First I thought there was an exciting new flavor of ice-cream. Then I realized the title is “Self-Serve” not “Soft-Serve”. Then I thought this could be a new form of solo Tennis.

Alas, a library that carries my name at the University of Arkansas at Little Rock has deployed a bar code reader. They call it the Ottenheimer Self-Serve.

Welcome to Ottenheimer — serve yourself.

I am just glad it is not an RFID scanner. Yesterday I went on at length in my cloud compliance presentation at the San Francisco ISACA Conference about the security risks in RFID tags, including those used in a (controversial) trial at the Oakland and Berkeley libraries.

There has been no mention whatsoever of computers or malware (pun not intended) that could be related to the ecological catastrophe now unfolding in Hungary.

A reservoir southwest of Budapest holding an aluminum byproduct called “red sludge” collapsed, releasing at least 700K cubic meters into nearby towns.

Red sludge is an extremely toxic substance that contains heavy metals and acts as alkali on contact with skin. The blast-triggered poisonous flow has flooded three settlements.

Chemical burns from the sludge can take days to recognize. It has already entered streams and is now said to threaten the Danube river. With all news sources around the world bringing forward the human and environmental toll, I also noticed the CBC picked up on the usual issues of compliance:

Local environmentalists say they have tried to call the government’s attention to the risks of red sludge for years.

“Accumulated during decades … red sludge is, by volume, the largest amount of toxic waste in Hungary,” the Clear Air Action Group said, adding that producing one tonne of alumina resulted in two tonnes of toxic waste.

MAL Rt., the Hungarian Aluminum Production and Trade Company that owns the Ajka plant, said that according to European Union standards, the red sludge was not considered toxic waste.

The company also denied that it should have taken more precautions to shore up the reservoir.

“According to the current evaluation, company management could not have noticed the signs of the natural catastrophe nor done anything to prevent it even while carefully respecting technological procedures,” MAL said in a statement.

This position of MAL, a company started after privatization of the aluminum industry, will obviously become more and more difficult to defend as the impact severity of the breach increases. Their environmental protection page shows they knew the risks, and they tried to give assurances with terms like “fail-safe”:

Suitably localized, up-to-date, fail-safe ponds equipped with monitoring system are available to dispose the red mud. We devote ourselves to recultivate the red mud dumping area. The filled red mud disposal ponds are continuously covered with soil and plants.

Already the Hungarian government has stopped production at MAL.

An AP photo of the collapsed reservoir wall shows the magnitude of failure. Note the small yellow construction equipment in the bottom left corner:

David Litchfield’s part 7 in his series on Oracle Forensics is called “Using the Oracle system change number in forensic examinations”.

The paper demonstrates two tools. The first tool is “oratime”, which maps SCNs to timestamps using raw block data. The second tool is “orablock”, which dumps data from blocks including deleted data.

Unlike BBED (provided by Oracle) orablock is read only and the source code is available.