Monday, 30 November 2009


Straws Pulled at Random

The instrumental runout on this song is mesmerising.

OK, sure, it's a song about death. The whole fathermuckin' genre's about death, it's right there in the title, this is Death Metal. But it's also some very inspired, minimalist composition. It stays with you and haunts, like a Shadowman game. If you only ever listen to one Meshuggah track - and let's be honest, you probably will! - then make it this one.

Sunday, 22 November 2009

Security Digest #3

Catching up with the latest developments in our favourite MSDN Security Blogs, the SDL and Security Tools.

Two headliners already escaped from this month's Digest and skipped the queue: Volume 7 of the Security Intelligence Report, and Agile SDL. Here's a bunch of smaller announcements and developments for those who just can't get enough of that ol' computer security goodness!

Pirates v Ninjas v Engineers

Threat Modeling is the first port of call in your journey to software security.

Amusement and light entertainment were to be had at the end of October, when the SDL's Adam Shostack declared in favour of Engineers, in their never ending struggle with the Ninjas of Threat Modeling.

What's Ninja Threat Modeling? It's lean, focused, easy to learn, and readily implemented. Cory Scott explains all, while contrasting his arguments with more traditional security development lifecycle approaches - and in particular, taking an occasional swipe or three at Microsoft's history of data-flow diagram & attack tree approaches, and multiple Visio-driven offerings - in this quite comprehensive article from the Matasano Security (developers of Playbook) website:

Adam's articulate and considered reply sets out to compare the two different security methodologies, concluding that the MS-SDL has matured sufficiently to be considered the optimum choice whenever security considerations can be built into a project from the outset. Ninja Threat Models might be of use when an already developed or deployed system needs to be hardened, and admittedly, they do sound more focused and agile than traditional SDL. However they are necessarily less rigorous and less complete. And anyway, the agility factor has now been addressed in other ways.

InfoSec Assessment & Protection

Todd Kutzke, Senior Director of Information Security (InfoSec) at Microsoft, writes here about the InfoSec Assessment & Protection (A&P) Suite that's just been released.

The Assessment Tools include a complete rewrite of the managed code, security source code scanning tool, Code Analysis Tool for .NET (CAT.NET); and the Web Application Configuration Analyzer (WACA), which scans the development environment for various best practices, including: .NET security configuration; IIS settings; SQL Server Security; and miscellaneous settings for permission in Windows.

"Protection Tools" here refers to the Web Protection Library (WPL). This incorporates a diverse set of elements, for example Anti-XSS V3.1 (the Microsoft Anti-Cross Site Scripting Library), and the Security Runtime Engine (SRE).

Finally for this month, Anil Revuru has written the following two useful and quite comprehensive guides, for configuring and running stuff:

Until next time, Keeeeep Dancing!
Eh, no I mean, Have a Security Strategy.

Saturday, 21 November 2009

Wee Mac

Wee Mac - Sep 16th 1993 - Nov 21st 2009

the winged messenger

Linda and I married in June 1993. One particular day a few months later, I'm home from work briefcase in hand, and asking her what's for dinner. "There might be a clue in the living room," is the cryptic reply. Okay that's odd, I think, but we'll come back to it. "Any mail?" I ask.

She hesitates, then "There might be something in the living room."

Suddenly curious what I might find in that room, I'm slowly opening the door. She's come through from the kitchen behind me, peering over my shoulder. I'm getting a bit edgy.

A brightly multicoloured patchwork quilt lies on the floor at the foot of the sofa. Cautiously approaching it, I resolve a little matt black bundle in its middle. The bundle moves. It breathes. What is small, matt black, and breathing?

"It's a puppy!"

I'd mentioned before to Linda that I'd like a dog. In the past few months I'd complained - in fact, both of us had - whenever we saw someone walking their dog, how unfair it was that other people had dogs, aye and some had two or more. And we had none at all! Not even one!

So this is her surprise for me, a conspiracy hatched with her father, who's driven to collect the pup this day; and her mother, who's responsible for the swaddling. We name him "Mac". He sleeps through it all, blissfully unaware of daddy's arrival home.

Venus godess of love

Collies, and Border Collies in particular, are among the very cleverest of dogs. They spoil you absolutely for other breeds. After you've owned one, anything else is just a dog. Mac was easily trained, and learned many commands. Linda had plenty of experience of the breed - her previous dog, Sam, was legendary for his intelligence, both at home, and in Highland Shows where he'd often put the local working dogs to shame (winning so many awards, they changed the rules to exclude him).

Linda with Sam and Wee Mac - 1993

We used to joke that Mac was "a dog with a sense of humour," for example when you told him, "I'm gonna eat your dinner!" and he would growl, all the time wagging his tail.

Sometimes of course he'd be a little less clever than usual. Then I'd be forced to introduce him as "a genetic anomaly, the world's first border collie without a brain!" Wee Mac - as he'd come to be known, despite his absolutely average 20kg - didn't mind. Dog with a sense of humour, remember.

He was well loved. When Linda and I were both at work, he would spend days with my father, and my aunt. Mac was simply too clever to be left alone, and they doted on him too. Linda had already made an impression by training dad's previous dog Kerry, a Kerry Blue terrier of course, to walk on the lead, sit at the kerbside, and come back when recalled. This was a unique novelty; we'd never had such a clever dog before! But all that was as nothing to the range of tricks of which Mac became the master.

Whenever we went on holiday, well as Linda would say, "There's no show without Punch!" and so we had to ensure that our accommodation, cottage, caravan, or other, welcomed pets.

His first summer, we took him on his first of many trips to Embo, by Dornoch, Sutherland. Grannie's Heilan' Hame, to be exact. Once he discovered the beach there was nothing we could do to keep him away from it. We might think that we had him completely under control on an extending lead; next minute he was off, racing across the sand and rocks and into the brine, with his useless lead reel bouncing and clattering along behind him.

Mars bringer of war

Wee Mac's life was sadly blighted by being viciously attacked, while still only weeks old, by a neighbour's adult dog. The attack was a sustained one; I had of course put Mac on a lead, and was unable to let him go or pick him up to safety, so all I could do was pull him around in circles trying to get him away from his uncontrolled attacker, while the idiot owner stood back laughing. Mac had extensive surgery to repair his head and face, and was lost to us for a few days.

As a direct result of this, and subsequent similar experiences with the same attacker, Mac was never socialised. Despite numerous visits to training and obedience classes, he never learned to approach another dog without attacking it. His insecurities could occasionally lead him to turn on people too, particularly when someone pulled at the side of his collar, which I'm certain reminded him of that terrifying first attack.

Jupiter bringer of jollity

That aside, Mac's development was unremarkable, and he liked almost any other type of animal - with a particular fondness for cats, oddly enough. He displayed almost parental affection for a friend's guinea pigs, when once they were left in our care for a few days.

Nothing, obviously, was better than being at the seaside. Mac would always chase the waves, trying to catch them in his mouth, and end up with a belly full of salt. He'd swim out to retrieve floating sticks and toys, occasionally substituting one if he lost it.

He'd cheerfully pick up a "stick" that could actually be anything up to a fallen tree trunk, between three and twelve feet long, and three inches thick; adjust his grip by increments until it balanced in his muzzle; then run to you, dropping it at your feet. Waiting for you to throw it.

Actually, he'd drop it just far enough from your feet to make you do the work.

He had a slight heart murmur, and spent much of his life on medication for that. Not so much as you'd notice though, his spirit was strong, and his personality could not be suppressed by a little water tablet, or ACE inhibitor.

Mac was always first beneath the tree every Christmas morning, looking for his treat & squeaky toy stocking, which he would invariably unwrap for himself. In fact, he didn't always wait for Christmas morning! And if he visited you any time around then, your tree would get the same treatment.

His obedience, cleverness, and sense of fun, endeared him to everyone who knew him.

Saturn bringer of old age

Time brought him cataracts, at an age and a condition where nothing could be done about it. And so time also brought him near total blindness - or at least presbyopia.

Old age brought him deafness too, which signalled an end to his ability to respond to commands, except for one: he would still recognise as a recall signal, an arm waved in a circle, sufficiently far away. On the positive side, he was no longer freaked out requiring tranquilizers on fireworks night.

Then came arthritis, and his medication had to be supplemented with painkillers, first anti-inflammatories, then opiates. He began to have trouble standing up and - particularly - sitting or lying down.

Uranus the magician

We extended the steps into our house, lengthening the slabs so that he could get in and out more easily. We'd earlier tried out a dog ramp, but once he'd decided he didn't trust that, then it was never going to get used - he went out of his way to avoid it. Personally I think its metallic construction reminded him of the decks and walkways on the bridges and ferries he'd encountered on holiday when younger, and he didn't like those. Particularly on one tragi-comic occasion - on a ferry to Orkney I think - when we'd just managed to get him to calm down in our arms, before a previously unnoticed ship's horn blasted his ears from a range of two feet.

Mac generally slept on a Snoozee Dog blanket in our room. But as he got older, his trips upstairs at night grew less frequent. That made it all the more special when after a good day's rest, he would suddenly find the stamina to follow us, looking for company. We would hear him, slowly shuffling upstairs two or three steps at a time, sometimes finishing with a burst of half a dozen in his race to the finishing tape.

These were good times, when we felt that we had our wee boy back with us, and they gave us hope that the various medications, and his diet, were helping to make his later life a bit better and more comfortable for him.

Neptune the mystic

Inevitably and inexorably, these magical interludes grew less frequent, and more troubled. Sometimes he would fall back downstairs, while most other times he could not summon the effort to make the attempt. His pains grew worse, and he began to go off his food.

follow me down
to the valley below
you know
moonlight is bleeding
from out of your soul

Eventually, Mac stopped eating almost entirely, and couldn't even be hand fed. When it seemed that his life contained nothing but pain, we prepared ourselves to face the inevitable.

my David don't you worry
this cold world is not for you
so rest your head upon me
I have strength to carry you

Today we both held him, kept him calm and reassured, while our vet administered the sleeping jab. It was a very peaceful end. Then we cried. He had gone so quickly.

come to us
it's time for you to go

Tonight, we toasted the immortal memory of our little absent friend. Wee Mac was 16. Or to put it another way, he was 113.

He's been with us for all of our married life. He's been with us, ever since Linda and I have had our home together. We have always been three. But now, our identities have changed, we're no longer mummy and daddy. Now there's a ghost in every room, in the garden, in the back of the car. I glance over by the sofa, and for one instant, think I see him there again.

It's just a pair of slippers.

Headings inspired by "The Planets" by Gustav Holst
Words from "Lazarus" by Porcupine Tree written by Steven Wilson

Power Corrupts!

Updated Nov 26th 2009 to add: Today I'm an Independent, because today's Scottish National Party, financed by a homophobic religious fundamentalist, fails to convince me of its commitment to the separation of church and state - a commitment essential to the health and survival of our multicultural and multi-ethnic society.


That's the heading provided by Charlie Stross in his rantlet against the Digital Economy Bill published this week. But whilst that bill is certainly something to get worked up about, and for a host of reasons, Charlie on this occasion very wisely puts his health first; links to Cory Doctorow's exposition of the latest Mandelson scandal; and asks others to step up.

Well, this time I did. Firstly, by joining - at last! - the flood towards the Open Rights Group, and setting up a direct debit to support them. And secondly, by picking out what I regard as the single worst infraction of human rights contained in these proposals, and writing a letter to my MP:

Dear John Mason,

We have been utterly shocked and dismayed, almost beyond our powers of expression and protest, by the recently revealed ultimate form and content of the Westminster government's Digital Economy bill.

Can you please assure us that the SNP regards Internet connection as a basic human right, as do a growing number of European nations (Finland, Spain); that the Party in the House of Commons, with the vocal support of the Scottish Government, will not tolerate, nor indeed contemplate, for any reason whatsoever, the degradation of service and/or disconnection of an entire family from the full range of vital services provided by the Internet; that in particular, such or similar sanctions should never be countenanced on the basis of a copyright infringement or related accusation, against any one family member; and finally, that the Party's resolve on this issue stands ready to challenge the relevant provisions of the bill through, and to the exhaustion of, all possible available avenues of blocking and appeal, both in the UK and in a European context.

We write to you as long time active members and supporters of the SNP, both as office bearers and as canvassers / leafleters, who have worked hard over many years to help bring the Party to its currently successful milieu. Throughout all those decades of campaigning, the one indispensable principle of our activism, from before the Poll Tax to free prescriptions on the NHS and beyond, has been the fundamental and special humanitarianism, the blessed sense of fairness, of the Scottish people.

There is much that is rotten, corrupt and foul in the provisions of Mandelson's bill, but Internet disconnection surely rates as the most pernicious and abhorrent suggestion, an affront to the sensibilities of our national psyche.

I trust that we can count on your support against the despicable measures being considered in this proposition.

Yours sincerely,

John M. Kerr
Linda M.G. Kerr

Political corruption knows no bounds, and is more than happy to form opportunistic coalitions with apathy, gullibility, stupidity and his dog. Peter Mandelson has perhaps the most impressive record of aggressive impropriety and power grabbing avarice, of any UK politician active today. In his most brilliant and terrifying piece of duplicity to date, he recently indicated that he'd be equally happy to work with a Conservative government.

He is immune to the intentions of an electorate that never did vote for him, and never would.

Mandelson was a serially unelected minister, originally without portfolio, and as we now see, without loyalty to any party, or visible principles of any kind. Yet he wields such power at Westminster, in the House of Lords, wholly because of the extreme weakness of this Labour government. Having been repeatedly forced to resign over this and that scandal, nevertheless he has managed to find, in Gordon Brown's dismal desperation, a way to insinuate himself back into the centre of UK politics and power, and once there, to coat himself with Teflon.

This is a time for protest, but this time, your vote alone won't cut it. We need a new wave of activists, ready to go into battle with pens and voices raised. Fit and willing to engage the enemy in a dirty fight for the survival of intellectual and creative freedom, yes, and for basic human decency. We need you!

Because I'll only be 50 for another day or two, and this rousing blog article is the third activist-y thing I've done today. Seriously, I need to lie down now.

Please join the Open Rights Group. We have to start somewhere.

Monday, 16 November 2009

On Education

Schools Of Horror

Little Nephew visited at the weekend, looking for help with his electrical studies. I was able to supply a few aides-mémoires, happily (read: phew! dodged a bullet there), which I hope might help to see him through the forthcoming trials.

The biggest assignment problem involved reconstructing a circuit from a written description. Daunted by the unaccustomed length of text, he'd made no attempt at this. My response was to read the question to him, one short phrase at a time, sequentially and without alteration, while he sketched each step on his notepad. Result: one error, which I'd guess translates to a mark of six from a possible seven. Mission accomplished, eh? And lesson learned: there's no reason to be intimidated by the question!

But then he showed me the solution provided by his teacher. This contained two errors.

Four of us enjoyed a communal eyerolling. Eww, those teachers, what are they like?! No big deal, they're under a lot of workload and other stresses, anyone can make a mistake, blah, blah...

Then my thoughts backed up to Guy Fawkes Night, 240 hours earlier, when we had visited Little Other Nephew to join in some fireworks fun. During conversation, his mother related the following catalogue of horror! How many non-conformance instances can you find in this account?

The school janitor had asked him, and some other pupils, to move some bricks from A to B. The said bricks were insanely dirty. Teacher could think of no way to clean up the kids. Instead, got each pupil to write a note to the parents, apologising for state of child's clothes. Teacher then extended each such note, to confirm pupil was (obviously) to blame, for having obeyed janitor.

Answers? Actually, we haven't yet reached the full horror of the tale. In the latter section of the note, written by the teacher to confirm the child's guilt, we find this:

"They know they should of stopped..."

Sic, as they say, who value their gift of grammar.

Wednesday, 11 November 2009

Agile SDL

Non-RSS readers might have noticed the title "Announcing SDL for Agile Development Methodologies" (by Bryan Sullivan of the MS-SDL team) float past in the "Blogs" sidebar yesterday.

The SDL structure presents a problem for Agile methodologies, simply by virtue of having been in development for so long; it's basically presented as a waterfall (or at best, a discrete and non-time-boxed iterative cycle) process, because that was the predominant mode of working in the early years of this millennium. In addition to this, the SDL was originally developed to support very large products, such as Windows itself, and Office; products with very long development cycles. Looked at from an Agile perspective, the SDL is enormous, monolithic, and chiseled out of Aberdeen granite.

Getting these two to play nice together was never going to be very easy.

As you might have expected, Microsoft has been working on this problem over the past year. Specifically, a cooperation of security professionals from the Online Services Security & Compliance team, Trustworthy Computing Security, and the SDL, have developed a process to solve the methodology mismatch. Their solution is incorporated into the latest release (4.1a) of the SDL Process Guidance document (1.1MB docx), starting on page 45, in a chapter creatively captioned "Security Development Lifecycle for Agile Development".

The key idea is to split the SDL requirements. With Agile cycles of a week or three being the norm, not all of the SDL requirements can be addressed in every sprint (to take Scrum as an example). The optimum compromise has been determined to comprise three categories of SDL requirement, and their related task sets:
  1. Every-Sprint - e.g. new feature thread modelling, web i/o sanitizing;
  2. Bucket - e.g. verification, design review, response planning tasks;
  3. One-Time - baseline threat model being the largest of these.
The source document goes into plenty of detail about these task sets, both in the Agile section and in the related appendices. To quote Bryan Sullivan,

We believe we’ve developed a process that is faithful to both Agile and to SDL, in which teams can innovate and react quickly to changing customer needs but in which the products they create are still more resilient to attack.

Download it here.

Friday, 6 November 2009

SIR (yes, SIR)

Security Intelligence Report

I know, because they told me, that one of the reasons certain of my colleagues don't blog, is that a "typical" entry would be along the lines of "Here's a link to something interesting." And that would be that.

I have times like that. While I normally stack them up until there's enough to compile a summary, like the "Security Digest" posts here and here, sometimes by contrast the backlog is too interesting to wait that long. A case in point is the Security Intelligence Report, Volume 7, published this week by Microsoft. Bryan Sullivan of the SDL group mentioned it on Wednesday,

for the purpose of drawing attention to one particular piece of analysis, namely the number of industry-wide reported vulnerabilities, as broken down by category: OS, browser, and application. A worthwhile graph (worth a thousand words at any rate) summarising these results can be seen here:

but I'd like to make a couple of additional comments on this.

App vulnerabilities show an incessant upward trend, with just two exceptions: 2H07, and 1H09. These isolated drops can be traced directly to significant events in the SDL roll out.
  • In the first case, 2H07: although the life cycle project was initiated internally at Microsoft by His Billness in 2002, there was a lengthy period of digestion and gestation (there I go again with the metaphor train wrecks), and in fact early 2007 was the tipping point for adoption by third parties. This is evidenced by the publication and/or update of numerous related MS resources. For example, the MS-SDL blog started that April, in response to "a lot of friendly pokes from customers, partners, colleagues, and competitors, asking us to say more about [the SDL] in an open forum". Realistically, 2H07 was the very earliest point at which these resources and materials could possibly have had any measurable effect on third party (vulnerability exploit) mitigations.
  • In the second case, 1H09: well what can I say, except - welcome to the new, improved, Team System... now with added SDL!
Secondly, whilst not visibly tracking the app security holes over any analytically useful window, the OS vulnerabilities nevertheless have shared the recent dip observed in the apps. Why? After all, app vulns are predominantly 3rd party, while OS vulns (at least in this study) are exclusively MS. Maybe MS simply made a better effort over the piece, to patch OS vulns asap?

Finally, take a close look at those browser vulnerabilities. Shunning the trend, these have risen once again. I've mentioned recently that this particular trend should be expected, simply as a consequence of the widely reported change of focus on the part of the exploiters. It does not take an Einstein, nor indeed a Schneier, to foresee a continuation in this area.

The full detail of the SIR can be read here:

Monday, 2 November 2009

Bruce Schneier in London

From the Open Rights Group blog:
Event with Bruce Schneier:

The Future of Privacy:
Rethinking Security Trade-offs.

We live in a unique time in our technological history. The cameras are ubiquitous, but we can still see them. ID checks are everywhere, but we still know they're going on. Computers inherently generate personal data, and everyone leaves an audit trail everywhere they go.

Bruce Schneier, internationally-renowned cryptographer, technologist and author, will share his vision of current and future technologies' effects on privacy. Schneier rejects the traditional "security vs. privacy" dichotomy in favor of a more subtle and realistic one.

Data is the pollution problem of the information age and we need to start thinking about how to deal with it.

When? Doors open at 1830, Friday 4 December 2009

Where? St Albans Centre, 18 Brooke St, London, London EC1N 7RD

Jim Killock, Executive Director of Open Rights Group, will chair the audience Q&A. Drinks will be available at the venue before and after the talk.

An audio and video recording will be made available after the event.

General admission tickets are already sold out ;-) so you'll have to join the ORG to attend. Extra bonus: join today for a free signed copy of Cory Doctorow's Little Brother!

Already a fan, I read Cory's Little Brother online soon after publication, but later shelled out for a signed copy to give to Little Nephew (yes, that's where he gets the name) last Christmas. When Little Niece asked to read it, he surprised me, not to mention stymied Cory's honourable Creative Commons licensing intentions, by charging her a quid for the privilege.

So wrong. In so many ways. And yet somehow: Attaboy!