Wednesday, May 04, 2016

Disrupted by Throwing Rocks at the Google Bus in Silicon Valley

Finished Disrupted by Dan Lyons ( @realdanlyons ) yesterday, as well as Throwing Rocks at the Google Bus. by Douglas Rushkoff.

It was kind of a weird juxtaposition.  I had just finished the chapters of TRatGB that dealt with the economics of Silicon Valley start ups when I watched S3E2 of Silicon Valley

It was weird because the two thing fit so well together.  Rushkoff was explaining the out of control valuations of companies like Uber, or previously Facebook, twitter, Snapchat, etc. and then Silicon Valley put it up on screen, albeit in a far more enjoyable fashion.  Tobolowsky explaining the conjoined triangles of success is a classic and I can't be the only one who noticed that :

a) Engineering / Manufacturing and Sales  / Growth are diametrically opposed.
b) Growth is the base of the entire thing.

What that tells me is that in the world of Silicon Valley (both real life and TV show) growth is everything.  The product is an after thought.  In fact at one point Tobolowsky (as Action Jack Barker) breaks the news to Richard (the former CEO, creative genius and now CTO) that the product isn't even really the "product" it's the stock and the hype surrounding it. Of course if you have ever worked in a start up (I have twice, three times if you count when they split us into business divisions and put us in "start up mode" which basically meant making horrible business decisions and refusing to sell product until the company shut us down.) none of this was surprise.

Immediately after Silicon Valley, Disrupted popped up in my Amazon suggestions.  I had seen Lyons on TWiT (I think) a couple times and occasionally read his Fake Steve Jobs twitter feed so I took s shot on it.  Immediately it seemed familiar.  Of course it did.  Lyons is one of the writers for Silicon Valley.  The book dovetailed perfectly Rushkoff and the TV show and was extremely enjoyable, although I felt Lyons pain,   The discussion of the CTOs business philosophies (i.e. delightion) has to strike a cord with anyone who has ever had to sit thru one of those bullshit corporate team building exercises.  Not only that but Lyons nails the economics behind start up culture on the head and does it in a far more entertaining fashion, at points referring to various venture capitalists as braying jackasses (I think) and buffoons (I'm sure)..

In case you didn't pick up on it I am highly recommending Disrupted.  My only real complaint was that he could have done more to explore the role of tech journalism in all this, but then again that would have made it a different book.

Speaking of different books - a Business book by Action Jack Barker would be hilarious.

Throwing Rocks at the Google Bus, was a bunch of Picketty-ish nonsense for the most part but the bits about Silicon Valley were pretty good.  I don't recommend it so much.

No it is on to Naked Money by Charles Whelan.

Monday, May 02, 2016

The Tech Elite Are Moving Left - What I am reading 4/2/2016

Week 2 begins at the new job, and it's a new week in the world of news - let's see what we find:

Wired - Flaws in Samsung’s ‘Smart’ Home Let Hackers Unlock Doors and Set Off Fire Alarms -
The security research community has been loudly warning for years that the so-called Internet of Things—and particularly networked home appliances—would introduce a deluge of new hackable vulnerabilities into everyday objects. Now one group of researchers at the University of Michigan and Microsoft have published what they call the first in-depth security analysis of one such “smart home” platform that allows anyone to control their home appliances from light bulbs to locks with a PC or smartphone. They discovered they could pull off disturbing tricks over the internet, from triggering a smoke detector at will to planting a “backdoor” PIN code in a digital lock that offers silent access to your home, all of which they plan to present at the IEEE Symposium on Security and Privacy later this month.
The simple rule is if it is connected to the internet it can be hacked.  Plan your life accordingly.

Router Freak - Cisco ASA as DHCP Server with Multiple Internal LANs -

Not really anything anyone besides me cares about.  Well me and the good people at router freak, but these are the kind of thing I used to deal with.

Tech Crunch - The tech elite are moving left this election cycle -

This election cycle, the tech elite are almost exclusively backing liberals: Tesla’s Elon Musk donated to Hillary Clinton, Facebook’s Mark Zuckerberg gave handsomely to the San Francisco Democratic Party organization, and Microsoft’s Bill Gates gave to three Democratic congressmen.
I think the more likely explanation is that the nation’s new industrial titans are pro-government.

Google, Facebook, and most Internet titans are fueled by government projects: the Internet began in a defense department lab, public universities educate a skilled workforce and environmental policies benefit high tech green industries. The CEO of Uber, Travis Kalanick, is a fan of Obamacare, which helps his entrepreneurial drivers keep their health insurance as they transition between jobs.
In other words, the Democratic party is good for emerging industries and billionaires recognize it. Donald Trump is a candidate known to go after major figures in tech; a trend that may further the Democrats friendship with new industrial titans.

Perhaps more importantly, I’ve argued that the modern emerging workforce of Silicon Valley, urbanized professionals, and “gig economy” laborers all represent an entirely new political demographic redefining the Democratic party to be more about education, research and entrepreneurship, and less about regulations and labor unions. 

I am not sure why this is considered surprising.  Silicon Valley has always been overwhelmingly Democrat.  While there are some outlier donations to the GOP and the occassional crank who espouses Ayn Rand and Ron Paul as saviors of the American way of life I am 100% positive that the data would show that at least in my lifetime Democrats have dominated in that area.  Jeez just look at who their congressperson is.

Friday, April 29, 2016

So week 1 comes to an end AND weird dream alert

First week at the new job is coming to an end.  I'm not going to say much about it, at this point. Check with me again next week.

On the other hand - had a weird dream last night.  I was back at Avocent doing something, not sure what but it wasn't working in test, because they wanted me back there, but every cool person I have ever worked with was there, as well as every girl I have ever dated, who all also seemed to work there.    Weirdly it was all very pleasant because I am not the type of person who ends relationships well.  So anyway there I am and they tell me I am going to be working back in the test department again and it's like a big party, and oh by the way the building is huge, like a giant office building but its just packed, and coincidentally(?) there is a huge barbecue going on.  like we have to walk through a mile of parking lot to get to it but the ribs are super good, being smoked over and there is a ton of free beer.  So i am sitting there with all these former girlfriends drinking beer and eating ribs and everyone is having a good time and telling me how great I am (which really clued me into the dream status) and then the damn alarm goes off.

So that's where my life sits at the moment.

One more thing - saw the trailer for the new Snowden movie holy crap it looks shitty

Tuesday, April 26, 2016

Report on the first day at the new job

So it wasn't quite what was described to me but not horribly different.  The job title is Information Security Analyst but the department I am working in is Systems Assurance.  Basically we are supposed to evaluate the different systems and make sure they comply with the requirements of NIST 800-53 and ISO 27000 series.  I was reading over some of the documentation which seems relatively straightforward. 

The guy next to me has been there about 2 months and is already pretty jaded but by his telling he is an old time security pro, being a new time security amateur I think I can hold out for 3 months :-)

Seems like we will get to access a number of the SecOps guys tools.  QRadar is the one I hadn't heard of.  SolarWinds Network Monitor, which we evaluated at BPA nd decided we preferred Cisco Prime.  A few others that we used at other jobs.

I am trying very hard to not walk in and try and be a know it all so if I have an anuerysm sometime in the next couple weeks you will know why.

Monday, April 25, 2016

Trying to get back into this - What I am reading 4/25/2016

Starting the new job today.  Have to wear slacks and a button down shirt ... yeech, but I guess you have to do what you have to do.  

Okay, here we go...

Ars Technica -  Active drive-by exploits critical Android bugs, care of Hacking Team -

The attack combines exploits for at least two critical vulnerabilities contained in Android versions 4.0 through 4.3, including an exploit known as Towelroot, which gives attackers unfettered "root" access to vulnerable phones. The exploit code appears to borrow heavily from, if not copy outright, some of these Android attack scripts, which leaked to the world following the embarrassing breach of Italy-based Hacking Team in July. Additional data indicates devices running Android 4.4 may also be infected, possibly by exploiting a different set of vulnerabilities.
It's the first time—or at least one of only a handful of times—Android vulnerabilities have been exploited in real-world drive-by attacks. For years, most Android malware has spread by social engineering campaigns that trick a user into installing a malicious app posing as something useful and benign. The drive-by attack—which has been active for at least the past 60 days and was discovered by security firm Blue Coat Systems—is notable because it's completely stealthy and requires no user interaction on the part of the end user.
The Verge - The US is dropping 'cyberbombs' on ISIS  -

The US has begun launching cyberattacks against ISIS, The New York Times reports, marking a significant shift in its battle against the terrorist organization. According to the Times, the US Cyber Command has been tasked with carrying out the campaign, which aims to disrupt ISIS' communications, recruitment, and financial operations. American officials are also hopeful that their open discussion of the cyber campaign will force ISIS operatives to doubt the security of their communications.
This is going to escalate quickly- and not in a way we are going to like.

Dark Reading - How Best To Back Up Your Data In Case Of A Ransomware Attack -

 There’s no protection from ransomware without backup. The first question a security pro will ask you when you report a ransomware attack is whether you have any backups. In many instances, simply by having a backup copy, you can then erase the drive, reinstall the operating system, restore the backup copy, and then start fresh. So remember:  no backup, no protection from ransomware.
Backups are just a generally accepted part of a disaster recovery or business continuity plan and everyone should be doing them but the plan presented here has some flaws.  1.  It's too complicated for home users.  Most Home users don't understand things like realtime backups and weekly incrementals or taking snapshots during upgrades.  Those recommendations don't really do them much good.  2.  It's unrealistic for businesses.  I can't think of a single organization that just automatically accepts patches from any vendor.  Especially one where data availability is a key concern.  Too many things can and do break.  Now if what they mean is that once you have approved a patch it should be pushed out to the endpoints automatically then yes I agree, but to my knowledge that is a pretty common practice already.

That's it for today.  If I actually had any readers I would apologize for such a crappy post after such a long absence, but I don't so I won't.

Tuesday, April 19, 2016

NIST 800 series playlist


I am probably the only guy who watches these things but if you are interested there you go.

Sunday, April 17, 2016

Some Goals

I start a new job next Monday - Information Security Analyst

Seeking a candidate with experience with Security Testing and Evaluation 1-3 years
Desired experience with performing risk assessment

Understanding of the following tools:
Vulnerability scanners
Configuration scanners
Application scanners
Network mapping tools

Experience with the following frameworks and standards, ISO 27002, NIST SP 800-37, 800-39, 800-53 rev4, and other 800 series standards. An understanding of vulnerability and risk assessment process and procedures. Experience in the generation of management reports and technical remediation plans to address infrastructure concerns.
The Security Assurance team is tasked with enterprise-wide security assessments to baseline organizational assets, critical information systems, emerging technologies and remediation plans. The candidate will analyze assessment efforts to provide management with a complete view of known vulnerabilities and associated risks. Scope of assessment includes but not limited to: a detailed report of all findings or gaps associated with a system(s), the beginning of defining the POA&M and Security Assessment Report SAR deliverables
In light of that I have decided to set a few goals for the rest of the year:

1.  Complete my CCNA Routing and Switching - target  1 July 2016
2.  Complete CASP -  target 2 Sep 2016
3.  Complete CCNA Security - target 30 Dec 2016

and for the beginning of next year

4.  CISSP - target 31 Mar 2017

I know everyone will be on pins and needles tracking my progress but if I don't do it this way I won't work on this stuff at all.

Microsoft Rebooting Smartphone Plans... Again

Microsoft, after failing to build a smartphone hub to rival Google or Apple, is trying to change the conversation.
After the Nokia debacle, which included a $7.6 billion write-down and thousands of layoffs, yet another corporate reboot is under way.
“They’ve conceded that they’ve lost the battle for smartphone-operating systems,” said Ed Maguire, who tracks the company at CLSA, a brokerage firm. “After fighting that war for so many years, and watching Nokia go down in flames, nobody would take them seriously if they tried to promote Windows Phone at this point.”

 OK, I am going to say this flat out - First off Fuck Ed Maguire, people like him are a major part of the problem in the tech world today, instead of looking at the promise of a platform they just try and tear it down to maintain the incumbents.  Second, Fuck Satya Nadella or whatever the hell his name is.  People complained about Balmers lack of vision but this guy is far, far, worse.  No ability to see the promise of the Windows Phone / Windows 10 platform and so he just randomly kills stuff.

I have worked with, as in actually worked with, and used as a consumer, all three major platforms.  In my opinion Windows Phone is by far the superior platform.  The UI is intuitive.  The models I used were far more responsive that iPhone and Android phones.  The apps that existed were more responsive and more intuitive to use.  The problem was people wouldn't develop apps for the damn phones.  Part of it was snobbery, I once heard a TWiT host say she wouldn't develop apps for Windows Phone because she didn't like Microsoft's walled garden approach, but she had no problem developing apps for iPhone.  Part of it was lack of effort on Microsoft's part.  They never really seemed to try and attract app developers.  (Again a big FU to Nadella).

If it was me and I was trying to capture marketshare for my new smartphone platform I would have made it attractive to develop for the phone.

1.  I would have rented open space in Seattle and SF / Silicon Valley.  It would have been set up as a drop in work space.  Just big tables where people can come in a plug in and work on their apps with a few meeting rooms that could be reserved for development meetings.  lots of white board space.  then I would have hired a couple people to manage each space.

1a.  In addition to providing space to work these spaces would have offered free seminars on how to develop for Windows Phone.

1b.  The staff would be available to offer advice / technical help and to spot good apps with market potential.

2.  Once a quarter I would have held a disrupt like event where people could bring their apps and compete against each other.  maybe quarters 1 and 3 would be in Seattle and 2 and 4 in SF.  The winners would be offered a chance to move to an in house incubator up in Redmond.

2a.  MSFT would act as the venture capitalist for the winners of these contests or for a selected group of people pulled out by the staff at the drop in sites.

2b.  In return for acting as the VC MSFT would of course get a certain ownership stake, but part of the deal would be that development for Windows Phone had to take primacy.

3.  Windows phone has great product placement in TV and movies but it has been at least two years since I have seen a commercial and no one ever mentions it by name in these shows.  Hell it is even featured prominently in a Katy Perry video but no attempts to tie in -

The phone is at 1:57.

So why reboot?  It isn't going to make a difference because MSFT isn't going to learn anything from this experience and the nextt version is going to flounder and idiots like Ed Maguire will continue downplaying the platform (as will Leo LaPorte and his TWiT friends and every other tech journalist for that matter)

At this point it's a waste.  Microsoft either needs to go all in or just get out of the market entirely and stick with Windows, Office, and XBox.