Saturday, March 22, 2008

IFIP 11.10 2008 Conference

I’ve just returned from a the IFIP 11.10 security conference in Washington D.C. where I was presenting a paper. As far as conferences go, it was a pretty good one. Some of the keynote speakers:

  • A former deputy director of science and technology of the CIA.
  • Director of control system security for the Dept of Homeland Security
  • An executive director of Verizon
  • Former Special Assistant to the President for Critical Infrastructure Protection
  • A KGB agent from the cold-war era

One of the things I liked about the conference was that there was plenty of time given to breaks where you could socialize and network. People who are experts in their field aren’t always great public speakers. So you can sometimes get more information from them sitting over dinner, drinking wine.

It takes an effort to go up to someone you don’t know, introduce yourself, and start some small talk. Thankfully I’ve found most people at these conferences are really friendly. As they are passionate about what they present, you can usually get them really going by asking some questions about their research. They can even be pretty vague or uneducated questions. People like telling stories.

A participant told of me a consortium of security personnel from different companies that would get together and exchange information they had gathered. This information could not be shared outside of the security people. The information was only to be used for increasing security, not gaining a competitive advantage. Only one member had violated this, and he and his company were permanently barred from ever joining the consortium again. The person I talked to was British, and pointed out American laws would never permit this.


A topic of discussion was the use of civilian contractors in “cyber-warfare”. If a civilian is partaking in such an event, then he/she is a combatant under the Geneva Conventions. The presenter mentioned Article 51.3, but that article didn't seem relevant when I looked it up.

The building that he/she is working from is considered a legitimate target and the software is a weapon, under Article 52.2. Again, I couldn't find a match for that article. If a civilian doesn’t distinguish himself as a combatant, he doesn’t fall under standards for POWs.

In other words, it is important for the military to have their own set of people to handle cyber-warfare.

Quite a while back there was the famous case of the U.S. planting a Trojan Horse in software for control systems to Siberia. The software was used for controlling valves on a gas processing plant. The U.S. had the software changed so that it would fail at a certain time. Soon after, the plant was reduced to a smoking crater with a three kiloton explosion.

I thought it was kind of tacky that one of the participants kept asking the ex-KGB guy what he thought of that. Of course, I wanted to ask the same thing. But come on, reverse the tables. Do you think in 20 years time, you’d appreciate an ex-terrorist wanting to know what you thought of 9/11?

Security Research

While at the conference I met a woman that had worked as an intern for the NSA while she was getting her Master’s degree. After graduation she started work for the Department of Defense. After three years of working full-time, she’s started her Ph.D. She says that working at the department of defense is like “nerd heaven” for anyone interested in Math and Science. She had a sense of style though; you wouldn’t guess she worked at nerd heaven.

While she majored in Computer Science, she started college not even knowing what computer science was. I’ve heard this more than once, and I think it is a disturbing trend. Computer Science has some of the hottest jobs in the market, and lots of talented people are graduating high school without even knowing what computer science is.

Travelling to D.C.

I enjoy conferences in D.C. I get to see my cousin, who is a lawyer and has a band called the Dog Waggers. I also like when I can get where I need to by using the MetroRail. Plus the monuments are great. I love the Jefferson Memorial, and FDR’s.

To really get a feel for the monuments you have to pause and reflect. Jumping in front of the statue, making goofy faces, and getting your photo taken seems kind of disrespectful. I think it is more important to take time to read the quotes, and remember why we honor those leaders. What must have gone through their minds?

I’ve often thought it would be so cool to tell these great people what became of the nation they served. Although right now, I’d hate to tell them about Bush and Iraq.

Tuesday, March 11, 2008

Automatically created PDF thumbnails

This is a bash script that creates an ultra-simple web page that previews PDFs. It uses Imagemagick to create the thumbnails.

#!/usr/bin/env bash

echo "<html><body>" > index.html
echo "<h1>PDF List</h1>" >> index.html
for myfile in *.PDF
basename="`basename $myfile .PDF`"
#echo $basename
convert -antialias -colorspace RGB -scale 200x200 $myfile[0] $basename.jpg
echo "<a href="'$myfile'"><img src="'$basename.jpg'" /></a>" >> index.html
echo " " >> index.html

echo "</body></html>" >> index.html

Monday, March 3, 2008

Download: The True Story of the Internet

Tonight I stumbled on Download: The True Story of the Internet. The show is narrated by John Heilemann. I used his book Pride Before The Fall as a text for a technology ethics class. While it was anti-Microsoft, it was still the most interesting and balanced take on the story I found. The students in the class really seemed to like the book, and the discussion that came from it.

I think I'll probably use the book again. Adding this video to the mix will make it even better.

Last May, we scored in getting a speaker who was part of a successful anti-trust class action suit against Microsoft. I wonder what I can do May 2009? I can't find contact info for Mr. Heilemann, but he'd probably be a pretty cool speaker.

Text editors

This semester I've been using Notepad++ a lot. I've really gotten to like the text editor quite a bit. HTMLValidator doesn't do color syntax correct when you use a single quote in php files, so students and myself have used Notepad++ as an editor.

I used to like Lemmy quite a bit, but a vi editor is not the choice for most undergraduates. Now I mostly use Linux on my desk, so Lemmy isn't as necessary.