Securosis

Research

Geeking the New House

Much to our own surprise, last August my wife and I decided to buy our first new “new” house in the Desert RIdge area of Phoenix. The closest I’ve ever come to having a house built was helping build a house. Needless to say, this was a perfect opportunity to get my geek on. I could tell you all the wonderful things about the place like our cabinet and counter selections, tile and carpet, or number of rooms. But let’s be honest, if you’re reading this blog you won’t be interested in any of that stuff. I barely am, and I’m paying for most of it. Here’s the good stuff. On the electrical front I got to design the lighting and even the circuits. We put in dedicated circuits behind the TV, in the garage (for the power tools), and in the server closet. Yep, I get an office with a server closet (air conditioned, of course, although that was just blind luck). We also put an outlet at eye-level behind the TV for the wall mount flat panel, and a floor outlet in the office. Thanks to a mistake by the installer, there are eye-mount level panels to run wires down to floor-level for any wall mount TVs. The entire house is wired with Cat6 and coax. Even the phone lines are just Cat6 lines. Every room has at least one Cat6 and one coax line, but usually more. Behind the TV area we doubled up on everything, with enough coax lines to run 4 channels of high definition satellite signals (for the TiVo, of course, pre-wired to the South facing side of the house). All the lines run to a central panel in the… you guessed it… server closet. I can mix and match anything without having to run new lines. But even Cat6 won’t last forever, so we ran conduit to all the bedrooms, the family/TV room, and another general room upstairs. Fiber? No prob, unless it’s fatter than 1.5 inches. For audio we put ceiling speakers in the living/dining room and out on the patio, all running to the TV area where the stereo will sit. We also put in overhead rear-surround speakers, which can double up as general stereo speakers. It’s not whole-home, but I don’t think we really need that. There’s crawl space access upstairs and even between floors if we need it. If I want to shoot audio upstairs I’ll just go wireless. We did a slight upgrade on the security panel and added a serial interface. I run Insteon home automation off a Mac Mini, and I’ll be able to interface directly with the alarm. That will let us do all sorts of cool stuff like turn off the lights when we activate the alarm, or get a nice web display of all open doors/windows. For security reasons we added a door sensor to a deck door on the second floor, a glass break detector in the back of the house, and a smoke detector. It seems weird to me that while we got integrated smoke detectors throughout the house, none of them connect to the alarm panel to call the fire department. The firefighter in me also sprung for the residential sprinkler system. If we ever have kids, and they ever set it off, I’m going to kill them. While I made a serious bid for a secret passage disguised behind a bookcase, that was a definite no go. Last week we got our close date- June 19. Less than 2 months until I’m living in gig-ethe et heaven… (…anyone want to buy a condo in downtown Boulder, CO?) Share:

Share:
Read Post

Unexpected Sign of Aging

I turn 36 today. I’m not really sure how that happened. Neither are a lot of other people. I realize 36 is still fairly young, but it’s definitely not my 20’s anymore. My father died around age 64, so technically I’m past mid-life by his standard, although I’m pretty darn certain I can stretch well past that. With cryogenic freezing advances I might even make it to “indefinite”. I’m also now in the “over 35” category for martial arts competitions. In just 4 short years I have to look forward to a new addition to my annual physical and will begin choosing my physicians based on the size of their hands. (Smaller is better.) This weekend I’m also finishing up EMT refresher class so I can transfer my Colorado certification to Arizona since it expires in a couple months. I first certified as an EMT in 1990/91, and was a paramedic in 1993 for 3 years before dropping back to EMT. I’m not the oldest in the class, but I’m definitely the only one there with extensive field experience. Back when I first became certified I remember listening to the war stories and wondering how I’d react. Mostly I thought, “cool! I hope I get to do that!” The nastier and bigger the better. Now, when I’m not telling my own stories, I think to myself, “damn! I hope that doesn’t happen to me!” So much for the invulnerability of youth. I expected hair loss, slower healing, and degradation of my vertical jump, but it was a slap in the face to realize how much more aware I am of my own mortality. Crap. (On a good side, I realize how much age has improved my skills as a health care provider. Not the physical skills nor the technical knowledge, but despite being a bit of an asshole in general I realize I focus much more on patient comfort and compassion than showing off my skills. It’s now about them, not me.) Share:

Share:
Read Post

Will the Media Please Stop Encouraging Murder?!?

I really don’t mean to turn this blog into a media rant, but I’m on a roll today and will keep it short. I was, like most of you, disappointed that the media’s been exploiting the VT tragedy with nonstop coverage and pathetic interviewing of anyone they could get their hands on to fill the 24 hour news cycle. That’s fine, I can mostly turn it off and just get the occasional update from the web as facts emerge. That was until I saw the paper this morning. Here’s a hint guys- if you plaster ego-shots of some twisted sociopath in movie scene poses with guns all over your papers, websites, and broadcasts, all it does is turn him into some martyr for the cult of the deranged. You’re creating an anti-hero for that miniscule fraction of society born without all the right wires connected. No, these images won’t encourage a normal person to cross the edge to insanity after getting turned down for a date one too many times. But with 300 million people in this country, never mind internationally, the law of averages ensures that some miniscule fraction of society will lack the neurons that ensure our social fabric. These images, with those of Columbine, encourage that fraction of fractions to go on a spree for their 15 minutes, rather than just taking themselves out. I’m not talking censorship. It is completely within the rights of news outlets to show whatever they get their hands on. But stop pretending you bear no responsibility for the actions you take. This story could have easily been covered without turning this kid into a martyr. This isn’t censorship, it’s discretion. What do you think the odds are the next maniac will mail you a package of images before committing atrocious acts and seeing if he can break the old record for domestic body count? Guess what guys, this is also how terrorism works. You don’t think suicide bombers make those videos just for their families, do you? Wake the fuck up. Stop giving these people an outlet and making them famous. I’m not naive enough to think that it will stop these events, but we sure as hell don’t have to encourage them. Alright. Rant over. Back to your irregularly scheduled blogging… Share:

Share:
Read Post

Is There Any News Channel Worth Watching Anymore?

The 24 hour news cycle has officially killed the Fourth Estate. Seriously, if there is, tell us in the comments. I’m sick of the exploitation, just give me the damn news. I gave up on local news about 10 years ago after a baby died in a parked car and the reporter decided to throw an oversized thermometer in a car during the day to show how bad it was. Fox is propaganda, and CNN lost me a couple years ago. Can’t remember the exact incident, maybe Terry Schaivo. This week is just obnoxious and degrading, and with all the TVs all over coffee shops and airports, it’s inescapable. sigh Share:

Share:
Read Post

Question for Writers

Do you ever have days where you feel that you’re not so much writing as you are psychically channeling the obscure hallucinations of an illiterate eight year old? Me too. Share:

Share:
Read Post

Everything You Need To Know About Security Is In This Film

(Physical security, that is) Road House “Be Nice.” “Until when?” “Until it’s time to not be nice.” Don’t forget the rest of the quotes. Seriously- even you non-physical security types need to watch this. The ultimate expression of the security mindset. (This post inspired by this link) Share:

Share:
Read Post

AZ Declares 14 Year Old Boy as Dangerous as Bin Laden

This is so stupid. Terrorism is a tactic, which is also defined as a particularly nasty crime. There are a lot of definitions, but I tend to use various versions of the U.S. Code of Federal Regulations: …the unlawful use of force and violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives” (28 C.F.R. Section 0.85). So tell me, how does the following meet the definition of terrorism? A 14-year-old boy who allegedly kidnapped a classmate at knifepoint and was later found with a backpack full of restraining devices and weapons will be charged with terrorism, Maricopa County Attorney Andrew Thomas said. The Mesa boy, who attended Powell Junior High School, also faces charges of aggravated assault with a deadly weapon, kidnapping and carrying weapons on a school campus. A very bad crime? Yep. Terrorism? Nope. Only in the heads of over-zealous prosecutors who don’t understand terrorism, or the risks of abusing the laws against it. This kid needs to be dealt with, but how can you possibly compare this to real terrorist acts? This is a sick kid. Not a terrorist. Share:

Share:
Read Post

Seen at the Library

Working from the library today and they have this on every door. Boulder was pretty liberal, but even they didn’t have a gun check at the library. I love living in the Southwest. Of course I know a bunch of people with concealed carry permits, just not here in Phoenix/Scottsdale. (yes, I know it also means knives and such, so stop spoiling everyone’s fun) Share:

Share:
Read Post

Stomp the Trolls: The Troll Eradication Project

troll 1 |trōl| noun: 1. A cowardly creature that hides behind anonymity to demean, harass, or threaten others (sometimes illegally) because they lack the intelligence to engage in real dialog or debate. 2. A pathetic, almost-life form that leaches off society without contributing anything of value. Trolls are the lowest form of life. Ugly, pathetic creatures of absolutely no worth, they strive to destroy the good work of others through intimidation. Trolls may lack intelligence, but they can be persistent pests, and in large numbers they can destroy a community. Some trolls are more aggressive and represent a physical danger, and must be dealt with harshly only by trained professionals, typically law enforcement. Trolls have been tolerated in our society for too long- these… things… must be confronted and destroyed. While full eradication is impossible, concrete steps can be taken to limit their impact on the world. Trolls can be marginalized through persistent effort, but only when a community acts together to condemn their behavior. You can participate in the Troll Eradication Project by taking a few simple steps: Reduce their habitat: Trolls live anonymously; very few have the intestinal fortitude to carry out their activities when they can be identified. Should trolls appear, forcing them to identify themselves will often scare them away. In some cases, more radical action needs to be taken and their ability to communicate restricted. Confront them: Trolls are cowardly, and will often flee confrontation when a community bands together. Some trolls may attack individuals, but few are willing to confront entire communities openly. Eliminate their food: Trolls feed off the negative energy they create. In some cases, persistently ignoring them may cause them to seek food elsewhere. Call in a professional: Some trolls are dangerous and violate the law. In these cases, law enforcement should be notified promptly. Outright threats and harassment are clearly illegal and should only be dealt with by professionals. Remember- only YOU can prevent trolls. We must control the troll threat before our communities are overrun. < p style=”text-align:center;”> Seriously folks- after yesterday’s events, we just can’t put up with this anymore. Share:

Share:
Read Post

We Cannot Tolerate This

I read a few posts today on the deplorable harassment of Kathy Sierra (read Scoble, Feld, Kathy’s Site). Basically, Kathy is giving up on blogging and public speaking out of fear due to a series of death threats and online sexual harassment. It’s absolutely disgusting. And as someone who has been a member of online culture since the BBSs of the 1980’s, I’m simply embarrassed. There is one way to describe those who perpetuate this- fucking cowards. I know these people. They are everywhere on the Internet- hiding behind semi-anonymous IP addresses and spewing their garbage on every forum, IRC channel, or blog they can slap their pathetic personality on. I know them in the real world; too cowardly to face authority, but more than willing to make anyone they perceive as weaker miserable for no more reason than to inflate their pathetic egos. I’ve helped more than a few of them learn just exactly how “special” they are as we kicked them out or took them to jail. I’m probably violating my policy of not blogging about technology, but this is a cultural issue, not an industry issue. Except that it highlights the need for those of us in security and law enforcement to provide the same protections online that we do in the physical world. We can’t do this just by hiding behind our own walls; we need to band together as a community and figure out ways to improve online safety without violating online privacy (the usual mistake). Our society has very very few limits on freedom of speech, but threats and harassment to create fear are clearly unacceptable. Reading Kathy’s blog it looks like she is already working with law enforcement, and I sincerely hope they catch and prosecute those involved. There is no excuse for this. We cannot tolerate it. And those of us in security have the same responsibilities online as we do in the physical world to do our part. Share:

Share:
Read Post

Totally Transparent Research is the embodiment of how we work at Securosis. It’s our core operating philosophy, our research policy, and a specific process. We initially developed it to help maintain objectivity while producing licensed research, but its benefits extend to all aspects of our business.

Going beyond Open Source Research, and a far cry from the traditional syndicated research model, we think it’s the best way to produce independent, objective, quality research.

Here’s how it works:

  • Content is developed ‘live’ on the blog. Primary research is generally released in pieces, as a series of posts, so we can digest and integrate feedback, making the end results much stronger than traditional “ivory tower” research.
  • Comments are enabled for posts. All comments are kept except for spam, personal insults of a clearly inflammatory nature, and completely off-topic content that distracts from the discussion. We welcome comments critical of the work, even if somewhat insulting to the authors. Really.
  • Anyone can comment, and no registration is required. Vendors or consultants with a relevant product or offering must properly identify themselves. While their comments won’t be deleted, the writer/moderator will “call out”, identify, and possibly ridicule vendors who fail to do so.
  • Vendors considering licensing the content are welcome to provide feedback, but it must be posted in the comments - just like everyone else. There is no back channel influence on the research findings or posts.
    Analysts must reply to comments and defend the research position, or agree to modify the content.
  • At the end of the post series, the analyst compiles the posts into a paper, presentation, or other delivery vehicle. Public comments/input factors into the research, where appropriate.
  • If the research is distributed as a paper, significant commenters/contributors are acknowledged in the opening of the report. If they did not post their real names, handles used for comments are listed. Commenters do not retain any rights to the report, but their contributions will be recognized.
  • All primary research will be released under a Creative Commons license. The current license is Non-Commercial, Attribution. The analyst, at their discretion, may add a Derivative Works or Share Alike condition.
  • Securosis primary research does not discuss specific vendors or specific products/offerings, unless used to provide context, contrast or to make a point (which is very very rare).
    Although quotes from published primary research (and published primary research only) may be used in press releases, said quotes may never mention a specific vendor, even if the vendor is mentioned in the source report. Securosis must approve any quote to appear in any vendor marketing collateral.
  • Final primary research will be posted on the blog with open comments.
  • Research will be updated periodically to reflect market realities, based on the discretion of the primary analyst. Updated research will be dated and given a version number.
    For research that cannot be developed using this model, such as complex principles or models that are unsuited for a series of blog posts, the content will be chunked up and posted at or before release of the paper to solicit public feedback, and provide an open venue for comments and criticisms.
  • In rare cases Securosis may write papers outside of the primary research agenda, but only if the end result can be non-biased and valuable to the user community to supplement industry-wide efforts or advances. A “Radically Transparent Research” process will be followed in developing these papers, where absolutely all materials are public at all stages of development, including communications (email, call notes).
    Only the free primary research released on our site can be licensed. We will not accept licensing fees on research we charge users to access.
  • All licensed research will be clearly labeled with the licensees. No licensed research will be released without indicating the sources of licensing fees. Again, there will be no back channel influence. We’re open and transparent about our revenue sources.

In essence, we develop all of our research out in the open, and not only seek public comments, but keep those comments indefinitely as a record of the research creation process. If you believe we are biased or not doing our homework, you can call us out on it and it will be there in the record. Our philosophy involves cracking open the research process, and using our readers to eliminate bias and enhance the quality of the work.

On the back end, here’s how we handle this approach with licensees:

  • Licensees may propose paper topics. The topic may be accepted if it is consistent with the Securosis research agenda and goals, but only if it can be covered without bias and will be valuable to the end user community.
  • Analysts produce research according to their own research agendas, and may offer licensing under the same objectivity requirements.
  • The potential licensee will be provided an outline of our research positions and the potential research product so they can determine if it is likely to meet their objectives.
  • Once the licensee agrees, development of the primary research content begins, following the Totally Transparent Research process as outlined above. At this point, there is no money exchanged.
  • Upon completion of the paper, the licensee will receive a release candidate to determine whether the final result still meets their needs.
  • If the content does not meet their needs, the licensee is not required to pay, and the research will be released without licensing or with alternate licensees.
  • Licensees may host and reuse the content for the length of the license (typically one year). This includes placing the content behind a registration process, posting on white paper networks, or translation into other languages. The research will always be hosted at Securosis for free without registration.

Here is the language we currently place in our research project agreements:

Content will be created independently of LICENSEE with no obligations for payment. Once content is complete, LICENSEE will have a 3 day review period to determine if the content meets corporate objectives. If the content is unsuitable, LICENSEE will not be obligated for any payment and Securosis is free to distribute the whitepaper without branding or with alternate licensees, and will not complete any associated webcasts for the declining LICENSEE. Content licensing, webcasts and payment are contingent on the content being acceptable to LICENSEE. This maintains objectivity while limiting the risk to LICENSEE. Securosis maintains all rights to the content and to include Securosis branding in addition to any licensee branding.

Even this process itself is open to criticism. If you have questions or comments, you can email us or comment on the blog.