“died of states’ rights”

I am reading the first paragraph of “Local Defense and the Overthrow of the Confederacy“†:

“In recent years it is becoming more apparent to students of Confederate history that the Confederacy collapsed more from internal than from external causes and the most disastrous of these internal ailments was the attempt of the southern people to practice their theory of state rights during the war. This destroyed the possibility of cooperation, embittered and demoralized the people, and pitted the state governments against the Confederate government like hostile powers. This struggle between the states and the Confederate government extended into many fields, mostly related to the conduct of the war. One of the most important of these fields was the matter of local defense. It is the object of this paper to present a careful study of the policy of local defense in the Confederacy, and show how it contributed to the downfall of that government.”

How’s that any different from the EU (the Confederacy) and the financial crisis (the conduct of war) it is in right now?

[†] – Interesting paper for Game Theory newbies by the way

Embracing the Kobayashi Maru

It seems that I am not the only one who has thought† that the Kobayashi Maru can be used in a cyber security context. “Embracing the Kobayashi Maru: Why You Should Teach Your Students to Cheat” describes the tricks employed by the students when they were given a very short notice to memorize the first 100 digits of π and then write them down. The students were allowed to cheat, but if they were caught they would fail the exercise. This as part of a class that aims to help students build adversarial thinking.

While the discussed solutions were indeed innovative, I strongly believe that the average Greek University student would come up easily with a few working plans :) Next time, if the authors want to make the exercise harder, they should use the previous students as proctors and grade them too. That would develop adversarial thinking even further and could become the Prison Experiment for cyber security.

Hat tip to GK for showing me the article!


[†] – Cyberdefense and the Kobayashi Maru.

on cyber attack attribution

Whenever an attack is traced back to Russia (like this one) or China, the attribution decay is very fast. One cannot be very sure of whether this is an attack that was initiated from “within” these countries, or whether they were used as hops conveniently pointing to the usual suspect. Another interesting observation is that although

“states that deny involvement in a cyberattack, but refuse to open their investigative records to the victim-state, end up casting doubt on their willingness to stop cyberattacks and cannot expect to be treated as a state living up to its international duties. In effect, host-states that refuse to cooperate with victim-states are unwilling to prevent cyberattacks and have declared themselves a sanctuary state“†

this does not seem to (openly) apply to super-powers.

Update: It seems that this specific incident of critical infrastructure failure was not a cyber attack:

The failure was due to a faulty command inputted by a contractor several months ago who accessed the system remotely while travelling through Russia on personal business. Over time, his mistake caused greater and greater errors until, several months later, the pump failed.”

We should never attribute to malice what can be attributed to a mistake.

[†] – Solving the Dilemma of State Responses to Cyberattacks

“you ALWAYS pay”

Lately I find myself frequently pointing to this USENET post by Vladimir Butenko. Since it is a rather long post, I quote here the parts that really make it worthwhile, without having to read the whole thread:

If you need something, you pay. Either in cash, or in your own time, or in consequences of not having what you really need.
:
Bottom line: you always pay. You need a simple thing – you pay a small amount, you need a big thing – you pay more.

People tend to underestimate the value of their personal time invested.

Update (2011/12/10): Spotted this comment on LinkedIn by Valdis Krebs:

When choosing “free” software consider how much your time is worth. Unless you have a friendly local mentor who loves spending time with you at all hours of the day, you will spend many many hours learning and making mistakes… alone… while waiting for on-line groups to respond to your pleas for assistance. In the end, software is never free. It always requires an investment to use it correctly.

Observations from a house broken into

  • Schneier’s Law holds for households. No matter where you’ve hidden it, the burglars will find it. They’ve seen it before.
  • If you want a post assessment on what inside your house has some street value, just make a list of what is missing.
  • A friend observed that people probably do not upgrade their locks as frequently as their software.
  • Why did this happen to me? Why not, indeed.
  • Every day you discover another thing missing. Confusion: Was it stolen or is it just misplaced?

11/11/11

The date is not 11/11/11. It is 2011/11/11. Have people forgotten Y2K? Do they really try to find meaning in every number, even if this means devising it? The only dates that matter are (reasonable) deadlines.

In other news, today Lucas Papademos assumes his new post, as Prime Minister of Greece, charged to do the impossible. And he is to do so by using the same bloated, inefficient (even after downsizing) and resisting to change Public Sector machine. So the question arises:

– If he succeeds, what does this tell us about all our previous leaders?