Still around

I know, I owe apologies. I tried to re-record the segment while in Geneva, but little did I know that the hotel was downtown, where the Euro Football 2008 fans were driving around honking horns when their teams won, as well as being two blocks from Hopitaux Universitaires de Geneve (Geneva University Hospital). For as calm as the Swiss are, there are ambulances running all the time.

I got back on the 14th, and was fighting jetlag the entire week. Last weekend, the kids came over to celebrate my birthday,  and this week have been in SAP training. So I will get that segment re-recorded as soon as possible, and get it out.

In production

A long time in coming, however, I have all my content collected and most of it recorded. I had a bout of jetlag last week, having jumped forward in time by 6 hours. I recorded last week, but part of the content was irrecoverable. I will re-record tomorrow night after changing hotels. I thank my loyal fans for hanging in there.

Debian/Ubuntu RNG update

I spent most of the weekend getting my keys regenerated. On the downside, it took most of the weekend, but on the plus side, tons of content for the podcast. I took the tinfoil had approach.

In essence, any keys or certs that were either compromised or unknown status and were created between Sep 2006 and May 2008 were deleted and recreated. In the immortal words of Ripley in Aliens, “I say we take off and nuke the entire site from orbit. It’s the only way to be sure.”

I will give a step-by-step of the process that I used to update in episode 1, which should be out this week.

Production finally

Episode 1 is in production. I apologize for the delays, but in addition to the new job, computer upgrades, and what not, I just spent 18 hours vacuuming the water out of my basement from the series of storms.

In any case, I will make a real effort to release the episode this week.

Episode 1 in preproduction

For all that are wondering, I am in pre-production on episode 1. I will hopefully be able to sit down and do some recording this week. Its been very busy on the new job, plus I need to put the upgraded recording machine through her paces. I will hopefully be able to get two episodes cranked out before I have to leave for Geneva.

Show notes for Episode 0

What is security? My definition of security is the art and science of risk management. Things are going to go wrong, the world is an imperfect place. Computer security is all about the prevention of things going wrong that you can prevent, and the minimization of damage when things go wrong beyond your control. According to ISC2, there are 10 areas or domains of security

• Access Control
• Application Security
• Business Continuity and Disaster Recovery Planning
• Cryptography
• Information Security and Risk Management
• Legal, Regulations, Compliance and Investigations
• Operations Security
• Physical (Environmental) Security
• Security Architecture and Design
• Telecommunications and Network Security

However, in the broader scale, I break these down into four major areas:

• Policy - Anticipating and planning for what to do when things go wrong. As the name implies, this is a definition of acceptable use of your network and computers.

• Security Engineering - Putting the tools in place to [hopefully] prevent or at least detect when things go wrong. This is the securing of your network and computers therein. This is what I refer to as the “wrench work”. These are the measures that the system administrator and the security engineer put in place to satisfy the policy requirements and IA findings.

• Information Assurance - Reviewing the policy and Security Engineering steps to insure that they are adequate to protect your investment when things go wrong. IA is the assurance of data confidentiality, integrity and availability. This is the measure of the effectiveness of the defenses in place, and recommendations for improving these defenses.

• Forensics - Figuring out why things went wrong. The art and science of data recovery and reconstructing crime scenes. Sort of like CSI, but nowhere near as sexy.

The other domains are the support infrastructure of the areas noted above. For the typical home Linux user, IA and Policy are implied, however, we will be taking a look at them in future podcasts. There is no such thing as complete security. I’ve often stated that security times usability is a constant. To get a truly secure system, you need to unplug it from the network, remove power, pack it in concrete and fire it into the sun…But then it isn’t very usable, is it? That said, your threat environment should dictate your security posture. You generally don’t see Mayberry-style small-town police forces toting automatic weapons and anti-aircraft missiles. By the same token, a sling and stones hasn’t worked in a combat environment since David’s time and he had God’s help. When planning security, one of the watchwords is ”Defense in Depth”. What does this mean? Well, it means that you should not depend on one method to detect or defend against an attack. In fact, you should have interlocking defenses. If one method fails or is defeated, this should trip another one.

Feeds fixed…[hopefully]

The feeds appear to be fixed. Thanks to LinuxChic as well as TechMonkey from the AlternaGeek podcast , we were able to get things straightened out. Several things appeared to be wrong, including problems after our recent WordPress upgrade, typos (the story of my life) and a couple of other problems.

But, it should be back on track and I can start working on episode 1.

Almost there…

Well, yesterday, I left my old job. I was on vacation all this week (except for having to go to my exit interview yesterday), so I started my new job on Wednesday. The new job looks to be perfectly suited to me.

That said, I spent some quality time in audacity last night, doing the post production work. It is complete and I have done the listen through. I am converting to ogg and mp3 and will be doing the rss tags. It should be up there this weekend.

Reading List

I have had several people ask me about the books that Dave Yates and I discussed on LLL ep. 69, so I thought I would list the books that were mentioned and a brief description of them.

First, the Honor Harrington series. David Weber wrote a set of stories in the style of Horatio Hornblower, by C. S. Forester, which is the story of a British naval officer during the Napoleonic war. Weber takes this concept into space, and creates Captain Honor Harrington. a starship captain in Her Majesty’s navy of the star system of Manticore. Weber does a great job of setting up his universe and developing his characters. The following books comprise the series:

• On Basilisk Station
• The Honor of the Queen
• The Short Victorious War
• Field of Dishonor
• Flag in Exile
• Honor Among Enemies
• In Enemy Hands
• Echoes of Honor
• Ashes of Victory
• War Of Honor

There are also several anthologies, edited by David Weber.

• More than Honor
• Worlds of Honor
• Changer of Worlds
• The Service of the Sword

Finally, there are a couple of books from the Honorverse, which happened in parallel with the original books:

• Crown of Slaves
• Shadows of Saganami

The second series I mentioned was the Legacy of the Alldenata series. Quoting wikipedia, “The central premise is that in 2001, humanity receives greetings from a highly advanced, peaceable Galactic Federation. However, all is not well, for a species of aggressive aliens known as the Posleen are attacking the Galactics. Since the Galactics are almost entirely unable to fight, they are appealing to the proven military abilities of humanity for aid. However, things are rarely as simple as they seem, and humanity soon discovers that the Galactics are no friends at all. There are plots within plots, some going back to the dawn of humanity and beyond: plots that endanger the very survival of humanity.”

• A Hymn Before Battle
• Gust Front
• When the Devil Dances
• Hell’s Faire
• The Hero
• Cally’s War
• Sister Time
• Watch on the Rhine

Finally, I mentioned the Hammer’s Slammers series, by David Drake. It is a series of stories about a mercenary regiment commanded by Col. Alois Hammer. Like David Weber, many of Drake’s stories mold either historical events or other story concepts into his universe. The original series consists of:

• Hammer’s Slammers
• At Any Price
• Counting the Cost
• Rolling Hot
• The Warrior
• The Sharp End
• Paying the Piper

Many of these books are not available as e-books.

Baen Books has a free library, in which the first few books of a series can be downloaded in a number of formats. However, Jim Baen also felt that giving away books in these formats would generate sales. He started releasing books on CD with hardback editions of new releases. These CDs were released as open source, so people have posted them online. One site is at the Fifth Imperium. Enjoy!

Interviewed on LottaLinuxLinks Podcast

Well, I guess my feet are firmly in the fire for the podcast. Dave Yates from the LottaLinuxLinks Podcast interviewed me today. We had a good chat, Dave is a great guy who does a terrific podcast, and I thank him for having me on.