Enderle Idiocy, Schneier Wisdom: “Terrorist Risk of Cloud Computing”

Schneier on Security: Terrorist Risk of Cloud Computing.

Bruce Schneier gets it COMPLETELY right, (about Rob Enderle being completely wrong,) when he says:

“…the main point of the article, which seems to imply that terrorists will someday decide that disrupting people’s Lands’ End purchases will be more attractive than killing them. Okay, that was a caricature of the article, but not by much. Terrorism is an attack against our minds, using random death and destruction as a tactic to cause terror in everyone. To even suggest that data disruption would cause more terror than nuclear fallout completely misunderstands terrorism and terrorists.”

There is a common logical error people make when trying to asses risk: planning without thinking. Making invalid assumptions without proper analysis. Nowhere is this as obvious as when people discuss protecting things from terrorist attack. Terrorism ignites all manner of fear in people, even without the “terrorists” having to actually DO anything. Fear is indeed the mind-killer here as people toss away all logic and let their imaginations run wild, conjuring up all manner of fearful outcomes. They literately lose their minds and lose the ability to think clearly.

Of course Rob Endlerle is a proven idiot and is obviously incapable of thinking. He merely lobs grenades and trolls for flames wherever he writes, always constructing bizarro arguments on assumptions and fallacies. Schneier rightly points out one of these fallacies when he scoffs at Enderle’s statement: “The Twin Towers, which were destroyed in the 9/11 attack, took down a major portion of the U.S. infrastructure at the same time.” The U.S.A.’s infrastructure suffered virtually zero damage on 9/11. In the grand scheme of things the 9/11 attack was less than a pinprick in our national skin. The air transport system was back to normal within a week. The stock exchange was trading again in a few days. More people die falling off ladders each year in the USA than those killed on 9/11/2001.

The point of terrorism is found right there within its name: terror. Shock. Outrage. Fear. Paralysis. Over-reaction. That is what terrorists want. Their aim is to provoke maximal emotional reaction with minimal effort. Therefore terrorists attack specific targets chosen for maximum shock and outrage. They attack symbols. They attack people. They seek to have visibility. They don’t attack infrastructure. In the case of 9/11 infrastructure was the weapon, not the target.

Nation-States engaged in warfare attack infrastructure. The fastest way to disable an enemy is to destroy their means of communications, transportation, and manufacture. This is how warfare has been conducted since the mid-20th century. Technology allowed the expansion of the battlefield into entire continental “theaters of war” and technology allowed warring nations to attack each others’ technology. This is the natural evolution of conflict that began when our ancestors first beat each other with rocks.

The error that Enderle, and so many others make is mistaking terrorism for warfare. Terrorism is NOT warfare. The purpose of attacking infrastructure is to weaken the opponent so as to make warfare easier. The destruction of infrastructure allows the next logical step in warfare: the attacker destroying their enemy and/or invading their enemies territory. Terrorists are not interested in those steps. They are not seeking to invade or destroy. They merely want to inflict maximum emotional damage at minimal cost. Osama bin Laden spent very little money to execute the 9/11 attacks. Sure, it may have been over a million dollars but it provoked a trillion+ dollar response. THAT is the point of terrorism.

Datacenters, Telecommunications Infrastructure, Carrier Hotels, Long-Haul Fiber-Optic Circuits, and by extension, “Cloud Computing” will never be terrorism targets. Ever. They have no emotional value. Their disablement or even destruction provokes no visceral emotional reaction or outrage (except in the people like myself who must build and maintain them of course!) Ask yourself this: If the 9/11 hijackers flew those planes into One Wilshire, The Westin Building, and the Google Datacenter in The Dalles, Oregon would we be fighting wars in two middle-eastern countries today? The answer is: “No.” In fact it may not have even been seen as a terrorist act at first, instead being seen as a random set of accidents. It would not have been seen live on TV around the world, and people would not have even been affected much technically and certainly not emotionally. Today it would be one of those dimly recalled events of yesteryear. “Oh, remember when those plane crashes made the Internet slow for a few hours?”

Car Photo of the Day: This car is DRIVEN.

You didn't know the Jaguar diet includes insects?

There is something of a hulabaloo going on within the JCNA (Jaguar Clubs of North America) at the moment, concerning the “Driven” class within the Concours competition. The crux of it is a ruling whereby cars in the “Driven” class are now allowed to be trailered to the competitions. To some people, including your author, this is ludicrous.

JCNA Concours are judged on “originality” and “authenticity”, meaning that as presented a car should be as close to the condition it left the factory at Brown’s Lane, Coventry all those years ago. To win at a concours requires a lot of effort, in preservation, and in restoration (if required.) This is a bit different than the more general and widely known “Concours d’Elegance” competitions such as Pebble Beach and Amelia Island, where subjective issues of beauty, rarity, historical significance, and provenance are thrown into the mix. Theoretically the JCNA style event is objective, where a judge compares a guide (canonical data compiled by JCNA concerning the models) to the physical car, and deducts points for parts judged not original, or not authentic. They have three classes: Championship. Preservation, and Driven. Championship class cars are frequently almost flawless, and are usually freshly restored, or are “trailer queens”… that is they are never driven on public roads if it can be avoided, and often are only driven on and off trailers. They are truly “show cars”. The Preservation class is for older cars who are original, but have gathered that wonderful aging we call “patina” in the car world. The ‘Driven’ class was created for people who actually drive their cars. The point scale is more generous, ignoring things like dings in the paint, and not judging the engine bay or boot of the vehicles. Overall originality is important, but “drive-ability” and “comfort” modifications are allowed, such as contemporary tire sizes and CD players.

To those of us who DRIVE our cars the Concours field is looked at with opinions that range from mild amusement to derision. Terms like “Competitive Car Washing”, “Concours d’Arrogance”, and ‘The Q-tip Brigade” frequently come up. When you drive a car, as it is meant to be driven, it collects dirt, bugs, replacement parts, and often modifications for the sake of driving pleasure, reliability, or economy. My car could NEVER win any JCNA Concours in the Championship or Preservation classes. It is not original, nor is it authentic. I could enter it in the Driven class, but it could never win. It is just not possible. The standards of “originality” and “authenticity” are kind of like the central plot point in that old 80s fantasy flick “Highlander“… there can be only one. So long as your car has even JUST one thing “wrong” with it, you WILL lose.

By allowing “trailer queens” to compete in driven, honest to goodness driven cars will only be driven from the Concours field. It will become merely the second-tier of the Championship class, where older trailer queens go when they can’t compete anymore. The truth here is that a Concours is a competition. Sure, there’s all sorts of joy to be had by hanging out with car guys all day and shooting the breeze… but at the end of the day one car wins and the others don’t. That is the difference between a “show & shine” and a Concours, JCNA or otherwise. If they are going to award a prize at the end of the day then driven has to mean driven. Otherwise it is just a farce.

I love the JCNA Slalom, and literally maintain my membership for that reason only. If they’d have TSD rallies in my region I’d do those too. But if you sever see my car on a JCNA Concours field then you will know I’m dead – the Concours rules as they stand today, are just patently absurd.

I love the history, beauty, and refined rawness that is the Jaguar E-type. It is truly a snapshot of all that was possible in 1961. It is however a machine with utility in mind. Like the horse it replaced, the automobile is a beautiful beast of burden. Just as the horse is meant to be seen at full gallop across a field of grass, a car is meant to be seen roaring over asphalt. To trailer a car to a Concours is akin to having a stuffed horse on display. It is an insult to the viewer, and a mortal injury to the horse.

Name that flu… Schweinerdämmerung!

A bit of a meme has popped up on Twitter, with people trying to come up with a better name for the swine flu and its accompanying media pandemonium. My friend Damian Amrhein tweeted this one he had heard: “porkulinum panicausinus”

I used to work with Damian and his Germanic origins were always a source of geek humor around the office, so this one popped into my mind: Schweinerdämmerung!

Schweinerdämmerung!

It just seems to fit, given the whole “end of the world” hysteria being whipped up by the media. I came home yesterday to a Seattle Times headline in 72pt type “SWINE FLU FOUND HERE” … c’mon folks. More people have died falling off ladders in the last week than have been killed by this illness. But you don’t see any mass panic about the danger of ladders do you?

I don’t watch TV, especially not the news, and barely read the paper or listen to the radio. The 24hr news cycle is just too worthless to spend time on when all they can do is work into a lather about completely pointless things.

Worst. Presentation. Ever.

As you may know I’m a skeptic about “Cloud Computing”. I’m not skeptical about the technology, I’m mostly skeptical about how the concept is being seized by the marketers and bent to define anything and everything. It is as if the term is suddenly a magical spell that can make all your economic woes be cured. Cloud Computing, as it is practiced by Google for example, makes a ton of sense. But it seems as if the entire industry has decided that cloudiness is the next big thing and they have to jump on the bandwagon, even if they have no idea what the bandwagon is, or where it is going.

I saw this presentation posted on Rich Miller’s excellent blog, DatacenterKnowledge, entitled “What the heck is the InterCloud anyway?” (perhaps Rich shares my skepticism?) and I as I generally respect what Cisco does, I watched it.

My first thought: Douglas Adams is in his grave, launched into perpetual rotation.

I have said many times that I’d rather spend an hour in a dentist’s chair being drilled upon than sit through 30 minutes of a PowerPoint presentation. Steaming piles of presentational crap such as this is the reason why. I would hope that an organization with the resources of Cisco could produce something that is not only aesthetically reasonable, but also clearly communicates complex concepts. This presentation appears that its creator swallowed a giant bowl of industry buzzwords & clipart, downed an ipecac chaser, and then barfed them up onto the screen. Just about every rule of thumb concerning effective presentation is broken here, on damn near every slide.

If he’s trying to convince me to lose my skepticism about cloud computing, it isn’t working.

So what about the actual content, not just the poor use of media? I would hope it makes more sense when accompanied by a speaker, who can lay out their ideas verbally to try and make sense of the jumbled mess on-screen. In reality I see a lot of hand-waving, assumptions, and glossing over of details. I guess if you call something a cloud because it runs virtualized in a datacenter, then you can make the logical leap to multi-tenant clouds, and then “InterClouds”. But seriously, why would say a Fortune 500 company, who is subject to all sorts of external scrutiny concerning the integrity of their data, want to have that data just out there drifting about on who knows whose hardware? A virtualized OS with virtualized storage, in a virtualized cloud spread over multiple sites in an Enterprise or InterCloud… sounds great if you are the guy selling the hardware to make it happen [cough]Cisco[/cough] but how about the guy who is writing the Purchase Orders to buy it? To them it should sound terrifying, especially to their auditors, and probably does. There are a whole lot of buzzwords being thrown around here, but very little hard and useful data.

This is yet another product marketer hitching themselves onto a buzzword bandwagon, and creating new buzzwords in the process, while punting the hard work of actually defining, building, and operating buzzword-compliance to others.

Cleaning up after a break in.

ok, not really.

Ever wander out to your car, which had been left sitting in a presumably safe parking spot to find a window broken? That moment of gut-wrenching shock as you recognize the violation on your personal space and property? Well, I had that happen to me this morning, except it wasn’t my car, or my house… it was this website.

Last night between 11:10 and 11:18 somebody hacked my site. They used some flaw in PHP, or even WordPress itself to change permissions on some of my files and create a WP admin account for themselves. Thankfully that is about as far as they got before they were locked out by our server software. The lock-out is total though, which is why the site was down from that time until this morning when I woke up and was able to start putting it back together again with some help from two good friends of mine, WRD and Nick. Bill helped me figure out what had happened (he also built the system that detected the intrusion and shut down the site) and start me on the path to fixing it. Nick provided me with a little insight into mySQL-fu when Bill was away at lunch. (Thanks again Nick! I owe you another sushi dinner!)

It took me a while, but I was able to root out the compromised accounts, get the site running again (re-uploading a lot of stuff from backups, which was easier than trying to find what was broken and fix it!) and then take some steps to tighten up security on the administration side of WordPress. I locked everyone, including MYSELF out of the admin section all day until I was confident I had locked down access to it. Once I confirmed that my security mechanism was in place I let myself back in…

So that is why there was no CPotD posted today. Or anything else for that matter. I was cleaning up the broken glass and ripped up dashboard of chuck.goolsbee.org.