Sometimes I have to try actively to avoid a “me too” post after Bruce Schneier’s latest article goes up on Wired. However, I will indulge myself this time because his latest article is about disaster recovery communications. I feel very strongly about this and Bruce speaks so eloquently about it that I would be remiss in not posting a link to his thoughts.
His basic premise is that whatever you do to plan for disaster recovery works regardless of what caused the problem. Natural disaster? Check! Security breech? Check! Random malfunction? Check! Unknown design flaw? Check! This is what makes backing up the data on your computer such an important thing. It is useful regardless of how you lose your data. Also, the cost associated with making a backup is really low.
Schneier’s article isn’t about backing up computer data though. He focuses on improving communications between first responders. Any emergency responder will tell you that the most critical elements in responding to a situation are timing and communication. We can’t make more time, so improving communications during disaster recovery is low hanging fruit that I would hope politicians of any stripe could agree on. There may be some local disputes about protocol or hardware, but in the end these seem pathetic because of the big picture.
All good things must come to an end, and so it was with The Gobfather. I don’t know what happened, but Ben & Jerry’s have changed the name of my favorite ice cream ever from The Gobfather to Chocolate Almond Nougat. Chocolate Almond Nougat sounds like something someone could get beat up for eating. Whereas The Gobfather, now that’s the flavor you can’t refuse. It is a sad day for intellectual property when they rob a man of his ice cream.
There’s a new article up on New Scientist (subscription required) about how conspiracy theories work. I found this from Bruce Schneier’s blog and he had a link to a non-subscription version here.
Now, there are several reasons why I’m interested in this. One is that I am a JFK assassination hobbyist, which is probably one of the most famous conspiracy theory generating events in world history. Probably the most important reason is that I think current government policies, like RealID and NSA warrantless surveillance, are being born based on a similar rationale.
There’s this instinct to try and balance the scales when a major unexpected event happens like the JFK Assassination or the 9/11 Terrorist Attacks. In the case of the JFK Assassination, people couldn’t balance a crazy lone gunman with a rifle against the charismatic, popular President of the United States. Thus, millions of conspiracy theories were born. Unfortunately the government’s response to 9/11 has been similarly reasoned. Government officials are unable to balance that a relatively small group of people was able to pull off the biggest terrorist attack on the US. In an attempt to balance the scales these officials and politicians have blown the problems caused by terrorism way out of proportion. Sadly, this response has brought about some changes in government that are wide-ranging and equally ill advised.
Sometimes horrible things happen for simple, unfortunate reasons. JFK was killed by one guy with a rifle. 9/11 was pulled off by a small group of extreme extremists. These things don’t mesh with our desire to balance them. We want to say that JFK was killed by the maffia or Cuba or some US government faction. We want to say that 9/11 happened because of a terror network so massive that we need to let the NSA have unprecedented ability to use surveillance on Americans without a warrant simply to ferret out some of this network.
If you look at the world through the glasses of a conspiracy theory, everything suddenly becomes suspect. The reality is that the traditional methods of investigation almost caught the 9/11 terrorists. Somehow even this fact is perverted into support for the changes that have been proposed. (e.g. “We had all the information we needed right under our noses and we still failed to get them! Let’s change everything!”) While ‘almost’ doesn’t help anyone killed or bring back the billions of dollars lost in the attacks, it should at least have provided proof that many of the massive changes which have taken place aren’t necessary and may actually hurt.
Some things are tragic simply because there is no way to balance them sensibly. Life doesn’t have a law of reciprocation. Sometimes there is no “equal an opposite” cause for a tragic effect. If anything, that is the point of the word tragedy. The government’s continued futile attempts to rationalize tragedies in this fashion only prolongs the grieving process and prevents us from moving on.
There are some stories that I simply wouldn’t believe if the Internet wasn’t there to provide “proof” that they actually happened. This is one such story.
From time to time, we all find ourselves questioning just how much pain and embarrassment the world has in store for us. I think the next time that sort of thing happens to me I will now be able to properly respond by saying to myself, “Hey, even Fabio gets hit in the face by a goose while riding a roller coaster at 73 miles an hour once in a while.”
There’s a really cool project going on at Gametrailers.com. Basically, they are taking several famous gaming franchises and creating a documentary about how they have become famous. These retrospectives currently cover Final Fantasy, Metroid and the Legend of Zelda. I have only seen a couple, but I’m an instant fan. I’ll definitely be checking back once in a while to see more.
The privacy of GMail has annoyed me for some time now, but I found another reason to dislike it. Apparently someone designed a point and click tool to hack GMail accounts. It was demoed recently at Black Hat in Las Vegas.
Now, some of the things that are demoed at these conferences are pretty exotic, but this one appears to be based on basic computer security techniques, such as packet sniffing and replay attacks. Once the attack has succeeded, the attacker can read old emails or send new ones. (Of course, if you were using GPG, they wouldn’t be able to read your emails nor send new ones that could be authenticated as sent from you.)
Of course, because the tool is based on packet sniffing and replay attacks, the attack can be twarted by always connecting to GMail with an SSL connection. There’s a cool Firefox plugin called GreaseMonkey that has a user script you can install which will force GMail always to connect with SSL.
Regardless of the details, how is it possible that we still have this sort of problem? Seriously. People have known about these techniques for a long time now. Sometimes it feels like we’re not advancing technology at all.
Another good example of this de-evolution of security techniques was also presented at Black Hat. It was a talk about “Premature AJAX-ulation,” which makes the excellent point that AJAX tends to push a lot of business logic to untrusted clients. (I thought Ars Technica covered it well.)