Incite 11/16/11: BlockageBy Mike Rothman
Most of the time, the words flow. I have a thought, and the next thing I know there are hundreds (if not thousands) of words on the screen. I’m a writer, so that shouldn’t be surprising. What may be surprising is that there are times I get writer’s block. Like now. At some point in the early part of the week, I get a flash of inspiration and bang out the Incite. It’s usually the easiest part of my job, but not this week.
Now (Tuesday night) is not the time to be blocked. Tuesday nights I work late. XX1 is at dance until 8pm, and when I’m in town I pick her up at the studio. The Boss and I have an arrangement where I can catch up on some of my writing and she handles getting the twins ready for bed, since she takes a class Tuesday nights – so I take over when we get home. So I’m sitting here needing to bang out the Incite, but the words just aren’t flowing.
I consult my ongoing list of Incite topics. Nothing strikes my fancy. It’s like taking a look in a full refrigerator, but nothing is appealing. Sure there is food there, but it’s not the right food. I hate that. You probably do as well. So I check Twitter. I move on to another project and make some progress on that. I read some NFL news. But in the back of my mind, I know the Incite still awaits me. It’s not going anywhere, and if it’s not done by the time I have to get XX1, it’s going to be a long night.
Sometimes panic sets in. I get anxious when the words aren’t there. That doesn’t help them come any easier, of course. If anything it compounds the issue. Still blocked. I walk around a bit. I stretch. I grab another coffee, so now I’m hyper-caffeinated. That’s not helpful either. Oy, I wish I had some writer’s Drano. That would clear up the blockage, even if it hurts the environment.
I start writing (again). I get about two paragraphs in and I hate it. I try to rework the concept. I still hate it. So I delete it. Back to square 1. More anxiety. More checking Twitter. More NFL news. No more progress towards where I need to be. I feel the window starting to close, and know that the Boss will be disappointed, since I’ll be working when we’d normally be catching up and enjoying each other’s company. More anxiety and the cycle starts again.
Then it happens. Inspiration strikes. I think, why don’t I write about being blocked? Maybe that topic is only interesting to me, but I have always written the Incite for me, documenting what’s in my mind at any given time. Sometimes it’s even useful to someone else, which is a bonus. I start writing. And the words come. The coffee shop disappears. There is no noise. The rest of the world goes away. And before I know it, I’m done.
I should have known the words would come. The words always come. I’m lucky that way. But sometimes my impatience gets the better of me. This was one of those times. And the next time I get blocked, I’ll forget that the words come as my anxiety increases. But now I’ll have this post to remind me. How about that?
Photo credits: “Blockage” originally uploaded by Martin Whitmore
Incite 4 U
Fresh crop of hackers: Brandjacking is the “web site defacement” news item of the decade. The struggle for ownership of the Internet is fascinating – big corporations respond to threats with the tools they know best: lawsuits, marketing campaigns, and lobbying the government. Pressuring the government to get rid of net neutrality, suing customers who have bad experiences, and attempting to outlaw anonymity are prime examples. But this is a losing fight; both because corporations are targeting their customers and because their lame responses show the weakness of their various positions. For example, Google+ not allowing anonymity in their corner of the Internet is effectively forcing people to wear ID cards – and we know how that story ends. Claiming they won’t allow anonymity because attribution promotes civility is crap – it’s because these firms are pissed off that they can’t control their brand image like they did with TV, radio, and magazine media. Rather than accept criticism – or have faith in the majority of people to understand that many negative comments came from psych patients hopped up on Fruit Loops and pharmaceuticals – they threaten legal action. Then we get firms like Reputation.com because business owners need someone to hold their hands when “The Internet” calls them A-holes. Given anti-corporate sentiment; I think we will see a lot more defacement, hacking, and DoS attacks because we are teaching a generation of kids that hacking gives them control they otherwise lack. China may sponsor and educate hackers, but we’re growing them organically. – AL
Congressional insanity: The Stop Online Piracy Act is so crazy that it’s hard to imagine anyone taking it seriously. Which is why it seems to have bipartisan support. It is basically a tool for government and media industry censorship. I’m not exaggerating – I don’t support piracy and I pay for the content I consume, but this bill literally forces software developers to add censorship mechanisms to any proxy software. You know, like VPNs and
ssh. It also allows the US government to muck with DNS in ways that have broad potential effects beyond merely targeting “file sharing” sites. Take a look and make your own decision, but this is bad for security… completely aside from free speech. – RM
FundamentaLiu sound advice: Sometimes folks turn their noses up when I go through my Endpoint or Network Fundamentals pitch. You mean secure configurations, default deny, and patching? Boooooooring. But as Vinnie Liu points out at Dark Reading, these boring tactics actually work. Okay, not 100% of the time, but they definitely make it harder for attackers to do their evil business. He mentions things like actually using controls (such as authentication) properly, URL authorization on Web services, and the tried-and-true least privilege approach. Again, nothing groundbreaking but that’s really Vinnie’s (and our) point. A shiny object isn’t a panacea, especially if you suck at the fundamentals. – MR
Bullies in the sandbox: I see sandboxing as one of the most important security technologies we will focus on over the next 5-10 years. Combined with application signing and other controls, it’s one way to seriously reduce the preponderance of malware. No, it isn’t perfect, but it provides a much higher bar than we have today. The guys over at Core Security highlight some of the problems by poking a hole in the OS X Lion sandbox, which will soon be mandatory for all Mac App Store apps. My biggest worry is that this will spur Apple to drop an extremely important and useful tool (Apple Events/AppleScript); instead I hope they will focus on developing a good API to allow inter-application communication between sandboxed apps. But trust me – we will see something similar on every consumer platform. – RM
Healthcare laggards? Why do Healthcare organizations lag in use of database security? I say they don’t. They are just like every other industry (outside of finance) in sucking at database security. But their troubles are aggravated by all the interesting data healthcare organizations hold, which is much more interesting to thieves than average business information. We have known that SQL injection attacks are devastating for a decade, that unpatched databases get hacked, and that unencrypted data files are begging to be stolen. I used to think the problem was a lack of tools, and that given how unreasonable it is to expect DBAs to be good at security too, automation of security knowledge was essential. But we baked encryption into the database years ago. We have embedded expert knowledge into dozens of assessment tools. Patches are available in a timely fashion. We can monitor every single action that happens in a database, but the breach parade continues unabated – exercising the nearly identical SQL injection holes, privilege escalation flaws, and misconfiguration issues of last decade. We have the tools and they require very little expertise to use, but they’re ineffective if we don’t use them. The healthcare industry should not whine when facing more regulatory oversight – the fact remains that they have failed to address privacy issues. – AL
IBM jumps on the mobile management bandwagon: IBM is a huge services engine that happens to sell some hardware and software too. It’s no secret that many organizations are facing a Wild West of mobile computing. There are no rules, we see entirely too many lawless bandits, and everyone brings their own guns to work. So Big Blue has introduced a new managed service called IBM Hosted Mobile Device Security Management (yeah, they couldn’t come up with a better name than that?) to solve the issues. It supports all the major devices, and that’s fine. What I don’t get is why they call it a security service. It’s really a configuration and asset management offering. I guess they figure they can wield the FUD hammer to shake some money loose, rather than focusing on less sexy operational issues. Or maybe next they’ll roll out some mobile AV. – MR