If you care about music or DRM, you need to watch this entire video:

Video: The Drum Loop That Spawned A Culture

…in order to “secure” them.

Link: BP takes 18,000 laptops off LAN

Something is either wrong with this story, i.e. it’s been taken out of context, or the guy who did this is completely insane.

The guy is basically saying that the only way to test for resistance to attack is to expose yourself to it directly. While that might sound cool, it’s utterly foolish. This to me is like testing a car’s safety features by driving on the wrong side of the road.

Think about layered security — defense in depth. You don’t “harden” systems by removing the most important layers of security. And the fact of the matter is that when (not if) something bad happens, the guy who did this is going to lose his job. Imagine being audited in this configuration.

“Yeah, we decided to just sit outside the firewall and expose ourselves the latest zero-day attacks directly. It’s the only way to be safe.”

The auditors are going to have a field day with this guy. But that’s assuming this even happened; I’m inclined to believe this has been blown out of proportion and isn’t really as bad as this piece says it is. It’s just too radical, and I don’t see it getting past even the most cursory glance at the idea at a large corporation.

Ok, so who’s going? I’ll be there. Drop me an email if you want to hook up.

So I’m taking the CISA exam in June. If anyone has information on the best material to study, or any other tips for passing the exam, I’d appreciate it.

The current Patriot Act is desperately in need of reform, and if we as citizens don’t make ourselves heard, nothing is going to be done about it. Rather than go into the details myself, here are a few paragraphs from Sentator Russ Feingold’s speech to the Senate. It’s long, but this is the future of our country’s freedoms we’re talking about. If you are moved by what the Senator has said here, I implore you to write or call your representatives and let them know you support Senator Feingold’s position.

The thing is, we literally forfeit our right to complain about our rights being taken away if we are too lazy to take 10 minutes out of a single day to make a couple phone calls or send a couple emails. If you care about this country at all, please read the text below and act on it via the link above.

I want to remind my colleagues of the serious problems with the Patriot Act that we have been discussing for several years. Let me start with Section 215, the so-called “library” provision, which has received so much public attention. I remember when the former Attorney General of the United States called the librarians who were expressing disagreement with this provision “hysterical.” What a revelation it was when the Chairman of the Judiciary Committee, the Senator from Pennsylvania, opened his questioning of the current Attorney General during his confirmation hearing by expressing concern about this provision of the Patriot Act. He got the Attorney General to concede that yes, in fact, this provision probably went a bit too far and could be improved and clarified. That was an extraordinary moment.

It was a moment that was very slow in coming, and long overdue. And I give credit to the Senator from Pennsylvania because it allowed us to start having a real debate on the Patriot Act. But credit also has to go to the American people who stood up, despite the dismissive and derisive comments of government officials, and said with loud voices – the Patriot Act needs to be changed.

These voices came from the left and the right, from big cities and small towns all across the country. So far, more than 400 state and local government bodies have passed resolutions calling for revisions to the Patriot Act. I plan to read some of those resolutions on the floor during this debate. There are a lot of them. And nearly every one mentions Section 215. Section 215 is at the center of this debate over the Patriot Act. It is also one of the provisions that I tried unsuccessfully to amend here on this floor in October 2001. So it makes sense to start my discussion of the specific problems I have with the conference report with the infamous “library” provision.

Section 215 of the Patriot Act allows the government to obtain secret court orders in domestic intelligence investigations to get all kinds of business records about people, including not just library records, but also medical records and various other types of business records. The Patriot Act allowed the government to obtain these records as long as they were “sought for” a terrorism investigation. That’s a very low standard. It didn’t require that the records concern someone who was suspected of being a terrorist or spy, or even suspected of being connected to a terrorist or spy. It didn’t require any demonstration of how the records would be useful in the investigation. Under Section 215, if the government simply said it wanted records for a terrorism investigation the secret FISA court was required to issue the order — period. To make matters worse, recipients of these orders are also subject to an automatic gag order. They cannot tell anyone that they have been asked for records.

Now some in the Administration, and even in this body, took the position that people shouldn’t be able to criticize these provisions until they could come up with a specific example of “abuse.” The Attorney General has repeatedly made that same argument, and he did so again in December in an op-ed in the Washington Post when he dismissed concerns about the Patriot Act by saying that “[t]here have been no verified civil liberties abuses in the four years of the act’s existence.” First of all, that has always struck me as a strange argument since 215 orders are issued by a secret court and people who receive them are prohibited by law from discussing them. In other words, the law is designed so that it’s almost impossible to know if abuses have occurred.

But even more importantly, the claim about lack of abuses just isn’t credible given what we now know about how this Administration views the surveillance laws that this body writes. We now know that for the past four-plus years, the government has been wiretapping the international communications of Americans inside the United States, without obtaining the wiretap orders required by statute. You want to talk about abuses? I can’t imagine a more shocking example of an abuse of power, than to violate the law by eavesdropping on American citizens without first getting a court order based on some evidence that they are possibly criminals, terrorists or spies. So I don’t want to hear again from the Attorney General or anyone on this floor that this government has shown it can be trusted to use the power we give it with restraint and care.

The government should not have the kind of broad, intrusive powers in Section 215 – not this government, not any government. And the American people shouldn’t have to live with a poorly drafted provision that clearly allows for the records of innocent Americans to be searched and just hope that the government uses it with restraint. A government of laws doesn’t require its citizens to rely on the good will and good faith of those who have these powers – especially when adequate safeguards can be written into the laws without compromising their usefulness as a law enforcement tool.

I think the InfoSec community needs to make a push to purge the PGP key servers. I think it’d be nice to start off with a clean slate, you know? Virtually everyone I know has at least one public key up on a server that they no longer have the secret key for. It’s a cluster to the n^th degree.

I just think it’d be nice to start fresh. Everyone who manages keyservers could send a series of notification emails to the addresses listed in their key database, and after like a year (or whatever agreed upon amount of time), the deletions would begin.

Worst case scenario is that some people need to re-upload their public keys. I think it’s a small price to pay given the resulting “fresh” feeling. I for one can’t stand looking at all those redundant, orphaned keys — it’s the OC in me I suppose.

Thoughts? Anyone agree?

So the RIAA just came out and said that ripping a CD that you bought legally is not “fair use”, meaning it shouldn’t be legal.

I say screw them. I pay good money for my music and these people have lost their minds if they think that putting legally purchased music from a CD on an iPod is somehow wrong.

I can’t wait until these people shatter under the weight of their own stupidity.

I’d never buy one, but this thing is too cool…

Well I just upgraded my 2003 Volkswagen Jetta to a 2006 BMW 325i. It has so many cool features that I decided to write them down. Turns out that I have a blog, so I figured this would be a great place to do so. Here goes:

• The headlights are Xenon (the wicked cool blue ones), and they turn to point where you’re steering.
• It comes with BMW Assist, which will call BMW if I’m ever in an accident and tell them where I am so they can send an ambulance.
• I also go the concierge service, so I can call them whenever I want and have them look stuff up for me. They can give me directions, make reservations for me at hotels, or just sit there and talk to me. One of the cool applications I thought of was being able to call people when you are not in mobile phone range.
• The tires are run-flat, so if I have a “blowout”, the result is an indicator light on my console rather than death and destruction.
• The brakes are sick. If you take your foot off the gas quickly, the car knows you might be heading for the brakes and automatically shores up the distance between the brake pad and the wheel to avoid that delay when you do actually hit the brake.
• Oh, and in wet weather the car gently touches the brakes to the wheel every once in a while in order to burn off the moisture. This makes braking in wet weather just about the same as under normal conditions.
• I have a manual transmission (as if there was a question), and when you’re on a hill it’ll hold the car in place while you move from the brake to the throttle. Sooooo sweet.
• The side mirrors can automatically fold in at a press of a button.
• The car starts via a “start” button, and the “key” is a rectangle doohickey that you insert into the dash.
• The transmission/shifting on the car is masterful. It’s so smooth that it’s fun just to change gears.
• The turn signal is like nothing I’ve ever seen; you basically just touch it a little bit in order to change lanes, and then you actually push it down more to signal a turn. The cool part about it is that it doesn’t make the bone-snapping sound like most signals — instead it’s a smooth bump feeling. Rich, very rich.
• The steering wheel on the sports package is thicker than normal. This adds to the experience although I don’t know why.
• The winshield wipers have an auto mode that lets you just turn it on and forget about managing the wipers. If there’s barely a mist, it’ll get it every once in a while. If it’s a heavy downpour it will change to maximum speed automatically.

Anyway, I’m sure I’ll think of more stuff to add, but that’s a start.

Tons of people all over the Internets are shedding all vestiges of sanity over how much information Google has access to. They’re especially rabid over the fact that Google is now archiving all chats.

Many view this as proof that the company is heading down a dark path — a path that will eventually lead to them knowing virtually everything about their account holders.

I disbelieve.

I have seen nothing but honesty from the company since I began using their search engine in 1999. I have a high level of confidence that they are using my information for the reasons they claim, and not for some hidden, malicious purpose.

However — and this is a big one — this is all contingent on their current management structure.

This debate really needs to focus on the people in charge more than anything else. They are the ones who control the “morality” of the company’s culture. As I said, I’m relatively comfortable with them right now due to how they’ve conducted themselves over the years, but that could change in one night. One bad meeting, one change in the personal life of a key decision-maker — any number of catalysts could send the company over the edge.

Imagine a room full of highly explosive gas, and then imagine a giant match. Well, the room full of gas is Google, only it’s a room the size of 10,000 football stadiums, and it’s growing every day. So the issue isn’t so much whether or not the current management staff is the match, the issue instead is the fact that there will inevitably be one at some point.

So the question then becomes — how much of your information do you want Google to have of yours when they do have that management change and open their doors to the government (and God knows who else)? This, by the way, is the match. If you think about it, it’s actually quite easy to see. I believe the current heads of Google are decent, honest people, but do you want to bank your life’s information on the fact that they will always be there? Can you be sure they will always be successful at keeping those who want their infomation at bay?

Think about how much profit potential Google represents to someone willing to take advantage of it for business purposes, or how much intelligence information it holds about account holders. It’s seriously mind-boggling, and to believe that a few good people will be able to perpetually defend this massive gold mine is an exercise in naivity.

My point is simple — don’t overreact and label Google as the great Satan or some variant thereof; that’s just being a little silly at this point. But at the same time we need to stay aware of what could, and arguably will, happen in the future.

As for me, I’m going to continue using Google; they’re an exciting company that continues to bring out some awesome products. But I won’t be using it as a primary system for personal correspondence. I prefer having all my mail under my control, i.e. on a LAMP server that I admnister. So I may use the mail forwarding from time to time, or Analytics, or whatever other cool stuff they come up with as time goes on, but I’m not going to drink the punch.: