Category Archives: Security

Iraqi bakers and barbers under attack

The BBC has an interesting first-person story — just a taste of violence in Iraq:

bakers have become the latest casualties in Iraq’s seemingly unstoppable slide into communal blood-letting.

The reason is simple – traditionally most bakeries in the city have been run by Shia families.

So, for Sunni insurgents trying to stir the sectarian demon, or seeking revenge for Shia attacks on their own communities, bakers make an easy target.

They do not say why bakers are usually Shia, but the “easy target” comment is very revealing as it spells out the widening chasm of domestic conflict. My guess is that a baker is as much an economic target as a religious one, as the insurgents are trying to disrupt daily lives/routines and establish control of neighborhood supply-lines. Barbers apparently also work in fear of attack:

in recent months, a growing number of barbers have been killed or intimidated – on religious grounds.

They are accused of breaking Islamic codes by cutting hair in a certain way and shaving men’s beards, an echo of similar edicts issued by the Taleban in Afghanistan.

The threats are coming from both Sunni and Shia extremists – the same people are behind much of the sectarian violence.

This seems more related to religious extremism than the baker killings, but the barber also shared his memory of how business was before the US invaded:

“It’s very sad,” he says. “Before the war, we would just cut hair the way people wanted. Now we’re not allowed to.”

And he went on: “Before we would never talk about whether someone was Sunni or Shia or Christian. You would never hear those words, we all lived peacefully. I don’t know what is going to happen now.”

Will the bakers and barbers stop working or will they stock weapons and hire “protection” and add it to the cost of goods? That might have been the question three or four years ago, but the market is so broken now and the violence escalating so much that it is a wonder anyone goes to work in the open or identifies themselves as a baker. I wonder what bank security must look like:

On Sunday, a day after at least 36 people were killed in a spate of bombings in Baghdad, gunmen stormed a city bakery and kidnapped the ten employees in the early morning hours.

“Gunmen in five civilian cars stormed the bakery in the Shiite neighborhood of Kadhimiyah and took away the ten employees,� an interior ministry official said.

Police also found nine bodies of men who were tortured to death, an indication that sectarian killings were continuing without halt between the Shiite and Sunni communities.

When the US first invaded, they accused anyone who was in the Ba’athist Party of being a loyalist to Saddam. Nevermind the fact that people working in the public sector (schools, hospitals, etc.) had no choice but to publically support Saddam, since he required their loyalty and punished dissent. Sadly, instead of bringing freedom to these people, the Bush administration policy led by Bremer was to remove all “loyalists” and create a flat, open market. Into this vacuum rushed the extremists and resistance fighters and thus became the foundation for violence today. Moreover, I think it important to note that the resistance forces appear to be taking the same tactics as the Bush administration and declaring anyone with any affiliation to the government a potential target:

Electricity is a big problem. Many big private generating sets are providing homes with power. The terrorists forbid the operators to do their work because they think this will strengthen the government position.

It is the same with other services. Even Shia bakers are being killed, they don’t want them to feed Shias.

Bad Agile

It has been a whirlwind week for me. Products launching to hundreds of millions of users have required quite a bit of focused attention. It feels good to have them going smoothly and I look forward to the reaction from people at CES. So, in my own neck of the woods I have several posts ready to go for the prior days, but have not had enough time to edit them for release. I might be able to squeeze them out today, but it begs the question if I should back-date them to when the bulk of them were written, or date them for today’s launch to the public?

I noticed a related story about code-complete and deadline launch dilemmas written-up on Stevey’s Blog Rants. He attempts to discuss the nature of human behavior and how it can impact quality as well as timing.

Up until maybe a year ago, I had a pretty one-dimensional view of so-called “Agile” programming, namely that it’s an idiotic fad-diet of a marketing scam making the rounds as yet another technological virus implanting itself in naive programmers who’ve never read “No Silver Bullet”, the kinds of programmers who buy extended warranties and self-help books and believe their bosses genuinely care about them as people, the kinds of programmers who attend conferences to make friends and who don’t know how to avoid eye contact with leaflet-waving fanatics in airports and who believe writing shit on index cards will suddenly make software development easier.

You know. Chumps. That’s the word I’m looking for. My bad-cholesterol view was that Agile Methodologies are for chumps.

The fatal flaw in this blogger’s rant is the horribly weak analysis that follows from the above (e.g. if you shower developers with simple incentives it will invariably result in higher quality, as if incentives were easy to understand let alone justly distribute). In other words, he acknowledges that human behavior is a risk, but then fails to understand human behavior and instead faults the system they are using as if Agile is to blame for failing to correct all engineering practices. Nonetheless, after I managed to read through its entirety I had to laugh at the fact that he says he can find no way to tell good cholesterol from bad before he burns through several hundred rambling lines in an attempt to explain *simply* that it shoud be obvious to even the casual programmer how to know good from bad Agile.

The bottom line for Stevey appears to be that he likes to eat, and if you feed him good food (since he admits at the start he can’t figure out the risks for himself) then he will perform well. This is a fine model for the great Stevey, but hardly the stuff a project or risk manager can apply more universally. He might as well say something like wearing brown shoes and a blue shirt works best in his experience therefore others should try it too. Systems are prone to failure; there are many risks. But that does not mean that a system can never be successful, or at least average out with more wins than losses. And with that said, I plan on back-dating my posts to give myself credit for having written them, even if the editing was not complete until today.

craigslist haiku

I noticed recently that Craig has added some new art and poetry to his site. I really like the new error haiku:

Not Found

There is nothing here

No web page for this address

404 Error


 ____________
(  return to  ) 
(  craigslist )
(  homepage?  )
 ------------- 
       O 
        O   ^__^
         o  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

Hidden meanings and domain abuse

Phishing domain names are terribly annoying. Aside from the obvious problems with people playing with the vulnerability of fonts (e.g. “O” and “0”) or taking advantage of common misspellings, there is also the issue of Unicode translations, etc.. A simple domain name can sometimes require a great deal of thought to make sure it is less susceptible to hijacking or abuse. However, the risks are not always from the outside. With that in mind, see if you can find the hidden meanings in these real domain names:

Who Represents is where you can find the name of the agent that represents any celebrity. Their web site is:
https://www.whorepresents.com

Experts Exchange is a knowledge base where programmers can exchange advice and views at:
https://www.expertsexchange.com

Looking for a pen? Look no further than Pen Island at:
https://www.penisland.net

Need a therapist? Try Therapist Finder at:
https://www.therapistfinder.com

There’s the Italian Power Generator company:
https://www.powergenitalia.com

And don’t forget the Mole Station Native Nursery in New South Wales:
https://www.molestationnursery.com

If you’re looking for IP computer software, there’s always:
https://www.ipanywhere.com

The First Cumming Methodist Church web site is:
https://www.cummingfirst.com

And the designers at Speed of Art await you at their wacky web site:
https://www.speedofart.com

Yes, they really are real. Snopes even confirms the marketing site for an Italian company, although the site is now “under construction”:

The powergenitalia.com domain apparently hosts the web site of a real Italian company (Powergen Italia) which sells specialized battery products.

Guerrilla marketing, accident, or intentional joke? You be the judge.

And this just had to be filed under poetry, because my guess is that if the domain owners had read/written more poetry they would have been far more immune to this kind of risk…