« March 26, 2004 | Main | March 30, 2004 »
March 29, 2004
Brainshare 2004 Notes
Scott Lemon blogged all five days of Brainshare. Lots of good stuff in there to digest. Some highlights:
Thanks Scott!
06:47 PM | Recommend This | Print This
Removing Limitations of Time, Locale, and Scale
I lived in Japan for two years during the 70's and that was my first experience with ATM machines. I'd never seen them before that. Later, I had a chance to visit again in 1996 and found something strange. There were still plenty of ATM machines, but while they'd been used to extend service for US banks, they were largely still just automated tellers in Japan. The most telling hint: they only operated when the bank was open. You had to get money out of them during banking hours. I was reminded of this story listening to Tom Parenty's discussion with Doug Kaye on IT Conversations. Tom said "If you want to find opportunities in which information security can promote innovations, focus on removing limitations of time, locale, and scale." He goes on:
The specific approach I took is to look at how one's current security mechanisms are limiting a business' operations from those three perspectives of locality, time and scale, and see how if one were able to provide new and different security solutions to meet the trust objectives for a particular business transaction, how that would allow an organization to able to do things in a new way. And to give a specific example of the sort of thing that I'm talking about, I want to use an example, well, that actually goes back several decades, but it shows the relevant points, and that relates to the use of ATM cards as an alternative to banking within a branch. If you look at traditional banking operations, going into a bank in order to let's say withdraw money, deposit, transfer or something like that, security limitations or rather security concerns limit the location, scale, and time at which those operations can take place. If you look at alternate technologies to accomplish those trust objectives, then you can get rid of various limitations with respect to time, scale and location. And that is exactly what we saw with ATM machines. You now have the ATM and pin as means of authentication. You've encrypted lines between the ATM machine and the bank in terms of determining balances for being able to make the access-control decision should a person get money. There are records both in terms of receipt and electronic records for transactions and things like that. And so that's one very good example of how one can eliminate the restriction of time -- one can go to an ATM machine at any time -- you've eliminated many restrictions on scale because it costs far less money to built an ATM machine than it does a branch bank, and you've also eliminated similarly a lot of location restraints because again it's much easier to put an ATM machine up than it is to put a branch bank up.From IT Conversations: Tom Parenty - Digital Defense
Referenced Mon Mar 29 2004 15:45:04 GMT-0700
I believe that looking opportunities to remove limitations for time, locale, and scale is a good guiding principal for IT in general, not just security. One of my motivations for writing a book on digital identity is to show how a good digital identity strategy does just that.
03:49 PM | Recommend This | Print This
Setting Up a SAMBA Server
CompUSA recently had 160Mb disks on sale for $79 each, so I bought a few. My intent was to repurpose one of the old Pentium II machines I've got lying around as Samba server for my wife, who takes lots of digital pictures (she has a Nikon D100). The first step was to set up a RedHat 9 machine with a RAID 1 set-up on the drives so that they're mirrored. I've never played much SAMBA, so I was looking for a good reference.
I'm fortunate to know John Terpstra, one of the founders of the SAMBA project and author of The Official SAMBA 3 HOW-TO, so I got a preprint of his latest book Samba-3 by Example : Practical Exercises to Successful Deployment. If you use SAMBA, you need this book.
Unlike the HOW-TO, this book is a cookbook. It sets up scenarios and then walks through the complete setup for that scenario. John is thorough and detailed. Chapter 1 is a primer on how to use network tools like Ethereal to debug your network. That will give you some idea of where John is coming from. Of course, my simple setup was found in the second chapter, but the book goes well beyond that. The individual steps were well explained, so I felt like I was learning the reasons for doing things, not just following a recipe. I'm confident that even someone who has used SAMBA for years will get something from every chapter in this book. This book is supposed to be released soon, so go to Amazon and pre-order a copy. You won't be disappointed.
The result? Within an hour or so, I had a new Linux box with mirrored drives and SAMBA 3.0 running and my wife's iBook happily connecting to it. A few hints:
- You need to set up IPTABLES to allow connections from the local network to the Linux server, if you want things to work. A few minutes of playing with smbclient will show you the problem.
- The mount_smbfs command will allow you to mount the drive from a script (e.g. for backup scripts), but the resulting mount won't be visable to Finder.