Once Again We Bid Farewell to a Beloved Cat! RIP Gwen

Here we are again on a sad day for our beloved pets. Just shy of 19 years but going on a thousand (she aged with grace all the while being the grumpiest sod on earth), Gwendoline was bade a fond farewell today (2009-10-27) with great hesitation but compassion. Time had come to pass as Gwen's health had been seriously degrading over the past few days...

We had been hesistating for awhile as she kept pinging back to a pseudo state of well being. Our running joke was that she would outlive us all or at least her cat siblings out of pure jealousy and spite. But yesterday, her mother and I realised that her health had taken a big fat slap in the face, which was confirmed by the Vet this morning (very little to do and it would only help her for a couple of days) as with advanced age comes the slow detoriation of critical body functions like bowel, bladder & mind. So this morning around 10:00, Gwendoline drifted off to a better place!

There are fond memories of Gwen as she has always been very close to both of us despite her inate jealously of all over cats (except Mogwai)! At one point she was even jealous of our own relationships and was quickly renamed my second wife as she would force herself between us in bed.


Overall, however, she seriously preferred her mother and as she grew older became a permanent appendage on her arm. She did love us greatly and continuously demonstrated her affection toward us all.

Gwen will be remembered as the much loved jealous queen of the manor! ;-)

Farewell and R.I.P.

PS: don't worry, life goes on, the populus was augmented just last week with one female black entity (Beauty - the basement cat).

Thus Begineth a New Chapter in my Career

Tomorrow [1 October 2009], I am embark on a new job and role. I am moving away from the general IT consultant & internal architect role in the big corporate environment to a more focused architect/consultant role for a security software company. I will be more focused on helping customers pull together IdM solutions using the company's product.

This will be an interesting change providing a much more focused activity on one specific subset of security but I hope to carry on exploring the vast and interesting subject that security is. My last position lasted almost 10years and in itself was quite interesting considering the variety of activities and projects I was involved in. This new position will be just as challenging if not more as I will be participating in the growth of this company as it evolves internationally (they are already a major player in the domain in this country and are planning to expand heavily in the rest of Europe, middle-east and the US).

On the other side and for my personal growth, I am still working on a few things including passing my GCIH (that happens next wednesday), doing the CISSP (end of October) and continuing to look at developing for the iPhone & Android platforms. Hopefully, I will also be able to finalize a couple of blog entries I am working on the subject of the real-time web, a micro-blogging feature request and some thoughts on Vanish.

Wish me luck!

A Fun Way to Understand AES!

Constantly on the look out for information on encryption and better understanding of the mechanisms behind algorithms, I was amused to discover this morning the MoserWare's A Stick Figure Guide to the Advanced Encryption Standard (AES).

The information presented is significantly accurate but presented in a humorous plain cartoon format. Quite enjoyable! What was interesting is that it goes back to the history of how AES came about and presents a basic overview of how block ciphers work...

Application Updates Tops Cyber Security Risk, Real World Fix is More Complex

A few days ago, SANS released it's new Top Cyber Security Risks report with a new interesting twist to the usual well-explored risks (such as web server vulnerabilities). The new risk that is highlighted quite effectively is the problem of application vulnerabilities which have had an increase and become much more visible. A good example of this has been the ongoing reports of vulnerabilities in Adobe products such as Flash and Acrobat.

Part of the issue that is highlighted by the report is the slow turn-around to deploy application patches/updates to reduce the risks and fix certain vulnerabilities. This is in fact no surprise! Having spent a number of years in the corporate IT security environment the application update process is a bigger dilemma than one might think. There a number of factors that impede an effective and complete application patching process be it for a few thousand to 10's or 100's of thousands of an installed client base. Some of these issues can be highlighted by the three following concepts:

• Online availability of clients to receive the updates, making it more difficult to get an effective deployment rate;
• Patches for versions that are in-use might not exists and upgrading to new versions presents other challenges such as budgets, compatibility with other applications, continued functionality support for the business solutions;
• Patches (or upgrades) can break or change features that are relied upon by business solutions or process effectively breaking the latter and presenting an impediment on business ability to work effectively.

For a corporate IT security team a balance has to be achieved between the need to carry out effective patching or upgrading versus the need to let the business continue to work as effectively and efficiently as possible. This is the hard truth, patching to mitigate vulnerabilities is not necessarily the best solution for a business if it breaks functionality or impedes the business process!

An effective IT security team will understand this and works towards an acceptable compromise that balances the risks versus the business' ability to carry on efficiently through policies and process that mitigate the risks or control/patch the vulnerabilities. Notably, the report section on best practices for mitigation and control provides a number of effective risk management techniques that start by understanding the applications that present risks and building an effective defense plan...

Related Links:

• SANS www.sans.org
• The Top Cyber Security Risks
• Twenty Critical Controls for Effective Cyber Defense.

Firefox 3.5 Hates Google Searchs Rant

After recently updating to Firefox 3.5, I have run into a seriously annoying and killer problem. Firefox 3.5 refuse to correctly load Google searches in a reasonable amount of time or even the Google main page (www.google.com). In a painstaking attempt to figure this out, I have tried everything from running Firefox in safe mode as well as turning off things like Norton Internet Security.

The problem doesn't lie in my computer or in my infrastructure. Firefox loads all other pages normally (including Bing.com) and even loads mail.google.com as well as reader. It's just the search that it doesn't want to do. BTW, IE, Safari & Chrome load the pages perfectly well!

Enough is Enough... Let me know if you've had similar issues?

To Reader or Not? Can we Really Do Without It?

Yesterday being the 2nd Tuesday of the month, saw the usual slew of update notices from the regular culprits. However, a new actor came into play this month: Adobe! The first appearance of what has been nicknamed «Adobe Black Tuesday Updates». This actually represents Adobe's commitment to having a regular patching schedule to address security issues, bugs and whatever else needs to be fixed.

Adobe since late last year has been hard with a slew of vulnerabilities in their products but more so in their flagship Reader product. The root cause of the issue was the inclusion of JavaScript and related bugs in that provided a vector for exploit. The vulnerabilities have been covered to a great extent on the intrawebs and there isn't really much more to add. Adobe attempt to take a rational approach to the issue and sent out advisories on how to take palliative actions (by disabling JavaScript support in the product) until proper patching could be done.

The push that some security experts (including some prominent figures such as Mikko H. Hyppönen from F-Secure, Paul Asadoorian from Pauldotcom.com) to abandon or adopt alternate products and formats is just not realistic! The biggest criticism toAdobe has been why use JavaScript in what is essentially an electronic paper format. This attitude neglects the important factor that the technology is there for a reason. In most cases that reason is based on identified business/customer needs and those same customers have built solutions which need the scripting to continue to function effectively.

A number of business and government organizations have adopted the additional scripting capabilities to make the documents more interactive and to facilitate the content entry/usage for their users at a time when Web2.0 was far-away. A lot of interesting solutions have been explored and created using this dynamic document capability such as automated tax reporting forms, real-time report generation, ... There are and probably will be a continued need to support this type of scripting technology to give documents more interactivity and to breach the divide between static data and the ability to have near real-time solutions for reporting and information manipulation.

Could Adobe have handled this better? probably but they have embarked on a road to manage the risks more effectively! Could a solution other than JavaScript be used? from a technical point of view most likely but practically Java is a well-adopted programming language.

The underlying hard truth though is that calling for the dropping of one or another product is just not constructive and in most cases will go against the end-user's business goals! More constructiveness is needed to achieve solutions that help end-users minimize the risks but at the same time continue to allow them to streamline business process with the solutions at hand.

Related Links:

• SANS Adobe Black Tuesday Updates
• US-CERT Technical Cyber Security Alert TA09-133B -- Adobe Reader and Acrobat JavaScript Vulnerabilities (15 June 2009)
• US-CERT Technical Cyber Security Alert TA09-051A -- Adobe Acrobat and Reader Vulnerability (15 June 2009)
• F-Secure says stop using Adobe Acrobat Reader | Security - CNET News (15 June 2009)
• Two New Vulnerabilities in Adobe Acrobat Reader - F-Secure Weblog : News from the Lab (15 June 2009)
• Mikko H. Hyppönen http://mikko.hypponen.com/
• Paul Asadoorian http://pauldotcom.com/

Seesmic Desktop Revisited

A few weeks ago, I posted an article about Seesmic Desktop in which I promised to continue to revisit the product. About a week ago Team Seesmic released a new version...

I have to say that the feature set on Seesmic Desktop continues to impress me and the integration they are doing with both the Twitter and Facebook API is amazing. But, yes there is a but and continues to big a But before I can fully adopt it as my staple client. Looking back at my main list of qualms from the previous post, some things have changed for the better and some things just haven't changed and plague IMHO the experience.

Most of the bugs that were itemized seem to be under control but I am still seeing some problems with CPU and still don't have my twitter avatar as well as the two window link click. I've also noticed some new quirks like right clicking on a link or other hypertext in an entry brings up either a copy/paste menu that is disabled or a weird menu with lots > symbols. Outside of that, I do believe that the stability of the solution has potential achieved a milestone.

The UI issues remain a sour point with me. Although the close box issue (at least on Windows) seems to be behaving as you would expect, I just don't understand the remaining UI and how people can actually live with them. The primary points that really need to be addressed remain: real-estate usage; the weird column/tab bar behavior; and strange column resizing layout in the scroll window when the window is resized. That last point is difficult to extrapolate but essentially I get the impression that some weird ration is being applied based on the size of the window to determine the width and number of detached columns that are displayed in the visible part.

Now don't get me wrong, I can easily live with new UI paradigms do it all the time. The problem is that this UI just does not seem intuitive and gives me the net impression that it's not convenient for ease of manipulation and interactivity.

Let me know you thoughts and/or comments through this article or via my Seesmic Profile or thru Twitter

Related Links

• Twitter (Me: @FVT)
• Seesmic Desktop & Team Seesmic (@Seesmic, @AskSeesmic on Twitter)