I have a younger brother. It was just the two of us (and Mom) growing up, so I find myself ill suited to dealing with girl stuff. Thankfully the Boss is wonderful at working with the girls on how to deal with bullies/mean girls, and this physical maturation process that seems to happen to girls. One day they are all cute, young and innocent; the next day you’re shopping for bras. Thankfully the Boss handles that duty as well. I’d favor the model that is bolted onto their respective rib cages, and don’t get me started on chastity belts… But when it comes to the Boy, I’m all over that.

He’s a pretty active kid. Most days he likes to head outside with his buddies in the cul-de-sac, and plays some kind of sport. For years he came back in, washed his hands and was good to go. Not so much any more. Over the summer we had a few situations where you could smell him way before he got back into the house. That’s when we realized our little boy is growing up, and after enough activity he smells like a locker room.

So we had a little chat. I started with the importance of smelling good because the girls don’t like stinky boys. He blurted something out about cooties, so maybe that didn’t resonate as well as I hoped. Next I tried to explain about being considerate to the rest of his family, who shouldn’t be subjected to stink-o-rama. Yeah, that didn’t go over well either – he’s still enamored with the pull my finger game. Then I realized that most boys want to emulate their Dads. I took a quick run into my bathroom and emerged with the prize: a new stick of deodorant. He was very excited to use my deodorant and was pretty consistent about using it.

In fact, the Boy was sitting next to the adult sister of one of our friends (no, this isn’t some Penn State story) and she noticed he smelled pretty OK, especially for an 8 year old. So she asked him why he smelled good, and he deadpanned, “Because I wear deodorant.” Then he went right back to his video game. Out of the mouths of babes. I thought he was in a good place regarding hygiene, until this past weekend.

I took him over to a friend’s house to watch the football games on Sunday. He literally played football outside for about 4 hours, and by the time he got back inside he smelled like a compost pile. I was a little surprised, and asked whether he put his deodorant on. Of course, he gave me the 8-year old “oh well” shrug. I reminded him of the importance of not smelling like crap, and figured he was ready for the next step in his man training. Yup, I taught him the arm pit sniff. Now he should be able to tell, proactively, when it’s time for a deodorant refresh.

But I’m not teaching him everything yet. I’ll wait a little while to introduce the underwear sniff test. That’s only for advanced students.

-Mike

Photo credits: “Warning: Politician Ahead!!!” originally uploaded by The Rocketeer

Incite 4 U

1. Security company does (some) good: As a skeptic it’s hard to find anything good in security, but let’s tip our hats to Barracuda. They are running a campaign to donate meals for children during the holiday season. Working with the United Nations World Food Programme to fight hunger, Barracuda will donate meals for every user that participates. How do you get involved? Follow @BarracudaLabs on Twitter, ‘Like’ them on Facebook, or just install their free Profile Protector, and they will donate a meal to the UN programme. It’s a no-cost way to donate food through the holidays! – AL
2. The APT who shall not be named: Kudos to Bob Bragdon for slaying the sacred cow of political correctness and making (in print) the connection between the ‘APT’ and China. We have actually been saying for a while that many of the persistent attackers out there are state-sponsored, and that state is China, all while comparing them to Voldemort. What’s funny to me is the folks who use APT to justify a logical evolution of security. Like Jon Oltsik, who jumped on the APT hype train and did a survey. Magically enough, users told him existing tools aren’t working very well. And in terms of the future view, what end-user doing anything today wouldn’t say “Security tools need to be smart enough to detect and react to suspicious behavior, anomalous activities, and attacks in progress.” That’s ground-breaking! But here’s the newsflash: this evolution has nothing to do with APT. Simple detection has been ineffective for years. And even if we get to this so-called ‘smart’ security tool, I’ll take the Red Army every day of the week. All they have is time and money, so they will get in. Though maybe Bob B should try out this SkyNet contraption on his home network, since Voldemort is no doubt coming for a visit. – MR
3. Coding conundrum: IBM is using a developer scorecard to measure the productivity of its developers. That’s good. And it sucks. As pointed out by Neil McAllister on his blog metrics typically devolve into measuring lines of code, which does more harm than good. But here’s the conundrum: all metrics suck, but you you need them regardless. Any individual metric only shows a fragment of the truth, and there is no ‘best’ metric. By themselves, most development metrics I have used were misleading to some degree, so I used different collections to show trends and warning flags. I used them as a cue to dig deeper and understand why some metrics were skewing in a certain direction. Use metrics, but don’t assume what they indicate without some digging. I applaud IBM for quantifying productivity, but warn users to be careful how they use any metrics in practice. – AL
4. Don’t believe everything you read: There is a lot of crap floating around out there in the tech press. Our pal Alex Hutton points out one of the worst examples on the New School blog, in an article on risk management. Alex goes point by point through the article, blowing up many of its author’s simplistic assumptions. Like whether risk assessment is truly objective, and should determine applicable security controls. What I take from Alex’s ranting is a reminder that pretty much anyone with an Internet connection can (and does) write in the tech press, which is increasingly desperate for content to drive page views. Buyer beware, always. This article is a data point, among many others you should use, when making a decision. As I always say, you cannot outsource either thinking or accountability – you are on the hook if you really think you can never have too much security. Yes, that was another of the article’s beauties. – MR
5. Details are boring: Speaking of development myths, Mike Vizard says the problem with Application Lifecycle Management is that it’s intrusive. Not so. The problem with ALM is that programmers – especially younger programmers – don’t want to do it. It’s not coding, so they are not interested. Filling out forms, clicking check boxes, completing tasks that gate code check-in, and any administrative work – is all looked on as a bureaucratic distraction, not adding value to those start-up stock options. The problem is all other teams (release management, security, quality assurance, project managers, etc.) rely on ALM to do their jobs. Its a simplified form of communication designed to meet the needs of many audiences, and so ALM lacks interfaces tailored for development. What’s intrusive is the CISO walking into your cubicle to let you know you failed to reset passwords before your code went into production – a task on the release checklist you ignored. – AL
6. OMG. The media calls out the (alarmist) media: Kudos to Lysa Myers of West Coast Labs, who writes this rather pointed editorial calling out most of the tech media for their reporting as fact the tenuous linkages between Stuxnet and Duqu. Note that we don’t really have proof one way or the other about whether they come from the same author, and it doesn’t actually matter. What Lysa points out is the increasing use of alarmist tactics to drive page views about unsubstantiated stories. Like the crazy cyber-attack on the water facility that wasn’t. Unfortunately SC Mag (which is owned by the same parent company as West Coast Labs) was just as guilty of covering both the Duqu and cyber water attack. Maybe SC Magazine’s folks should read (and heed) their own guidance… – MR