About Me

I ramble about a number of things - but travel experiences, movies and music feature prominently. See my label cloud for a better idea. All comnments and opinions on this blog are my own, and do not in any way reflect the opinions/position of my employer (past/current/future).

07 June 2014

NSA's Operational Security Failures

In the May issue of the Communications of the ACM, Bob Toxen does a thorough examination of the operational security failures of the NSA in the Snowden leak. Snowden, as an administrator did have privileged access to many systems, but the scale of the leak, and the access control failures that allowed for the leak points to wide scale operational security failures. 

I do not agree with Bob Toxen on the ease of detecting smuggled USB sticks (in or out of the organisation) - modern USB drives are far easier to smuggle in, and it is even easier to smuggle in SD cards and the like. I do agree with his assessments on the scale of logical access control failures: administrators in any large organisation should certainly not have access to all systems; and users with higher classification accounts should require multi-factor authentication to access highly sensitive information. These are not new dangles processes or controls, and in fact the NSA helped write some of the key theory and practical guides in this area.

The learnings of the NSA's failures extends to most organisations. Unfortunately, unlike the NSA, most organisations do not have effectively unlimited funds at their disposal.

05 June 2014

Movie: X-Men: Days of Future Past

Like super hero movie franchises like Superman, Spiderman and Batman - which have all effectively retold the same story in slightly different ways; the X-Men franchise was seemingly going in the same direction - especially when X-Men 3 killed off so many characters, and X-Men First Class and the Wolverine movies started telling back stories. Days of Future Past is effectively the best way to extend the story without retelling the same stories. 

At its heart, this is a time travel story - the current X-Men universe is over-run by killer robots that want to exterminate mutants; and so the solution is to send the ever-green wolverine back to the past to stop the extermination starting in the first place; and hopefully the mutants and humans will live happily ever after. The story now leaves lot of scope for new stories to be told - since the universe is effectively reset.

As an action, super-hero movie it is great entertainment. The opening battle scene is frenetic and the prison break scene is a touch of genius.That said, I hope future X-Men movies do with fewer characters - and really explore the myriad of great characters - instead of just throwing so many of them at the same time on the screen. In a battle for survival, it made sense (even though the mutant cast is substantially reduced) - otherwise they would just like become X-Men 3 - garbage.

03 June 2014

Jon Stewart's Extended Interview of Timothy Geithner

The Daily Show, and especially the extended interviews are not easily accessible outside the US; and that's a pity - as Jon Stewart is an amazing interviewer. The interviews are far more in depth and in detail than many news channels - especially those that are seemingly "constrained" in their ability to get news; despite the fact that news is their business. The extended interview of former US Secretary of Treasury, Timothy Geithner - on the bailout and financial crisis is amazing. It was one of the clearest discussions on the motivations, constraints and ideas that shaped the US bailout. There is no real conclusion on whether it was the best way, but the discussion is definitely worth watching to at least understand all the various pressures.

Unfortunately, I think the full interview is only available on torrent outside the US.