Monday, November 29, 2010

Wikileaks

Now I may have some opinions about whether or not it was a good idea to leak those documents from SIPRNet. But that's not what I want to talk about. No, I want to talk about information security.

Simon Jenkins makes a very nice point on the Huffington Post: The documents taken from SIPRNet were available to "some 2-3 million authorized accessors to the State Department intranet worldwide."

In a pool of 2-3 million accessors, there is guaranteed to be a good sized pool of spies and other individuals who would be...umm...susceptible to assorted temptations and coercions. It boggles the mind that the State Department/Department of Defense would leave the kinds of documents included in the leak out there for just any of those 2-3 million people to read.

Basic IT security includes providing access to information on a Need to Know basis. Did all of those 2-3 million people (or for that matter a Pfc, such as Bradley Manning, putative source of the leaks) really need access to all of that data? In addition, thumb drives and writeable media are a known source of data loss. There is a whole branch of IT security known as Data Loss Prevention (aka Data Leak Prevention) which attempts to address the problem of leaks. In general it's a tough problem, but on the other hand, it's really not rocket science to turn off USB ports and CD writers on computers that can access sensitive data.

I would be willing to bet pretty good money (like a bank account much larger than my own) that many, many of those 250,000 documents to be leaked by Wikileaks were out there long, long ago in the hands of people who weren't intended to see them.

I'm with Jenkins: "Blame the State Department, Not the World's Media" (or Wikileaks).

Thursday, November 11, 2010

On friendship

I am reading The History of Tom Jones, a foundling by Henry Fielding. It's a lot of fun, in an 18th Century sort of way. Full of witty quotes. I just ran across this one, though, which I really like.

I hope my friends will pardon me when I declare, I know none of them without a fault; and I should be sorry if I could imagine I had any friend who could not see mine. Forgiveness of this kind we give and demand in turn. It is an exercise of friendship, and perhaps none of the least pleasant.
Yes, indeed.

Thursday, November 4, 2010

Some words from the Tropic of Capricorn

Ok...yes...I know...it's weird...Dawn is listening to Tropic of Capricorn...when did that ever stop me? Lovely prose...bit too male-existential-crisis/stream of consciousness for my taste, though he expresses many thoughts that I can relate to. Likewise Babbitt (minus the stream of consciousness) which I listened to immediately before this. What can I say? I'm having an accidental run of early 20th century men's midlife crisis books...I didn't know what I was getting into. But that's not what I want to talk about.


No...I bring this up because I was struck by some cultural aspects of these two books. Namely, that though they both describe events that took place nearly 100 years ago (1920s), they nevertheless describe lifestyles and technologies that are remarkably recognizable in modern terms. I get the sense that if you dropped me in the middle of those novels, I'd be able to function pretty well (except for the internet part). Unlike, for example, dropping me into a Jane Austen book, where I suspect that I wouldn't know how to use the bathroom. (Sorry...couldn't resist...too much Tropic of Capricorn, I guess.)

These novels also used a number of terms that I would have expected to be more modern, such as in Babbitt "boneheaded", and in Tropic of Capricorn "bimbo" and "daffy". According to the Word Detective, bimbo (derived from Italian bambino) first showed up in English around the 1920s, and didn't come to mean a ditzy female until somewhat later than that, so that this reference in Tropic of Capricorn (published 1938) would have been one of the relatively early uses, I guess. "Daffy", on the other hand, from "daff" (meaning fool) apparently showed up around 1400. Word Detective has references to "bonehead", but does not actually comment on it, so I don't know when it arose, but it would never have occurred to me that it was as old as 1920s.