NATO’s New Strategic Concept and the Cyberspace

Excerpts from NATO’s “Active Engagement, Modern Defence“:

12. Cyber attacks are becoming more frequent, more organised and more costly in the damage that they inflict on government administrations, businesses, economies and potentially also transportation and supply networks and other critical infrastructure; they can reach a threshold that threatens national and Euro-Atlantic prosperity, security and stability. Foreign militaries and intelligence services, organised criminals, terrorist and/or extremist groups can each be the source of such attacks

19. We will ensure that NATO has the full range of capabilities necessary to deter and defend against any threat to the safety and security of our populations. Therefore, we will:

* develop further our ability to prevent, detect, defend against and recover from cyber-attacks, including by using the NATO planning process to enhance and coordinate national cyber-defence capabilities, bringing all NATO bodies under centralized cyber protection, and better integrating NATO cyber awareness, warning and response with member nations

[via]

On vendor lock-in

(and sometimes open-source vendor lock-in)

Thanks to @nzaharioudakis (whom I had asked whether Debian stable is an adequate platform to run Zimbra on) I remembered the following quote from “Conquest in Cyberspace“:

“The seducer, for instance, could have an information system attractive enough to entice other individuals or institutions to interact with it by, for instance, exchanging information or being granted access. This exchange would be considered valuable; the value would be worth keeping. Over time, one side, typically the dominant system owner, would enjoy more discretion and influence over the relationship, with the other side becoming increasingly dependent. Sometimes the victim has cause to regret entering the relationship; sometimes all victim regrets is not receiving its fair share of the joint benefits. But if the “friendly” conquest is successful, the conqueror is clearly even better off.”

Even though the above is written in cyberwarfare (political) language, the point is very clear and the IBM executive’s phrase becomes well understood:

“Because you don’t want to get locked into an open system”

(One has to keep in mind that the phrase is taken somewhat out of context. Some 20 years ago when he spoke of “open systems” he meant OSI).

I do not want to get locked in any system.

→ “You ALWAYS pay

re: See the Messages that Matter

After reading Facebook’s blog on Messages, I thought I should write down some thoughts:

“Messages is not email. There are no subject lines, no cc, no bcc, and you can send a message by hitting the Enter key. We modeled it more closely to chat and reduced the number of things you need to do to send a message. We wanted to make this more like a conversation.”

Initially I thought of write(1). This feels like unix communiation (ytalk, irc, etc) done the Web 2.0 way. Or as some pointed out on twitter, like Wave without collaboration tools.

As for the Social Inbox, this is an implementation of a concept similar to Gmail’s Priority Inbox. Messages from people I know go into the Inbox, the rest go to the Other Inbox. Pretty simple classification mechanism (and quite effective).

“We are also providing an @facebook.com email address to every person on Facebook who wants one. Now people can share with friends over email, whether they’re on Facebook or not.”

Messages is not email, but it builds a walled garden. And like I once read (and frequently repeat) in the Internet walled gardens are doomed to communicate via SMTP.

A simple Pomodoro timer

I first heard about the Pomodoro Technique by @sugarenia. The technique is basically this:

Work on a task for 25 minutes (a “pomodoro”) and then take a break for 5 minutes. Every four pomodoros, take a longer break.

Like the book proposes, I am using a kitchen timer (I did so after reading Lakein’s book back in 2008). Besides using hardware, there exist a number of software packages that countdown from 25 minutes. I think however, that that following shell script is among the simplest (if not the simplest) implementations:

#!/bin/sh
( sleep 1500 && xlock ) &

If you find the xlock(1) approach harsh, you can always use a variation like xsetroot -solid red.

( Tested on OpenBSD-4.7 )

Επίσκεψη στο CoLab

Χτες μετά από τη δουλειά μαζί με τον @kotsgeor επισκεφτήκαμε το CoLab. Μας υποδέχτηκαν ο Σταύρος και ο Σπύρος. Μας ξενάγησαν στον (πολύ όμορφο και ζεστό) χώρο και μας μίλησαν για το τι σκέφτονται για το CoLab και τις συνέργειες που επιθυμούν να ξεπηδήσουν μέσα από αυτό. Τα παιδιά είναι ανοιχτά σε ιδέες από τους επισκέπτες ώστε να μπορούν να προσφέρουν μέσα από το χώρο ότι περισσότερο μπορούν για τους υποψήφιους χρήστες του. Δεν αρνήθηκαν να απαντήσουν σε καμία μας ερώτηση, όπως π.χ. τιμολόγηση των παρεχόμενων υπηρεσιών (που δεν υπάρχει ακόμα στο site).

Flashback: Από το 1990 μέχρι και σήμερα έχω δει πολλούς χώρους που θα τους ονομάζε κανείς hackerspace. Έχω δει ιδέες καλές, κακές ακόμα και καταδικασμένες να κάνουν τον κύκλο τους. Έχω δει να οικοδομούνται σχέσεις φιλίας, εμπιστοσύνης και σεβασμού στην ικανότητα, όπως έχω δει επίσης να συμβαίνει ένα απίστευτο μοίρασμα της παραγόμενης γνώσης. Ήμουν εκεί όταν κάποιος είχε μια πραγματικά εφυή ιδέα και ξέρω αυτή τη λάμψη στο μάτι. Έχω δει το αποτέλεσμα. Σε όλα τα παραπάνω όμως δεν υπήρχε κάτι, στο οποίο στοχεύει το CoLab. Το οικονομικό κίνητρο των χρηστών του χώρου. Γιατί οι χώροι αυτοί ήταν πανεπιστημιακά εργαστήρια.

Εύχομαι στο CoLab καλή αρχή και να εκπληρώσει το σκοπό για τον οποίο δημιουργήθηκε. Ερμού 44 στον πέμπτο όροφο. Αξίζει να το επισκεφτείτε, να δείτε το χώρο και να μιλήσετε με τα παιδιά μόνοι σας.

Dear consultant

Dear (billable by the hour) consultant-

You are brought in to help us find a solution. You are not to bring the one solution that you know and try to fit us in there. You are to find a solution that fits the client, not a client that fits the solution. So next time please present at least two different solutions (see here why), otherwise we are going to bill you for our time instead.

[ Inspired by discussions with colleagues from both the private and public sector ]

The other side

Δεν έχω συχνά την τύχη να βρίσκομαι μαζί με αρκετό κόσμο που δουλεύει με τον Exchange. Όταν όμως συμβαίνει αυτό, πάντα φεύγω έχοντας μάθει κάτι παραπάνω, όπως π.χ. την ύπαρξη των παρακάτω “ποστμαστερικών” blog που αφορούν κυρίως το συγκεκριμένο εργαλείο:

Please do not mix CNAME and MX RRs

From time to time I observe the following email setups, from web hosting providers mostly:

$ host -t mx example.com
example.com mail is handled by 5 mail.example.com.

$ host mail.example.com
mail.example.com is an alias for www.example.com.
www.example.com has address 192.0.2.2

In other words this is a single server that provides web and mail services, The devil is in the details though: mail.example.com is an alias for http://www.example.com. This is a mistake as when something is declared as a CNAME, it cannot have other resource records bound with it. I copy from DNS for Rocket Scientists:

CNAME RRs cannot have any other RRs with the same name, for example, a TXT – well that was true until DNSSEC came along and in this case RRSIG, NSEC and certain KEY RRs can now occupy the same name.

So the above setup is wrong. The correct setup would be the following:

$ host -t mx example.com
example.com mail is handled by 5 mail.example.com.

$ host mail.example.com
mail.example.com has address 192.0.2.2

$ host www.example.com
www.example.com is an alias for mail.example.com.
mail.example.com has address 192.0.2.2

That is if you want to use a CNAME at all. Personally I am using A RRs instead of CNAMEs whenever possible. But why cannot a CNAME carry any other information? I copy from RFC1034 (section 3.6.2):

A CNAME RR identifies its owner name as an alias, and specifies the corresponding canonical name in the RDATA section of the RR. If a CNAME RR is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different. This rule also insures that a cached CNAME can be used without checking with an authoritative server for other RR types.

So please people, correct your defaults. Your clients will benefit from that.