Friday, April 08, 2005

A Bit of Dabbling in the Consipracy Paintbox...

Hi folks!

Happened upon an earnest young lady searching for answers. Seems her search has spiralled into a religioconspiracy rathole, and for no particular reason (the best kind) I have put a comment on a thread on her blog (

o Comments are screened, which rings bad but may be just her response to flamers so I leave my feelings on that one unclear. We'll see if she allows my comment, and one point for her if she does.

o Thread: Why did Hitler Invade Poland?
- Answer given at, which is the basis of the thread.
- Answer, foreseeably - it was a jewish conspiracy which has gone on to control the world, including what I am writing at this moment, even though I can't tell I'm being controlled and don't know what I will write next, myself.

o I signed my post on HOI's site as shown: chris blask, this blogsite and my email address. Not too sure about nicknames - nothing wrong with having any nick you like, but if you act under that nick you should feel perfectly ready to put an actual name to it as well.

o BTW, for my vote? Anyone that can run a conspiracy that well can go ahead and run the damn world. Obviously they have every other human group ever created beat hands-down on organizational effectiveness and will do a better job than you or I would.


-chris blask

Thread: Why did Hitler Invade Poland?

Subject: Why then France?

Hi folks,

OK, I'm not one of the believers (though I may be one of the blood, being an aryan german). As one of the posters said, you may expect some illiterate rant (which, btw, is what your opposition usually expects from you, and also has many "UR SO DUM" quotes from those from your camp to whine about). Instead, I tend to want to hear every side of every issue, no matter how much I may disagree. Who knows, maybe you folks know something I've never heard which completely changes my worldview? Doubt it very very much, but hey, what good is a debate with Dittoheads?

So, Poland pissed off Germany by doing horrible things, causing Germany to invade Poland. I won't dispute that at the moment, sounds like something a badly run country would do, which is the case in most countries throughout history.

So, what about France and the Netherlands? Did they piss off Germany too, or was that another case of the Good and Pure-Intentioned Germans being horribly wronged by the Jewish Conspiracy?

One other small point, pardon me if you "get this all the time", but how do you explain the incredibly complex and well-oiled machine of this All Powerful Consiracy? In my experience, groups of people can achieve really amazing things, but keeping a perfect secret for any length of time with any number of people involved is an accomplishment beyond my imagaination.

OK, really one last one. Also it always seems to me whenever I talk to the true conspiracy believers (and one of the best-informed is one of my oldest friends, so please don't get pissed at any perceived belligerence [getting pissed at my ideas is fine, that's what we Jewish Conspirators invented Freedom of Speech for... ;-]), I can't get past the picture of this collection of conspiracies and Secret Societies spanning centuries all competing with eachother for supremacy. In the end it looks to me like the usual Open Market Resources issue - as long as they compete against each other (assuming they exist) they effectively cancel themselves out. Even if there is a Jewish Conspiracy, there is certainly a Hindu Conspiracy, a Muslim Conspiracy, a Christian Conspiracy (you may be part of it, afaik) and others all wrestling with eachother. As long as we (the species) don't let any one of you groups/conspiracies/religions/whathaveyou have too large a percentage of the free oxygen - and we achieve that by keeping you all out in the open (a favorable by product of Freedom of Speech, which itself is simply the only rational way to exist) - it all cancels out like an interference pattern.

Go ahead and have your jewish/nazi/masonic conspiracies. Whatever social lessons there are to be gained for the species will be vetted in the cauldron of Free Speech, Free Enterprise and the aggregate individual choices people, on average, make so well.

-chris blask

Wednesday, April 06, 2005

Information Security

Hi folks!

OK, what do I have to say about infosec?

There are a number of interesting dynamics at play with information security. Of course there are the technical issues:

o "how do you encrypt data securely?"
o "how do you allow an http connection across an organizational boundary securely?"

However, in my experience the most important factors are the practical and pragmatic:

o "given who am I, what do I do to move from my current state to a more secure state?"
o "given all factors, what level of operational security can I achieve in what period of time?"
o "is my current/desired security level sufficient to reduce the risk to the same or less than other risks I face?"

To set the tone of my views on infosec (and most other complex efforts), let me share one of the first and most fundamental lessons I learned about the evolution of technology in the face of group dynamics:

John Alsop - currently CEO of BorderWare II - was my boss at Sea Change when we dreamed up and built the first BorderWare Firewall Server. Something John said to me before the launch of the Firewall Server has always stuck with me and provided a lot of comfort when seemingly intractable challenges reared their ugly heads.

In the early Nineties I had been talking to various folks about this new Internet Security Gateway product we were building, and an engineer at a potential customer - who had more knowledge than I did at the time about how TCP/IP works - dismissed the potential of the Internet because there weren't enough IP addresses available, what with folks grabbing entire Class A addresses (16,777,216 IP addresses), and told me that the Internet was doomed. I did the math, saw the problem, and rushed into John's office to see if it was true that my vision of the future of the 'Net was hosed. John, unflappable as always, told me this gem;

"I learned long ago that if a technical problem stands in the way of enough demand for a fix, solutions will emerge organically."

A few months later we released the BFS as the first commercial Network Address Translation gateway (ironically at the same time as the other first NAT gateway - PIX :-), and since then everyone can have sixteen million computers on their network while using only one public Internet IP Address. It has been consistent in my experience that the same holds true for other roadblocks - whether it is a new type of attack that arises and seems at first glance to be unmanageable or an issue of sociology - aggregate need for a solution drives the creation of solutions with an irresistible force.

Therefore, at any one time the security solutions which exist or are in the process of creation form a very good fit with the pattern of needs being felt by the community of Internet users. Where the available or emerging solutions can be seen to fail to match the current and foreseeable pattern of needs, business opportunities exist for anyone who can address that gap.

o FUD (Fear, Uncertainty and Doubt)

- The immutable fact described above - that the open nature of the technical foundation of the Internet and Free-Market Capitalism allows anyone anywhere to recognize a need for an infosec solution and make a living addressing it - should be a great source of comfort for consumers of infosec and should be the foundation that infosec folks communicate to their customers. Using FUD to scare customers into buying Security Product XYZ not only fails to address the consumer's real desire (to remove the barrier of fear which is stopping them from achieving desired goals), but worse it creates a general malaise among the non-infosec community ("well, since it is hopeless and beyond my understanding, no sense in even trying...") leading to a vicious cycle of less security being in place, more proof of the common belief in hopelessness, less adoption of security...

Areas needing development.

o Managed Security Service Providers

- it appears that the MSSP space is on the verge of developing the kinds of services that will be consumed in volume. This will require a separate article to delve into, and a stiff Irish coffee...

o Identity

- the solution to SPAM lies in identity.

- electronic voting is enabled by identity.

- absolutely no-one uses secure passwords or authentication. The only thing keeping identity at all functional at the moment is the volume of targets for bad guys and the basic honesty and sense of fairness that is by far more common than a lack thereof.

Is infosec a hopeless effort?


The ongoing existence of the Internet and its startlingly high availability is living proof that infosec problems are not catastrophic. While there remains a risk that infosec failings can be exploited to cause significant harm - and these risks deserve all of the attention those in the industry dedicate to them - people using information technology should not overtly worry about the issue from moment to moment. Because of the nature of the Internet, open systems, standards and the motivation of those who use and develop the technologies that run the infrastructure, the Good Guys are at least as capable, more numerous and much better funded than the Bad Guys, and will stay that way.