OPM data breach

In June we were told by the federal OPM (Office of Personnel Management) that as many as four million personal records of government employees who hold security clearances had been compromised by what appeared to be Chinese hackers. We’ve since learned that fourteen million — no, wait — at least twenty-four million records were compromised.

A congressional hearing sounds like a cure for insomnia, but I was fascinated by the hours-long video record of the June 24 hearing by the House of Representatives’ Committee on Oversight and Government Reform. The OPM’s director, CIO, US-CERT representative, Inspector General, and OPM contractors responded to questions by the committee. It’s a long hearing, but filled with revealing glimpses into a bureaucracy that spent over five hundred million dollars on I.T. since 2008. And still failed.

It sounds like OPM has three insecure areas:

• the records within its files aren’t encrypted;
• its perimeter security is vulnerable;
• its management of vendors’ security policies is weak.

Unencrypted records stored in COBOL files

I gather that OPM stores these records in files that were created by applications that were written in COBOL. Apparently over a million records include fingerprints stored as unencrypted graphics images. It’s likely that these COBOL files are ISAM (Indexed Sequential Access Method) files or derivatives. Fields — even numeric fields — within ISAM files are stored as ASCII characters. It’s inefficient, but very easy to read.

Typical COBOL code

As far as I know, COBOL lacks the ability to encrypt fields. I’ve managed a legacy COBOL ERP system that was compiled with MicroFocus COBOL and used the Btrieve record management system. It worked nicely. The underlying Btrieve record manager would allow fields to be encrypted and supplemental indexes added without the permission of the overlying COBOL program. The original COBOL code remained intact, unaware that Btrieve was adding indexes, encrypting, decrypting, etc. Similar adaptations of legacy COBOL programs to Oracle RDBMS exist.

My guess is that the OPM data files are read by more than one application. If the record layouts of these files were changed, all applications that read them would need to be changed. This could be a major task.

I can’t comment on the OPM’s perimeter vulnerability. Their supervision of contractors was inadequate, since poor user management at contractor KeyPoint Government Solutions opened a door to attackers. (Details: Contractor breach gave hackers keys to OPM data).

Data security ain’t easy.

I’m happy to learn that the OPM director and CIO were fired after this hearing. They were clearly in over their heads. It is, though, like closing the barn door after the horses (or data) have fled.

Non-technical people should not attempt to manage technical enterprises. They simply can’t manage processes that they don’t understand. It’s too easy to fool a non-technical person with smoke and mirrors. Case in point: Steve Ballmer, a salesman who mis-managed Microsoft for a decade.

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

Gordon Welchman, Codebreaker

Gordon Welchman was an Englishman who, while working on decoding German messages at Bletchley Park during World War II, invented traffic analysis. His idea was that even if one couldn’t decipher message contents, just tabulating who messaged whom, when, and how frequently, lent knowledge about the enemy.

After the war, he emigrated to America, where he became an American citizen and taught the first computer course at M.I.T. He worked for Remington Rand and eventually for the MITRE Corporation, where he enhanced traffic analysis technology and helped develop C³ (Command, Control, and Communication) systems.

Following the publication of his book The Hut Six Story in 1982, which detailed the work of his Hut Six group at Bletchley Park, his security clearance was revoked. This killed his career in intelligence.

Today we call the information that surrounds a message “metadata”.

Snowboarding NYC, Jan 2016

Well, both snowboarding and skiing. Reminds me of water skiing. The middle east coast states received buckets of snow this weekend and these New Yorkers made the best of it. Yes, that looks like Broadway in Times Square.

A 2000 year old computer

Nova: The 2000 Year-Old Computer – Decoding the Antikythera Mechanism (first aired on American PBS television network in 2013)

“It re-writes the history of technology.”

 

The Antikythera Mechanism Research Project

Jo Marchant explains: In search of lost time

Hillary Clinton-approved email server

I love this parody.  It’s a humorous advertisement for your own mail server:

Do you run a government agency but hate complying with the law?  Then you need DC Matic, the Hillary Clinton-approved email server!

credit: Written and performed by Remy.  Video directed and edited by Meredith Bragg

What’s Hillary hiding?  Classified emails?  Sure.  Evidence of her negligence in Benghazi that led to the murders of US citizens?  Of course.  Security breaches via assistant Huma Abedin’s Muslim Brotherhood connections?  Probably.  No, the ticking time bomb in this server is bribery.  Maybe treason as well.  She’s hiding written evidence of her deals that traded State Department help in exchange for large donations to the Clinton Foundation and large fees for speaking engagements by Bill Clinton.

Putney Swope and Barack Obama

Today’s laughably corrupt Obama regime is life imitating art. Which art? Cinema. Whacked-out cinema. Farce. Namely, 1969’s Putney Swope:

Both Swope and Obama were elected to office by fools who suffer from chronic white guilt.

In 1969, Putney Swope announced:

The changes I’m gonna make will be minimal. I’m not gonna rock the boat. Rockin’ the boat’s a drag. What you do is sink the boat.

In 2008, Barack Obama bragged:

. . . we are five days away from fundamentally transforming the United States of America.

Mr. Obama is trying to transform America, alright. Transform it from a prosperous capitalist economy governed by a constitutional republic to a bankrupt socialist economy governed by a corrupt tyrannical dictatorship. Barack is following Putney’s credo, “What you do is sink the boat.”

YouTube subtitle humor

Here’s a funny video that’s supposedly an Iranian negotiator recounting the stupidity of Messrs Obama and Kerry:

The sardonic subtitles were added by Madison McQueen. (She apparently is the granddaughter of actor Steve McQueen.)

The best line:

I’ve had tougher negotiations over a falafel sandwich!

I first saw this sort of humor in a video clip taken from a biography of Hitler: United broke Hitler’s guitar, too!.

I like this sort of humorous subtitling. And I like its message: Obama and Kerry are fools.

Wanna see jitterbug? Wanna hear rock & roll?

Check out this video:

The tune, “Slow Down”, is performed on piano and sung by its composer, Larry Williams. He was from New Orleans (of course). The tune, ringing with ninth chords, was released on disc in 1958. I think that the dancers are from a 1950s Hollywood rock & roll movie. Larry also composed Dizzy Miss Lizzy, Bad Boy, and Bony Moronie — classic rock tunes, all. He was born in 1935 and died on this date, January 7, in 1980.

In the mid-1950s, Williams inherited star billing from Little Richard (who’d forsaken rock and roll for religion) at New Orleans’ record label Specialty Records.

While Williams was alive, the Beatles paid their respects by admirably covering Larry’s Dizzy Miss Lizzy, Slow Down, and Bad Boy. I’m amazed that Larry Williams isn’t in the Rock and Roll Hall of Fame.

Extra credit assignment: Compare and contrast the Beatles’ cover of Slow Down with Larry Williams’ original. This clip includes the fab four wailing in Liverpool’s Cavern Club: (If YouTube has taken down this video clip, you can hear the same recording with groovy rock and roll clips (sorry — requires Flash) from 1950s America and early Beatles. Sorry for the Flash format.)

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

Joni Mitchell, Jaco Pastorius, et al on YouTube

I’m delighted to discover that the video of Joni Mitchell’s classic Shadows and Light concert (1980) can be viewed in full (1h 13m) on YouTube. Supporting players are Jaco Pastorius on bass, Pat Metheny on guitar, Michael Brecker on sax, Don Alias on drums, Lyle Mays on keyboards, and The Persuasions. It’s among my favorite videos of a concert performance.

Jaco Pastorius

Jaco was a Fort Lauderdale kid who began playing in rock bands around town in a variety of clubs: She, The 4 O’Clock CLub, The Village Zoo, The Flying Machine, The Button, Bachelors III, Ocean Mist . . . When I first heard Jaco in the early 1970s, he was playing bass for straight-ahead local rock bands. He graduated to more jazz- and fusion- related music and put his unique fretless Fender bass stamp on Weather Report. I’ve heard bass players tell me that they tried to imitate Jaco’s technique, but gave up trying; they claim that Jaco changed what it meant to play electric bass guitar. Jaco’s friend Pat Metheny, who plays a beautiful lead guitar in this concert, is a University of Miami music school graduate.

Jaco seemed to still have his act together when he played this concert. Wikipedia has a good Jaco biography. He had a rapid rise to the top followed by a quick ride back down again. I had musician friends c 1984-87 who were torn up watching their friend Jaco dismantle his life. This Warner Brothers recording artist and Down Beat Hall of Fame member was sleeping on park benches and shooting baskets in a local public park.

Michael Brecker and Don Alias died a few years ago.

This is a classic performance by master musicians who were at the top of their games. Too bad it couldn’t last forever.

FCC may fine NBC for Miley Cyrus “Bangerz” show

According to Rolling Stone magazine, the FCC is considering disciplining NBC for airing an indecent performance on July 6, Miley Cyrus’ “Bangerz Tour”. I watched it. It was provocative, but artful. Bertolt Brecht would have loved the production: live dancers against rear-projection oversized animation with creative costumes and lighting. I loved it. Some of the images, such as Miley riding a giant “Mr. Wiener”, were sexually suggestive.

Click to stream or download full 862 Megabyte video performance

The concert (recorded in Barcelona) reminded me of Madonna’s shows twenty-five years ago. Both performers have acceptable contralto voices, energetic dance skills, and assemble exciting Brechtian spectacles. I love the costuming and choreopgraphy. Shocking? “Bangerz” pushed the limits on prime-time American TV, I suppose. But that week on television, the atrocious performance by the Brazilian football team was truly shocking.

I’d prefer that the FCC take no action on this. They have enough serious issues on their plate already. Censoring art is, in my opinion, a slippery slope for any government agency . . . and I think that this production can be labeled “art”. Here’s the full show (862MB H264 1h 25m mp4 video file, 720 x 404 pixel) for download or streaming:

Click to stream or download full 862 Megabyte video performance

You’ll need a fast Internet connection to smoothly stream this. You might be better to download the file and then play it locally with a good video player such as VLC.

Is it Miley’s performance or just modern low distortion recording technique that for the first time makes John Lennon’s “Lucy in the Sky with Diamonds” lyrics (at 44m 35s) sound so . . . so . . . clear, logical, and complete?

What do you think?

How are modern integrated circuits manufactured?

I’ve worked with integrated circuits (I.C.s) since the 1960s, but haven’t been involved in their manufacture — only their application.

Intel Haswell wafer with a pin for scale
photo: Intel Free Press

Today’s integrated circuit manufacture is a high stakes capital intensive business whose players use trade secrets to maintain their market advantage. I’ve never been inside an I.C. “fab” (factory), so it was a treat to find an hour-long presentation by an industry manufacturing engineer on YouTube. The technologies used at nano dimensions are mind-boggling.

Here’s the excellent presentation, in full:

The speaker mentions that lithographic imaging of the mask is now being done at 193 nanometer (nm). As you can see, we’re well above visible light and on our way to x-rays(!). Here’s the electromagnetic spectrum in that region:

Click for full-size
graphic by: Shigeru23

The presentation is aimed at the layperson and is filled with surprises. For instance, one gigabyte of semiconductor memory can be produced on a flat substrate within the diameter of a human hair. I give it two (gloved) thumbs up.

Technology and Politics

“The price of avoiding politics is being ruled by your inferiors.” — Plato

Henry Ford’s comment on confidence

Whether you believe you can do a thing or not, you are right.

Henry Ford

How to program, lesson 1

Good programming advice:

Begin at the beginning and go on till you come to the end: then stop. — Lewis Carroll

Infinity

Two things are infinite: the universe and human stupidity; and I’m not sure about the universe. — Albert Einstein

Steve & Jimi on choices

Your time is limited, so don’t waste it living someone else’s life. Don’t be trapped by dogma – which is living with the results of other people’s thinking. Don’t let the noise of others’ opinions drown out your own inner voice. And most important, have the courage to follow your heart and intuition. They somehow already know what you truly want to become. Everything else is secondary. — Steve Jobs

I’m the one that’s gonna have to die when it’s time for me to die, so let me live my life the way I want to. — Jimi Hendrix

Albert Einstein liked simple language.

If you can’t explain it to a six year old, you don’t understand it yourself.

If you can’t explain it simply, you don’t understand it well enough.

— Albert Einstein

Both aphorisms have been attributed to Dr. Einstein. I mentioned in Plain English that,

In my experience, the best scientists and engineers explain complex concepts by using simple words in simple sentences. Dolts, on the other hand, make everything sound complicated.

I’m glad that Dr. Einstein agreed. (After watching his video biography, I now think of him as “Uncle Albert”.)

Nothing ventured, nothing gained.

Those who dare, risk failure.
Those who don’t, ensure it.

Walt Mossberg, WSJ Tech Critic

I just listened to an excellent interview with Walt Mossberg, who since 1991 wrote a weekly computer industry column for the Wall Street Journal. Walt’s now retired. Leo Laporte, an industry podcaster, coaxes some great stories from Mr. Mossberg. 

Walt’s perspective was always that of a user — not a tech freak. Most industry reporters are techies who don’t appreciate that most of us don’t care about the inner workings and secret mechanisms of computers.

Walt speaks a bit about his long relationships with both Steve Jobs and Bill Gates. (Walt sat in the passenger seat as Gates, frustrated by traffic, drove his Lexus for miles on the road’s shoulder.)

It’s a pleasant and informative hour-long conversation. 

[Triangulation (MP3)] Triangulation 310: Walt Mossberg

http://podplayer.net/#/?id=39772523 via @PodcastAddict

ABBA reconsidered

In the 1970s and early 1980s, I loved ABBA’s music. I was pleased to discover this recent critique, in both spoken and written form. I didn’t realize that ABBA were considered politically incorrect in their home country.

The world according to ABBA (audio clip)

Intelligent Life magazine‘s Matthew Sweet observes that ABBA’s songs progressed from naiveté through sophistication to melancholy. As Matthew says, “Many of their songs are about accepting the failure of relationships”.

Here’s the companion article, Thank You for the Music, by Matthew Sweet, from a recent issue of Intelligent Life. Both the article and the audio clip stem from his visit to Stockholm’s ABBA Museum.

Truths about swimming

These observations will help you get the most from your swimming. (They’re from Australian podcast Effortless Swimming). Each is a short audio clip of less than ten minutes.  (The first truth is that one or two swim workouts a week won’t cut it.)

  Part one

 

  Part two

 

  Part three

I enjoy listening to all Effortless Swimming podcasts.

Taking Back the English Language

I listened to KERA’s Krys Boyd interview author Steven Pinker about one of my favorite topics: plain English. Mr. Pinker authored The Sense of Style: The Thinking Person’s Guide to Writing in the 21st Century. He claims that education often interferes with a person’s clarity. He refers to this wordy English dialect as academese, which is similar to corporate hack boilerplate.

I agree. Most academic papers are terribly written, as is the text in many corporate websites.

Both dialects employ the passive voice and zombie nouns: nouns created from verbs. For example, instead of appearing, there is an appearance. Instead of cancelling, there is a cancellation.

Mr. Pinker closes with the “prime directive” of Strunk and White’s The Elements of Style:

Omit needless words.

Why not a movie about Ada?

Now that not just one, but two movies (Breaking The Code and The Imitation Game) have been produced about Alan Turing, it’s time we had a movie about Ada Lovelace. She seems to have possessed an unusual combination of precise reasoning and imagination, strong will, and feminine charm. Plus, she was in the middle of a tug o war between her feuding parents, poet Lord Byron and his wife Anne Isabella.

Why is Ada important? She’s acknowledged to be the first computer programmer (c 1840!). Like Mozart and Turing, her life was tragically cut short at a young age. I propose this biopic today because it’s Ada Lovelace Day!

BBC Great Lives 28-minute audio portrait of Ada Lovelace.

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

While verifying quotation authenticity, I found a useful — and delightful — website, quoteinvestigator.com, which tries to chase down the origins of quotations.

W.C, Fields in 1935

The most recent entry quotes an aging W.C. Fields, when discovered reading a Bible, explaining,

I’m looking for loopholes.

.

New and Improved Method

If you’re using Windows 7 or 8.1, and you’re sick of being nagged by Microsoft’s pop-up to upgrade to Windows 10, go to the Ultimate Outsider website and download and install their GWX Control Panel. It’s received rave reviews. Cost: gratis. Here’s the full description.

Microsoft Strikes Again – How to NOT Upgrade to Windows 10

 

Update, April 3, 2016: Steve Gibson, founder of GRC (Gibson Research Corp), has written a great little freeware utility that also blocks upgrades to Windows 10. Steve writes most of his code in assembler, so his utilities are tiny. He calls this newest utility Never10. He’s created a page dedicated to Never10, where you may download it for free. It’s only 81 kilobyes in size and doesn’t require installation on your Windows PC.  You need just run it once to turn off upgrades to Windows 10, and run it again to allow upgrades to Windows 10. Short and sweet, it’s just what the doctor ordered.

Save time when installing application programs on a PC.

Installing two or more application programs on a PC can chew up your time as you wade through web pages, download prompts that don’t always work, and questions and answers. Now ninite.com (http://ninite.com/) does this tedious work for you. I’ve tried it on a few PCs and it’s worked flawlessly. Install everything in one easy step on your brand-new Windows 7 PC!

 

Thanks to The Real Deal podcast for this tip.

Visit my website: http://russbellew.com