 |
|
![[info]](http://l-stat.livejournal.com/img/userinfo.gif) rkledgerwood | |
|
|
|
|
|
|
|
Management Course Lesson 1: A man is getting into the shower just as his wife is finishing up her shower, when the doorbell rings. The wife quickly wraps herself in a towel and runs downstairs. When she opens the door, there stands Bob, the next-door neighbour. Before she says a word, Bob says, 'I'll give you $800 to drop that towel.' After thinking for a moment, the woman drops her towel and stands naked in front of Bob, after a few seconds, Bob hands her $800 and leaves. The woman wraps back up in the towel and goes back upstairs. When she gets to the bathroom, her husband asks, 'Who was that?' 'It was Bob the next door neighbour,' she replies. 'Great,' the husband says, 'did he say anything about the $800 he owes me?' Moral of the story: If you share critical information pertaining to credit and risk with your shareholders in time, you may be in a position to prevent avoidable exposure. Lesson 2: A priest offered a Nun a lift. She got in and crossed her legs, forcing her gown to reveal a leg. The priest nearly had an accident. After controlling the car, he stealthily slid his hand up her leg. The nun said, 'Father, remember Psalm 129?' The priest removed his hand. But, changing gears, he let his hand slide up her leg again. The nun once again said, 'Father, remember Psalm 129?' The priest apologized 'Sorry sister but the flesh is weak.' Arriving at the convent, the nun sighed heavily and went on her way. On his arrival at the church, the priest rushed to look up Psalm 129. It said, 'Go forth and seek, further up, you will find glory.' Moral of the story: If you are not well informed in your job, you might miss a great opportunity. _____________________________ Tiger Woods is currently leading the Australian Masters Golf Tournament by 3 strokes after 2 rounds. It is apparently his first appearance in Australia. We note he has gone out of his way to play in Thailand every year, the country where his mother was born. Some numbskull from the media asked him: "Are you surprised to be leading?" His response: "Am I surprised? No." The expression on his face was priceless. And he almost didn't even pronounce the "No." _____________________________ Sorry, Mate, what part of "I AM TIGER WOODS" did you not understand? Tags: australia, humor, news, sports, thailand, usa
|
|
|
|
|
|
|
|
|
![[info]](http://l-stat.livejournal.com/img/syndicated.gif) bruce_schneier | |
|
|
|
|
|
|
|
http://www.schneier.com/blog/archives/2009/11/beyond_security.html [I was asked to write this essay for the New Internationalist (n. 427, November 2009, pp. 10–13). It's nothing I haven't said before, but I'm pleased with how this essay came together.]
Terrorism is rare, far rarer than many people think. It's rare because very few people want to commit acts of terrorism, and executing a terrorist plot is much harder than television makes it appear. The best defenses against terrorism are largely invisible: investigation, intelligence, and emergency response. But even these are less effective at keeping us safe than our social and political policies, both at home and abroad. However, our elected leaders don't think this way: they are far more likely to implement security theater against movie-plot threats.
A movie-plot threat is an overly specific attack scenario. Whether it's terrorists with crop dusters, terrorists contaminating the milk supply, or terrorists attacking the Olympics, specific stories affect our emotions more intensely than mere data does. Stories are what we fear. It's not just hypothetical stories: terrorists flying planes into buildings, terrorists with bombs in their shoes or in their water bottles, and terrorists with guns and bombs waging a co-ordinated attack against a city are even scarier movie-plot threats because they actually happened.
Security theater refers to security measures that make people feel more secure without doing anything to actually improve their security. An example: the photo ID checks that have sprung up in office buildings. No-one has ever explained why verifying that someone has a photo ID provides any actual security, but it looks like security to have a uniformed guard-for-hire looking at ID cards. Airport-security examples include the National Guard troops stationed at US airports in the months after 9/11 -- their guns had no bullets. The US colour-coded system of threat levels, the pervasive harassment of photographers, and the metal detectors that are increasingly common in hotels and office buildings since the Mumbai terrorist attacks, are additional examples.
To be sure, reasonable arguments can be made that some terrorist targets are more attractive than others: aeroplanes because a small bomb can result in the death of everyone aboard, monuments because of their national significance, national events because of television coverage, and transportation because of the numbers of people who commute daily. But there are literally millions of potential targets in any large country (there are five million commercial buildings alone in the US), and hundreds of potential terrorist tactics; it's impossible to defend every place against everything, and it's impossible to predict which tactic and target terrorists will try next.
Feeling and Reality
Security is both a feeling and a reality. The propensity for security theater comes from the interplay between the public and its leaders. When people are scared, they need something done that will make them feel safe, even if it doesn't truly make them safer. Politicians naturally want to do something in response to crisis, even if that something doesn't make any sense.
Often, this "something" is directly related to the details of a recent event: we confiscate liquids, screen shoes, and ban box cutters on airplanes. But it's not the target and tactics of the last attack that are important, but the next attack. These measures are only effective if we happen to guess what the next terrorists are planning. If we spend billions defending our rail systems, and the terrorists bomb a shopping mall instead, we've wasted our money. If we concentrate airport security on screening shoes and confiscating liquids, and the terrorists hide explosives in their brassieres and use solids, we've wasted our money. Terrorists don't care what they blow up and it shouldn't be our goal merely to force the terrorists to make a minor change in their tactics or targets.
Our penchant for movie plots blinds us to the broader threats. And security theater consumes resources that could better be spent elsewhere.
Any terrorist attack is a series of events: something like planning, recruiting, funding, practising, executing, aftermath. Our most effective defenses are at the beginning and end of that process -- intelligence, investigation, and emergency response -- and least effective when they require us to guess the plot correctly. By intelligence and investigation, I don't mean the broad data-mining or eavesdropping systems that have been proposed and in some cases implemented -- those are also movie-plot stories without much basis in actual effectiveness -- but instead the traditional "follow the evidence" type of investigation that has worked for decades.
Unfortunately for politicians, the security measures that work are largely invisible. Such measures include enhancing the intelligence-gathering abilities of the secret services, hiring cultural experts and Arabic translators, building bridges with Islamic communities both nationally and internationally, funding police capabilities -- both investigative arms to prevent terrorist attacks, and emergency communications systems for after attacks occur -- and arresting terrorist plotters without media fanfare. They do not include expansive new police or spying laws. Our police don't need any new laws to deal with terrorism; rather, they need apolitical funding. These security measures don't make good television, and they don't help, come re-election time. But they work, addressing the reality of security instead of the feeling.
The arrest of the "liquid bombers" in London is an example: they were caught through old-fashioned intelligence and police work. Their choice of target (airplanes) and tactic (liquid explosives) didn't matter; they would have been arrested regardless.
But even as we do all of this we cannot neglect the feeling of security, because it's how we collectively overcome the psychological damage that terrorism causes. It's not security theater we need, it's direct appeals to our feelings. The best way to help people feel secure is by acting secure around them. Instead of reacting to terrorism with fear, we -- and our leaders -- need to react with indomitability.
Refuse to Be Terrorized
By not overreacting, by not responding to movie-plot threats, and by not becoming defensive, we demonstrate the resilience of our society, in our laws, our culture, our freedoms. There is a difference between indomitability and arrogant "bring 'em on" rhetoric. There's a difference between accepting the inherent risk that comes with a free and open society, and hyping the threats.
We should treat terrorists like common criminals and give them all the benefits of true and open justice -- not merely because it demonstrates our indomitability, but because it makes us all safer. Once a society starts circumventing its own laws, the risks to its future stability are much greater than terrorism.
Supporting real security even though it's invisible, and demonstrating indomitability even though fear is more politically expedient, requires real courage. Demagoguery is easy. What we need is leaders willing both to do what's right and to speak the truth.
Despite fearful rhetoric to the contrary, terrorism is not a transcendent threat. A terrorist attack cannot possibly destroy a country's way of life; it's only our reaction to that attack that can do that kind of damage. The more we undermine our own laws, the more we convert our buildings into fortresses, the more we reduce the freedoms and liberties at the foundation of our societies, the more we're doing the terrorists' job for them.
We saw some of this in the Londoners' reaction to the 2005 transport bombings. Among the political and media hype and fearmongering, there was a thread of firm resolve. People didn't fall victim to fear. They rode the trains and buses the next day and continued their lives. Terrorism's goal isn't murder; terrorism attacks the mind, using victims as a prop. By refusing to be terrorized, we deny the terrorists their primary weapon: our own fear.
Today, we can project indomitability by rolling back all the fear-based post-9/11 security measures. Our leaders have lost credibility; getting it back requires a decrease in hyperbole. Ditch the invasive mass surveillance systems and new police state-like powers. Return airport security to pre-9/11 levels. Remove swagger from our foreign policies. Show the world that our legal system is up to the challenge of terrorism. Stop telling people to report all suspicious activity; it does little but make us suspicious of each other, increasing both fear and helplessness.
Terrorism has always been rare, and for all we've heard about 9/11 changing the world, it's still rare. Even 9/11 failed to kill as many people as automobiles do in the US every single month. But there's a pervasive myth that terrorism is easy. It's easy to imagine terrorist plots, both large-scale "poison the food supply" and small-scale "10 guys with guns and cars." Movies and television bolster this myth, so many people are surprised that there have been so few attacks in Western cities since 9/11. Certainly intelligence and investigation successes have made it harder, but mostly it's because terrorist attacks are actually hard. It's hard to find willing recruits, to co-ordinate plans, and to execute those plans -- and it's easy to make mistakes.
Counterterrorism is also hard, especially when we're psychologically prone to muck it up. Since 9/11, we've embarked on strategies of defending specific targets against specific tactics, overreacting to every terrorist video, stoking fear, demonizing ethnic groups, and treating the terrorists as if they were legitimate military opponents who could actually destroy a country or a way of life -- all of this plays into the hands of terrorists. We'd do much better by leveraging the inherent strengths of our modern democracies and the natural advantages we have over the terrorists: our adaptability and survivability, our international network of laws and law enforcement, and the freedoms and liberties that make our society so enviable. The way we live is open enough to make terrorists rare; we are observant enough to prevent most of the terrorist plots that exist, and indomitable enough to survive the even fewer terrorist plots that actually succeed. We don't need to pretend otherwise.
EDITED TO ADD (11/14): Commentary from Kevin Drum, James Fallows, and The Economist.
|
|
|
|
|
|
|
|
|
![[info]](http://l-stat.livejournal.com/img/newsinfo.gif) news
theljstaff | |
|
|
|
|
|
|
|
Notes augmented
We've enhanced and de-bugged Notes. If you haven't tried it yet, now's the time! You can create a private note when you ban multiple users. You can also delete multiple notes at once. Lastly, paid users have the option to add a note (visible only to you) whenever you add or remove a friend (guaranteed to avoid embarrassing social mishaps). If you don't currently have a paid account, you can upgrade now! It only takes a few minutes and costs less than a bad shopping mall haircut (plus, it's way more fashionable)!
Product tweaks and bug kill
- In another effort to zap spam, comments containing links from domains LiveJournal deems untrustworthy are now automatically screened
- If you sign up to get notifications of the Writer's Block question of the day, you'll now see the daily question in the email notification, so you'll have a little extra time to ponder before you post. You can subscribe to Writers Block notifications here
- The issue causing random comments to vanish has been fixed!
- If you visit a LiveJournal page and get prompted to log in, you'll be returned to the same page after you sign in (Thanks, Dreamwidth)!
- If you don't edit the timestamp for an entry at all, the entry timestamp will indicate the time the entry was posted instead of the time the Update Journal page was loaded
- Comments with paddings/backgrounds render correctly within the comment box (and will no longer wrap outside the box and break frames/margins)
New FCK fixes rich text editor!
- We've updated our RTE (Rich Text Editor) to FCKeditor version 2.6.5
- When switching from the RTE to HTML editor, links for syndicated feeds are no longer broken
- RTE now functions properly in Safari 4.0
- An extra line/space will not be auto-inserted whenever you switch from RTE to HTML editor
- The insert image link now works correctly in all browsers
LiveJournal Cares
We’re pleased to introduce you to ![[info]](http://l-stat.livejournal.com/img/community.gif) lj_cares, a new LiveJournal community dedicated to raising awareness and funds for U.S. charitable organizations that improve the health and well-being of people around the world. Each month, we’ll spotlight a nonprofit that is making a significant global impact through medical research, public outreach, and/or humanitarian social programs. Charities will be selected in accordance with the U.S. calendar of national health observances based on a high rating (of over 60%) on Charity Navigator and global scope of impact.
In this, our inaugural month of November, we will celebrate national adoption month by offering a charitable virtual gift (priced at $2.99) to support Love Without Boundaries, an organization that saves the lives of orphans with life-threatening diseases and places them in loving homes around the world. LiveJournal will donate 100% of the proceeds from the sale of charitable vgifts (we'll cover the cost of credit card transaction fees). To learn more about Love Without Boundaries, please visit lj_cares and read about how they helped save Baby Kang and the Rainbow Twins from fatal illnesses, who are now thriving in nurturing families. You can purchase your Love Without Boundaries gifts in the Virtual Gift shop.
Papered in postcards
A couple of weeks ago, we asked you to send in postcards to surround us with LiveJournal community. Thanks for coming through! We've received postcards all the way from Germany, Finland, and Canada and from all over the US, including Texas, Florida, Alaska, Montana, Wyoming, Indiana, Hawaii, and Oklahoma just to name just a handful. We're thrilled with our improved decor.
Please keep the love coming for one more week by writing to Frank the Goat, Esq., c/o LiveJournal, Inc., 539 Bryant Street, Suite 210, San Francisco, CA 94107. Be sure to include your username, since we'll be drawing the names of ten random contributors next Thursday to win paid account credits!
Photos of the week
We have more dazzling images posted by talented LiveJournal photographers from around the world. We're hoping to span the entire globe, so please continue posting and tagging. Of course, you can also sit back and enjoy the view at lj_photophile.
You can see a sample of this week's gorgeous photos and check out spotlight communities and awesome user content after the jump!
( Read more... )
Curtains
We thank you, once again, for joining us. See you next week! Tags: bugs, csi wii, fck, lj_cares, lj_photophile, notes, rte, writer's block
|
|
|
|
|
|
|
|
|
bruce_schneier | |
|
|
|
|
|
|
|
http://www.schneier.com/blog/archives/2009/11/fbiciansa_infor.html It's conventional wisdom that the legal "wall" between intelligence and law enforcement was one of the reasons we failed to prevent 9/11. The 9/11 Comission evaluated that claim, and published a classified report in 2004. The report was released, with a few redactions, over the summer: "Legal Barriers to Information Sharing: The Erection of a Wall Between Intelligence and Law Enforcement Investigations," 9/11 Commission Staff Monograph by Barbara A. Grewe, Senior Counsel for Special Projects, August 20, 2004.
The report concludes otherwise:
"The information sharing failures in the summer of 2001 were not the result of legal barriers but of the failure of individuals to understand that the barriers did not apply to the facts at hand," the 35-page monograph concludes. "Simply put, there was no legal reason why the information could not have been shared."
The prevailing confusion was exacerbated by numerous complicating circumstances, the monograph explains. The Foreign Intelligence Surveillance Court was growing impatient with the FBI because of repeated errors in applications for surveillance. Justice Department officials were uncomfortable requesting intelligence surveillance of persons and facilities related to Osama bin Laden since there was already a criminal investigation against bin Laden underway, which normally would have preempted FISA surveillance. Officials were reluctant to turn to the FISA Court of Review for clarification of their concerns since one of the judges on the court had expressed doubts about the constitutionality of FISA in the first place. And so on. Although not mentioned in the monograph, it probably didn't help that public interest critics in the 1990s (myself included) were accusing the FISA Court of serving as a "rubber stamp" and indiscriminately approving requests for intelligence surveillance.
In the end, the monograph implicitly suggests that if the law was not the problem, then changing the law may not be the solution.
James Bamford comes to much the same conclusion in his book, The Shadow Factory: The NSA from 9/11 to the Eavesdropping on America: there was no legal wall that prevented intelligence and law enforcement from sharing the information necessary to prevent 9/11; it was inter-agency rivalries and turf battles.
|
|
|
|
|
|
|
|
|
bruce_schneier | |
|
|
|
|
|
|
|
http://www.schneier.com/blog/archives/2009/11/security_in_a_r.html In the past, our relationship with our computers was technical. We cared what CPU they had and what software they ran. We understood our networks and how they worked. We were experts, or we depended on someone else for expertise. And security was part of that expertise.
This is changing. We access our email via the web, from any computer or from our phones. We use Facebook, Google Docs, even our corporate networks, regardless of hardware or network. We, especially the younger of us, no longer care about the technical details. Computing is infrastructure; it's a commodity. It's less about products and more about services; we simply expect it to work, like telephone service or electricity or a transportation network.
Infrastructures can be spread on a broad continuum, ranging from generic to highly specialized. Power and water are generic; who supplies them doesn't really matter. Mobile phone services, credit cards, ISPs, and airlines are mostly generic. More specialized infrastructure services are restaurant meals, haircuts, and social networking sites. Highly specialized services include tax preparation for complex businesses; management consulting, legal services, and medical services.
Sales for these services are driven by two things: price and trust. The more generic the service is, the more price dominates. The more specialized it is, the more trust dominates. IT is something of a special case because so much of it is free. So, for both specialized IT services where price is less important and for generic IT services -- think Facebook -- where there is no price, trust will grown in importance. IT is becoming a reputation-based economy, and this has interesting ramifications for security.
Some years ago, the major credit card companies became concerned about the plethora of credit-card-number thefts from sellers' databases. They worried that these may undermine the public's trust in credit cards as a secure payment system for the internet. They knew the sellers would only protect these databases up to the level of the threat to the seller, and not to the greater level of threat to the industry as a whole. So they banded together and produced a security standard called PCI. It's wholly industry-enforced by an industry that realized its reputation was more valuable than the sellers' databases.
A reputation-based economy means that infrastructure providers care more about security than their customers do. I realized this 10 years ago with my own company. We provided network-monitoring services to large corporations, and our internal network security was much more extensive than our customers'. Our customers secured their networks -- that's why they hired us, after all -- but only up to the value of their networks. If we mishandled any of our customers' data, we would have lost the trust of all of our customers.
I heard the same story at an ENISA conference in London last June, when an IT consultant explained that he had begun encrypting his laptop years before his customers did. While his customers might decide that the risk of losing their data wasn't worth the hassle of dealing with encryption, he knew that if he lost data from one customer, he risked losing all of his customers.
As IT becomes more like infrastructure, more like a commodity, expect service providers to improve security to levels greater than their customers would have done themselves.
In IT, customers learn about company reputation from many sources: magazine articles, analyst reviews, recommendations from colleagues, awards, certifications, and so on. Of course, this only works if customers have accurate information. In a reputation economy, companies have a motivation to hide their security problems.
You've all experienced a reputation economy: restaurants. Some restaurants have a good reputation, and are filled with regulars. When restaurants get a bad reputation, people stop coming and they close. Tourist restaurants -- whose main attraction is their location, and whose customers frequently don't know anything about their reputation -- can thrive even if they aren't any good. And sometimes a restaurant can keep its reputation -- an award in a magazine, a special occasion restaurant that "everyone knows" is the place to go -- long after its food and service have declined.
The reputation economy is far from perfect.
This essay originally appeared in The Guardian.
|
|
|
|
|
|
|
|
|
|
|
Previous
I will probably post more about this soon, I am somewhat wrecked after a week of rebuilding the roastery and building out a new training room (and, you know, running a roastery!)
ecstatic
