Alan Shimel – 1K club member

27 Apr , 2007  

Congratz to my old buddy Alan Shimel on his ascent to the 1k club of blog subscriber-ship. 

You truly are the Kwisatz Haderach. (Ok, now put your hand back in the box, young Atreides.)


software and software appliances

26 Apr , 2007  

I’ve been compilling all the needed materials for our upcoming partner programs for Cobia and an intested party asked us about Cobia’s software appliance capabilities.

StillSecure started doing software appliances with our very first product, Strata Guard, back in 2002. We’ve been doing this for so long I almost take if for granted that its an easy thing to do. Ya, easy to do it after shipping products that way for 5 years, but not easy to get the processes to work flawlessly or to even take on such a chellenge if you don’t have the OS depth on your software team.

For those of you that don’t know, a software appliance means you bring not just your software are (or poroduct) but bring the operating system, database, web server, etc…, whatever the software infrastruction needed to operate your product. All this comes on one installation CD.

To install a sofware appliance, you insert the CD into any compatible device that meets the needed hardware spects. The CD installs the operating system, all the sotware instructure and then the product software. The CD pops out when done, the machine reboots and from there the user logs onto the box via either a web browser (preferrably in many cases) of via the console command line.

From that point forware, the device is no loger a server or box link any other on the network. Yes, you may have installed software appliance onto a Dell, HP or IBM server, but that box is not a server. The difference? For one, you usually aren’t allowed to customize or install other software on that box like you would a noraml server. (Cobia is an exception of this due to its modular, plug-n-play capabilties, and since it’s also open source through our Community License.

From this point forware this box, and all the software on it, will be upgrade through software releases from the software appliance vendor. When installing that next patch or software release, it may not only upgarde the core product softwaer, but also operating system upgardes, additions and fixes.

The benefit to the customer is a very simple device to magage. One process to upgrade all the software  on the device (OS, database, utilities, product software. A not so obvious benefit is now the box is no longer a server, but an "appliance", and won’t be suject to all the torturous management software that other OPs groups may requre.

The idea is to make the customer’s life easy. Drop some softtware in and many of the other problems have been solved for you. It’s proven verfy valibuable in our customers and partners.


Google is my copilot

25 Apr , 2007  

During various interviews with the media or individuals researching content products, I’m asked where I get my information from. Invariably a couple of the questions I always am asked are "What web sites do yo frequent the most?" and "What’s your browser home page?".

My answer to those questions are "all of them" and "Google". I get a little bit of joy out of telling people that because I think they expect me to tell them about some cool, super secret site that I’ve found that has all the interesting stuff ahead of everybody else.GoogleI’ve tried other methods like picking various industry media sites and topical portals as my home page but that usually lasts for about 1-2 days and then I quickly move on. I’ve tried keeping a list of web sites and visiting them every day or so. While I still do that on occasion, it’s not part of my regular routine.

What do I do instead? Google alerts. Most of what I read comes from the Google alerts I receive and I probably get close to 100+ per day. Not all get read of course but it’s what I sift through to determine what I’m going to read about during that day or during the evening. I have Google alerts set up for our company so that those interested can subscribe. And I have my own personal Google alerts list just for me for all the topics I follow, research or am just interested in personally.

Of course my third most popular tool is my blog reader which is what I use to follow the many blogs I ready regularly or stop by to read on occasion.

I don’t know if my approach would work for anyone else but I thought I’d share it and you are certainly welcome to try.


Hiding justification behind”journalism”platitude

24 Apr , 2007  

Steve Capus, president of NBC News, in an interview says the decision to air contents of the Virginia Tech killer’s video/picture/text manifesto was "good journalism".

Nice dodge Steve but that dog don’t hunt. A baloney platitude like "good journalism" doesn’t justify your actions. Based on your logic that "however uncomfortable" showing 2 minutes of the killer’s video was justified, then why not release all 25 minutes of it? Why not release all the pictures? Why only some of it and not all of it?

Let’s look at it the other way. The decision to only air 2 minutes of the video means you applied some logic of restraint rather than show the whole thing. Why not 1 1/2 minutes of the video instead of two? Why not just one photo of what the killer looked like and leave it at that?

Good journalism? Bull. Your logic is justification, not journalism. Good journalism is spending at least as much time covering each of the victims as you spent covering the killer. Based on your logic, any decision you make is "good journalism".

Stand up and take account for the shameful job you’ve done, NBC News. The shame in your decision stretched from Brian Williams to Matt Lauer. They knew you were going to take heat the moment this bad decision was made and the guilt was written all over their faces for all to see.


Security meets technology lifecycle

23 Apr , 2007  

I recently did an interview with Brian Robinson at IT Security about StillSecure’s Cobia product launch. A bit different from other interviews, Brian picked up on several things I’ve talked about during various interviews and discussions but don’t always make into standard product announcement coverage.

Part of my theme about network and security convergence is that they not only should live side-by-side in the network, but that security is increasingly being embedded into the network infrastructure itself.  It’s part of a natural technology evolution; new technologies are introduced as standalone solutions and over time, if they prove valuable, become elements within other technologies, in this case the network infrastructure.

Another way to look at this is a phrase I’ve heard others use (and borrowed myself at times) about the "operationalization of security". (Now, there’s a mouthful – I don’t use the phrase that often because it’s hard to say and not slur the word, lol.) As security technologies are deployed throughout the network, the operational responsibilities for those technologies usually gravitate into an operations oriented organization, such as Network Ops or Network Engineering. (I’m referring to larger companies here of course.) Security teams are tending to focus more on policy, compliance, planning and vendor technology research.

I had an interesting conversation with an analyst from a well known firm who basically agreed with these ideas. One of the things I’ve learned about organizations, particularly big ones, is lots of different organizations may say they are responsible for some product category or technology but it most often comes down to whose budget actually has the money to buy it. They are really the decision makers in many cases.

Sometimes that money moves too – it may start in security and once deployed it migrates to the organization responsible for operating it or folding it into the overall network and infrastructure planning. Companies I’ve seen that do the best job of this actually recognize this cycle of events and organize their planning, evaluation, purchasing and implementation around the fact that this happens. It makes for a lot less in-fighting and politics over who controls what.

I’ve taken one small element of what the IT Security article was about and expanded on it a bit here. The article was actually much more about some thoughts of mine on Cobia. Feel free to check it out if you’d like to read more.


premeditated media

22 Apr , 2007  

This was another tragic week marked by senseless death, both at Virgina Tech and also in Iraq. I have two kids (I should say, young adults) in college so the shootings in Virginia seem much too close to home for my wife and me. My heart goes out to the victims, the injured, the unwilling participants, the families, the school and the scars left from what has happened. It’s tragic and so many people are praying for you as you deal the aftermath and work to figure out the way to move forward. This morning I led prayer during our church services and we held a moment of silence for everyone involved. My heart is saddened by what has happened.

There are so many things one could say about the tragedy there, the victims, the killer, everything. But I have to say that one thing angered me almost as much as killings themselves; the heartless, thoughtless and gutless acts of NBC News.

I’m a capitalist, and I’m an entrepreneur at heart so I understand business, making money and acting in the shareholder, employee and customer interests.  Businesses are in business to make money. But I believe they are also here to provide societal benefit as well. Helping customers, employing members of the community, and contributing to the local and national economy. I believe there is also a social responsibility that businesses have as well.

NBC News, who is typically the news organization I favor to watch, in my opinion made a disastrous and socially irresponsible decision in their handling of the killer’s video, photos and manifesto. NBC News made a conscious decision to have their security staff copy and then chose to brazenly aire these materials. In effect, they allowed themselves to become part of the killer’s plan, to plaster his face, his photos, his video and his deranged, sick message over every major media outlet. This, less than two days after the killings, became the story – the killer. This glorified the killer and his actions, and dishonored the victims and their families through this decision.

Talk of the killer and his manifesto became the story, rather than the tragedy and the victims who lost their lives, were injured, or were present and will now live with the scars left from the tragedy. Now, I don’t watch every bit of news that is on, or watch it all them time, but it was only tonight (Sunday) that I saw coverage on CNN about who the 32 killed were. Six days after the tragedy.

Up until the coverage by Soledad O’Brien on CNN, all  of the coverage since Wednesday has been about the killer. By airing these materials, NBC not only vindicated the killer and his mentally ill driven wishes, they also gloried his actions for future deranged minds to admire, when the focus needs to be on honoring the dead, healing the physical and emotional trauma, and and preventing future tragedies. It was a bad decision to glorify this killer by blasting him and his message across the media, creating a feeding frenzy for other media organizations to emulate. Was the video news? Yes. Did we need to see it and all of the materials it contained? No. I believe it would have been the best thing for all of us to let the grieving process proceed and not create a roll model for future mass murders to idolize and emulate. Others many not agree with me, but that’s my opinion.

I’d like to turn the focus back and honor the victims in my own small way by listing them here in my blog. We will all miss the little and big contributions you might have made.

  • Ross Alameddine
  • Jamie Bishop
  • Brian Bluhm
  • Ryan Clark
  • Austin Cloyd
  • Jocelyne Couture-Nowak
  • Kevin Granata
  • Matt Gwaltney
  • Caitlin Hammaren
  • Jeremy Herbstritt
  • Rachael Hill
  • Emily Hilscher
  • Matthew La Porte
  • Jarrett Lane
  • Henry Lee
  • Liviu Librescu
  • G.V. Loganathan
  • Partahi Mamora Halomoan Lumbantoruan
  • Lauren McCain
  • Daniel O’Neil
  • Juan Ramon Ortiz
  • Minal Panchal
  • Daniel Perez Cueva
  • Erin Peterson
  • Michael Pohle
  • Julia Pryde
  • Mary Read
  • Reema Samahav
  • Waleed Shaalan
  • Leslie G. Sherman
  • Maxine Turner
  • Nicole Regina White



Macs can be owned, don’t be complacent

20 Apr , 2007  

First the good news; Hackers at the CanSecWest conference in Vancouver couldn’t gain control remotely via wireless of a Mac. The bad news; With a little more incentive ($10k reward) Dino Dai Zovi was able to own a Mac through an unpublished vulnerability in the Mac’s Safari web browser. (Reported first by Thomas Ptacek at Matasano.)

I hear it quite often; I run a Mac. I don’t have to worry about security. Most everyone would agree, Macs are generally a more secure platform for two reasons. First, there are far fewer Macs and thus they are not as rich a target zone as Windows or Linux. But don’t mistake that to mean they are more secure, the security vulnerabilities just aren’t found, reported or exploited as fast.

The second biggest factor is the BSD-based Mac OS X operating system. BSD is considered one of the more secure generally available operating systems. It’s not BSD I’d be worried about, it’s all the manufacturer and other third-party software, drivers, OS enhancements and users running the computer I’m concerned about.

Argue about whether BSD is generally secure? Not really an argument. Convincing me that Apple writes more secure code than Windows or anyone else does and that would be tough to convince me of. Maybe they do, maybe they don’t but I’d say ‘prove it’ = just because some commercials on TV say it’s so doesn’t mean that it is. Apple has its own security vulnerabilities that it regularly fixes – that’s why they have their own monthly security patch cycle. And good for them – I applaud that they do this. It’s the right thing to do.

Maybe I’m skeptical about the Mac because the very first virus I ever encountered was the original SCORES virus back in 1988 on a Mac. (Yes, 1988.) A disgruntled employee wrote it to get revenge at the company I worked. We’d never heard of a computer virus back then and it took us months to figure out the virus code was causing instability in our Macs.

I worry most about the complacency of so many Mac users and the false sense of security instilled in users. I just hope it doesn’t take a major outbreak to show us Macs can be owned by a hacker too. Mac users need to use good security practices just like everyone else.


Green, one step at a time

20 Apr , 2007  

I’m not a tree hugger. And I eat beef (though I do love brussel sprouts, asparagus and broccoli more than most foods). And I’m bad because I drive a SUV. But I’m going green, at least trying to help by making a few changes to help our planet. Whether you believe in global warming (which I happen to believe it is happening) it’s in our interest, and that of future generations, to take care of our planet.

Cfb_curly_2One of the first steps we are taking in our home is replacing standard incandescent bulbs with compact florescent bulbs (curly Q shaped bulbs). Estimates are if every home in America replace one bulb with a CFB, it would save the equivalent of the emissions created by 2 million cars. That’s amazing. Cfb_bulbBTW – if they don’t like the curly Q look of CFB, they also come packaged to look like standard bulbs. Today we also made a commit to recycle, something we’ve never really taken serious.

I won’t preach to you. I have enough habits of my own to try and change. There’s lots of little things we can do to help. I just ask that you think about it.


Cobia downloads flying off the drives

20 Apr , 2007  

I’m pleased with the overwhelming response we’ve received about Cobia since our launch earlier in April. We’ve had untold numbers of downloads, many positive responses, increased activities on the forums, and lots of ideas and suggestions for the product. We even have Cobia users who have volunteered to join us at upcoming tradeshows to talk about why they are passionate about Cobia.

I would like to say thank you to everyone who has taken the time to check out Cobia, installed and used the product, given us your feedback (good and bad) and helped the team I work with create a phenomenal open networking and security platform.

For anyone who hasn’t checked it out yet, you can download Cobia at

Thank you very much – Mitchell


The MSGB market

20 Apr , 2007  

No, it’s not a food preservative added to the salad bar or to your Chinese food.

MSGB is the market segment called Multi-Service Business Gateway, describing devices for SMBs which perform routing, security, and VoIP. (Don’t ask me why the letters of the acronym is out of order from the four words it stands for.)

Research and Markets has a new report out on this market segment. But I believe it is a $ paid for report. StillSecure Cobia is referenced as a product in the MSGB market segment. Read more at Forbes.