts about what is going on in the crazy world we all live in. The gist of the article is that over the first decade of the 21st century we have seen a fundamental shift in the distribution of power in the world.  While we were busy fighting a crusade, the so called peace dividend of the post-cold war "new world order" never materialized and the unipolar American hegemony that was going to bring peace, prosperity and democracy to the world never materialized.  Instead we find ourselves increasingly in a multi-polar world with two budding new superpowers (could Europe and China really be new?) - the European Union and China, competing very successfully, filling the vacuum we have left in many parts of the world.  There has been no lessening of violence or new golden age of mankind. Instead it seems like more of the same old, with the peoples of the world vying for more and more scarce resources.  The only thing for sure is certainly we are all interconnected economically more than ever.  This presents its own unique challenges and strategies. Who knows how the rest of this century will play out and whether or not it will be another "American Century" or not.  My blog is also not the right forum to explore my feelings on this topic either.

However, while reading an article in InfoWorld by Galen Gruman today on whether it is "Time to dump Windows", I was struck by the parallels (no pun intended with the Mac VM program which enables so much Mac adoption) between Microsoft and the US.  Like the US, about 10 or 15 years ago Microsoft was officially declared a monopoly.  It was the one true superpower of IT. Yeah, Larry Ellison and Scott McNealy could tweak Bill's nose and drive fast cars, boats and planes, but lets face it they were midgets compared to the Redmond giants.  Microsoft rolled over competition like Lotus, Wordperfect and Netscape the way we did Mexico in the US-Mexican war. They even invested in Apple to prop them up as a potential rival like the US did in setting up banana republics. By the late 90's did anyone in the mainstream dare to speak out in public about Microsoft being potentially vulnerable and competing with them? Quite the contrary, companies who found out that Microsoft was entering their space would roll over and die.  I didn't think I would live to see in my lifetime so much talk of Microsoft being a dinosaur and not able to compete.

But as I wrote about last week, it seems articles like Grumans are the topic du jour. It is quite fashionable to say that Microsoft's time as the undisputed alpha dog may be drawing to a close.  They are under attack via the SaaS/Web 2.0 space from Google (and who knows what a Google dominated world looks like, it could be the frying pan to the fryer), their OS monopoly is being eroded like a bite out of the apple everday by shiny silver laptops and sleek wide screen monitors.  On the server front, Linux continues to capture share. The specter of thin clients running some java based non-windows OS still hangs out there.  The list goes on and on.

So is it the sunset of the American dynasty and Microsofts?  I think not.  As I wrote earlier, rumors of their demise are pre-mature. Yes, all things change and one company or country (or political party or sports team for that matter) cannot dominate forever.  But just because viable competitors come to the fore, does not mean that great companies or countries shrivel up and die.  In fact good competition can drive these old dogs to learn new tricks and become greater than ever.  I for one would not vote against either Microsoft or the US in the coming years continuing their pre-eminent positions in the world.

Since I chimed in on Super Bowl Sunday, let me press my luck and talk about the primaries of Super Tuesday. I stayed up late tonight switching between CNN and Fox News to really get a "fair and balanced" view of what was going on.  I must say that in all of the years I have been watching presidential races (and the first one I remember was '68), I don't remember both parties having such close races this late in the season.  Without letting my own political beliefs get in the way here is my analysis:

1. The Republicans - They are in a fight for the soul of this party.  Though all three leading candidates claim the title of heir to the Regan revolution, in my mind it is a bit different.  Mike Huckabee, clearly is the choice of the Karl Rove wing of the party. He is the choice of the religious right and the South.  This is the bedrock of the Republican presidential majority.  Taking them on is John McCain who is a genuine war hero, but independent enough to stand for what he believes in and has the record and stature to stand up for it.  He makes no bones that he is all about the traditional Republican argument of being strong in foreign policy and probably a bit less involved in economic matters. Finally, you have Mitt Romney who represents, to me anyway, the traditional Republican big business view.  So who wins this fight for what it means to be a Republican.  Are the Republicans a party of the religious right who vote primarily on social issues such as abortion, gay rights, etc.  Are the Republicans the party of big business/small government which was their traditional stand as I grew up. Or finally are they the party who is best suited to keeping America safe and recognizing our own self-proclaimed "manifest destiny".  I guess the rest of the primary season will answer that question.

2. The Democrats - Obama has certainly energized a large section of the populace. He is bringing people who never voted or are usually very under represented in elections into the process and that is a good thing.  However, when you examine the wins, a Democratic winning their primary in Utah, Alaska and Idaho is just not very exciting. He has as no chance of winning those states in the general election. On the other hand Hillary has certainly demonstrated her ability to win in the traditional Democratic states (including Michigan and Florida, whose votes will have to count in a close race). But is she electable in a general election.  She is a lightening rod for Republican wrath it seems.  Maybe it is part of that vast right wing conspiracy that she always spoke about.  What is interesting on the Democratic side, is I really don't just see a lot of difference in their positions.  In fact most people I speak to say it would be cool if they would just join up and run as a ticket.  Of course who is on top and bottom is the key to that one, but I don't think it will happen, to much ego there.

So, here we are Super Tuesday is over and still no conclusive answers. This is what I do know.  No matter who wins the primaries, 40% of this country is going to vote Republican and 40% is going to vote Democrat.  It is who the other 20% vote for that will will determine the next President.  But as someone who remembers the Civil Rights movement and the womans lib movement.  I can tell you that I am thrilled as an American to see in my life time that either an African-American or a woman will be the nominee of one of the major parties.  I think it will be a while until we see something like that on the Republican side, but it will come.  In the meantime I am looking forward to seeing how this all plays out. But this race is not done so yet, it is up to you to decide who wins.  Get out and vote!

The other night I was reading Hans Christian Andersen's classic "The Emperors New Clothes" with 6 year old Bradley.  Bradley cracked up that the king was walking around naked.  I was reminded about how no one wants to be thought of as ignorant or not fit for their job, so they will say and do things that they think other people want to hear.  It is a great, timeless story.  Today, I had my own emperors new clothes experience.

For the past several days I have been writing about this whole Barracuda-Trend Micro affair.  In several articles I used the word Calvary. I was talking about the soldiers riding in on the horses.  Every time I wrote it though I kept getting visions of a cemetery out on Long Island.  Finally, someone had the gumption to write me today and tell me that I meant cavalry, not Calvary.  Well I certainly felt like the emperor with no clothes!

I apologize for my butchery of the English language.  I am also grateful to Jack Walsh for pointing out my error. To the rest of you I ask:  (fixed after the fact) Were you not reading? Were you afraid to be wrong, so didn't want to say anything?  Did you not realize that this was wrong? Or perhaps you just took silent satisfaction in seeing me mess up?  In any event below are the definitions of the two words. I was right Calvary is the place where the crucifixion took place and there is a cemetery in Long Island by the same name.


Cal·va·ry /ˈkælvəri/ Pronunciation Key - Show Spelled Pronunciation[kal-vuh-ree] Pronunciation Key - Show IPA Pronunciation
–noun, plural -ries for 2, 3.
1. Golgotha, the place where Jesus was crucified. Luke 23:33.
2. (often lowercase) a sculptured representation of the Crucifixion, usually erected in the open air.
3. (lowercase) an experience or occasion of extreme suffering, esp. mental suffering.

cav·al·ry   /ˈkævəlri/ Pronunciation Key - Show Spelled Pronunciation[kav-uhl-ree] Pronunciation Key - Show IPA Pronunciation –noun, plural -ries.

Over the last day I have had more of a chance to think on the Trend Micro-Barracuda patent war.  I have also done some more research and reading on this one.  In my earlier article I said that this is not about open source so much as it is about gateway anti-virus.  Upon further reflection though I am not as sure.  Here are some other facts to consider:

1. ClamAV may have as many as 1 million users downloaded updates daily. This makes them at least a potential formidable competitor to Trend.  One that I am sure Trend would like to see go away because they can't compete with them on price.
2. Going after individual users of Clam would be like herding cats.  There is no way you can hit them all.  At best you may get a few high profile cases.
3. Barracuda has deep pockets. Instead of herding cats go after one fat cat who has deep pockets to pay you the kind of money you want and send a message to the rest of the cats that they could be next, so either use another AV (like Trend for instance) or pony up some fee for patent use. 

In fact the above scenario is not terribly different than the recording industry going after napster. It was easy to go after one relatively fat cat, rather than herding and chasing a bunch of smaller cats.  In fact the recording industry has given themselves something of a black eye by going after poor grandmothers and children for illegal downloads. I think Trend tries to avoid the same type of black eye by saying this is not about open source but just AV. It is about open source.  They just don't want to be perceived as going after open source and don't want to chase the small fry. But do they want ClamAV as a competitor? Probably not.

4. Trend's decision to pursue this in the ITC seems abusive.  Barracuda does not import the ClamAV software. It is downloaded from servers here in the US. The servers are assembled here in the US as well.  This case does not belong in the ITC and should be thrown out of there. It may have served Trend well with Fortinet who was importing their products into the US, but it is the wrong venue for this suit.

All that being said, I think that this more than ever still demands that Sourcefire as the owners of ClamAV step up to the plate here. If I was a paying customer of Sourcefire for Clam and was subject to a patent infringement case, I would expect them to defend.  I think the fact that Barracuda does not pay them today evidently for the use of Clam is not reason enough to let Barracuda take the brunt of this battle on.

Also looking at the proof gathered, I think there is a better than even chance that this patent will be thrown out. If so Barracuda will have done the open source community and the gateway AV industry a huge service.

Ouch!

Hot on the heels of Cisco's announcement of Nexus switch line, Juniper announced its own entry into the high performance Ethernet switch market, with its EX-series of switches.  Junipers entry into the switch market has been rumored for a long, long time. The only question was would they buy an existing switch vendor (for a time Extreme Networks was a rumored target) or would they roll their own.  Well it seems they rolled their own and these EX switches sound pretty hot.  I had heard the name was going to be Hurricane, but maybe that was an internal code name. 

My buddy Chris Harrington over at Infosecpodcast.com reports on this as well and asks what if any effect this will have on their NAC strategy. From the press release, "To mitigate the impact of security risks on network operations, Juniper Networks has integrated its Unified Access Control (UAC) solution with the new EX-series switches to provide businesses with the ability to control user access to mission critical applications and company assets through the enforcement of end-to-end policies."  Sounds to me like the switches fit hand in glove with their NAC. I would imagine they are TCG complaint as well. 

This could be a real boon to Juniper in both security and the bigger switch market. It will be interesting to see how some of the other switch vendors respond to keep up with Cisco and now Juniper.

My friend Michael Farnum is a big boy and doesn't need me to stick up for him.  But reading the comments to Michael's article on an admittedly mistaken DDos attack on a school in the Netherlands that was intended against the Church of Scientology moves me to write.  The overwhelming majority of comments seem to be negative to Michael's position. The comments which are overwhelmingly from anonymous folks seem to be from the no harm, no foul school of thought. However, underlying these comments and more outwardly in others is that the COS is a bad thing or is somehow worthy of DDOS attacks. That it was just a shame that this school got in the way, but pleeease give me a break about the poor students. 

Now, I don't know a lot about COS and am not a member or even a fan. I know even less about the school in question. But I am a fan of the constitution of this country which grants us all the right to practice religion as we see fit. I think the folks commenting about the no harm, no foul attitude miss the point. It isn't the fact that the school suffered little, if any damage. It isn't even the fact that it was a school that was attacked. I have a problem with this group attacking any religion because they don't agree with that religion. I don't care whether it is Islamic fundamentalist sites, Christian sites, Jewish sites or any other religion, including the COS.  People have a right to practice and to attack them either physically or via cyberspace because of it by using illegal means is just plain wrong.  If you want to do something about the COS, do so within the bounds of legality and by all means have the stones to at least state your name and don't hide behind the veil of anonymity. 

We all know that the airlines in this country are just a mess.  Today I heard two stories that show me that once again United seems to lead the way in being one of the worst offenders. First I received a call early this morning from a friend and co-worker who was schedule to fly from Denver to Dulles this morning.  After paying 1300 dollars for a ticket and being assigned a seat some time ago, he arrived at the airport to find that there was a "change in equipment" and they were now 10 people over booked.  After asking for volunteers to take another flight (there were no takers), United made a command decision and decided who would not go on the plane. Of course one of my friends was one of the ones booted.  To rub salt in the wound, United could not get him on another flight until one that would get him in after midnight tonight. After getting up at 3:30 in the morning to get to the airport, this was not a great option. At least they did refund some of his money though.

The next story is almost comical.  While I was out in Denver last week my friend Jayson found out his uncle had passed away and he had to fly to DC for the funeral.  United (you don't have a lot of choices from Denver) wanted over 600 dollars to fly on an emergency/bereavement fare.  Since I have over 100k miles on United I used my miles and got Jayson a ticket. We filled the form out together on line and used his credit card to pay the fees.  Jayson received an email confirmation with the tickets in his name.  Well he got to the airport and when he checked in the boarding pass read "Jayson Shimel".  Believe it or not, no one at Denver questioned that this did not match his ID and they let him through security and on the plane no problem.  On returning through Dulles he brought it up to the ticket agent who told him that this was not acceptable, there was nothing that could be done and unless I came down to Dulles airport his only choice was to buy a new ticket!  Jayson said later for that and figured if it worked in Denver it would work in Dulles.  They put him through the ringer in security but at the end of the day told him they don't care what his name was, as long as it was not on a no fly list and he did not have any bombs or anything.  Not exactly the answer we would like to hear, but it was good for Jayson.

The bigger question is what is up at United.  Can't they get anything right?  It is like playing Russian roulette flying those friendly skies!

When it comes to Microsoft, I am not alone in wondering what is next.  With Bill Gates retiring (click here for a great video on Bills retirement), more people using Macs then ever and almost universal grumbling about Vista, how will Microsoft retain its dominance and fight off Google and the rest of the pack? I read an article today that gives us some insight into how. It talks about Microsoft's plans for video ads on the shopping carts you use at the supermarket.

When I first saw this article my first thought was, "great, just what we need, more ads in our lives". So this is what they were going to do with the aQuantive technology they paid 6 billion for? But the more I read, the more impressed I was. Yes the serving of ads is a vital piece of this technology, but it goes far beyond that.  It starts with you registering your supermarket loyalty or discount card on the web.  Then you can actually type up your grocery lists on the web.  When you