Security saw by the History – Quotes that pass the time.

Frederick Giasson


Security saw by the History
Quotes that pass the time.

I was playing around with quotations websites. I searched for the term “security” and found interesting results.

This exercise is interesting in the point of view of history; how historical characters saws security in their everyday life. By knowing their history you?ll learn more on their thoughts, at this time, about security.

—–

Quote that describes the state of security. Knowing that security and safety are not immutable will possibly preserve you from many unsolicited situations:

The superior man, when resting in safety, does not forget that danger may come. When in a state of security he does not forget the possibility of ruin. When all is orderly, he does not forget that disorder may come. Thus his person is not endangered, and his States and all their clans are preserved.

Confucius

Chinese philosopher & reformer (551 BC – 479 BC)

—–

Overconfidence can lead you to many unsolicited situations:


Better be despised for too anxious apprehensions, than ruined by too confident security.

Edmund Burke

Irish orator, philosopher, & politician (1729 – 1797)

—–

Is opportunity creating your security?

There is no security on this earth, there is only opportunity.

General Douglas MacArthur

US WWII general & war hero (1880 – 1964)

Too many people are thinking of security instead of opportunity. They seem more afraid of life than death.

James F. Byrnes

US jurist & politician (1879 – 1972)

—–

Will you miss things of live if you paranoid with security measures? There is a comfortable zone where it worth it but there is also a gap to not cross.

Life is either a daring adventure or nothing. Security does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than exposure.

Helen Keller

US blind & deaf educator (1880 – 1968)

Security is mostly a superstition. It does not exist in nature…. Life is either a daring adventure or nothing.

Helen Keller

US blind & deaf educator (1880 – 1968)

Security is a kind of death.

Tennessee Williams

US dramatist (1911 – 1983)

Security is when everything is settled. When nothing can happen to you. Security is the denial of life.

Germaine Greer

Author (1939-today)

—–

Think about the weakest link. If he is present, the whole chain will break.

There is no security for any of us unless there is security for all

Howard Koch

U.S. screenwriter (1901-1995)

—–

Is security a brake to progress?

He who is firmly seated in authority soon learns to think security, and not progress, the highest lesson of statecraft.

James Russell Lowell

American poet, critic, and editor (1819-1891)

—–

Security over freedom?

Those who desire to give up freedom in order to gain security, will not have, nor do they deserve, either one.

Benjamin Franklin

American statesman, scientist, philosopher, printer, writer and inventor. (1706-1790)

—–

Innovation in insecurity?

It’s an old adage that the way to be safe is never to be secure. Each one of us requires the spur of insecurity to force us to do our best.

Harold W. Dodds

American educator (1889-1980)

—–

Finally for the paranoids.

Security gives way to conspiracy.

William Shakespeare

British dramatist, poet. (1564-1616)

The Survivor Personality by Al Siebert, Ph.D – Are you a survivor?

Frederick Giasson


The Survivor Personality by Al Siebert, Ph.D
Are you a survivor?

As you can see in my last posts, I’m more oriented on personal security and physical world security posts these days. There is another post on the subject. Are you computer security oriented? Then read these posts. You can learn things that will be applicable in your security domain. Security is a process, most people know it. Personally I don’t think that security is domain oriented. Security is a graph where each domain is nodes. You can travel each node but principles will follows in each of them. Technicalities are node dependant but principles apply to the whole graph.

A month ago I read a passionate book on survival personality wrote by Al Siebert, Ph.D. It’s a really interesting read. I wrote an excerpt of the book that resumes it in a couple of points. If you don’t understand some of them I encourage you to buy and read it.

“What you can do is create self-managed plan for acquiring qualities and skills that will improve your ability to handle change, unexpected developments, and disruptive crises that come your way. In you personal plan you may want to include some of the following:

  1. Ask questions! Respond to change, new developments, threats, confusion, trouble, or criticism by asking “What is happening?” Develop a curiosity reflex. Practice reading each new reality rapidly.
  2. Increase your mental and emotional flexibility. Tell yourself “It is all right to feel and think in both one way and the opposite.” Free yourself from inner voices from your past that say you shouldn’t feel or think a certain way. Develop many response choices for yourself.
  3. Assume that change and having to work with uncertainty, ambiguity, and unknowns are way of life from now on. Learn to handle these with self-confidence. Practice making new developments work out well. In today’s world getting good results counts more than working hard.
  4. Become useful quicker and in more ways than other people. Ask yourself, “How can I interact with this so that things get better for everyone?” You ability to find ways to be useful makes you valuable. In every situation make it valuable than anyone thought it could be. Consider such efforts an investment in yourself.
  5. Develop empathy skills, especially with difficult people. Put yourself in the other person’s place. Ask “What do they feel and think? What are their views, assumptions, explanations, and values? How do they benefit from acting as they do?” Govern your actions not by your good intentions, but by the actual effect you have on others.
  6. Learn how to learn from experience. That way you are always becoming more capable, effective, and employable. Practice thanking people who give you unpleasant feedback. Consider viewing difficult people as your teachers in the school of life. Instead of trying to get difficult people to change, ask yourself “Why am I so vulnerable? What are my blind spots? How could I handle myself better with such people?”
  7. Resist labeling others; Practice observing and describing what others feel, think, say and do. Use negative nouns when you want to swear and positive nouns when you want to put someone on a pedestal, but recognize that the labels you put on others reflect your emotional state.
  8. Pause occasionally to silently observe what is happening. Take several deep breaths. Scan your feelings. Be alert to fleeting impressions. Notice little things. Be alert to early clues about what might be happening.
  9. Take time to appreciate yourself for the helpful things you do. Appreciate your accomplishments. Feelings of positive self-regard help blunt the sting of hurtful criticism. Your self-esteem determines how much you learn after something goes wrong. The stronger your self-esteem, the more you learn.
  10. When hit by adversity, no matter how unfair it seems, follow the survivor sequence: regain emotional balance, adapt and cope with your immediate situation, thrive by learning and being creative, then find the gift. The better you become, the faster you can convert disaster into good fortune.”

Finally, I’ll resume another thought of the book with an excerpt of Children of Dune by Frank Herbert:

“Muad’Dib’s teachings have become the playground of scholastics, of the superstitious and the corrupt. He taught a balanced way of life, a philosophy with which a human can meet problems arising from an ever-changing universe. He said humankind is still evolving, in a process which will never end. He said this evolution moves on changing principles which are known only to eternity. How can corrupted reasoning play with such an essence?”

MSN Spaces – Another star in MSN’s space

Frederick Giasson


MSN Spaces
Another star in MSN’s space.

Yesterday a new MSN service has been released. I take the time to talk about it because it opens many new possibilities for every body. Don’t worry, I’ll also talk about some security and privacy features of the new service (Is not the purpose of this blog?)!

Yeah, you are right, me too I’m talking about MSN Spaces. It’s the frenzy on Microsoft’s weblogs; everybody is writing posts about it. I didn’t take the time to check on the rest of the blogsphere but it’s probably the same frenzy there.

What is MSN Spaces? Basically it’s just another blog editing and publishing tool. What make it interesting? His interface and his simplicity. What make it really interesting? His integration with other MSN services like MSN search (eventually the beta version will be released), Hotmail and MSN Messenger (7 Beta).

MSN Spaces is a place where 140millions MSN messenger users can share their thoughts to their close circle of friends and/or the rest of the world. They can easily publish their posts on their blog with the MSN Space’s web interface or by email. There are pretty cool features like integrated photo albums and integrated music list. It’s a fully working blog system with permalinks, trackbacks and comments.

Now that you have an average view of what’s MSN Space, I’ll write some thoughts that come up in my mind at the moment.

It can seem crazy but I think that this is a good test to check if blogs can be a spam free communication system that will eventually replace emails. This idea was already discussed on the blogsphere before but I think that this new innovation will be a good testing zone for the idea. The integration with MSN Messenger makes it an elegant replacement to mass IM messaging or mass emailing. It’s permanent and you have the possibility to change your entries anytime. Your friends will be alerted that you have changed your blog and they will have the possibility, not the obligation, to read your new mass message. You’ll have the whole control of the information that other people will read. It’s a really interesting possibility of the system. You’ll tell me that blogs already do it, etc, etc, etc… But there is why this system different from other blog publishing tools:

The new feature that is only present in this blog system and that is only possible with the integration of MSN Spaces and MSN Messengers is the access control that you have on your personal MSN Space blog. You can literally choose who will be able to look at your blog. You can publish it on the web or make it only available for people on your contact list. This is a really interesting and essential privacy feature. It’s why I said that it can replace mails for some tasks.

Microsoft is taking security seriously with this new web service. It’s specifically why MSN Spaces is not compatible with other blog services APIs such as the Blogger API or MetaWeblog API. There is the answer of Dare Obasanjo (check out his blog; we have access to up-to-date information about MSN Spaces and his integration with other MSN services) of Microsoft:

” listed the problems with the current crop of blog posting APIs such as the Blogger API and MetaWeblog API in my post from a year and a half ago What’s Wrong with the MetaWeblog API? . The main issues for us working on MSN Spaces are

1. Security: The MetaWeblog API has no concept of security. Passwords are sent in plaintext as parameters to XML-RPC functions (i.e. they are sent in plain text on the wire as part of the XML message).
2. Limited Functionality: The MetaWeblog API only allows one to either post and edit blog entries, fetch information about a specific user or change the website template. This is a drop in the bucket considering all the things one would like to do with a weblog engine which can be supported by the engine.

The security issue is a big problem and we do not plan to compromise on it. Although it may be satisfactory for certain services to exchange user’s passwords in plain text where they can be sniffed by malicious third parties we don’t want the Passport accounts of our user’s exposed in such an insecure manner. This basically means we can’t plug into the ecosystem of tools and services built around blog posting APIs today.”

Finally, the best think that you can do is to test it and start your own MSN Spaces blog. Blogging is really a revolution in the small world of the Internet and a new way to distribute and access information.

Individual and Collective Security – From the SOE Syllabus of Lectures at Camp X

Frederick Giasson


Individual and Collective Security
From the SOE Syllabus of Lectures at Camp X

I always enjoyed WWI and WWII writings. It’s always a good source of inspiration, knowledge and entertainment. All sort of stories have been written by and about many persons involved in these great wars. I was enjoining another writing from this epoch. I’m currently reading documents of STS-103 (Camp X, a SOE training camp in Canada). There is an excerpt on Individual and Collective Security taken from Syllabus of Lectures HS 7/55 in SOE documents in the National Archives.

====================================

INDIVIDUAL AND COLLECTIVE SECURITY

1. DEFINITION.

Security: ‘Precautions taken by the individual for his own personal protection and the protection of his Organization from the enemy’.

Without these precautions, it is dangerous to attempt regular and impossible to attempt irregular warfare alone or in conjunction with other people.

2. APPLICATION.

a) Apparent absence of enemy C.E. measures should never be allowed to engender over-confidence. (Cf. graph of agent’s confidence.)

b) Insecurity by an individual may jeopardize not only his own safety but the safety of the organization with which he is in contact.

3. INFORMATION.

Basis of your self-protection is good information. As much as possible provided before departure, but you must check and supplement on arrival. Information required on:

i) Local Conditions.

ii) Local Regulations.

iii) Enemy methods.

iv) Enemy personnel.

v) Your own subordinates.

4. INCULCATION.

a) Security cannot be taught by rule of thumb. It is a frame of mind attainable though self-discipline and self-training that will make the taking of precautions a ‘habit’. (Cf. crossing a road.)

b) What is a habit’ A single action committed so often as to become automatic. What precautionary actions must we practice so often that they become a habit’

5. COMMUNICATION.

The answer is ‘Communicatory Actions’. Secret and confidential information can reach the enemy through our carelessness in:

a) Speech.

b) Writing.

c) Behaviour.

a) Speech.

Adoption of hush-hush attitude through vanity.

Confiding in friends to ease nervous strain.

Mentioning facts you are not ‘outwardly’ supposed to know, or isolated facts which can be strung together.

Telling people more than they need to know.

Compromising telephone-conversations through misuse of conventions. (E.g. NOT ‘Three lambs with sweets and toys who need instruction in malaria’ BUT ‘Three chaps with some goods for Harry who need instruction in my subjects’.)

b) Writing.

Commit as little as possible to writing. Memorise if you can.

If you must carry documents, select what you must carry.

Burn all secret waste and carbons.

c) Behaviour.

Be inconspicuous. Avoid all limelight by being an ‘average’ citizen in appearance (height, clothes) and conduct (drink, women).

Be tidy. All engaged on secret work must be methodical in their habits ‘ e.g. it is mainly knowing exactly where he has placed his belongings and arranged his room that an individual can detect disturbance by police search.

Have good ‘Cover’ ‘ the innocent activity undertaken or invented to conceal the secret aspects of his activity. Good cover must be consistent with necessary overt behaviour and non-compromising.

(For application to operational Agent see A.4.)

Be observant. Observe and deduce. (E.g. face or voice seen or heard twice suggesting you are being followed. Smell or real coffee in France suggestion someone occupied in Black Market.)

Have foresight. See danger early. (E.g. axis agent in café, policemen checking papers.)

Plan for emergency. Alternative courses in case of accident (RV’s) pre-arranged conversation when talking to colleague in case of sudden interrogation. Danger signs.

====================================

Most of this information is always relevant and will be for decades. For example check out 2.b). It’s probably the best point when you deal with contractors or associate companies. All security experts will tell you it; the security policies of your associates and contractors need to be in harmony with yours. They need to be as strong as yours and followed by them as you follow yours. If he has a lack of security he will be a treat to your own security. It’s the fact for computer security but also for any other type of security. The point 4.a) relate what I always said before on this blog: education. People need to be educated in this way. Security can’t be a habit if never educated before.

I think that this excerpt is a good refreshment reading for any person that cares about his own security, the security of his relatives or if that person works in any field of security.

Software implication in pharmaceutical production – How lives can be at risk and the implication of governments

Frederick Giasson


Software implication in pharmaceutical production
How lives can be at risk and the implication of governments

I was talking with one of my coworkers. He was talking of one of his friend that works has a software developer for a company that develop products for drugs pills quality control in the pharmaceutical industry. He tells me that they had some problem with their production. They had many in deep bugs and architecture misconceptions. The result is the inefficacity of their product (we’ll call it: PhaQualCon) that lead to the apparition of false results. They have an abnormal level of false results; but the product is already used by pharmaceutical manufacturers. It seem a normal software development problem with normal consequences on the product. It’s possibly the problem of many technological projects (and probably all type of projects). My co-worker was saying that pharmaceutical companies have a threshold of false results not to exceed. The problem is that they can accept, refuse and remake some production tests to degrease their false results average. By this practice they can change some numbers to make them acceptable. So, this is not illegal in itself but I don’t think that this is really fair. I don’t know how the pharmaceutical industry work, but I can imagine that this is normal procedures and habits.

So the problem that I saw is not there. He is in the fact that these manufacturers rely on some type of quality control machines to know the average number of pills that are not conform to the specifications and then give these production test results to the government to make their production accepted. The machine not only counts this statistic but also discards or keeps pills. They rely on products such as PhaQualCon and they know that they aren’t trustable. Some manufacturers stopped their contract with the company but others don’t. Globally the production quality of drug pills relies on some piece of software that controls some type of hardware. The question is: What can stop pharmaceutical companies to pay the developer company of PhaQualCon to “add bugs” in their software to help them to have acceptable production quality tests accepted by the government? If they get cough, they have only to say that the problem is the result of a software bug and that this is not their fault. The company that develop PhaQualCon don’t seem to be supervised by some governmental agencies. They don’t have accounts to give to anybody. If their bad product is accepted by pharmaceutical manufacturer then he will be used to classify drugs pills for me and you. If such regulation exist and that the developer of PhaQualCon have accounts to give to some government, what ensure that the software have not been modified to adapt to the “exigencies” of the pharmaceutical manufacturer? If such a system (probably some type of certification) exists, will the certified system be reviewed monthly, quarterly, annually?

There are many questions on the subject. I think that this is our duties to ask them. Why? Because drugs can put lives of people at risks if drugs pills aren’t really exactly what they are supposed to be.