100 Mile Constitution Free Zone


This is pretty ridiculous abuse of power, and of opportunistic broadening of the interpretation of what must’ve been more narrowly defined laws. Seems pretty typical under the Stalinist (er, Bush)
regime. How’s about a little regime change on the domestic front eh?

News (?): Americans willing to pay (a little) more for privacy

I don’t know if I should be surprised at this or smug – right now I’m leaning towards pleasantly surprised.  I guess I’m surprised that (at least according to this study’s methodology) there isn’t more of a price differential for good privacy but hey, I can certainly understand people being a little skeptical that any privacy can be protected in this day and age.

They found that people will, in fact, pay more to purchase from sites with a solid privacy policy, but only if that policy is easy to see and understand.

For those of you developing products and who wonder whether it’s worth the effort to spend time on “privacy issues”, take heart:

It could also be good news for retailers, who can use robust privacy policies as a selling point…

See the full article here: Americans willing to pay (a little) more for privacy



Lighthearted competitive morale booster? Nope, the culmination of years of fear infused in MSFT culture over any technology that employees happen to use that doesn’t spring forth from the innards of campus (even when there are no good MSFT alternatives). Ugh, I don’t miss that retardedly childish fear of competitive pressure and/or groupthink-driven ostrich behaviour. Not one bit.

Week One at Intel

Feels like a comfortable pair of shoes… strangely, despite all the advice I’ve heard from friends and colleagues that Intel’s corporate culture is very different from Microsoft’s, I felt pretty relaxed with the information that’s been thrown at me so far, and so far I feel confident I’ll be able to take on the responsibilities that are thrown my way.

I also feel welcomed at Intel. Obviously there were a few folks who wondered who “the new guy” was who took over the empty cubicle there, but everyone I’ve met so far has made me feel welcome and respected.

Respected? What the h*** does he mean by that? Well, I must confess I worried that folks would think that a “software guy” from Microsoft wouldn’t have much to contribute at a hardware company like Intel. And in the first few hours of being there, I got a really overwhelming sense that Intel is incredibly “engineering-friendly”. [Hell, the maps on the walls of the buildings that tell you how to get around look like they’re straight out of AutoCad.] Not unlike Microsoft, where I always felt a little “outside” because I didn’t know how to code, I get this sense from Intel that if you don’t grok hardware, and aren’t an engineer, then you’re second-class and will always be climbing uphill to prove yourself.

The jury’s still out on whether a non-engineer can really earn “first-class citizen” status at Intel, but given the number of times I’ve heard my security colleagues here reference Microsoft as an organization that’s well ahead on the security front, I feel like my credentials should be reasonably intact for now.

Tidbits that I didn’t know until I got here:

  • Intel is a cubicle farm – everyone has a cubicle here, allegedly up to the executive class. It’ll take me a while to get used to the cacaphony of shared conversations and random noises, but I really hope I adjust soon.
  • The cafeteria here is even nicer than the ones on Microsoft campus – I had a Tempeh curry dish yesterday (yum!), and today I discovered the self-serve sandwich bar – take your bread, load up whatever fillings and toppings you like, and pay by the ounce. [I had inch-think tuna salad, a muffin and an apple for $5.31 – darned reasonable.]
  • These guys seem to have standardized exclusively on Thinkpads – it’s amazing after seeing all the wild variations of hardware at Microsoft to see just *one* OEM’s PCs everywhere. It’s almost…cultish. Still, if you’re going to choose only one notebook, I can think of much worse choices than these.
  • Microsoft’s concept of “long-timer” is pretty paltry compared to Intel. Ten years at MS is an accomplishment, and anyone with 15+ years at MS is considered a “volunteer” (i.e. part of the generation who earned enough cheap stock options to not need the paycheque, but still comes to work for some reason). I’m working with a guy who’s been with Intel for 27 years, and I’ll meet another on Friday who’s been with Intel for 30. Holy crap – thirty years ago, I was mastering finger-painting, while these guys were pioneering circuit designs.

I’m still figuring out what I’ll be doing around here, but so far it looks pretty exciting. I’ll tell you more about it in the near future.

Focused Thieves looking for payoffs in the Enterprise

I’ve been afraid of this for years… it’s amazed me that the people capable of writing worms, trojans and rootkits weren’t using these skills for financial gain.  The whole concept of ILoveYou and Nimda just creating denials of service was almost disappointing in a way.

Not that I minded having to deal with these temporary outages rather than real permanent damage.  It was nice to have a few more years to get our s*** together…but now it seems that the damage potential of these attacks has finally caught up with us.

I’ve been hearing from colleagues of mine for the last couple of years that there have been an increasing number of “stealth” attacks that have been both (a) much more focused and intelligent, and (b) much more damaging or criminally motivated.  I’ve been pretty jaded at all this “cloak and dagger” storytelling – it always reminds me of the folks who want you to believe they know something you don’t, and keep teasing you with the “big secret”, but are mostly full of crap.  Or all the folks with backgrounds in information security in the military – talking all the time about how crazy the threats are that they faced, but always stopping short of actually providing hard evidence – or even just believable stories – to back up these claims.

It’s not that I didn’t believe there wasn’t a growing criminal, financially motivated element to the information security threats.  However, it’s been difficult to gauge the likelihood/frequency of such threats, and I’ve been concerned with helping my customers address the prevalent threats that actually manifest on a regular or inevitable basis.  It seemed like a series of edge cases – fascinating technical issues that don’t affect most organizations, and the greatest impact on most customers was distracting them from focusing on the fundamentals.

Well, I’m becoming convinced that we’ve crossed an inflection point.  Stories like this are coming up more and more, and making it sound like there’s a significant proportion of security attacks that are taking on these criminal, financially motivated motives.  I really wish I could continue to believe we’re still living in the era of “flickering lights”, but it’s starting to feel like we’re entering the era of “smashing lightbulbs”. 

Link to Info Thieves Take Aim at the Enterprise