Ecto Sucks. A rant.

When I first bought my Mac I was looking for some blogging tools.  I read great things about the Ecto tool and how it plugged right into Mac OS X and had all sorts of nifty hooks.  It has all those things but it lacks one critical feature: the ability to provide reliable and expected rich text formatting. 

Every time I make a double space in a post, Ecto seems to think that I mean quadruple space. After some poking around on the forums, I have concluded that I am not the only one with these problems and that the Ecto support team does not seem very concerned with fixing the problem. 

Screw Ecto.  I'm going back to ScribeFire.  ScribeFire does everything Ecto does and does it reliable.  I wish I had my $20 back. 

Come See My Photos at the CNote Art Show

I've had five photos accepted to the CNote Art Show. The CNote Art Show is a showcase of independent artists in the Columbus, OH area. All works at the show are for sale at a price of just $100, hence the CNote Art show. All proceeds go directly to the artists. There are currently over 300 artists showing their work and over 1000 pieces of work on display and for sale. The work runs the gamut of style and media.

The show takes place on December 12 and 13, 2008 at Junctionview Studios. You can get directions here: Map Private showings are available by appointment. Please contact Junctionview Studios at 614.634.1415 or email them here or here to set up an appointment.

Giant spider eating a bird caught on camera

I found this over on FriendFeed. I hate spiders and this creeps me the F#%k out.

According to the Telegraph, the spider in question is a Golden Orb Weaver and the unfortunate bird is a Chestnut-breasted Mannikin.

I lack words to describe how disturbing this is. Maybe you have some. Leave them in the comments.

Some Thoughts on the San Francisco Network Admin

I was going to ignore this, but I can't do it any longer. The short story is that a network administrator for the city of San Francisco changed the primary administrative password that controlled access to its fiber option routing infrastructure. He didn't share the password with anyone else and refused to share it until recently.

Many people are approaching this incident from an information security perspective. This guy had the only administrative password to the fiber network, how could this not be a security issue? I'll agree that the symptoms of the problem fall into the information and network security realm. However, the root cause is something different.

The root cause is a human resources issues, specifically a first line supervisor issue. The accounts that I have read of this issue indicate that Terry Child, the administrator in question, had been unhappy with his salary. I further understand that his management team knew that he was unhappy with it for some time.

As a manager, you need to have some insight into your team members. I can tell when the guys on my team are stressed out, tired, or distracted. I'm sure that Terry demonstrated similar behavior and I'm sure that his supervisor noticed it. As soon as the supervisor noticed the disgruntled behavior he or she should have started taking some type of remedial action. If discussing the situation did not improve it and his behavior started to call his trustworthiness into question, he should have been removed from his position immediately.

By definition, system administrators are highly trusted individuals. They hold the keys to your electronic kingdom. The absolute instant, you don't believe you can trust them, you need to get rid of them. I think that is the root cause of San Francisco's problem here. The HR management system did not work effectively.

Think I'm full of it? Let me know in the Comments.

Amos Lee is Amazing

I was listening to NPR's Weekend Edition this morning and they had Amos Lee in the studio. This guy has an amazing voice. His live performance was powerful and authentic. The sound is a little bluesy and a little folksy, but generally kicks ass. If you can only listen to one track, I highly recommend Street Corner Preacher.

An Observation on the Recent iPocalypse

Below is a comment I left over at scobeliezer.com.




Pardon my cynicism, but I have to ask this question.

Could Apple have planned the iPocalypse on purpose?

I ask because Apple is full of smart people. They have to be or they would not have produced the consistently top rate products, marketing, and brand management we have observed to this point. Could this same organization really not foresee the capacity issues they might face during the release of iPhone 2.0?

Just count the number of iPhones you shipped to vendors and multiply by the resources required during the average activation process. That's the amount of resources you need. Plus 20%. This is simple planning. What happened to Apple's calculations?

That raises the question: Could this just be a deft marketing move on Apple's part?

Actually, what does Apple have to lose through such a marketing plan? They are essentially inconveniencing the hard core Mac Addicts that will buy Apple products regardless of the circumstance. These folks are in Apple's pocket and will take a little abuse for the privilege of being one of the first with the newest shiny Apple toy. (I mean that in the least offensive way possible.) Apple probably isn't risking the population of users that are considering a switch, and more profits for Apple.

So now Apple as traded a little political capital with its hard core fans for the chance to say that iPhone 2.0 was so popular it crashed the iPhone activation infrastructure. That is actually a pretty powerful statement of popularity. Why not spend the political capital with its hard core users?

Now for the disclaimers. I'm a recent Mac convert and love my MBP. I'm currently strategizing a pitch to justify purchasing an iPhone 2.0 to my wife. If the iPocalypse is a planned marketing event, I think it's brilliant. I probably over-simplified things a little.

Now, if you'll excuse me, I'm going to put an Apple sticker on my tinfoil hat.

Have a great weekend!

Thoughts on Social Engineering

This article at the end of this post underlines a threat that a lot of people forget about: Social Engineering

A social engineer is just another name for a con man. Social engineering takes advantage of the human element, which is the weakest part of any security plan. Since human beings are social critters, they have a tendency to be helpful because it's much easier to get along in society when you're helpful. It tends to be more difficult to get along in society if you have a reputation for being a road block. That's just the way the system works.

Just like hackers that exploit electronic systems, social engineers observe the normal behavior and protocols of their target social system. Once they have a solid understanding of the system, social engineers try to use the social system in an unexpected manner to get what they want. For example, they dress up as a tech support technician, drop a few senior executive names, walk into a building and start stealing laptops. This attack is analogous to trojan horse email attachment.

I think one of the biggest challenges we face in social engineering defense is that we take for granted the benefits civilization affords us all. Living in a community provides tremendous value to all its participants. When we fail to understand that value we don't afford the system sufficient protection. Additionally, a large portion of society's standard protocols are based on unverified trust, which makes a social engineer's job even easier. Furthermore, since we live this system every day, it is incredibly difficult to step back and make an objective analysis of the situation.

Given the combination of all these factors, there is little wonder why social engineering is so successful.

Now, if you'll excuse me, I'm going to crawl under my desk and whimper quietly to myself for a few minutes.


Cracking Physical Identity Theft - Desktop Security News Analysis - Dark Reading

Technorati Tags: security, social engineering

Playing With New Blogging Tools

The switch to Mac has caused me some churn. I've been a very devout Firefox user forever but as I get more used to the way my Mac works, the more Safari grows on me. The problem is that ScribeFire doesn't work on Safari.

That brings me to Ecto, which seems to be a pretty popular blogging tool for the Mac. This is my first real post using Ecto. I tend not to do too many crazy things on my blog posts so I imagine that Ecto will work fine.

I'll be testing for a while to see what happens. Please excuse any strange posts in the mean time.

Some People Should Just Avoid Driving

We're getting ready to head out on vacation for a couple of days so I headed over to Barnes & Noble to pick up a book. I get there and see that the pull-through spot I had my eye on was partially double-parked. I've seen this before and it's usually a mammoth SUV with a driver that is incapable of parking the vehicle correctly. My thoughts whenever I see this are usually "If you can't park it, don't buy it". Today however, there was a small twist. The incompetent parker was driving a Toyota Yaris. Seriously, if you can't get a Yaris in between the lines, just stay home. Technorati Tags: rant

An Innovative Way to Precent Credit Card Fraud

This is a great idea. Essentially, this new technology basically embeds technology similar to RSA's SecureID into individual credit cards. For those not familiar with SecureID, it generates a one-time PIN that is used in combination with a username and password to log on to an information system. This way even if a bad guy gets your username and password, they still need the fob that generates the one-time password.

Since the PIN these souped up credit cards generate would be valid for only a single transaction, thieve need to have the physical card in order to conduct a fraudulant transaction. This is like CAPTCHA on steriods.

The technical details are still sketchy. I can only assume that the technology requires some modified infrastructure. We'll probably just see the enhanced authentication used for high value transactions at first, but I bet it will spread to daily transactions as the infrastructure builds out.

This is one of the coolest anti-fraud technologies I've read about in a long time. Here's the article:

Visa plans credit card with onboard TAN generation - News - heise Security UK

Technorati Tags: credit card, security, fraud, technology