Dave's Bit Bucket

Dave Walker's jottings - mostly pertaining to security

All | Cooking | General | Java | Networking | Security

« Previous month (Aug 2006) | Main | Next month (Oct 2006) »
20061027 Friday October 27, 2006

My favourite security book, downloadable for free!

Ross Anderson has managed to negotiate with Wiley to allow him to make his book, "Security Engineering - A Guide to Building Dependable Distributed Systems" available for free download here.

I heartily recommend any security geek who has not already read it, to do so.

(2006-10-27 06:18:58.0) Permalink Comments [0]

20061017 Tuesday October 17, 2006

"Blackbox" could look great in olive drab...

While this appears to be pitched at "customers who have run out of space in their datacentre", it looks like it may also be a perfect fit for the military and intelligence communities:

  • it's in an all-metal shipping container which will act as a Faraday cage, so it's reasonably EMP-hard and may approach TEMPEST requirements (I wonder if we'll test it?)
  • if resilience to a 9G shock is considered "good enough to survive some rough handling in a battlefield environment", configure one of these "back home", hang it under a Chinook, deliver it to a field HQ, attach generator, ground microwave link and satellite uplink and you've got all the C4I capability you need right where you want it...
  • for intelligence field operatives, lease a big garage / small warehouse to put one of these and some desks in, and run fibre from one of these to a bunch of SunRay 2FS units
This thing has a ton of potential :-)

(2006-10-17 08:51:13.0) Permalink Comments [0]

20061003 Tuesday October 03, 2006

Musings on mobile 'phones

It's not often that I'm careful to find time to keep up with what folk in Marketing are saying, however I find Stephen Davis' writings to be rather thought-provoking at times. He's reminded me of some musings I had on mobile 'phones a couple of years ago, and they still appear to be true...

I think it's fair to say that the mobile 'phone market in the UK (and in the US, and most of Europe) is pretty much at saturation point - everyone who wants a 'phone has one, and so the manufacturers have for some time now been cramming more and more features into handsets to take advantage of increasing bandwidth, in the hope that people will want the new features badly enough to upgrade from the 'phone they have.

There's an alternative approach to this, and a very few manufacturers are just starting to use it. Instead of "putting things into 'phones", consider "putting 'phones into things".

For instance, consider someone who is serious about photography. I'm sure they'd be much more interested in having email or other over-the-air file transfer capability built into their semi-pro 8 megapixel Nikon (or whatever) than having a 2 megapixel camera in their 'phone. Now granted, 'phones have interfaces such as Bluetooth and some can even take camera memory sticks, but Bluetooth is far from fast and swapping media around is both a hassle and eventually leads to mechanical wear from repeated insertions and extractions. If the camera had the ability to take a SIM card, the aforementioned serious photographer would be likely to get a pay-as-you-go SIM for his camera.

Thus, the saturation point for subscriptions ceases to be an issue, as folk start to have multiple devices which function as 'phones - just not 'phones used for making traditional 'phone calls.

btw, there's an old anecdote about a bunch of 'phone market research people, who gathered together around a table for a few beers after a conference. The subject of discussion was "what will the next 'phone-based killer app be?".

The debate was lively until one guy stopped it dead, by saying "voice" :-).

However, these days he could have said "Skype"...

(2006-10-03 01:55:33.0) Permalink Comments [1]

20061002 Monday October 02, 2006

Tempus Fugit: addendum

Once in a while, I wake up in the small hours with an interesting idea.

If you have an infrastructure involving multiple "stovepipe" networks, which may or may not be looked after by different teams, you nonetheless need to have time synchronisation across everything - not only for business process flow tracking and root cause analysis in the event of issues arising, but also to keep log files in synch and therefore make looking for things easier from a Governance and Compliance perspective.

Consider Zones in Solaris. While each zone can notionally be in a different TZ (by virtue of each zone having its own /etc/default/init ), the zones all synchronise to the same internal UTC by virtue of the fact that all zones share a common kernel. In other words, zone time can't suffer relative drift in the same Solaris instance.

Therefore, it makes most sense to push any external time feed into a Global Zone by running an NTP client there, set up one zone per stovepipe (or segregated part of the organisation) and run NTP servers in each zone at one stratum numerically greater than the external time feed. Thus, all parts of the organisation get synchronised time with segregated admin.

If you want to make it as certain as possible that different zones can't affect eachothers' operation, resource-limit them and run Trusted Extensions.

Job done :-)

Coda: Cunning realtime-forensic methods such as are described here will also identify which zones are running on the same OS instance as a result of this lack of relative drift, but that's another story...

(2006-10-01 23:59:34.0) Permalink Comments [0]

Calendar

« October 2006 »
MonTueWedThuFriSatSun
      
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
     
Today

RSS Feeds

XML
All
/Cooking
/General
/Java
/Networking
/Security

Search

Links

Innovate on OpenSolaris

  Read via bloglines :
British Blog Directory.


Navigation


blogs.sun.com
Weblog
Login


Referers

Today's Page Hits: 431