Six

This talk wasn’t any better than the sixth.

I understand the idea of encrypting all traffic, but it relies on two assumptions:

  1. All traffic needs to be private, and;
  2. End-user connectivity is every-expanding.

Let’s look at those assumptions one-by-one.

What’s the problem if I fetch Facebook’s favicon.ico? Why does that need to be private? There’s lots of things that people do online that aren’t the least bit objectionable. Does it matter to anyone that I ordered Pizza Hut for dinner last night? Whatever. I brushed my teeth twice yesterday, too, and used different brands of toothpaste. (The tube I took to Shmoocon was still in the suitcase, so I used the other one in the bathroom.)

Perhaps if I was looking at some nice, wholesome porn, I wouldn’t want people to know about it, but for the vast majority of my Internet use, I really couldn’t care less who could see. That that favicon.ico gets fetched multiple times per day by multiple people on my network is not a problem. Maybe there should be a way to cache that common content, so it doesn’t have to be fetched from the source every time. Like a shared cache? Squid, perhaps? Oh, but that doesn’t work when all content is encrypted. My professional experience shows that there’s many times when bandwidth availability does not increase, which brings me to point two.

There’s lots of instances where, despite your cable company bumping your cable modem speed, significantly that bandwidth has not increased.

In one of my not-too-distant past projects, we had remote sites connected by a 9600bps satellite connections. Much of the bandwidth available on these fifteen-minute-per-hour connections was spent just sending and receiving SMTP traffic How much less traffic would have been exchanged with the encryption overhead? Yes, maybe, there’s faster methods of communication available that would enable encrypted communications, but there’s also contracts in place binding payment of the slow services for years to come. Even on the ground, there’s contracts with telcos that can’t be broken, even in light of faster options. So maybe having cashe-friendly web content, and unencrypted email makes sense there? Maybe?

The EFF, and the blind promotion of arcane “net neutrality” rules don’t take any of that into consideration; they assume everyone is using a fast cable modem, or US-based cell network. No, there’s tons of people who aren’t.

So the solution is to hand the decision-making process over to an unelected group of bureaucrats relying on technology from the middle of last century?

GMAFB.

But, then, I guess I’m just not woke enough to know that I’m paying less for my mobile phone with far better data than I was before NN was repealed. Sorry ’bout that. I suppose, also, that the places with defined contracts also got faster with the FCC controlling things. Oh, they did. Totally. Those 9600bsp connections are now 10M full-duplex. Guess I missed that.

Five

I went in to this one with a fair amount of skepticism. My worries were more than verified.

IPv6 isn’t insecure because you don’t understand it, and your antiquated tools don’t work with it.

ZOMG, there’s a separate deprecated Linux firewall tool for dealing with IPv6!!1!

So write rulesets that deal with that difference.

WTF, my segment scanning tools don’t work the same way they do with the one-true-IP ™.

The v4 network stack was introduced in the Nixon Administration. My parents, half of whom are now dead, weren’t even married.

YHGTBFKM; you can alias almost any address.

Really.

One of the guys actually tried articulating that PAT (probably not NAT, guy. Maybe if you’d paid any attention in your networking classes, you’d know that).

What PAT does do is allow you to effectively wall-off your enclave to “protect” the assets inside it. You can do the same thing with a v6 netblock, too. One of the things I frequently listen to is very concerned about the “5G revolution,” and how it might allow the Chinese to control everything inside the US. Um, no. Any network security guy who’s paying attention can block things going out just as easily as he blocks things coming in.

I guess my message is: learn how to track things other than IPv4, and write your filtering rules on traffic both ways.

Four

So, Sunday’s talks.

First up was this one.

The concept is good, I suppose. The discussion of how to do something like this, dealing with manufacturers, VCs, etc..

During the talk, however, all I could think about is whether you needed to write in LISP to get funded by Y-Combinator.

After thinking about it more, however, I have to wonder how long this will be viable. Yes, it’s a good solution right now, but what about two years from now? Will this USB device be at all useful in the future. (Snark: Maybe there’s something I can look up with my CueCat to determine…)

All that said, it certainly has potential to be more secure, and useful than, say, an RSA token.

Interesting talk, though.

Three

This was perhaps the most thought-provoking talk I’ve seen so far.

That said, it wasn’t probably because of the reasons the presenters wanted.

A family member is a data scientist. He and I have had discussions about using data in the decision-making process.

Yes, this presentation presented a ton of data. That said, in my opinion, however, little of the data they collected really matters for either decision-making, or product quality.

The third speaker was from a well-known group that uses data to drive its recommendations. Much like this unnamed organizations automobile and computer recommendations, I don’t place a lot of weight in those recommendations.

In a lot of circumstances, even with all the collected data, the recommendations are really just personal preference.

I’ve run into that, too, with some of my professional experiences. A recommendation was preferred, and it was my job to doctor things so the pre-determined winner actually won.

A former customer, specifically a former GS-14, didn’t like that sort of engineering.

Perhaps I’ll find something more compelling to write about this, but things aren’t really coming together at this point. My head is swimming from all the talks today.

Ready for Shmoo

Another year, another con.

I almost quipped something along the lines of, “will the delusion continue?”

That’s the wrong attitude to have, of course.

The talks this year appear interesting, so time to go have a nice time.

My attitude, though, has changed quite a bit, when it comes to dealing with the ever-present effort to force people to do things in your prescribed way.

I have a sense that that won’t be well-appreciated, but whatever. Maybe there’s someone there who’ll appreciate my sentiments. Maybe there’ll be someone who actually wants to hear them.

If not, a relaxing weekend of listening, writing, eating.

One

Intro and what I’m doing. This marks the ninth straight year.

On the old OD site, this was kind of a thing.  Essentially, you write every single day of the month of November.

Much as I was back in the summer, I’m happy, which really does remove a reason to write.  That was even before I chose to remove myself from most social media.

There’s really just that much to get wound-up about.  I’m sure the DNC delegation of Facebook friends would disagree, but, again, I don’t care.

A longtime friend scored me a ticket to Shmoocon in January.  I’ve missed the past three.  It feels more than a little strange, but maybe I’ll get something more out of it this year.

So, back to what I’m doing, and why.  I mentioned the old OD site.  It’s been resurrected following its demise back in 2013.  I’d purchased a lifetime subscription, which they did honor after reanimation.  I had downloaded copies of what I’d written before it went dark, but there is a bit of an old friend feeling.

I’ve been horrible about writing, there, of course.  (And yes, I’ll be reposting this there, too.)  I guess the reanimation was right around the time I got removed from round two of being in the 1998-vintage icebox.  (Originally, I’d said “shitcanned,” but I wasn’t fired.  I was laid off because a guy not worth the C4 it’d take to blow him up didn’t like me doing things according to published regulation…)

As for why I do it?  It helps me focus the many thoughts sprinting through this scarred brain of mine.  Do I have something to say about everything?  No.  There’s things that nobody needs to know.  There’s other things that pretty much are my sole interest;  why bore people with them?

But it also puts me in the mood for holidaying.  Can I really relax myself enough to enjoy them, for a change, this year?  I’m hoping so.

So, on to it.  Happy NoJoMo.

Shmoocon 2015 from afar part deux

Streamed this, notsomuch because I have a thing for girls named “Sarah,” but because the topic sounded interesting.

I understand where she’s going with her focus on employment subsequent to the programmers’ undergrad studies. Still, I’m a bit skeptical, considering what I’ve seen the past few years.

Because there’s so much broken code out in the wild, managers don’t seem at all interested in actually deploying anything that’d really fix the problems. Whether that reluctance is because change would require documentation rework, or because the application used busted-ass proprietary nonsense in the past is unimportant. “I’ve been doing this a long time.”

Ummhmm.

So much of what I see lately is simply maintenance on fundamentally broken systems; security has to be an afterthought. Nobody understands what it is that the systems or the code they run are supposed to do. Just keep them running exactly as they always have.

Fixing the undergraduate curriculum isn’t going to fix that. I don’t know what will, really.

Shmoocon 2015 from afar

I watched this over the stream.

I find it interesting that location services, even when the user says to turn them off, are often still transmitted. I don’t know that there’s an easy way to fix this if the vendors still allow location data to be transmitted even after the user says to turn it off.

Such a feature would be rather easy for Apple to add to the API, but it’d be up to the folks who police the app store to enforce use of it. It might slow application approval, since someone would have to verify that the application is using the correct faculty, etc..

In the disaster that is Android, there’d be no way of enforcing it. With things that I’ve read that say the spyware infection rate being somewhere north of 70% on Android devices, it might well be impossible.

I understand the paranoia, but I don’t share it. I’m okay with my location being tracked. Maybe when I was young and healthy, I would have cared more about being able to just disappear, but I don’t now.

Secrecy and surprise really don’t afford you that much protection if you’re still a lumbering target. I’ll eschew my normal allusions to football, but they’re very appropriate.

I am not at Shmoocon this year, because I couldn’t get a ticket. I am watching from home via the stream. Do with that what you will.

Sure Happy It's Thursday

Before TGIF, there’s SHI…Thursday.
The second part of the week has already been very trying, and almost resulted in an impromptu resignation by me midday.
If you ask me a question, at least have the common courtesy to let me finish my answer before you start talking.
So, though I resisted hasty action, my choice is as easy as I’ve ever made.
In other news, start of Hampton Roads IT conventioneering has started anew. Blame the obstinance of the Shmoo people, outrageous speed of ticket sales. While I’d grown to appreciate the wintertime trip to the capitol, it’s clear that they’ve no place for someone like me. That’s okay. There’s good things here, despite my resolution to leave once my wife finishes school.
I am a bit concerned about a few things with this, however, and I wonder if I’ll be able to voice them without sounding confrontational. In short — we probably won’t draw any out-of-towners with something in frosty Hampton or Newport News.
On an unrelated note, perhaps I’m now too comfortable with writing in November, and am seeing it negatively affect my output at other times. I applied for a writing gig last week; they want a writing sample. I’ve been putting off writing it, and am considering withdrawing my interest. It’s not very much money, and I don’t think I’d be missing anything by not being a professional blogger.
I mean, I know my blog sucks. So does yours. The level of suckiness varies, but they all ultimately suck. This potential assignment perhaps sucks less than many, but I’m still skeptical about whether I want it.
Unrelated, but something I’m still proud of — I think I was able to better articulate what I’d like to do with my business. You would think that someone who’d bought a ton of letters after his name could artfully describe things, but the proper application of the techniques the game of minesweeper shows, actually make investment in the letters wasteful. Ironic. Sorta like rain on your wedding day.

Sure Happy It’s Thursday

Before TGIF, there’s SHI…Thursday.

The second part of the week has already been very trying, and almost resulted in an impromptu resignation by me midday.

If you ask me a question, at least have the common courtesy to let me finish my answer before you start talking.

So, though I resisted hasty action, my choice is as easy as I’ve ever made.

In other news, start of Hampton Roads IT conventioneering has started anew. Blame the obstinance of the Shmoo people, outrageous speed of ticket sales. While I’d grown to appreciate the wintertime trip to the capitol, it’s clear that they’ve no place for someone like me. That’s okay. There’s good things here, despite my resolution to leave once my wife finishes school.

I am a bit concerned about a few things with this, however, and I wonder if I’ll be able to voice them without sounding confrontational. In short — we probably won’t draw any out-of-towners with something in frosty Hampton or Newport News.

On an unrelated note, perhaps I’m now too comfortable with writing in November, and am seeing it negatively affect my output at other times. I applied for a writing gig last week; they want a writing sample. I’ve been putting off writing it, and am considering withdrawing my interest. It’s not very much money, and I don’t think I’d be missing anything by not being a professional blogger.

I mean, I know my blog sucks. So does yours. The level of suckiness varies, but they all ultimately suck. This potential assignment perhaps sucks less than many, but I’m still skeptical about whether I want it.

Unrelated, but something I’m still proud of — I think I was able to better articulate what I’d like to do with my business. You would think that someone who’d bought a ton of letters after his name could artfully describe things, but the proper application of the techniques the game of minesweeper shows, actually make investment in the letters wasteful. Ironic. Sorta like rain on your wedding day.