Peering into other lives

Enormous wonders are hiding in plain sight. Sometimes they are the world around us, and other times they are people. Vivian Maier was both – she was studiously particular abut her craft, and highly secretive in her practice.

I see something interesting in her life’s work…it could not have been so excellent if she were to become even a trifle famous, let alone familiar. She was a ghost taking wonderful pictures of people and world around her. A kind of urban combat photographer.

Also, it gives me pause to consider the giants in this world who eschew notoriety. Mny of the subjects interviewed who knew her were oddly put off by the wonderful sew ret life she lead. I wonder if they would have been as put off if she were ordinary and not gifted. How sociopathic of us to *need* attention even when we are wonderfully gifted. There is something huge and beautiful about being great at something and merely being happy to be able to do it.

Take a peek at the material…I can’t imagine the effort it will take to unearth all of her works (consider the mountain of *un*developed film she left behind), but what a gift, and it will keep on giving.


Parking Tickets…found an oops




I noticed that it’s possible to MIStype your parking tag, and still get a valid ticket ID. Why is this an issue?

A friend of mine paid a ticket for me last fall…it was the result of parking near a friendly meeting I was invited to and the consequences were unavoidable due to the meeting running over the time budgeted. So I thought “great!” That takes care of that, right?

He ended up making a numerical typo on his phone, someone else’s ticket got paid and not mine.

It appears that the ticketing system will prevent you from paying a ticket already paid, but it will not stop you from looking up another ticket and paying that one. In fact the ticket numbers appear to be assigned sequentially. This only increases the likelihood a number type in the last three or four digits will result in the lookup of a valid unpaid ticket.

We tried getting the charge looked up, but that was made doubly difficult since I was not the card owner making the payment. I hold the infraction, I cannot request payment transfer. My friend can request payment transfer but must provide all my personal info as it pertains to the license plate. Strong deterrent made even stronger by the fact that both of us are very busy IT professionals and could only try calling in. I think the total time on hold amounted to 4 hours. We only ever spoke to one live body.

I think the business process needs a serious rethink, but it could all be fixed with the addition of a random text string at the beginning or end of the parking ticket number.

But for now it’s fun looking up all the parking ticket infractions if only to see what the parking infraction staff are charging motorists.

LinkedIn Security Breach Triggers $5 Million Lawsuit – Security – End user/client security – Information Week

LinkedIn Security Breach Triggers $5 Million Lawsuit – Security – End user/client security – Informationweek.

Key statement:

…that LinkedIn did not recognize its databases had been compromised until it was informed through public channels provides further evidence that the company didn’t adhere to industry standards.

I do not agree with this assessment. It is possible to be compromised and simply not have a positive sign that it has occurred – until the results are circulating publicly or others notice that there are symptoms of a breach.

We’re seeing information systems develop the same kind of complexity that biological systems exhibit – one to one, one to many, and many to one relationships were common…but now we’re looking at behaviours of complex systems no one party understands. Rather than concrete evidence of changes or breaches we have insinuations of breaches. Smart actors are using heuristic techniques to gain entry without tripping defensive responses, and there is no way to guarantee a breach can’t occur, even with “industry standard” projections.

What do you do when your “industry standard” protections must evolve weekly?

I’m interested to see what level of protection LinkedIn purports to adhere to, but even if it’s good enough there will be another breach. How do we plan for that reality?

I’m curious about the practical expression of these skills in the enterprise. Every breach I’ve been privy to or personally uncovered has occurred due to the lack of maintenance in one part of the system, lack of attention to detail, or poor process (A problem is found but is unreportable as noone will act on the information or take ownership of the issue, or worse, profess ignorance out of fear for taking blame as the first responder). Any of these familiar? They’re solvable now.

So hopefully the problem at LinkedIn *is* the latter (process, policy, or technical failures), because the former – sophisticated breaches that are coming from all angles using co-operatively integrated components (inside the network, outside the network, human and robot/AI players) is concerning, yet incredibly exciting. We’re seeing complex networks behaving like biological systems and I expect data protection and AV vendors to step up to the plate. Just don’t expect the breaches to stop…they’ll inevitably continue as long as we present high value targets.