A Mini-Review of “The Practice of Network Security Monitoring”

NSM book coverRecently the kind folks at No Starch Press sent me a review copy of Rich Bejtlich’s newest book The Practice of Network Security Monitoring and I can’t recommend it enough. It is well worth reading from a theory perspective, but where it really shines is digging into the nuts and bolts of building an NSM program from the ground up. He has essentially built a full end to end tutorial on a broad variety of tools (especially Open Source ones) that will help with every aspect of the program, from collection to analysis to reporting.

As someone who used to own security monitoring and incident response for various organizations, the book was a great refresher on the why and wherefores of building an NSM program and it was really interesting to see how much the tools have evolved over the last 10 years or so since I was in the trenches with the bits and bytes. This is a great resource though regardless of your level of experience and will be a great reference work for years to come. Go read it…

What will the archaeologists think?

Over at the BBC, we read that the “home of Anakin Skywalker threatened by dune,” with awesome pictures:

So my question is, what will archaeologists think in 1,000 years when they dig this up? How many careers will be wasted trying to link the bizarre architecture to some real culture? How many anthropologists will be confused by the strange objects they find?

I hope someone has at least left them a note.

Which and That

Can we just agree that “which” and “that” are pretty much interchangable? If you’re relying on a modern audience to be able to perceive the difference in meaning between restrictive and non-restrictive clauses, you’ve pretty much already lost.

Which, as they say, makes a mockery of that rule.

Alternately, “That, as they say, makes a mockery of that rule.”

Alternately, “That, as they say, makes a mockery of which rule.”

I think we may be taking this too far.

Small thoughts on Doug Engelbart

I just re-read “A few words on Doug Engelbart.” If you’ve been reading the news lately, you’re probably seen a headline like “Douglas C. Engelbart, Inventor of the Computer Mouse, Dies at 88,” or seen him referred to as the fellow who gave the “mother of all demos.” But as Bret Victor points out, to focus on the mouse (or “The Demo”) is to miss the point. The mouse was, in a very important way, a spin-off from his real work.

The work that Engelbart cared about was how to augment human cognition. By finding the right problem, at the right time, Engelbart found himself in a position where the spin-offs from his research agenda were, of themselves, tremendously important. (The formulation of “the right problem, at the right time” comes from Hamming’s talk, “You and Your Research“, which is well worth reading. It’s also clear from the Augmentation paper that Engelbart had a staged approach in which he could build towards his final goal, aligning with Hamming’s “right way.”)

So when you hear people talking about the inventor of the mouse, you might give some thought to the question of what you can do to conceptualize your work so that you get important results and impact.

To make that more concrete, in my own case, the way I’m approaching information security is to ask “why do things go wrong so often?” This forces me to think about the ways and frequency that they go wrong, and what we can do about them. It also led me into thinking about how we can make security thinking more accessible, resulting in some games and our NEAT advice on better warnings.

A Very Late Book Review


I have to start off by apologizing for how very late this review is, an embarrassing long time ago, the kind folks at No Starch Press very kindly gave me a copy of “Super Scratch Programming Adventure” to review. Scratch for those that aren’t familiar is a kids oriented programming language designed by Mitchel Resnick of the MIT Media Lab, the same team that developed the programmable bricks for Lego Mindstorms.

The book is in manga format and very entertaining and I enjoyed it thoroughly. It was so much fun, that when my then ten year old asked to learn how to program with the long term goal of writing his own minecraft mods, I handed him the book and asked him what he thought. To say he whipped through the book is an understatement. He actually finished it in one reading and immediately asked if he could start playing with Scratch on the family laptop.

Over the next few days he worked his way through some of the programs in the book and put the book aside for a long while. Recently we were talking about an upcoming Lego robotics class he had coming up and he remembered that he had the copy of “Super Scratch Programming Adventure” in his room. He dug it out and this time he worked his way through all the programs quite quickly.

I asked him what he thought of the book and said it was very good; that he really liked the comic book format and that he wished more books were done that way. At this point he’s excited enough that we’ll either dig deeper into Scratch together or we’ll switch to a games oriented text like No Starch’s “Realm of Racket” or possibly Sweigarts’s “Invent Your Own Computer Games with Python”.

Regardless of what we decide to do however, I can highly recommend ““Super Scratch Programming Adventure” as a great introduction to programming for kids or even non-kids who want a first very friendly exposure to programming. And again, my apologies to the folks at No Starch Press for taking so long on this review.

Google Reader Going Away

Well, the world is full of chaos, some good and some bad, and today’s bad for those of you reading via Google Reader is that it’s going the way of Altavista (can you believe it was still around?)

So as you migrate away, please consider including Emergent Chaos in your migration–we’ll have new content here soon, unless chaos emerges in our lives.

More seriously, real content and perhaps even an exciting announcement or two. One of geographically limited interest, the other not.

Replacing Flickr?

So Flickr has launched a new redesign, and it’s crowded, jumbled and slow. Now on Flickr with its overlays, its fade-ins and loads, it’s unmoving side and top bars, Flickr’s design takes center stage, elbowing aside the photos that I’m there to see.

So I’m looking for a new community site where the photo I upload is the photo they display without overlays and with enough whitespace that people can consider it as a photograph. I’d like a site where I can talk with other photographers and get feedback, and where they’re happy to let me pay for multiple accounts for the various and separate ways I want to present my work.

500px looks like an interesting possibility, but they seem really heavy on the gamification, showing you “affection”, views, likes, favorites, on every photographer. Also, while their ToS are relatively easy to read, ToS;DR gives them a D.

What else should I be looking at?

3D-printed guns and the crypto wars

So there’s a working set of plans for the “Liberator.” It’s a working firearm you can print on a 3d printer. You can no longer get the files from the authors, whose site states: “DEFCAD files are being removed from public access at the request of the US Department of Defense Trade Controls.
Until further notice, the United States government claims control of the information.” Cue Streisand Effect.

My understanding is that the censorship order was issued under the ITARs, the “International Traffic in Arms Regulations.” Cory Doctorow has said “Impact litigation — where good precedents overturn bad rules — is greatly assisted by good facts and good defendants. I would much rather the Internet-as-library question be ruled on in a less emotionally overheated realm than DIY guns.” I think that’s reasonable, but recall that Shaw claimed that all progress depends on the unreasonable man.

Doctorow also refers to Bernstein, who did good work, but his lawsuit was the last nail in ITARs applying to crypto, not the first. (ITARs still do apply to crypto, but in ways that allow both open source and commercial software to ship strong crypto, which wasn’t the case in the 90s.) Me, I see lots of evidence that gun control doesn’t work any better than alcohol control or marijuana control. And I think that the regulatory response by the DoD is silly. (One can argue that the law gives them no choice, but I don’t believe that to be the case.)

So the right step was demonstrated for crypto nearly 20 years ago by Phil Karn. He filed a pair of “Commodity Jurisdiction Requests.” One for Applied Cryptography, a book, and one for a floppy disk containing the source code.

The State Department ruled that even though the book itself is “in the public domain” and hence outside their jurisdiction, a floppy disk containing the exact same source code as printed in the book is a “munition” requiring a license to export. It’s old news that the US Government believes only Americans (and maybe a few Canadians) can write C code, but now they have apparently decided that foreigners can’t type either!

In the past three years I have taken my case to all three branches of the federal government. Here is the full case history in the Executive and Judicial branches, including all my correspondence with the US State Department, the Bureau of Export Administration (BXA) in the Commerce Department, the US District Court for the District of Columbia, and the Court of Appeals for the DC Circuit.

I believe the analogy is obvious. The DefCad files are 2mb zipped, and the STL files can be opened with a variety of software. Unfortunately, STL looks to be a binary format, and it’s not clear to me after a few minutes of searching if there’s a trivially printed text format. But that’s a very low hurdle.

As Doctorow implied, reasonableness on all sides would be nice to have. But at home printing isn’t going to go away, and censorship orders are not a productive step forward.

[Previously here: “What Should a Printer Print?“]