Tuesday, July 28, 2009

Swarm Wars

Was just watching a news promo where the focus of one of the stories is on a child's bicycle tyre with drugs hidden inside.  Have also read (of course) about the drug mini-subs that are being used to run stuff into the US.  And I've reflected that all through history there have been various kinds of drug struggles between the eternal triangle of those who source, those who use, and those who prohibit.

There is a grass roots support group of people who want the drugs, who end up as the victims of course but perhaps that's the function of drugs, to act as some kind of Darwinian selector.  Who knows.  There is a group of people who want to supply those drugs in return for material gain of their own, no matter who that kills.  And there are prohibitionists who act to try and save one group from the other.

It's kind of like war.

But, of course, martial type warfare is so much more advanced, for some reason, than drug wars.  They have UAVs and packbots, and plenty of them.  They save putting lives at risk, are relatively cheap and easy to put into the field, and can slip around almost undetected while carrying a warhead, camera, or other payload to a destination quite a distance away.

Oh yeah, and this follows on the heels of watching a TV article showing a small commercial factory unit successfully making small UAVs and delivery systems.

See, I wonder how long before you see (or don't see) flights of hundreds of small hard to detect unmanned robots, each carrying a small amount of drugs, random flight paths to widely spread destinations, and making it pretty much impossible to stop all of them.  I'm almost betting within a few years you'll read about "swarms" of these things, drug suppliers aren't stupid and this is now proven technology...

This may be the last decade before the Coming Of The Drug Locusts...

Wednesday, July 15, 2009

Moth Wing Nanos?

Just a sudden, intense, very vivid flash of memory:

When I was in my late 20's, my father and I were discussing huge scientific topics, if I recall, it was something along the lines of how long to spit-roast a pig in the hot 43C (100F) summer of Wittenoom, Western Australia.  It included discussions of the effects of various bastings and a possible cure or marinade in plastic wrap for a day beforehand, and progressed via the (then still fairly new) concept of radio wave cooking (which became the familiar microwave of today) then meandered off into discussions of science and technology.  We rambled a lot over a few beers, did Dad and I...

In the middle of that conversation, I killed a moth that was threatening to slurp up precious beer, and there was a cloud of dust from the wings of the moth, and dad got animated and mentioned that the dust off moth wings was harmful to inhale.  He'd seen research that had established that moth wing dust was composed of - and I don't for the life of me remember if he actually said "nanoparticles" or just "microscopic particles" but it was pretty much the first time I'd actually thought about the properties of materials on a nano scale.

I incorporated a particular nanoparticle, a "monomolecule knife," into one of my unpublished Cycle novellas, on the back of thinking about nanoparticles for the next five years.  And I've seen that science researchers have developed particular carbon nanotube structures based on examples from the animal kingdom, and now there's been advances in adhesive based on the micro hairs on the feet of the gecko.  Other researchers have made significantly large single molecules which reminded me of the mono knife in my novella.

But so far I haven't heard about any nanotech researchers studying the fuzz on moth wings for an inspiration...

Just wondering - I tend to think of these things just around the same time as other people do, and often see my brainfarts made concrete by the magic of parallel development...

Monday, July 13, 2009

VIPRE Virus and Malware Protection

As many of you know, I worked as a System/Network Administrator for 15 years before my health caught up with me, and in that time I've made an observation or two about people.  No matter what I did to protect the workstations, someone always found a way around it eventually.  And of course, because I listened to my users, I found out what the objection was - performance hit.  Any antivirus solution I deployed, caused serious performance degradation on the older boxes of the day.

It's to be expected then that with malware, machines, and malware protection all scaling up at roughly the same rate, that today's protection software would make about a similar percentage hit on performance of today's machines.  To a great extent, this is sort of true.  Modern virus and malware protection software causes a bit less of a slowdown, but every software I've tried still made a significant difference to the machines I tried them on.

Sunbelt Software have hired me to say a few words about their Antivirus Software named VIPRE. Being a conscientious type, I downloaded and installed the free 15 day trial of the software, and being a bit less than conscientious %) I then went to sleep and let it download the definitions and perform the first scan.  That would be because I was doing this around 3AM my time and fell asleep at the desk.  Therefore, I can't tell you if there was any thrashing the first time it ran - but I can tell you that I didn't notice it in the following few days, where every other A/V program I've ever known has caused unpredictable lagging and slowdowns.

Aside from the definition files, VIPRE can also run suspect programs in a virtual environment so it can't do any harm, helping VIPRE to identify and isolate malware.  And while I don't personally use Outlook, VIPRE integrates with Outlook to catch email-borne malware as well.

Sunbelt Software have 15 day trial software available, I haven't uninstalled mine yet because, quite frankly, I'm thinking I might upgrade it to the full version.  If I'd had something like this back when I was working, I'm pretty sure I'd have been able to convince users to not try and unload their A/V software...

As a further incentive, Sunbelt are also offering a price reduction (50%!) on their personal firewall product if you buy VIPRE.  Sunbelt Personal Firewall is ranked quite highly by other writers, and if you were looking to protect your machine on multiple levels then you probably couldn't go far wrong if you took advantage of that offer.  Even on a home computer or a machine already behind a home router firewall or office firewall, putting a personal one on your PC is still a good idea.

Sunday, July 12, 2009

Dealing With The Internet In The Workplace.

Most companies, since companies began to be the preferred business unit, have wanted just a few things from their employees:  Be as young and energetic as possible; Be as experienced as the older staff; Spend 100% of your time working, no meal or toilet breaks would be just bewdiful thanks; Work for junior rates doing a senior job.

After all, it's not much to ask, is it?  And yes yes yes I'm being sarcastic.  The work day for all critters seems to be a big long but amusing search for food interspersed with intervals of work, not the other way around.  Articles like this one demonstrate the efforts that management have to go to, in order to try and get that work/leisure/effort/effect balance right.  Do you open the Internet?  Block most of it? Have company firewalls, or secure application servers?

Let me put it this way - twenty years ago, how did companies prevent the equivalent circumstances?  Instead of a firewall, there was a mailroom that inspected stuff going inbound and outward.  Long employee chats with colleagues were examined for whether they were relevant to work or not, and then controlled as needed, by supervisors. And try as they might, employers had no way of preventing employees from walking out with company secrets firmly engraved in their brains, any more than they have a way today to prevent a company database walking out on an iPod or MP3 player or memory stick or card...

The thing that worked best, it turns out, is maintaining watchfulness.  So here's a thought, given freely after nearly two decades of dealing with users and technology:  Watch, Decide, Act.

Watch what happens in your office and on your LAN.  Are your servers logging and flagging unusual events? That's the first thing you should be watching - and in order for the "unusual" flags to apply, you have to decide what constitutes "usual" and "unusual."  Capture all traffic and put it through transparent proxies.  not to prevent, but to record it.  Experiment with the output of the logfile. A good analyser program will soon start telling you which machines spent how much time surfing what, where, and when.

Similarly monitor all accesses to your own servers and workstations. Is that new person poking around on the Sales VP's machine?  That might be deemed "unusual," unless they are the SVP's secretary or PA.  Is someone repeatedly trying to send malformed traffic to your SQL server?  Time to check that they're not hacking you, or that their workstation might not be compromised by a Trojan.

As has been repeatedly pointed out, you can't prevent sufficiently determined employees from doing all the above and more.  Shutting the barn door after the horse has bolted may well lose you a horse, but shutting it before the horse bolts, prevents anything from happening in the barn at all.  Making the door more person sized means all your chickens will still be able to escape, and raising it still won't prevent the rats and pigeons from using it...

The problem lies in working out what's usual and useful, compared to unusual and harmful.  Block YouTube or FaceBook? Fine, but some people actually use those in the course of their duties.  I might find it easier to post a video and let a sales prospect know about it via their FB account.  On the other hand, I might also be using those two to dig up dirt on colleagues to coerce their cooperation with a pet project or a project to steal data...

In all the time I worked in IT and system and network admininstration, the problems such as the above were always "unusual," and that's generally how they were picked up, precisely because they were unusual.  Locking down access and traffic generally resulted in less bandwidth, but no discernible change to the risk/benefit ratio.  I became a great logfile reader, and picked up no end of minor breaches that way.  There are now programs that do what I did, but they need to be trained and set up, and usually the person that has to do that is the system admin.

In an age where personal electronics is everywhere, it's also possible for an employee to place company data onto their personal multimedia device, then connect right up to the Mcdonalds hotspot right outside your office and upload that data - it takes only minutes, or even seconds given a suitably skilled person - and all your logs would show is that employee "Z" accessed the payroll database for a bit longer than normal.

That information didn't - and can't - help you at the time, but it will form a trail that can be backtracked on when you discover that your best people have been headhunted at salaries that are just the right margin above the salary you were paying them...

"Blocking" the external WiFi hotspot?  You may as well try and hold back water with a flyscreen.  And indeed it may well be illegal to block wireless communications, in some places, and with certain forms of wireless.  (You may not, for example and as far as I'm aware) block mobile phone signals at any time, and what if your superduper "cellphone buster" that you've placed in operation to block employees from spending all their time calling friends and family also blocks cellphone access to the company next door?  And if you reduce the range of the quencher, then you'll find knots of employees in the areas that the signal misses...

My personal belief is that keeping people engaged, involved, rewarded, and stimulated is the best way to command loyalty, and watchfulness to make sure that this loyalty doesn't waver is is the second step.

Thursday, July 9, 2009

Veni Vidi Virus

And here's the rest of the world catching up to my thoughts from years ago...    In the dusty archives somewhere, I think I had an article about what will happen to implant wearers once those implants connect part of their real life bodies to the virtual world, to the real life world of script kiddies, sociopathic hackers, and other online entrepreneurs.

Here's one of the things that worried me then, and worries me now:  If I have a prosthetic limb or just an enhancement to existing limbs, and this is controlled via a brain implant, which in turn has wireless connectivity to allow the control and adjustment of the augmentation.  And if some script kiddie finds a way to reverse a few numbers somewhere.  And I happen to be walking along an elevated footpath, I think "move right" and the brain implant issues a "move right" and the augmented limb then moves left.  And happens to knock a fellow pedestrian off the footpath, they crack their head, and subsequently die.

Who's guilty now?  Me for being the one who physically carried out the action leading to the death?  The manufacturer of the system for not building in safeguards and intrusion protection?  The hacker, wherever and whoever they may be, and who may have carried out the hack without any knowledge of where i was and what I was doing at the time?

This situation isn't just going to apply to body-worn augments, of course.  Assume I'm and early adopter and have a personal robot assistant.  Or (and this would be one reason car manufacturers might be a tad shy to put automatic drive controls in their cars) I have a personal transporter that pretty much runs on autopilot and connects via mobile broadband to download routes from Google Maps.  Only Google Maps has been hacked and along with the map it downloads a zero-day payload...

You can see that where the Law has been slow to catch up with current cyber wrongdoing, the rate of change is about to ratchet up by another whole order of moral and legal decisions needing to be made.

Wednesday, July 8, 2009

Saw Point

As a teenager, I was pretty handy in manual arts, both woodwork and metalwork.  I remember once I left high school pricing the odd tools for handyman jobs both at my parents' house and my own projects, and one of the more highly priced (and prized) of my hand tools was a Disston foxtail saw.  Back then I didn't know the background or the history of Disston saws, I just knew that they were one of the better quality saws available, they were imported from "overseas," and I saved a few weeks before I could buy mine.

Now the back story is filled in for me, by this short story and the lovely slideshow of pictures, of the history of Disston Saw Works in Philadelphia.

Email Subscriptions powered by FeedBlitz

Subscribe to all my blogs at once!

Your email address:

Powered by FeedBlitz