Saturday, July 5, 2008

USB Drives - The More Likely Vector

Use a usb drive to smuggle out a top-secret design? That's "feed a man for a day" thinking. Use a usb drive to smuggle in spy-ware, which can broadcast a steady stream of secrets? Now you've got an long term feed supply. Admittedly less targeted, but when you figure in the peer-to-peer infection possibilities, the coverage possibilities are staggering. Getting the data back out of the corporation would no doubt get tricky, and maybe that's where the initial stories of smuggling 'out' come from. But I'd bet the bad guys lean towards targeting data more accurately, compressing it well, and sneaking it out at low rates across many ports to many destinations; essentially 'flying under the radar' of corporate network security. The USB drive security threat is an 'in-ee'.

Monday, June 2, 2008

SQL Server 2008

Well my first disappointment has been encountered. We received an SQL 2008 handbook with the TechED registration materials. Cool! I though - I can check out the new features!

My boss is excited about the 2008 version because it supports the notion of storing blobs in the file system, while hiding this detail from SQL statements. I won't debate weather storing blobs inside or outside of the database makes more sense - people far smarter than me have figured that out.

But the devil is in the details of course. It turns out blobs stored outside the database won't be mirrored if you're you're running that type of environment. Um, we are.

So blobs outside the database is ok for the kiddies, but you enterprise folks had best avoid it. It's yet another half-implemented feature from the SQL Server team.

TechED In Orlando

My employer has sent me to TechED - the annual Microsoft conference. This year it's being held in Orlando Florida. I'm at the Hilton in the Walt Disney Resort. I'll try to post once each day on notable or weird things. So far, I haven't seen Mickey Mouse or Daffy. My colleague might have met Daffy's sister though - she was refused registration (even though she's signed-up and paid) because she didn't have any picture ID with her. That's probably a pretty good policy to have for a conference of this size, but it should have been prominently displayed on the 'bar code' page you bring to registration. And Daffy's sister shouldn't have been so darn snarky about the whole thing!

Friday, May 16, 2008

Remote posting from a bar - is that like Drunken Dialing?

Ok, clearly posting from a Blackberry works. At first (5 mins ago) I was excited. Now I'm worried - will I make a habit of making inebriated posts from Barside? Geeze, my beer is empty... Back in a bit.

Now a Blackberry!

Now I've been blessed with a Blackberry - in fact I'm making this post from a bar in Hamilton, ON, Canada.

I'm keeping it short just in case this crashes and burns... On my next post I'll lean into the vista thing a little more.

Thursday, March 20, 2008

Yikes - Windows Vista!

I'm writing this post on Windows Vista - my employer gave me a new laptop. I've had some troubles finding stuff of course (like 'Save As' in MS Word 2007). The guy in the next office hates Office 2007. The guy a little further down seems to be pretty happy with Vista & 2007. My father is buying a new laptop and I've warned him off of Vista, mainly because I wouldn't have been able to support him (yes, I'm the 'family IT guy'). But he's having a heck of time trying to find someone who will sell him a new laptop with XP on it. I was really hoping to put Ubuntu on his existing laptop, but each new release I try doesn't like his ThinkPad 600x.

Next up - download & install Visual Studio 2005, and a bazillion other tools I'll need. More to follow.

Wednesday, March 19, 2008

Verifiable Elections - the only way to go

This post was in response to a Slashdot post in which the writer essentially said "In the 7 years I've been writing software I've concluded we should be able to design a secure computer voting system [in the US]"

I've been writing software for 30 years, and I can assure you there's no way to make totally secure software. The sooner we realize this, the sooner we'll move on to a real solution. It's almost like the media companies thinking DRM couldn't be hacked.

We need to get over uninformed thinking, and move to a VERIFIABLE system. Whether it's paper or plastic or silicon, all votes must be made public (with individual privacy protected by code numbers or some similar mechanism). With the voting results in full view (perhaps on a website?), everyone and anyone can confirm their vote got counted right, and that the sum total of all votes is correct. With a little extra effort, we could even ensure each vote on the list was cast by a real person.

I know this will remove a lot of power from some very powerful corporations, and all corrupt election-stealing politicians will cry foul, but at the end of the day, public verification is the only true solution. Anyone who disagrees is probably selling 'their' system, in which they, no doubt, have a vested interest.