Category: General

Helping Users Protect Themselves

Some soundbites rom The weakest security link?  It's you, a recent News.com article:

People are the weakest link.

Education is the first line of defense.

People are still not thinking before opening an (e-mail) attachment.

The big problem with educating employees on security issues is being able to track whether you're getting through to people.

Everyone knows about viruses, for example, but half the people don't have antivirus software.

While I agree that people are the weakest security link and even the world's strongest lock is useless if not used, I don't think that training employees about security and tracking security policy compliance is enough to fix the problem.

What's the missing ingredient?

Helping users protect themselves.

Just as training drivers all about driving hazards is useless if the driver is a blind, users can't protect themselves if they are not fully aware of what is going on around them.  Was there any suspicoius activities involving my account since last time I signed-in?  Is there someone accessing my online bank account at the same time I am?

If a hacker broke into your computer remotely and used it to send phishing e-mails or spams, how would you know?  Unexpected blinking network connection lights?  Something is wrong when it's easier to keep track of friends logging into their computers than strangers logging into our computers.

Unfortunately, most designers of today's security products see the user only as an input device: I'll give you access to these if you give me this and that.  This mindset encourages people to be more concerned about lossing access than gaining protection.  This is why people reuse passwords and write them down in easy to find places.

Security companies need to start thinking more about helping users protect themselves by providing more information about what is going on and letting them play an active role in security.  If something suspicious is going on, don't let the information sit until probability crosses some security policy thresholds.  Inform the user rightaway.  Remember that, to the user, no news is good news so they'll think what they are doing is all right unless they are warned away from dangerous edges.

<

p dir=”ltr” style=”margin-right:0;”>There are ways to inform the user without getting in their way too much or making them paranoid.  For example, if an e-mail message has executable or unknown file attachements, mark it visibly as potentionally dangerous.  Hyperlinks should always clearly present the destination URL to the user instead of hiding it behind a possibly bogus text.

A Wife, A Son, and A Mountain of Luggage

On Sunday, my wife and son returned from Korea.  They also brought a mountain of luggage, two full carts worth.  Since my wife and I already had more than a decade of arguments over her seemingly unbreakable habit of moving mountains across oceans, all I could do was sigh and hug.

My wife and I are on the extreme opposites when it comes to luggage.  I despise luggage so I travel very light.  For a month long trip to Europe, I would take two underwears, two pairs of socks, two T-shirts, one jean, one slack, one jacket, and a pair of running shoes.  Since I am going to be wearing one set of everything plus the jacket and the shoes, the spares could fit comfortably into a small carry-on.  If the jacket has big pockets, I could travel without any bags but I use the carry-on to avoid getting grilled by immigration officers.  And on my trips, I rarely buy anything I have to carry.  If it's something big, I ship it. 

My wife, on the other hand, carries everything.  Her annual trips to Korea usually starts with increasing shopping activities a month or two before the trip.  In buying her gifts, she ignores logic completely.  I have seen her buying goods made in Korea as gifts to take back to Korea.  On this trip, she brought back goods she bought at Costco in Korea, goods made right here in California.  She said they were on sale over there and saving a few bucks on pots and pans made perfect sense to her.  Oy.

And much of the luggage was food.  For example, she brought back two boxes of ramyeon, dry noodle in a cup.  Of course, our local Korean markets sell them by boxes too but my wife said these are fresher.  Fresh instant noodle?  Arghhhh!

When I was growing up in Korea, I frequently saw a Korean women carrying heavy stuff while her husband walked ahead with hands behind his back.  Until I got married I didn't understand why Korean husbands weren't helping their wives.  Why?  It's because they already had their decade of fruitless arguments and all of them reached the same compromise.  As for me, I help out despite my frustrations but also try to avoid travelling with her to Korea.

Between Mars and Venus lies an impenetrable astroid field of luggage.

Trouble with Online Games

Wired reports on Electonic Arts' decision to shut down UXO (Ultima X: Odyssey) and goes on to elaborate on the pain and cost of running a massive online games.  While developing the game client and server itself is within the realm of developers' abilities, creating the content of a virtual world and keeping it an interesting place to live in is a difficult and neverending task that most developers will find difficult to manage, even if they have a deep pocket like EA.

The missing ingredient in today's online games that full 3D online world developers forgot to translate from MUD (Multiple User Dungeon, a text-only online world) is community participation in building and maintaining the online world.  Instead of hiring legions of artists and area designers, they should have leveraged the creative power of the players themselves by creating tools and offering incentives.  With such legions of superusers, all they needed was a much smaller staff to control the legion.

Player participation in running online worlds should not stop with content but also operation.  Let the superusers handle most of the in-game headaches such as user complaints and conflict moderation.  Going beyond that, superusers should also be used to play NPC roles such as monsters, shop owners, etc.

Unfortunately, EA looked only at the numbers and chose the easy way out instead of using UXO as an opportunity to explore more creative options.

Philippine Bows to Terrorists

First Spain and now Philippine.  Are they out of their minds?  At least South Korea managed to hold steady despite all the noise from the selfish peace and justice loving liberals.  They are selfish because they are ruining the country to satisfy their emotional and ideological needs.

I believe that the war against Iraq was unjustified but it's insane to give in to terrorists' demands regardless of circumstances.  Even if Philippine was going to pull out troops anyway, it should have waited to avoid appearing as if they were pulling out because of the terrorist's demands.

As to saving the lives of kidnap victims, I wonder what the Philippine government would have done if the terrorism and kidnapping took place within Philippine?  Give in?  Rewarding terrorists will only encourage more terrorism.  What will they do when terrorists start popping up everyewhere because terrorism offers better result than demonstrations?  What?  Tell them to stand in a line so you can service them properly?

Is a civilian's life more sacred than a solder's life?  Bullshit.  On war against terrorism, everyone is on the frontline.  I am on the frontline of war against terrorism alongside my 10 year old son, my wife, my parents, my friends, and collegues.  We are fighting in our homes, neighborhoods, freeways, shopping malls, restaurants.  And the war is on 24 hours a day every day.  Terrorism can step in anywhere and any time if they think they can scare people into giving them what they want.

Giving in to terrorist demands, even if it's just for an ice cream cone or a few dollars, amounts to feeding a beast that can breed like rats.  Giving in to demands of terrorists far away amounts to thinking that one can run away from terrorism.  What a silly idea.  It's as silly as trying to build a wall around Middle East or banning Islamic religion.

Into the Desert

I finally received Combat Mission: Afrika Korps (CMAK) and the companion book The Battery Commander, His Batman, and A Cook.  Woohoo!  While the game was installing, I checked out the book.  Excellent!

The battle where the book's title came from was that of Combeforce, a hastily formed group of 2,000 British anti-tank and artillery crews along with riflemen to protec them, trying to block retreating Italian 10th Army.  That's right.  2,000 men facing an army without even a single tank.  But then armies usually retreat in a line so they had to face only the forward elements and most of the armies were on road-bound vehicles (stretching for miles and miles).  As the story went, the last Italian tank was knocked out by a gun manned by the commander of 106th Battery, his batman, and a cook.

And that was just one chapter in the book.  While I enjoy reading calm accounts of battles like Rommel's classic Infantry Attack, stories like this really evoke the smell of the battle through quiet understatements and dry humor.  Only bad part about the book was that only 12 of the battles in the book had CMAK scenarios.  Darn.  I am going to browse through SMAK scenarios repositories to see if the missing scenarios have been created by other CMAK enthusiasts.  I doubt it though because you need more than just stories to create battle scenarios.  At the minimum, you need order of battle (OOB) which lists the number and types of units involved in a battle.

Firing up CMAK briefly, I remembered why I stopped playing CMBO (Combat Mission Beyond Overlord), the first volume of the series.  It was the damn artillery spotters and 88.  A well-positioned gun can stop significantly larger forces dead on its track and sometimes the only way to knock them out is with artillery or aerial bombardments.  But whenever I moved a spotter into position where he can see the gun, he gets fired on by the gun.  How can they someone far away hiding behind a bush?  Binocular reflection?  Rubbish.  Add to that the devastating power of 88 made me so fruistrated with a Bocage campaign that I stopped playing for a month and then forgot about the game.

With CMAK, unrealistic spotting ability of gunners will make some sense since there won't be many bushes to hide behind in.  One can hide behind sand dunes or bury one self in like commandos do but it's just not the same as hiding in treelines or bushes.  Anyway, I am looking forward to my desert battles for many evenings to come.

X Prize Foreboding

The Wired story of the da Vinci team's left me with more concerns than hopes and dreams.  With SpaceShipOne, I didn't have any doubts that they would succeed.  Premonitions?  While the level of excitement and activities spurred by the X Prize, particularly the success of SpaceShipOne, is great, I fear a few people will be killed before the deadline at the end of this year is over.

Old Wargames

I like wargames but haven't played one in more than a year.   So I searched around the office and found my copy of Talonsoft West Front, a classic wargame from several years ago.  Then I remembered that I needed to patch it before it will run on Windows XP.  No problem.  I'll just hop over to Talonsoft website and download it as I did last time I had an urge for a nice tank battle.  Oops.  Talonsoft merged with some company so I ended up at some other game company's website where I couldn't find patches for old games.  There wasn't any mention of the old games either.

Discouraged, I googled far and wide but came up empty.  Aren't there archives/graveyards for old wargames where I could find patches for old games?  One bright spot among old war games is SSI's Steel Panthers, which outlasted its original publisher and still popular among wargamers.  I never like Steel Panthers because it's graphics sucked and it's gameplay was overly tedious.  Besides, I have some fond memories of playing Talonsoft wargames with opponents by e-mail.  Now I will have to survey the latest wargames to see if there is one worthy playing.

Update:

If you are into realistic wargames in full 3D, the Combat Mission series from Battlefront.com is what you should be playing.   There is now three volumes in the series.  Volume one, the classic, covers the Western Europe theatre (Americans and Brits against Germans).  Volume two, Barbarossa to Berlin, covers the Eastern Europe theatre (Russians against Germans).  Volume three, Afrika Korps, covers the Mediterranian theatre.

I haven't played the second volume, but I think I'll give Afrika Korps a try because while the Eastern Europe theatre is where most massive tank battles took place, the desert is where the really fun tank battles are.  An added bonus is the release of Afrika Korps Companion Book which not only includes details about 150 small-unit battles but the author has converted the battles into Combat Mission: Afrika Korps game scenarios!  Whoa!

If you haven't played wargames before, replaying a historical battle with a stack of history books, maps, and photos about the battle offers absolutely fantastic experience.  Only problem is that history books typically cover only the large and famous battles and give only a line or two about small actions like the ones detailed and simulated in the companion book.  If you can appreciate the amount of time and effort the author must have spent to write a book like that, the book is an absolute steal IMHO.  Woohoo!  I am going to order the game and the book right now.

Here are some screenshots to tease you.

Switched to Firefox

I finally made Firefox the default browser because Firefox 0.9.1 cleaned up the mess introduced in 0.9 and there are at least two unpatched IE vulnerabilities. Besides, I predicted a while back that Firefox marketshare will be near 20% by the end of this year so I figured I would add to the number as well. 🙂

Update:

Urgh. It's not so easy to switch over after all. I didn't realize that my own blog editor was IE-specific. And a large number of websites I frequent are also IE-specific. For example, many Korean websites use Flash extensively and in-your-face style so I have to use IE to make them goaway.

Integration with Explorer shell is incomplete also. When I click on a shortcut, Firefox launches but I also get an error dialog underneath, something about link not found. Outlook integration sucks too. When I click on a link in a message, I again get an error dialog along with the Firefox browser. It complained about link viewer, so I specified Firefox as the link viewer and ended up with two Firefox windows. So I switch my e-mail client to Mozilla Thunderbird. More on that later.

When IE was my default browser, Firefox was the browser of convience for sites whose fonts were too small and international sites. Now that Firefox is my default browser, IE became the browser of necessity because many sites are just impossible to use without IE. *sigh*

Update:

Eeeek!  Firefox vulnerability this time.  It's a big one and very simple to exploit but, thankfully, just as easy to patch.  Whew.

Awkward Skunk

It's time to reveal a part of my personality.  I don't like telling people what to do, but I do.  I don't like sticking my neck out for anything, but I find myself doing so for no reason.  It's no wonder I often feel like an awkward skunk.  Hey, it's not me.  It's just my nature.