Mark Frauenfelder at BoingBoing, who seconds my motion regarding the Department of Homeland Security, points to ITConversations' excellent interview with Bruce Schneier. He almost sounds like an economist in evaluating risks: Are we getting good value for our investment?
When the U.S. Government says that security against terrorism is worth curtailing individual civil liberties, it's because the cost of that decision is not borne by those making it.
Now that John Kerry is the presumptive Democratic nominee for President, I'd like to reiterate my recommendation that Bruce Schneier be appointed to either of two positions in the new administration:
- National Security Advisor
- Director of Homeland Security
Of course, in the event of a Bush landslide in the States of Contention, I'd be more than happy if he'd do the same. We need someone in government who actually knows something about security.
Our friends at Verisign like to use a trusted third-party source when verifying the identity of the contact information given in a certificate signing request. What this entails is that they call 411 and ask for a the listed telephone number of the requesting company. They then call that number, and ask to speak with the person requesting the certificate, or ask for confirmation that the requestor is employed by said company.
You would think that the phone company would be easily verifiable. Turns out that they can't just call the operator to get in touch with someone on staff, nor are the affiliates' listed numbers answered by live people. How funny is that?
Oh, wait, isn't this the same thing you did to work-around hidden extensions in filenames?
Gee, Microsoft, you could have made filtering network traffic just a little bit more usable. All you had to do was write a log file, or at least give us the option to log what you're doing.
So I'm applying their so-called IP filters to a host before we deploy it. And, unlike some idiots out there in InternetLand, I use a default DENY rule. So, I add one of those. Then I add the exceptions to the "naff off" rule. And then I apply the filter.
And that doesn't work, because now everything is denied. I suppose that's better than having everything allowed, but it's more than a little annoying. Now I have to leave my chair!
The rudimentary firewall in Windows 2000 applies the rules in an somewhat dynamic fashion. In other words, it's unpredictable. If you permit traffic first, and only then deny it, then things work. Maybe. Who knows? It doesn't log anything.