Digital Common Sense

March 29, Government Accountability Office — GAO−06−598T: Homeland Security: Progress Continues but Challenges Remain in Department’s Management of Information Technology (Testimony). Information technology (IT) is a critical tool for the Department of Homeland Security (DHS), not only in performing its mission today, but also in transforming how it will do so in the future. In light of the importance of this transformation and the magnitude of the associated challenges, the Government Accountability Office (GAO) has designated the implementation of the department and its transformation as high risk. GAO has reported that in order to effectively leverage IT as a transformation tool, DHS needs to establish certain institutional management controls and capabilities, such as having an enterprise architecture and making informed portfolio−based decisions across competing IT investments. GAO has also reported that it is critical for the department to implement these controls and associated best practices on its many IT investments. In its past work, GAO has made numerous recommendations on DHS institutional controls and on individual IT investment projects. The testimony is based on GAO’s body of work in these areas, covering the state of DHS IT
management both on the institutional level and the individual program level.
Highlights: http://www.gao.gov/highlights/d06598thigh.pdf
Source: http://www.gao.gov/cgi−bin/getrpt?GAO−06−598T

DHS, GAO

Filed by Ken at 11:01 am under InfoSec
No Comments

March 29, eWeek — Latest Bagle worm has rootkit features. Malicious hackers have fitted rootkit features into the newest mutants of the Bagle worm, adding a stealthy new danger to an already virulent threat. According to virus hunters at F−Secure, of Helsinki, Finland, the latest Bagle.GE variant loads a kernel−mode driver to hide the processes and registry keys of itself and other Bagle−related malware from security scanners. The use of offensive rootkits in existing virus threats signals an aggressive push by attackers to get around existing anti−virus software and maintain a persistent and undetectable presence on infected machines. The Bagle threat started as a simple e−mail executable in 2004 but has grown and evolved over the years to become one of the most active threats against PC users. Security researchers estimate that the numerous Bagle variants have infected more computers than any other virus group.
Source: http://www.eweek.com/article2/0,1895,1944133,00.asp

Bagle, worm, rootkit, Infosec

Filed by Ken at 10:59 am under InfoSec
No Comments

I’ve realized lately that too many if us suffer from IDD. We’re overconnected. We IM, text message, Skype, call, email, crosslink from before dawn into the wee hours of the evening. We don’t focus on any single task long enough to complete it. We multitask. And too often that means we do several things poorly. We don’t pay enough inattention to things we should defer or overlook entirely. How many of us have too many irons in the fire?

That said, acknowledging I suffer from IDD, here are a couple of things I’ve either been to attentive or inattentive to the last few days, and am working on.

Some of you may recall that I posed eight questions to the candidates in the last election cycle. The candidates, as candidates are wont to do, ignored them because they were hard questions. Candidates don’t like hard questions. They prefer sound bites to substance. Nonetheless, I’ve been working on a revision of those questions to pose early to the candidates this time around. Questions from a technologist’s viewpoint. I hope to finish that post and get it online this weekend.

I’ve stepped into a new brainstorm idea pretty heavily. The VoIP ThinkTank is taking shape and coming into being. That takes braincells and will require some technical system implementation on my part. I’ll contniue investing time and brainpower into this, and more will follow shortly. I also registered the domain voip-thinktank.com as part of this effort, but haven’t had the time to place any content there yet. I envision that as a fairly static pointer environment initially. That domain will at the very least contain a blog. Probably not a wiki as I’m not a fan of wkis in general. Most are too much work for too little value. Perhaps a content management system behind it all. Whatever the start, it will be modest. I’ll share more soon.

I have a paper on VoIP and Firewalls that I’ve been working on forever it seems like. It’s not that big a paper. It’s brief. But continual distractions from other things have kept me from getting it finished. And it won’t get done this weekend. Perhaps next week.

Freedom to Connect (F2C) is upon us. I can’t be there due to other commitments. Along with the conference, perhaps as painful as missing the conference, is the lost chance for an evening/morning of freewheeling brainstorming with Dean Landsman, Frank Paynter, Mary Godwin, Martin Geddes, Bob Frankston and several others who just elude conscious thought right now. I’ll be there in spirit, but not in fact.

Inattention to downtime is part of the problem. I find the past few weeks that the week, that Monday to Friday portion of life, is traveling at a frenetic pace, with working thoughts and activities, whether truly work, or just work of interest in technology areas. consumes every waking moment. This weekend I’m focusing on some downtime too. Battery recharge cycle.

This weekend I may just need to be a little inattentive to detail.

Technorati Tags: Inattention Deficit Disorder, VoIP ThinkTank, Freedom to Connect,

Filed by Ken at 9:44 am under General
No Comments

You know, every time Ray Ozzie republishes his whole friggin blog filling my aggregator with brain farts going back six months, I grow one step closer to thinking he’s as clueless as some of the other narrowminded fools at Microsoft who don’t get it and have no idea there’s an entire world outside layer 7 of the OSI model.

There are some very talented people at Microsoft, make no mistake. But this is earth, and there are a fair share of clueless twits too. Some days I really can’t tell which group Ray falls into…

Technorati Tags: Microsoft, Ray Ozzie

Filed by Ken at 10:32 pm under Technology
No Comments

I posted this earlier over on the Realtime VoIP weblog, but thought this was worth sharing here too.
—–
Last night I had the pleasure of chatting with Ted Wallingford on Skype for a while. Ted’s one of the early members and supporters of the work we’ve been doing on the Realtime VoIP Community. For those of you who aren’t familiar with Ted, he’s one of the bright lights in the VoIP community at large. You can read his writing on Weblog Inc’s VoIPFan, where he’s the primary blogger, and on Mac VoIP.  Ted has also written two very good books, Switching to VoIP and VoIP Hacks, both published by O’Reilly.

Ted’s someone who knows the Asterisk environment far better than I. My conversation yesterday with David Mandelstam about open source solutions tickled my thought processes. I knew I needed to talk to Ted about doing an interview or podcast or something with him. We kicked that idea around last night, and I’ll be figuring out a plan of attack to share some of his thoughts and insights here real soon. We talked about VoIP, Skype, SightSpeed, and the industry as a whole, and Ted’s depth and breadth of knowledge is a very valuable resource to us all. I encourage you to check out his blogs and books.

Another thought Ted triggered for me, something I’ve been meaning to do, is to reach out and connect with someone who’s been a well known presence online for a long time - Phoneboy. he and I live within 50 miles of one another, and while I read him all the time, we’ve never met or talked. That will soon change. Oddly, my overlap with Phone laps into VoIP, Firewalls, DNS and all sorts of interesting areas. He’s a resource I really need to tap into and share more of with readers here. So stand by for something on that front too.

I’ll share where I’d like this to lead. There’s an interesting and eclectic group called the Gillmor Gang that consists of several very bright minds assembled by Steve Gillmor. They do regular group podcasts of discussions they share. They focus on things like identity management, Web 2.0, and general net trends. They don’t focus on VoIP. I’d like to assemle another gang to somewhat regularly (monthly?) put together a podcast conversation about trends, hot topics and interesting changes solely in the VoIP sector. I can think of several people I’d love to have participate in this sort of conversation, and I’ll share some examples -

Ted Wallingford
Andy Abramson
Alec Saunders
Jeff Pulver
Martin Geddes
Phoneboy

There are plenty of other bright lights to join in as well. I think my role would be logistics and helping figure out what topics we try to talk about. And maybe what I need to investigate is setting up an Asterisk VoIP PBX to host a conference bridge that everyone who can participate can call into. We could perhaps record the whole session, edit the MP3, and do it up as a nice podcast. It’s a brainstorm I’m working on.

If you think this is a great idea, thinkg this is a horrible idea, or know of someone you’d like to see included in a gang effort like this, please drop me a note.

Technorati Tags: Ted Wallingford, Andy Abramson, Jeff Pulver, Alec Saunders, Martin Geddes, Phoneboy, VoIP, podcast

Filed by Ken at 3:21 pm under Unified Communications
No Comments

There’s a great post over at The Corporate Rat and The Elusive Cheese- The Importance of Process. Let me share a nugget that summarizes it nicely.

A good process is really like a well designed resilient network. No one really appreciates it when everything is working as it should. But when something does not work and suddenly ‘well designed individual elements’ fail miserably as a complete network while interacting with each other, all hell breaks loose.

The whole post is well worth the read. It also pointed out an obvious analogy to me that I’ve used a couple times since.

When performing network design, especially for VoIP, Quality of Service (QoS) is often a concern. I’ve taught many classes that touched on QoS issues. Some of those classroom discussions on QoS last 30 minutes, but sometimes, depending on the particular course, we’ll spend many hours defining and describing QoS.

QoS can best be summarized with words like predictablity and consistency. Providing QoS in the network is really about stabilizing the network design so that the performance environment is a consistent, known factor. Unpredictability makes it difficult to deliver VoIP services reliably.

QoS is all about process and repeatability.

Technorati Tags: VoIP, QoS, reliability, consistency, predictability

Filed by Ken at 9:54 am under Technology, Unified Communications
No Comments

We all know how caring and concerned the blogging community is whenever one of our number stumbles or falls. The Head Lemur always leads by example in his keen insightful view of the world. He sets the standard. He is, much like Rageboy, the yardstick we measure ourselves against.

I don’t often play meme games, and I won’t get sucked into this conversation in any detail, but his caring concern for Robert Scoble certainly gets my full support. Intervention truly is needed.

I have never broken bread with Robert, will probably never meet him in person, read his book, or even visit him in Redmond.
Why should I be concerned?
Certainly not because his employers products collateral damage provides me with a handsome income. Not because of his center of the universe proclamations, or his justification for his behavior online. Amusing as I find them.
The real reason is that I feel his pain, and having been there and done that, part of my therapy is to help people in trouble. And Robert qualifies.

Filed by Ken at 6:01 pm under General, Technology
No Comments

Am I the first to use this new word to describe a concept so many of us encounter on a weekly, daily, hourly basis?

I can’t even elaborate on why at this point, but it is the bane of my existence.

Technorati Tags: micromismanagement

Filed by Ken at 4:12 pm under General
No Comments

This is a test checking the system timestamp. It appears my posts are occuring before I even write them in many cases. My local system time matches server time. Wordpress confirms accurate times, yet posts are awry. Trying to determine whether it’s system or some anomaly with Performancing for Firefox somewhere.

Addendum - The original timestamp was good. Updating this with Performancing to see what happens. Consider this post content free.

But it’s fat free too.

Addendum 2 - Performancing shifted the time stamp to 8 hours earlier than present time. Curious

Addendum 3 - The second edit with Performancing for Firefox shifted this post yet another 8 hours earlier. Most odd

Filed by Ken at 8:06 pm under General
No Comments

That’s right, compliments of Blogger suckage, Allied keeps vanishing form the Internet.

Is this the work of aliens behind the scenes at Blogger? Are they performing secret experiments on Jeneane? Given her writing style, will we know? I guess we will if she starts using phrases like convergence and collaboration.

Is this a terrorist act? Is it caused by outside forces, or is Blogger itself terrorizing Jeneane?

Enquiring minds want to know. More importantly - Blogger, we want you to quit tormenting Jeneane.

The only benefit is if you keep this up, we will finally sway her to abandon Blogger sucakge for other tools. Beware. You could lose one of your biggest supporters.

Filed by Ken at 5:37 pm under Technology
No Comments

March 24, eWeek — Do−it−yourself spyware kit sells for $20. A do−it−yourself malware creation kit is being hawked on a Russian Website for less than $20, according to security researchers tracking the seedier side of the Internet. Virus hunters at SophosLabs discovered the spyware kit, called WebAttacker, on a Website run by self−professed spyware and adware developers. The WebAttacker kit includes scripts that simplify the task of infecting computers and spam−sending techniques to lure victims to specially rigged Websites.
Source: http://www.eweek.com/article2/0,1895,1942497,00.asp

For those of you who may not fully understand, the SPAM problem isn’t about getting you to by enhancement drugs or anything else. It’s about getting you to click the link and infecting you with spyware. Spyware is all about organized crime, identity theft and dollars. It’s not a nuisance it’s a crime and you are the target. It gets easier ro be a criminal every day. Please be safe in your online activities.

Technorati Tags: cybercrime, spyware

Filed by Ken at 1:27 pm under InfoSec, Technology
No Comments

March 23, Tech Web — Microsoft warns of dangerous Internet Explorer exploit. An exploit for a new zero−day bug in Internet Explorer appeared Thursday, March 23, causing security companies to ring alarms and Microsoft to issue a security advisory that promised it would patch the problem. Just a day after anti−virus vendors warned of a new zero−day vulnerability in Internet Explorer −− the second such alert since Friday, March 17 −− companies including Symantec and Secunia boosted security levels as news of a public exploit spread. Although the publicly−posted exploit only launches a copy of the Windows calculator, “replacing the shellcode in this exploit would be trivial even for an unskilled attacker,” Symantec continued. Microsoft confirmed the severity of the bug and the success of the exploit in its own advisory, issued late Thursday.
Microsoft advisory: http://www.microsoft.com/technet/security/advisory/917077.ms px
Source: http://www.techweb.com/wire/security/183702421

Amended: I did read this morning that exploit code for this particular problem is now in the wild. Can’t recall where I saw that and don’t have time to dig right now. Chcek F-Secure’s blog. That’s probably where I saw it.

Technorati Tags: Microsoft, Internet Explorer, exploits, Infosec

Filed by Ken at 5:29 am under InfoSec, Technology
No Comments

The only way I can do this justice is to point to my oldest son’s blog and copy the post intact -

Today, the Federal Election Commission upheld my right to criticize, lambaste, pass judgment on, condemn, disparage and otherwise disapprove of the Bush Administration and support the candidates of my choice. That’s right, I’m not subject to campaign spending and contribution limits when I write on this blog.

The Federal Election Commission decided Monday that the nation’s new campaign finance law will not apply to most political activity on the Internet.

 

In a 6-0 vote, the commission decided to regulate only paid political ads placed on another person’s Web site.

 

The decision means that bloggers and online publications will not be covered by provisions of the new election law. Internet bloggers and individuals will therefore be able to use the Internet to attack or support federal candidates without running afoul of campaign spending and contribution limits.

 

[…]

 

Bloggers would be entitled to the same exemption from the campaign finance law that newspapers and other traditional forms of media receive.

Wow, I never though I’d see the day when the Bush Administration or one of its subsidiaries (to use a term from Corporate America) would uphold my right to free speech. There must be a large sheet of ice covering Hell and I’m pretty sure a pig just flew by my window.

A word of caution for the day - don’t get hit by any flying pigs.

Technorati Tags: freedom of speech, politics, campaign finance law

Filed by Ken at 4:15 am under Politics, Technology
No Comments

This is a test checking the system timestamp. It appears my posts are occuring before I even write them in many cases. My local system time matches server time. Wordpress confirms accurate times, yet posts are awry. Trying to determine whether it’s system or some anomaly with Performancing for Firefox somewhere.

Addendum - The original timestamp was good. Updating this with Performancing to see what happens. Consider this post content free.

But it’s fat free too.

Addendum 2 - Performancing shifted the time stamp to 8 hours earlier than present time. Curious

Filed by Ken at 4:01 am under General
No Comments

Last week I posted IM, SMS and Business Use in reaction to a post I read over on Dan Taylor’s excellent Mobile Enterprise Weblog.

What I didn’t expect was an interesting email I received as a follow-up to my post from someone at CircleTech, the company mentioned below.

The contents of SMS messages are known to the network operator’s systems and personnel. Therefore, SMS is not an appropriate technology for secure communications. Most users do not realise how easy it may be to intercept.

• Nick Jones, Gartner Research

There is  an encryption system for SMS communication, developed by CircleTech, s.r.o., a Czech software corporation. This Java (J2ME) application, which can run on majority of current mobile phones, uses encryption standard AES and user-derived keys to securely encrypt the SMS communication between parties which use it. Name of the system is SMS 007.

SMS 007 has been available for Czech customers for almost 5 months, but only very recently has entered the international market. The  main distributor for Europe is Nokia Softwaremarket.

Besides encryption of the messages, SMS 007 has also other security features like a hidden contact list, which cannot be seen from the
outside without knowledge of the main password - therefore, if  someone steals your phone or just gets it in their hands for a while, he/she still cannot read not only your messages, but not even whom are you writing to.

A few links regarding the product and its recent media coverage:

http://www.sms007.cz - the product homepage, Czech and English
http://www.circletech.net - the page of CircleTech corporation

SMS007 sells at:
http://www.softwaremarket.nokia.com/?product_detail_s60.html&itmId=1612&pID=1102&pmsid=33 - the Nokia Softwaremarket location (for Europe,Asia,Middle East,Africa and Pacific) or
http://www.clickapps.com/moreinfo.htm?pid=4433&section=J2ME&set_device=1459 (for Americas)

http://www.heise.de/mobil/newsticker/meldung/print/70447 - a German article regarding SMS 007
http://www.praguepost.com/P03/2005/Art/1201/news2.php - an English article regarding SMS 007

I haven’t researched this solution from CircleTech at all. I’m not an SMS expert or even overly interested. I’m a casual user. To be honest, I don’t have any reason to encrypt SMS or send anything that might be sensitive via SMS. It’s a very limited medium. But I njow enough people read here that some of you might have interest, so I thought I’d share the interesting information I received,

Thank you Jiri, for passing that along.

Technorati Tags: SMS, encryption, Infosec

Filed by Ken at 3:35 pm under InfoSec, Technology
No Comments

Welcome to Monday. Well, almost. I had several things I thought I’d get written up and posted here, but you know, it was the weekend. Saturday was my birthday and one gifet I gave to myself without planning it ahead of time was the gift of setting lots of technology aside and just letting my brain rest a bit. But now Monday’s almost here, and it’s time to get back into the fray.

I did post another interview on the Realtime VoIP Community blog. This time with Jeff Hicks from NetIQ. That’s been pretty much it for tech anything this weekend.

I know I had a couple of notes from people lately aboud Freedom to Connect (F2C). As circumstance happens, I really don’t think I can be there. I’ve got another commitment that’s held for some time. If I were to attend right now, I’d have to leave about 3 on Monday afternoon. Just doesn’t make sense for me to fly to DC on Sunday for dinner Sunday night, then most of Monday and fly back out. That makes sense when other people are paying the bill, but not when it comes out of my pocket. It’s just too rushed and nonproductive. I’ll be with you in spirit.

This week I’m doing some wrap-up on some projects, writing a paper on VoIP and firewalls (including session border controllers) and looking for a 5th wheel hitch for my truck.

Filed by Ken at 3:15 pm under General
No Comments

Technorati Tags: National debt, budget

Filed by Ken at 3:06 pm under Politics
No Comments

It’s all over the news, but just in case you missed it -

Alcatel, Lucent in $34 Billion Merger Talks

PARIS/AMSTERDAM (Reuters)—French telecoms equipment provider Alcatel is in talks with its smaller U.S. rival Lucent Technologies to create a combine with sales of 21 billion euros ($25.33 billion), the companies said late on Thursday.

They broke off previous merger talks in 2001 after Lucent balked at the idea of an Alcatel takeover and they said on Thursday they were discussing a potential “merger of equals” that was intended to be priced at market, meaning with no premium on their stock prices.

Their merger would produce a company larger than Cisco Systems and would mark the latest round of consolidation in the telecoms and media sector as companies respond to the rapid conversion of technologies and the growth of “triple play,” the provision of TV, high-speed Internet and voice services over phone lines.

It would also give the two companies a combined market capitalization of more than 28 billion euros ($33.78 billion).

Interesting to me as a former employee of Lucent. And I worked for a small VPN startup backl in the day that was absorbed by Newbridge just as Newbridge was being swallowed by Alcatel. And I taught quite a few classes later on for Alcatel.

Technorati Tags: Alcatel, Lucent

Technorati Tags: Alcatel, Lucent

Filed by Ken at 3:01 pm under Technology
No Comments

When I read this story initially, I hesitated. Bloggers vs. China doesn’t sound like I war I want to fight. It sounds inherently unwinnable. And our American perceptions of freedom - to worship, assemble and speak, are not universally accepted around the world. I sometimes think us a bully trying to foist our values on others. But Ethan makes a compelling case and tells the story of Hao Wu well, so I’m going to at least share the basics with you via cut, paste, link and tag. My small support effort.

It is nearly one month since Hao Wu was detained without charge.

Filed under: About Hao Wu, News — Rebecca MacKinnon @ 12:00 pm

We appeal to the Chinese government for Hao Wu’s immediate release!

What happened to Hao?

Hao Wu (Chinese name: 吴皓), a Chinese documentary filmmaker who lived in the U.S. between 1992 and 2004, was detained by the Beijing division of China’s State Security Bureau on the afternoon of Wednesday, Febuary 22, 2006. On that afternoon, Hao had met in Beijing with a congregation of a Christian church not recognized by the Chinese government, as part of the filming of his next documentary.

Hao had also been in phone contact with Gao Zhisheng, a lawyer specializing in human rights cases. Gao confirmed to one of Hao’s friends that the two had been in phone contact and planned to meet on Feb. 22, but that their meeting never took place after Gao advised against it. On Friday, Feb. 24, Hao’s editing equipment and several videotapes were removed from the apartment where he had been staying. Hao has been in touch his family since Feb. 22, but judging from the tone of the conversations, he wasn’t able to speak freely. One of Hao’s friends has been interrogated twice since his detention. Beijing’s Public Security Bureau (the police) has confirmed that Hao has been detained, but have declined to specify the charges against him.

The reason for Hao’s detention is unknown. One of the possibilities is that the authorities who detained Hao want to use him and his video footage to prosecute members of China’s underground Churches. Hao is an extremely principled individual, who his friends and family believe will resist such a plan. Therefore, we are very concerned about his mental and physical well-being.

More about Hao: From Scientist to Computer Guy to Filmmaker.

Hao began his filmmaking career in 2004, when he gave up his job as a senior product manager at Atlanta-based Earthlink Inc. and returned to China to film Beijing or Bust, a collage of interviews with U.S.-born ethnic Chinese who now live in China’s capital city. Before working for Earthlink, Hao worked as a product manager for Internet portal Excite from 2000 to 2001 in Redwood City, CA Before that, Hao had also worked as a strategic planning and product development director for Merchant Internet Group, an intern for American Express Co. and a molecular biologist with UCB Research Inc.

Hao earned an MBA degree from University of Michigan Business School in May 2000 and a Master of Science in molecular and cell biology in July, 1995 from Brandeis University, where he was awarded a full merit-based scholarship. Before studying in the U.S., Hao earned a Bachelor of Science degree in biology from the China University of Science and Technology in Hefei, Anhui province in June, 1992.

Hao the Blogger.

Hao has also been an active blogger, writing as “Beijing Loafer” on his personal blog, Beijing or Bust, named after his film. Due to Chinese government internet blocking of his blog hosting service Blogger.com, he also has a mirror version of the site on MSN Spaces. In early February Hao began contributing as Northeast Asia Editor to Global Voices Online, an international bloggers’ network hosted at Harvard Law School’s Berkman Center for Internet & Society. Writing under the pen name Tian Yi, Hao’s contributions aimed to bring citizens’ online voices from China and the rest of North East Asia to readers in the English-speaking world.

The repressive nature of the Chinese government isn’t news. But the realization that Hao Wu is a US-born Chinese who returned to live in China is distressing. This guy worked at Earthlink and interned for American Express. Repressive government or not, Hao is a human voice that shouldn’t be silenced. They need to release him.

Technorati Tags: freehaowu

Filed by Ken at 9:34 am under General, Politics
No Comments

Like many people, I took a look at Michael Roberton’s AjaxWrite web-based word processing efforts.

To be honest, I’d been meaning to look at it, but just hadn’t taken the time until I saw Kevin Marks’ comments:

Nice idea, except what formats does it save to?
MS Word, RTF, Text and PDF.
How about HTML+CSS - it’s how you’re displaying the damn thing to me after all - how hard is it to store it in that format?
This is not a new question - after all CSS is more capable than Word’s internal styling.
How about a Document Microformat? We can call it HTML for short

That was enough to make me go look for myself. Using Firefox.

Overlooking HTML and CSS was just plain…well, not on top of things. Overall it was a usable, minimally functional experience. What I sw was a tool I don’t need that almost works. Almost. Even pasting a Word document from into the editor brought about changes from one version to the other. Unexpected changes. Formats, tables, things that aren’t terribly advanced. And naturally, all the graphics left gaping empty boxes in the AjaxWrite version. Overall, I was disappointed.

The one place I can see it might be useful to me is if I want to create a PDF via the browser on my Treo. I’ve never needed to do that. never wanted to. But now I might be able to.

Overall reaction - Yawn

Technorati Tags: AjaxWrite, HTML, CSS, Word, RDF, web editor

Filed by Ken at 8:32 am under Technology
No Comments