Solving the unsolvable?

26 Mar 2007

Imagine you are living in a beautiful house, but the walls are constantly needed to be patched, the floor is not level, and the house tends to flood. You keep hiring contractors to fill the holes in the dry wall, add supports, re-lay tiling, and clean up the water damage. You can maintain this process for the next several decades before the house becomes hazardous, but most people would become suspicious after the first year or two. It is only then to they step outside the problem and look at the structural foundations, only to realize that the house was built on top of sand and right next to an ocean…

So, what is the point? What does that have to do with computer security?

That house is the computer and Internet — the icons of the Information Age, and we’ve been living in a rotting house since 1970 (but did not start to notice until the mid 1990′s). Security has become a huge issue, and we are just trying to survive by throwing technology and halfbaked ideas at the problem.

When it comes to digital security, why do we always try to bandage and mitigate problems instead of solving them? Anti-virus is just about dead. Firewalls can do only so much. IDS systems are fairly error prone and don’t do well as preventing new attacks. Our authentication and permissions systems consist of archaic passwords and rwx file permissions.

The chips and memory and programming techniques have advanced, but security has done very little to keep pace. We cannot do much to stop e-mail spam, control network activity, or prevent against attacks because the network, hardware, operating systems, and applications either don’t support security or implement it as an afterthought. I mean, how are we suppose to protect ourselves if we are facing more than 15 new vulnerabilities per day!

Most users cannot and do not track and maintain their installed programs. Most don’t know how to be more secure and are not savvy enough to even understand how to work today’s complex (security) software. Remember: Your security is only as good as your weakest point; I only need to find one hole in order to slip past your security.

Security is a never ending battle for the defenders, which becomes more bleak when you realize that there is absolutely no way of winning. I think the only way we are going to have any real success is to compile all of our lessons learned from the past few decades, go back to the drawing board, and redraft the architecture of networks, computers, and software. Build security and usability into the design from the start. Take the bullet out of the gun and enable the safety to prevent people from getting attack (or shooting themself in the foot).

Posted by bockel
Filed in security
Leave a Comment »

What your OS says about your management style…

26 Mar 2007

While traveling this weekend, I was doing some more thinking about various management styles and how best to interact with each one (of my 4 bosses). As I am a big fan of using the right tool for job, almost daily I use 3 or more different operating systems — Windows for work, Linux for testing/development, and a Mac at home for photo editing and typing this post.

As far as management goes, each manager approaches their job in a different way and has certain characteristic and tendencies. I have already enumerated the various managing styles in a previous post.

So, how do managing characteristics and operating systems compare?

  • Linux: You are an engineer. You like technology and tinkering. You prefer to be your own boss and to stay away from personnel issues.
  • Windows: You are a micro-manager. You like to be informed and approve every action. You tend to be more old fashioned and worry about the consequences of Thinking Different (i.e., change). “You are making a management decision. Confirm or deny?”
  • Mac (OS X): You just want things to work and run smoothly. You empower your employees to get the job done and only need to be alerted when something major occurs. You are willing to spend the extra money for the look, reliability, and reduced maintenance. You may be easily excited about unsubstantiated rumors and unrealistic visions.
Posted by bockel
Filed in management
Leave a Comment »

On management styles

18 Mar 2007

One thing I’ve been thinging a lot about lately is the compatibility between managers and employees. Some people need direction and oversight, while imposing that on others would act as a major impedance.

For example, I tend to be self-motivated, enjoy being involved in many different tasks, and do best when I am able to manage my own time and priorities. I have come to the realization that either I am an anomaly in the workforce or I am incompatible with my management.

Since I work with similar, self-motivated types, I’ll immediately discount being an anomaly, which leaves me at option two. After talking to management, I have found that my feelings of frustration and incompatibility were not reflective; they saw no problems and were satisfied with my work (why doesn’t management like to give any appreciation?).

I think I’m safe to assume that management will not work to better interface with me, so the onus for improvement is on me. I have put together a guide to help understand management and provide some direction as to when to stay and when to start looking for a new position. When dealing with management, I have found that they tend to fall into one of four categories:

  • Adaptible — these people are born to be managers. They understand the strengths and weaknesses of each of their employees and leverages each to their potential. In order to be effective, these managers adapt their management style to best supplement each subordinate. They will bend over backwards for you and will try to address your every need. One of the unfortunate side effects, is that these managers are so good at supporting their employees, that they have high employee turn-over because of a high promotion rate (a good thing for you), and they spend so much energy supporting their employees that their accomplishments are often overlooked.
  • Inflexible — one of the most common managerial types. They can usually be identified by their tendency to micromanage, never provide any useful feedback, regulary schedule meetings that have no outcome, or other stereotypical management action. In conversations they tend to excuse things since “they’ve always been done that way” and will use phrases such as “in the past” and “typically”. Inflexible managers tend to have strong organizational, customer relations, technical, or other important skill that is perceived to be beneficial to the department or company. When coupled when a non-confrontational personality, these people will slowly creep into management.

    As far as their relation with their subordinates, they have a lot of understanding to do. Inflexible managers continue to do the same things in the same manner that got them promoted to their current position. They have one management style, which makes them ineffective at communicating with their subordinates.

    Luckily for some, an “Inflexible manager” can fall into one of two subclasses: those who realize their inflexibility and those who don’t. People who understand they are not adaptible will tend to only hire employees compatible with their management style or will depend on others to fill any deficiencies. Unfortunately, if your manager does not realize their inflexibility and it is highly unlikely your management will transform, it is your best (professional) interest to change management (or jobs).

  • Hands-off — these managers seem to not understand “management”. They simply do not manage their personnel. Hands-off managers appear to intentionally avoid any conflicts or issues and believe that things will take care of themselves. If you are managed by a hands-off person, you can say goodbye to any chance of promotion, as they will ignore all the good along with the bad. These management types are the worst, since many assume that the lack of communication means everything is okay.
  • The Pointy-haired Boss — as depicted in Dilbert these managers are just clueless. They think they know everything, but they cause more harm and frustration than good. The only benefit to these managers is that they are easy to identify and avoid as they tend to be enveloped by an aura of incompetency.

So, which type of manager is your boss? Is it in your best interest to stay in your current position? (Remember: it is usually in your boss’s and the company’s best interest to keep you, but usually they will next to nothing to show their appreciation.)

Posted by bockel
Filed in management
1 Comment »

About ownlife

18 Mar 2007

The motivation behind this blog is to provide me a location to log my current thoughts about pretty much anything — from security to work to opinions about life. I would imagine that most of my postings will be about my (professional) interests in computer security: logs, infosec, and vulnerabilities.

Since the content may be of interest to others, I will try to keep everything as generalized and anonymous as possible and actively encourage any passersby to leave feedback.

As a bit of insight into the motivation behind this effort, I am a supporter of the EFF and overtly aware of the information-dominated society that we are becoming. Stories such as George Orwell’s 1984 and the Wachowski brothers’ V for Vendetta. For any of you not familiar with 1984, the blog’s title “ownlife” is from Orwellian Newspeak and means “Individualism and eccentricity. A desire to do something for your own benefit.”

Posted by bockel
Filed in ownlife
Leave a Comment »
Follow

Get every new post delivered to your Inbox.