Category Archives: Sailing

BayThreat 2011: Sharpening the Axe

I will be presenting “Sharpening the Axe – How to Chop Down a Cloud” at BayThreat 2011

…the 2nd annual information security conference in the South Bay at The Hacker Dojo, December 9th, 10th & 11th.

My title is in reference to President Abraham Lincoln who was said to have once quipped:

If I had eight hours to chop down a tree, I’d spend six hours sharpening my axe.

The runner-up quote from Lincoln was

If this is coffee, please bring me some tea; but if this is tea, please bring me some coffee

…but I couldn’t figure out how to make it into a full presentation, let alone a title. Perhaps “if this is cloud, please bring me on-premise; but if this is on-premise, please bring me cloud”?

The axe title works fine, though, and also is in reference to Theseus’ paradox, sometimes known as the Ship of Theseus or my grandfather’s axe, which seems appropriate given this year’s badge.

At BayThreat this year, we’re giving attendees circuit board badges. These badges are plain boards to start, but on Sunday we will have a soldering workshop where everyone can work on their badges. We will have kits available for the badge.

The presentation is based on some of the material you will find in my new book soon to be published by Wiley on security in virtual environments. Hope to see you there.

BayThreat

USCG seizes squid boat after failed identity test

News from the waters near Alaska. A large fishing boat about 3,000 miles from the coast of Alaska was asked to identify itself was unable to do so. It was seized by the US Coast Guard but not brought to shore because of a rat infestation.

The vessel Bangun Perkasa didn’t have a valid flag state registration, and Coast Guard spokeswoman Lt. Sara Francis said it was seized Sept. 7 as a stateless vessel for allegedly violating U.S. laws.

[…]

…crewmen were trying to dump the net when the Coast Guard boarded the ship about 2,600 miles southwest of Kodiak. The Coast Guard retrieved the net, and then found 30 tons of squid and 30 shark carcasses on board, she said.

Officials did not find proper documentation on board, however.

“No license or permits, and no records of their catch,” Francis said.

The Coast Guard also discovered rats on board.

30 tons of illegal squid! That’s just what they kept on board. Illegal giant drift nets kill huge numbers of fragile marine life so who knows what the true toll was. Whales and turtles are devastated by these boats.

Dumping 10 miles of net like a piece of garbage overboard also is an incredibly malicious maneuver. All that aside I find the most interesting part of this story in the failure to provide a valid certificate and then the failed authentication process.

The ship’s crew initially claimed Indonesia as their flag state.

“When we contacted Indonesia, they said, ‘Nope, not ours,'” Francis said. “They became flagless at that point, and that’s when we seized them.”

Although, in terms of analysis, I also find this part amusing

“Given the catch they had, I would assume they were a squid boat.”

Not a rat boat?

Do we know how to make software?

Jeremiah asked and I did my best to answer without getting wrapped around the axle because he bragged to me about buying a big American car during the fuel price rise.

Here is my response:

Well, maybe you knew I couldn’t resist commenting on your automobile engine analogy. I’m still laughing from the time last year you told me ‘when gas prices went up, prices on Suburbans went way down, so I bought one to drive my five miles to work’. Clearly we still don’t see eye-to-eye on managing risk.

You say “the United States ruled the automotive industry; an industry we created from a machine we invented”. For brevity sake I’ll concede the industry was largely built by the US (not created) but I can’t let you assert that the machine was invented in the US. The engines of steam, electric, internal combustion, diesel; all were invented outside the US in the 1800s. I mean by comparison the US at that time was stuck in a rut over whether slavery was a viable engine to power its industrial production!

Yeah, ok, I know Ford gets lots of credit for ramping up his assembly line and blowing a whistle at his workers, but even that was an application of British automation developed and built 100 years earlier to support the quality and speed necessary for their military during the Napoleonic wars. Imagine watching a steam engine-driven system in 1808 that produced over 100 thousand blocks (pulleys) for the Navy. The Block Mills of Portsmouth proved that with an assembly line and machines just 10 men were made able to work as quickly as 100.

More to the point you say “The trend is that we (in the U.S.) invent something new, create an industry around it.” That seems to skip right past the fact that most industries in the US were started by European immigrants based on European ideas in place for many years before the US copied them. From Budweiser to Champagne, Cheddar Cheese to Chandeliers, what the US has really done well is bring down the price of goods and make them more accessible. In fact, that was an obsessive element to the Nixon administration that success would be determined entirely by the availability of goods. A steak on every table. And it’s true our shelves were stocked our pantries full while others in the world were still paying more for fewer goods, but somewhere in that heady explosion of prosperity out of the 1900s the US lost its sight of quality as a measure of success in “efficiency”.

You bought that Suburban, you said, because you perceived value, right? Did you feel like you were buying innovation? Quality? Maybe a trip to a car show to look at the latest models (all outside the US now) will change your perspective:

http://www.nytimes.com/2011/09/11/automobiles/as-frankfurt-show-opens-industrys-balance-shifts.html

“If it seems as though German manufacturers are on the leading edge of new, gas-free urban transportation solutions, it is due in no small part to the European Union’s strict pollution controls. ‘Today, all the innovation in the auto industry is coming from the German manufacturers…A little from Japan. None from the U.S.’”

NONE from the US. Our amazing ideas of “efficiency” apparently were not so.

I mean a four-door all-wheel-drive station wagon made by Volvo is expected to be available next year that delivers better horsepower than a Ferrari 308 and a Camaro Z28, yet will also provide 100 mpg. That should have been an American made vehicle. No reason that it could not have been built and sold here. We have the weather, the open roads, the crap to haul around. Oh, no reason except people were for some reason still buying Suburbans. You know I could go on about this forever and someday I MAY convert you to a highly resilient low-risk source of energy for transportation, even if I have to do it on the mat…but I’ll try to get back to the point of your post.

I think your definition of software may be too narrow. You say “software must be built by highly skilled people, whose skills are not trained up quickly or easily.” But isn’t that the very opposite of what is causing so many problems in code? Code is being written by many more people less trained and using toolkits. It is based on a massive rise in the amount of shared/borrowed/stolen code available. I see this most in recent cases of malware mutations — so many more people developing (or at least modifying) more code more rapidly than ever. The mobile app stores are another example. Anyone with a cheap personal computer and a few online tutorials now is in place to build and release software to hundreds of millions of users. Compare that to the training, samples and platforms of twenty years ago. Software is just flying off the wires now and it’s going to get even faster as more remote areas are connected.

You say “those who profit by the billions from creating software, like Microsoft, Oracle, and Adobe seem unable to ship multi-million line software projects on a deadline”. You’re looking at the wrong sources of innovation. That’s like criticizing the British Navy for deploying ships late (a critique as old as the British Navy — special note to the Falklands War deployment, which led to the development of ITIL). While the Navy isn’t going away and will continue to find ways to automate production, they are solving massively complex problems. The future of software build efficiency is less about the big guys just like ship building an ocean-going vessel for the masses is at a much smaller scale today. The lessons learned from the big expensive mistakes are applied faster, better and at smaller scales of automation.

So, I’d be one to argue yes, we know how not only to make software but hundreds of millions of people know how to save time by learning from the innovation of others — sharing knowledge and tools to reduce build times. I’d be happy to go more into the myths of commodity and innovation. I also would like to clarify trends and real numbers but I’ll leave those for another day (e.g. Today’s fastest growing telecom company? Skype is barely over 500 mil while India mobile is soon expected to have 1.2 billion subscribers). Alas, it’s time now to go make some more fuel for my engine.

Update: My comment has not yet been approved, so I’m glad I made a copy here just in case. I also have to point out there is some sweet irony; a post about efficiency and automation is taking a long time to approve a comment. Maybe it’s a manual process. :)

Another AC45 crash due to ‘limit’ test

Some skippers of the AC45 that crash say it’s bound to happen because they are aggressive at the wrong moment

When you sail in such an aggressive way you are bound to hit some small bumps along the road that leads to the America’s Cup in San Francisco. Now we know when to push hard and when to sail in a more conservative way. Today’s incident is a very valuable lesson.

The best catamaran sailors keep calm and under control while pushing the boat faster; they feel the absolute limits because their senses are still in touch with a feedback loop and they can control their aggression.