The end of the World

I think there are currently two ways for mad scientists to destroy the world.

1. The new accelerator at CERN has a sort of chance of creating quantum black holes, depending apparently on how tightly the insensible dimensions are rolled up. Good looking theory says that they should evaporate in a tiny gamma burst, but no-one can be sure how relativity works at that scale. If they don't evaporate, they will fall to the earth's core and then consume the whole planet. The first few atoms might take a while, but after that, they'll be unstoppable.
2. Craig Venter's team expect to be loading their carefully written DNA into a cell this year. If they cock up and build a replicator, there's no easy telling what it'll manage.

In the past, the best bet was fusion bomb tests: could they ignite light elements in the planet's crust? Well, no as it happened, and I'll guess we'll be alright with these two, too.

Be Careful What You Wish For

Five years ago, I was effectively unemployed, failing to keep on top of the household jobs, and wishing I was riding on the commuter trains going past.

This evening, long after I should have been back, I was sitting on a commuter train wishing I was at home.

Advice

I was cutting down the hedge in front of the house today. Quite heavy work, a little sawing through the beech trunks, but mostly figuring out how to use the loppers to undo the tangle and pull out the heavy brushings.

Every Sunday walker that came along the lane had the same piece of advice: "That's a heavy job -- you need a chainsaw."

Now I'm a power tool enthusiast -- in the right place -- and I know a professional hedger would automatically use a power saw. But why on earth would anyone imagine that a middle-aged, middle-grade bank operative with almost no training or experience would do better with a chainsaw than with the bowsaws I've been using since I was a child?

It's not easy running a website

I think I have this right: There are currently two large-scale ways in which you can have lost control of your website.

• If your site admin was compromised, there's an Apache "rootkit" (not actually rooting the host, but invisible to the admin) that serves a stealthy javascript downloader to all your visitors. As the site admin, you don't see this in the site content.
• If you deliver content from an ad network, you may end up serving malware.

Either way, you won't know about it until the customers are complaining.

Secrecy Preserving Protocol

From the Metro 2008-1-15:

.... he claimed a mystery royal had warned that Princess Diana's intimate conversations might be bugged. In a bid to protect the person's identity, Mr Burrell insisted on writing the name on a piece of paper and passing it to the coroner. Lord Scott-Baker then revealed three members of the family not named -- the Queen, the Duke of Edinburgh and the Duchess of York....

Nice balance.

Pain Allergy

I didn't do any hedging today. Last Sunday I was tidying up a monster hawthorn stool and a branch whacked me in the head, leaving me with a dirty great big thorn stuck in my scalp.

It didn't infect, but my inability to remove it -- I couldn't see it -- resulted in a sequence of increasingly desperate requests for help as the lump went down and the splinter made itself increasingly uncomfortable. It ended in the Barts Minor Injuries unit with a nurse on each side of the couch each pressing hard on her side of the lump while one of them used a free hand to wield the forceps.

Some people would pay for that, but for me, before I go back, I'm getting one of these. In the mean time, I had a happy day trying out my new compressor.

Pollen Allergy (The Attack of the Online Florists)

I was talking to the helpdesk team meeting about safe browsing yesterday. I went round the table asking for guesses about the site category that caused the most virus blocks this week. All the usual categories came up: social networking, webmail, blogs and one wag offered the BBC. All good tries except the last, and all wrong.

The real answer was online florists.

Well, that was my route into saying that no site is really safe, (in fact it's a really good security story) and that's why I was going to have another review of their privilege, but I didn't really give it the thought it deserved.

Happily, Mary Landesman has. But I wish she had been able to figure out what was going on.

UPDATED 16/1/2008

It's being reported that all these sites were on Fasthosts when they had that mass site admin password reset in October (and then waited till December to enforce it). Looks as if the malware dropped at that time was left quiescent until last week which makes this a really good security story: Hackers are willing to wait, and there really is no logical end to the consequences of a root compromise.

Unnatural Selection

I've just started on my Christmas present, Kolmya Tales, by Varlam Shalamov. The introduction describes Shalamov's time in the mid-century Soviet labour camps and mentions the strokes of luck which allowed him to survive. I've read a little of the popular history and translated literature of the camps and the system that required them, and it struck me that all political survivor's stories have one feature in common: the amazing luck -- a necessary skill leading to a warm job, awakened sympathy in a guard or criminal, wasted food found or any of a host of other things -- that saved the witness' life. You could end up thinking that the penal labour was a happy-go-lucky setting where something would always turn up in time....

Of course that's wrong. There are no first person stories that don't have that lucky break, because all the potential authors -- without the lucky breaks -- died. By focussing on eyewitness accounts -- the best possible sources -- we've gone wrong. The camps were not about misery overcome by good fortune; they were about misery closed with death. Everyone is telling their truth, but the sample is bad, and so the picture is false.

Sex Differences

As I write, the three household males are all in front of general purpose computers of one sort or another. The MMS is building layouts with his Trainz program; not a Christmas present, but running much better on the new computer. He's passed a little milestone that no-one else seems to have noticed -- he's saving files with worthwhile names, so it's probably time to get a modern version for his birthday. The LMS is playing Half-Life downloaded as a Christmas present (very Christmassy...) and I am writing this.

The females are on the sofa, with a nice fire, watching High School Musical...

Which is better?

Happy Christmas

This hedging porn looks a bit Christmassy so it seems appropriate. Both taken on the solstice, truly just an hour before the thaw turned the rime to drips.

The hedge is my current work in progress -- you might just see I've reached the limt of my dewiring, and as the ground is too hard for stakes, I spent the time peeling back the stockfence and tidying up.

If you think the stakes look a bit dodgy, you're right. I salvaged them out of some chesnut paling lattice. Years old, but still hard enough to drive with a hammer, once I've opened up the ground with the iron. Almost any stake makes the job much easier.

The second picture looks very frigid indeed, but that's what happens if you go outside with the white balance set to flourescent...

Paid-for Malware

I sometimes get asked what anti-virus software I recommend for use on the home PC. I've tried a number of possible answers but my heart isn't in any of them: I know McAfee is a pain; bouquets for Norton outweigh the complaints, but not by much, so I've been recommending Kapersky -- I know it works and and the price is closer to reasonable. So a story like this one is a bit disconcerting. What are the lessons?

1. Don't trust software more than you need to. We had all the warning we needed when McAfee pulled this same stunt on a bunch of system files a few years ago. Don't delete: Quarantine.
2. It's time to start getting more assertive about my true answer....

Which is this: I don't run AV software at home. I never have. I don't do stupid things, mostly, and I don't let the children or Mrs U have administrator accounts. I know how to use autoruns (though I've never needed it) and there are the web scanners. I've never had any trouble, even on Windows, and my truly personal computer runs Linux.

Even just writing that, I can see how eccentric and impossible it seems.... really I should just say that I've no useful advice to give.

We are Them

Interesting session with Mrs U in which she dammed her mother's eccentricities. I think she was completely unconscious that the traits she found most obnoxious were those shared most identically between mother and daughter.

We believe that introspection is the most reliable source of knowledge -- it certainly feels that way. In fact, we are strangers to ourselves.

For an accurate portrait we need the opinions of those who know us, expressed in their private conversation and writing. But an accurate portrait is almost unbearable. The shocked diary snooper or eavesdropper -- the relationship changed needlessly but forever -- is one of those cliches that's trite because it's so real and so common.

I wonder whether this is the real reason why words like "nosing" and "prying" carry such an ugly load: not defence of privacy, but psychic self-protection. We can't bear to know.

Insourcing Authentication

It's appraisal time and the focus is on the performance management system. That's outsourced -- Internet delivered and hosted somewhere in Florida.

The issue that was brought to me was concern that users might be saving their performance management password in the Internet Explorer credential cache. It's never something that's worried me very much -- if you lose control of your workstation session, you've lost a lot more than the right to express an opinion on that annoying support guy with the awkward questions....

But it tied up some ideas that have been rather weakly formed in my mind.

We're outsourcing more and more, and the result is that our users do their jobs with accounts on this system and accounts on that, and I have no real confidence that there's even a consistent list. I'm certain that there are some systems a leaver will retain indefinite access to, simply because the whole service was set up by the business with no IT involvement and the helpdesk will never know to cease the account. This is pretty galling when we've recently put so much work into the Joiners/Leavers/Absentees process and the unused account purge. We're actually getting on top of this, but it's slipping away though a side door. There's certainly no hope of enforcing a consistent account name or password complexity policy.

At the same time, to deal with the many sites like Blogger, Delicious and others that I use all the time from loads of PCs, I've been looking at OpenID, a public authentication system, that allows the administrators of an Internet hosted application to securely trust a logon completed at a different site. I've gone so far as to set up an OpenID on the Verisign test site, even though I've nothing to log in to it with.

So I've been toying with the idea that authentication was a service we could outsource -- to Verisign or perhaps a two-factor supplier. In fact, I had that exactly wrong. Authentication is the one service we can always do better than anyone else because no-one can know better than we do, who works for us. This is true even if we don't know very well ourselves....

So we shouldn't outsource -- we should insource. We should provide an OpenID service as part of our infrastructure support for application outsourcing. Then we become the authority on who works for us, and what tests they have to pass to prove it:

• Log on from inside, and you just need a logged-on Windows session; log on from the Internet and it'll ask for your RSA token.
• The helpdesk can cease your OpenID when you leave, so terminating access to services they don't even know exist.
• The authenticator could decline to recognise remote applications completely or on a per user basis.
• Choices about access to the dodgier stuff like the password reset tool, or remote access can all be made here.

So it would all be fabulous. Just a couple of problems:

• There doesn't seem to be OpenID software with the flexibility and convenience I need, and
• The chances that application hosts can be persuaded to recognise their customers' OpenIDs seems close to zero.

So this frankly rather wonderful approach, which ought by rights be standard, is dead. But I think I'll put OpenID support on the qualification form just to watch them squirm.

Only a year old

First encounter with a Vista installation today -- a factory fresh Compaq.

• Loved UAC -- it's definitely the future (that is, it's as good as sudo, so Windows has caught up with 1985 flavours of Unix.)
• Loved how the compatibility with DOS3.3 is way better than W2K (don't ask.)
• Hated the difficulty of finding where to give the Ethernet adapter a static IP address (got there in the end though)
• Hated that the integrated Intel graphics with an experience index of 3.3 couldn't make Aero look like anything better than Ubuntu with a translucent theme on a mobile Pentium
• Hated -- really hated -- having to wait for a dual-core 1GB laptop to pop up a printer property box or move some files. How sad. Maybe SP1 will sort it out.

In the meantime, the Dell I bought a few weeks ago turns out to be the ideal XP machine. So that's where it's staying.

How policy suceeds, for once

I've been purging out a dying domain. Disabled accounts with a last logon more than three months ago are deleted; enabled accounts with a last logon more than one month ago are disabled with a note in the comment. Do that every week or so. Keep a safe list for genuine service accounts and the domain will be nicely compliant by the time it stops.

The reason I've had to do this myself is a bit sad: the helpdesk, who own all account administration, will go through any distortion to avoid account difficulties. An odd-looking account -- precisely what should be disabled -- won't be touched for fear of breaking something. The policy itself gets re-interpreted to be "disable after ninety days" with no-one able to trace where that decision came from.

It's understandable. The best outcome from good application of the policy is that no-one complains. The likely outcome is senior staff complaining that the helpdesk has broken their account -- and no-one wants to hear that.

So, I've been doing it myself, and that makes everything different. Everyone knows that I break stuff, but everyone also knows that challenging me on what I break can leave them on the wrong side of a clearly distributed policy that they didn't read or understand....

Yes, and in this case I did a blinding job: The account policy allows just two types -- owned, which are subject to the AUP, and service which have to be on my list. The AUP says that owners are responsible for owned accounts, have to log on more often than once a month, and log off after no more than a week. That was carefully chosen to update the last logon time, and to transfer blame.

And it works! Hundreds of users deleted, a few tactful explanations, and no trouble at all. This is the root of the security truism that you start with a policy. You can't act without it -- but it has to be a good'un.