Philosophy of Blogging

In what's become a weekly ritual, I sit here on Sunday in my comfy athletic wear, putting off all things necessary to begin my day by reading my RSS feeds because I know what comes next is work - this week, six formal mathematical proofs for a cryptography class I'm fighting my way through. This week, as with many, I found yet another fantastic blog: Emergent Chaos. Brilliant in both concept and content, I highly recommend it to anyone whose interest draws them to my blog.

While thoroughly enjoying the recent posts, I came to a realization that should be self-evident to me a long time ago: the difference between blogs I find useful and useless, and the resultant impact to my own blogging. For me, a useful blog contributes something new - something I can't find anywhere else. A blog that simply reinforces a belief I already have by making the same argument I've heard over and over again, or one that simply rehashes analysis I'm already familiar with, does not expand or enlighten my mind. The more different, the better. And as I discover more and more fantastic blogs that expand my mind, I find it harder and harder to contribute my own content to the universe of knowledge on the web. How can I possibly contribute to such a vast body of information?

While this is the first explicit self-realization I've had of this nature, it helps me explain to both myself and the few who read this blog my history of unpredictable posting - sometimes frequent, sometimes rare; sometimes technical, sometimes philosophical. While I cannot be sure that everything I write will be unique, that is my goal, and hopefully it makes this blog predictably useful in the blogroll of the global internet.



Thanks for inspiration from my girlfriend on this one:

If stupidity is doing the same thing over and over and expecting a different result, then
stupidity is ignorance to idempotence.


They did it

The information security industry has once again topped itself with stupid names for overly-categorized attacks: we now have "whaling," described as "super-personalized attacks targeted at high-level corporate employees" by CSO Online. The only way I can explain the recurrence of a new, unnecessary, and increasingly silly term every 2-3 months is as a cheap crutch for vendors and media to keep the hype alive. That's not to say the threat landscape is highly fluid and evolving quickly, but come on, does every minor twist need a new buzzword? Maybe I'm behind the curve, but this is the first I've seen this term.

I can't help but to think that some level of attention to detail in the message being conveyed and a bit of effort in understanding the audience would go a lot further in educating the public on the seriousness of the threat than overclassification that, in the end, only serves to confuse.

That's it, I'm creating a few new tags to track this: "overclassification" and "publiceducation."


Juvenal meets Rijndael

A first century philosopher meets the Advanced Encryption Standard in 21st-century American body art realized as hex... with a very slick typeface. Ciphertext starts at the front of the shoulder and progresses downward. Enjoy.

8c 0d 04 09 03 02 e2 f7 5d a3 17 73 db b0 60 d2
4e 01 a1 e1 31 b4 d8 61 f4 63 fa 79 9d f8 7b b0
3f a1 21 05 f4 9f 75 dc 50 bb 49 36 f6 76 6c 27
1f a8 84 a5 50 44 fa d4 b6 2f ad c6 f6 ad 22 cb
c4 63 b7 83 2c e7 3f 6f 48 1a 91 89 2b 54 d0 60
ca cf cf 16 f7 bc 5e c6 fd 1b 8f f2 49 07 f3


EPIC files FTC complaint on spyware-for-sale

My roommate, a lawyer for EPIC, recently filed a complaint with the FTC about companies that sell spyware on the premise that it, well, lets you spy on people. This is a novel approach to tackle a serious problem that aggravates the current explosion of malicious software on the internet.

More relevant to his motivations, this was specifically filed in an attempt to raise awareness and combat the use of spyware by men stalking and harassing women. Imagine what a powerful weapon this would be for a jealous ex or predator. The perpetrators already have figured this out. Legally, this is a gray area. Prosecutors are hesitant to pursue cases given the lack of precedent, and that means law enforcement is hesitant to build a case. While the legal system goes through the long and painful process to figure out the ground rules on this type of software (it has its uses - investigators will use this type of software legally to build cases with appropriate legal authority), people are suffering. By claiming unfair trade practices, as EPIC has, attention is drawn to the issue, and hopefully vendors will stop encouraging troubled individuals to break the law through their advertising.

He and I would appreciate it if you spread the word.