As my kids get older, fundamental aspects of their personalities become more apparent. XX1 won the “most inquisitive” award in kindergarten. 5 years later, she still asks questions. Lots of questions. A seemingly endless stream of questions.

You can't have an inquisition without the rack...The Inquisition went into full effect when we went to the Falcons game last weekend. This is the 4th year we’ve had tickets, so it now becoming more about the game, rather than just about the ice cream and other snacks. From the opening kickoff until the last touchdown in the 4th quarter, I got a steady stream of questions. Which direction are they going? Why was that a penalty? Who would you root for if the Giants played the Falcons? Should I get a Dippin’ Dots or frozen lemonade? What’s pass interference? Questions, questions, questions.

Now I like watching my football. I don’t like to talk during the game. If I do talk, it’s about soft zones, off tackles, and shot plays. I felt myself getting a bit frustrated under the constant barrage of questions. Then I remembered this was my evil plan in the first place. I want the kids to love watching football. I want them to have memories of going to NFL games. If they don’t understand the game they won’t want to go with me, and I’ll be sad.

So I spent the time and tried to explain a few easy concepts. Like possessions (the Falcons have the ball, and they are going for that end zone), first downs, and kickoffs/punts. And she started to understand. We had a great time and that’s what it’s all about.

I love that she asks questions. She wants to learn and when she doesn’t understand, she asks questions until she does. That’s a lot better than nodding like you get it, but being too proud to admit you don’t. This is a great skill, and over time we’ll work on trying to figure some stuff out herself and then ask the remaining questions.

But I need to keep in mind that it’s a patience thing for me as well. I don’t have all the answers – certainly not to an endless stream of questions. So I have to get better about admitting I don’t know, and (given all the devices in our house) walking up to one of my magic boxes to figure it out. So as uncomfortable as the Inquisition may be at times, I wouldn’t have it any other way.


Photo credits: “Spanish Inquisition torture method: the rack” originally uploaded by un_owen

Incite 4 U

  1. Love and Hate, version 1: I never met Dennis Ritchie, but he certainly had a major impact on my life. As a computer science undergrad at Cal, UNIX and C were everything to me. I lived with The C Programming Language. Literally. Along with The UNIX Programming Environment – neither book ever left my backpack. They remain on my bookshelf to this day. And I hated both. I thought C was a miserable language. Pointer issues, memory leaks, awkward syntax, hard-to-find information. The FAQ for proper uses of the null pointer was 100 pages long. Clearly a language is screwed if it takes 100 pages to describe just one aspect of the language (mostly things you must not do). When I read Creators Admit UNIX, C Hoax, I laughed my ass off because I thought it was true – C was a freakin’ prank. Only years later did a couple UNIX experts really teach me C and UNIX (no, they don’t teach you languages at Cal, they just assume you’re plugged into The Matrix and will imprint them into your brain as needed). Only when they handed me a copy of Using C on the UNIX System did I really start to admire the power of the C language and the beauty of UNIX’s architecture. Both are incredibly powerful, and the essence of flexible and extensible. Ritchie’s passing is a good time to reflect on their landmark achievements and celebrate all the things that we use almost every minute of the day, which have been built on those two standards. – AL
  2. If there are so many detection techniques, why do they still suck? Lenny Z highlights the current state of the art for malware detection in a couple articles at SearchSecurity: How antivirus software works: Virus detection technique, and in the deeper Antimalware product suites: Understanding capabilities and limitations, on full endpoint suites. But he begs the question: with all this technology, why can’t we stop the bad guys? Because they have changed tactics. They are going after users and applications, preying on those who haven’t updated their devices and the simply stupid (or ignorant, which is just as good for their purposes). Yes, there are a plenty of easy targets. But whining about what we can’t do isn’t my style, so let’s step back to fundamentals. Assume that devices (at least some of them) are compromised. The ones that must not get compromised (high value assets) should be locked down – even if users squeal like stuck pigs. Monitor the hell out of everything, and do some egress filtering and/or DLP monitoring to make sure stuff doesn’t get out. But we cannot assume that anti-malware provides any security. – MR
  3. You already had to do it: There has been a lot of hubbub this week over recent guidance from the SEC that public companies should report on cyber-security risk. This is interesting, because my understanding has been that companies have always been required to report any potentially material risk, no matter its origin. We have seen companies report major breach losses for a while, and in rare cases they report some of the cyber risk (usually as an add-on to a public breach). That the SEC felt they needed to issue additional guidance means that companies were either confused (I don’t see what’s confusing – a loss is a loss), trying to play games, or simply not reporting. So I don’t see anything new – it’s just a reiteration of something companies should already have been doing. Not that most of the headlines or whiny execs will play it that way. – RM
  4. Botnets are big business: It looks like every vendor will soon be jumping on the botnet detection bandwagon. Check Point is first of the big vendors, with their [Anti Bot Software Blade], which basically involves doing some data analysis to pinpoint command and control traffic. Yup, sounds a lot like what Damballa, and to a lesser degree FireEye, are doing. It seems this anti-bot stuff found active bots at 100% of their test sites. Uh, I’d be surprised if they didn’t. There are “bots” in every organization of scale. The question is whether they got all of them. And how many were false positives. But CHKP actually is onto something here – every perimeter security gateway needs to be able to detect bots and block their traffic. Yes, botnet detection is a feature, and it’s coming soon to all the perimeter folks. – MR
  5. True life is cooler than fiction: I love reading a good speculative fiction novel. Sci-fi stuff set just over the horizon from today – like 1990s cyberpunk, and more recent books like Rainbows End, Halting State, Ready Player One, and Daemon. While there’s a lot of crap out there, these books are truly enjoyable and make you think while you’re enjoying the roller coaster. But what’s even cooler is when the real world starts to sound like one of these novels. Take Brian Krebs’ recent story on a warez cracker who turned his eye into popping malware. This kid (if you live with your parents, you’re a kid) is slicing through commercial malware kits, ransomware, and other malicious code just for the fun of it. It seems that normal commercial software just isn’t as much fun. So we have criminal vs. criminal, locked into a day-to-day battle of wills, one side engaged merely for the challenge, the other to maintain their livelihood. Guess who seems to be winning? – RM
  6. Mobile protection (but not for me): NoScript is my favorite security tool. Of all of the security products I use, it’s one of the easiest to use and provides effective protection for much of the bad stuff that can happen in a browser. I have been really looking forward to a similar capability on mobile devices. So the announcement of NoScript Anywhere, with mobile support only on Android, was a disappointment. I should be praising its granular per-site permissions management, XSS protection or the App Boundaries Enforcer. Nope. I am a whiny-assed Apple-fanboi, and I want NoScript for Safari. And I want it for Mobile Safari, so I can protect my iPad and iPhone browsing. Oh well. NoScript is still a great product, which keeps me using Firefox. Mike and Rich stay on Firefox for the same reason. So I guess I’ll deal. It’s free. Get it! And you can always contribute too! – AL
  7. Sizing up our adversaries: If you can get by all the colorful hyperbole in Greg Hoglund’s post on APT (yes, that Greg Hoglund), he has a good classification system for the types of adversaries most of us face. Plenty of APT terminology is bandied about, but it’s obscuring the fact that most of the attackers are either 1) criminals (most likely organized), 2) rogue actors (chaotic folks, terrorists, etc.), or 3) conducting espionage (usually state-sponsored). Yeah, the script kiddies are still out there, but in light of the obviously correct HD Moore’s Law (h/t @joshcorman), you must be able deal with them, right? So it’s about understanding what in your organization is interesting to each of these adversaries, and implementing controls accordingly. Yeah, that risk management thing. – MR