Fiction

From Ed Park's Personal Days:

"Every employee would soon be required to create a new log-on password consisting of a mix of nonsequential capital letters and a three-digit prime number and a punctuation mark, and then change it once a month by sending an Excel form to a secure website in Oakland. This was just standard operating procedure.

Each demand felt like the securing of a strap on a straitjacket."

From Rothman, an article at CSOnline discusses Moody's infosec risk rating service.

I personally dig this quote:

The idea for such an at-a-glance rating is appealing to risk executives such as Andre Gold, head of security and risk management for ING’s U.S. Financial Services business... Last year Gold oversaw reviews of 176 new technology vendors; his team visited sites as far away as South Africa to conduct security assessments. “It’s a service that we must do, but I think it’s a non-value-add service,” he says.

A non-value-add service? To quote Michael Scott, that's what she said.


photo from Dwight K. Schrute.

Impacted Molars: Pay Hell Gettin' It Done Edition

Random Eye-tooth:
I've been reading the Counterinsurgency Manual, and I'm figuring there is some analogue to a corporate approach to minimize the "insider threat."

Extraction:
Mr. Loblaw describes a grisly example of privacy abuse in a recent decision du jour, selecting the choicest text of a 6th Circuit decision so I don't have to. But I will.

As the plaintiffs’ complaint explains, prisoners have threatened and taunted the officers, often incorporating the plaintiffs’ social security numbers (which they have committed to memory) into the taunts. Some prisoners wrote the social security numbers of some of the plaintiffs on slips of paper that they threw out of their cells.

Now that's what I call abuse of NPI, a sort of SSN gassing. But do the plaintiffs get relief? No.

[T]he guards’ social securities numbers are not sensitive enough and the threat of retaliation from prisoners was not substantial enough to warrant constitutional protection.

Ride the NPI Country:
Courtesy the continual compendium of outrages privacy related, i.e, Pogo, come this story hashes ID crime stats. The conclusion it appears to draw is that Big Sky Country is a den of ID thieves. All the big increases in identity crime occur in North Dakota and Montana, with the notable exception of Springfield, IL, which can be attributed to Groundskeeper Willie and Apu. Considering that there are more people in my MSA than all of Montana or North Dakota, I wish I could get a thorough look at the stats. Not so bad that I'm going to request data from a "marketing@" e-mail address, which ID Analytics requires.

Computer Security for Trainables:
From the Chronicle tech blog, the winners of Educause's security awareness video contest. I dunno. These videos will not be a part of my infosec counterinsurgency program. No beat, can't dance to 'em.


Bonus:
"Sweet fancy moses": the whole shocking story. Discuss.

Describing Difficult Procedures

Lately, I've been working on my 1972 Alfa Romeo GTV. What I've learned about project management seems to evaporate into red mist in my garage. Currently, as part of changing my fuel system from the wonderful yet arcane SPICA mechanical fuel injection to the elegant and infinitely adjustable Weber carburetor, I am pulling the head off the twin overhead cam beast.

The head pulling process is described in the Alfa Romeo Giulia Owners Workshop Manual thusly:

"Remove the head nuts and the two screws fixing the front cover to the head, then lift off the head."

As it represents the official, legally vetted process described by the vendor, the above advice can be called "the standard."

Pat Braden's definitive "Alfa Romeo's Owner's Bible" describes the procedure thusly:

"The head bolts should be loosened incrementally following a spiral from the center out. Work slowly around the engine double-checking that everything is removed before trying to lift the head free. Typically, the head won't come free."

This passage is followed by several paragraphs of recommended procedures for freeing the stuck head, including "factory tool" and "rope trick." Having been codified in book, written by an expert, these are clearly "best practices."

On the Alfa Bulletin Board, a search on "head removal" will generate a multiple page jeremiad of head pulling frustration and anxiety. Tools as diverse as crow bars, bottle jacks, concrete rust remover and improvised pullers are deployed to extract head from block. Results vary. I'll call this "how things happen in real life."