Tuesday, December 22, 2009


Today the New York Times tech section dragged out the stale old dry cheese I've come to know well through the last two decades: The US needs to encourage more computing nerds! For these are the workers of the future!

No s---, Sherlock.

Cue the lede anecdote with a picture of the Times-appointed national nerd symbol at his 1972 school science fair.

"Growing up in the ’70s, John Halamka was a bookish child with a penchant for science and electronics," reports the Times. "He wore black horn-rimmed glasses and buttoned his shirts up to the collar."

But where's the f------ slide rule!?

“We’re not showing and teaching kids the magic of computing,” Janice C. Cuny of the National Science Foundation told the newspaper.

"One goal, Ms. Cuny and others say, is to explain the steady march and broad reach of computing across the sciences, industries, culture and society."

F--- me! It's so obvious, how have we let that slip by?

"[Advances] in field after field that are made possible by computing, like gene-sequencing that unlocks the mysteries of life and simulations that model climate change."

Holy deoxyribonucleic acid, Batman!

Does the Times source of such brilliance prize material ever get out? Or have Times editors and reporters so mangled what was told to them, it has reduced the tellers to obvious and dull government workers paid to say nice and uncontroversial things whenever someone comes calling.

"A solid grounding in computing, experts say, promises rewards well beyond computer science," continued the newspaper, as enthusiastically boilerplate as possible. "Most new jobs in the modern economy will be heavily influenced by technology, said Robert Reich, a professor at the University of California, Berkeley, and former labor secretary in the Clinton administration."

Genius, pure genius! It probably took all of a second to think of that and another ten to type it all in to the word processor!

The workers of the future, the article informs, will have to be hybrids, combining computer expertise, great knowledge of the field they are working in, and love of art, music and other entertainments.

Damn, DD never saw that coming back in 1978. I'd be a lot further along now if I didn't know shit about computing, biochemistry and music and entertainment.

We are all such stiff stodges compared to the shining examples pointing the way to the potentially glorious future, there are just so few of them. We should hang our heads in shame.

Speaking of stodges, the Obama adminstration appointed Howard Schmidt, an old ticket-puncher from the previous administration, to be the country's cybersecurity czar. Yet another case of the new boss being exactly the same as the old boss.

See here for what I originally thought.

A longish excerpt:

Alleged "zero-day viruses and affinity worms" will sunder business records, as reported in Network World Fusion and credited to a Howard Schmidt speech at an Information Systems Audit and Control Association (ISACA) conference. Brokerage house trading records will be scrambled, corporate networks rendered molten, CEOs humiliated.

This is not the worst. Traffic lights, pacemakers, appliances -- all subject to outages and interruptions because in the future they're controlled via Internet, declares Schmidt. The power grid could fail catastrophically by 2005! Cats and dogs fornicate in the street as the sky turns black as sackcloth.

Whether the bearers of such news are carillonneurs or cullions in these matters depends upon how experienced an observer you are of the computer security junket fest.

If it's the first time for you at one of these cons, where your employer coughs up anywhere from $500 - $1900 for the price of admission, Schmidt's virus alarums might seem quite remarkable, even prescient. The remora-like journalists who get in gratis will assuage any lingering doubts you have as to the value of his lecture by emphasizing the most fantastic elements of it in the trades. If your boss reads the published result, it's all good. You were educated at the feet of the guru.

But I must rain on the parade. Nothing more than mutton passed off as lamb, folks. The sizzle is the main ingredient of a message that is repeated so often it can only be taken seriously as publicly-funded performance art.

In simplest terms, Schmidt is a computer security celebrity junketeer, a highly specialized occupation somewhat obscured by an official biography bulging with professional-strength acronyms. Much of his time is spent as a featured speaker jetting around corporate America. Search engines return Schmidt lectures everywhere in 2002: Atlantic City/HTCIA 2002 con, Cybercrime 2002, IT Business Forum, RIMS.ORG, New York State's "Cyberstrategies," the Chicago National Cybercrime Conference, South Sound (Washington), the National State Association of Chief Information Officer's midyear confab, High-End Computing in an Insecure World, WSATA 2002 (the Western States Association of Tax Administrators), Trust & Security in Cyberspace at the Center for Strategic and International Studies, Defending Against Information Warfare, the Secure e-Business Executive Summit, Winning the War on Cyberterrorism at Washington University of St. Louis, Microsoft's Government Leaders 2002...

Ouch, I feel an airline coach-class thrombosis coming on just browsing the list!

[Schmidt's] talent for junket was developed while at Microsoft. As Redmond's computer security czar, the tour of meetings was similar. Politically, the message differed slightly in service to Microsoft directives. Viruses weren't as cataclysmic. Generally, this was a good position to cling to while the likes of Melissa, Loveletter and Code Red were ripping through your company's software. By example: "I'm not going to come up here and tell you the sky is falling," Schmidt said at a Tulsa University infosec conference as Microsoft Chief Security Officer.

Schmidt, as vice chairman of the President's Critical Infrastructure Protection Board in 2002, was once seemingly joined at the hip to Richard Clarke, the former administration's 'cyber czar,' among other things.

Clarke, with Schmidt in tow, rustled up what was originally called the National Strategy to Secure Cyberspace.

It was ignored by everyone, including the Bush administration, for which it was written.

In 2002, DD had this to say about it at SecurityFocus here.

For sixty-five pages, a fat lot of nothing ... the "strategy" is to "empower" users and industry by "raising awareness," "sharing information," "fostering partnerships," "stimulating improvements in technology," "increasing the number of skilled personnel," "investigating and prosecuting cybercrime," "protecting computers," and "promoting increased security." Isn't that just special? Do you know anyone who didn't think "protecting computers" or "investigating cybercrime" weren't good things five years ago?

In other places, the cyberstrategy cleverly recommends updating anti-virus software regularly and applying patches as needed. It's fair to say that these have now reached maximum saturation as platitudes; repeating infinitely accomplishes nothing.

Other recommendations seem aimed at rendering the reader unconscious through use of acronyms and boilerplate. "The federal government, by 3Q FY03, using the e-Government model ..." and "OMB, in conjunction with the CIO counsel, will determine...whether to employ a lead agency concept..." are two standard examples.

Empty but sort-of tough-sounding declarations are present. North America will be a "Safe Cyber Zone." There is non-sequitur futurism -- "nanotechnology" could "reshape cyberspace and security." And even old, simple good ideas are waffled -- "State and local government should consider expanding training programs," "ISPs should consider adopting a code of good conduct," "states should consider creating Cyber Corps [scholarship programs]."

It is mystifying as to why it should all be so lame.

Looking for clues, one spies in the report the seemingly inescapable recommendation to use the staysafeonline.info website as a source of security learning. It is a place I've criticized previously for "education" that amounts to recommending the purchase of anti-virus software as a duty in the war on terror. On staysafeonline, even a simple Flash on-line lesson comes with an insectile licensing agreement in which the reader must promise to not hold its corporate author liable for anything should the presentation turn out to be rubbish.

Staysafeonline.info is now Staysafeonline.org, a private corporate security industry trade group, and it is here.

It's still a placemat for recommendations to buy anti-virus software and other industry products.


Blogger Bonze said...

Damn, Dick, you left out the laugh-out-loud comment from Robert Reich: "Think Geek Squads in other fields".

Oh, the wonders that the future holds for us in store! Those ties that are wearing of the Geek Squad are the fabled "Systems Programmer Ties" of yore!

............ [Borat pauses] ............


8:16 AM  
Blogger George Smith said...

I left it out accidentally on purpose, as PeeWee would say. Mostly so others might have the surprise pleasure of running across it without warning.

8:52 AM  
Blogger J. said...

This just in from the WaPo! Private industry pays better salaries for IT professionals than the federal government!! Shocking news sets back efforts to stop Neuromancers from hacking DOD portals!!

9:47 AM  
Blogger George Smith said...

One evening in May 2006, a U.S. embassy employee in East Asia clicked on an innocent-looking e-mail attachment that opened the door to the most significant cyberattack the State Department has yet faced, allowing attackers operating through computers in China to send malicious computer code into the department's networks in the region.

State's cyber-emergency response team immediately went into action, working round-the-clock for two weeks to isolate the harmful code and craft a temporary patch that officials said prevented a massive data theft.

Working around the clock for two weeks! Two weeks!

What tripe.

It took me about ten minutes to remove a Zeus/ZBot piece of 'undetected' spyware and submit it to an anti-virus company this weekend.

As a result, department technicians in 2006 were able to contain the attack quickly, said Alan Paller of the SANS Institute, who has analyzed the case for the Center for Strategic and International Studies.

Here's the real nut of the matter. The corporate security industry would be in favor of their being a shortage of cybersecurity workers employed indigenously in the US government. Indeed, it will snarf them all up itself if it has to. This is so it can lease their services back to the government as well as be in position to provide 'intelligence and analysis' on threats.

See here:

Denny earned a computer science masters degree in 2004 from Purdue University on an NSF scholarship. In return, he spent two years at the National Security Agency, identifying novel security flaws in computer systems and software. Then Booz Allen Hamilton, a major intelligence contractor, hired him at a 45 percent pay raise.

Today, Denny works for a small employee-owned firm that has federal government and private-sector contracts, and his pay is higher still.

What it is a industry-maneuvered premium pricing plan.

Booz Allen is one of the top companies leading the cybersecurity funding raid on the taxpayer.

See their big guy's smiling photo here.

10:10 AM  

Post a Comment

<< Home