Feeds:
Posts
Comments

Archive for the ‘Uncategorized’ Category

Both compressed data and encrypted data look similar: they are a string of apparently random characters that seem to bear no relationship to the original data. But there are significant differences between the intent and the process of compression and encryption.

You compress data so it is smaller, thus reducing storage space or transmission times. But since you want to easily retrieve the original data, compression algorithms are standardized and well known. Consider a ZIP file. A ZIP file can be expanded back into its original file(s) on almost any kind of computer system. In most cases, the receiving system needs no additional information than that contained within the compressed file.

Compression algorithms work by finding strings of characters that are repeated within the data, and replacing each occurrence of the string by a much shorter string. If you had, for example, a long paper about George Washington, a simple compression algorithm might replace each occurrence of “George Washington” with “\gw\” thus replacing 17 characters with just 4 each time. Compression algorithms can find lots of duplicated strings like page headers and footers, and fragments involving parts of words or numbers.

You encrypt data so that only certain people can access it. In order to decrypt the data, the receiver needs to know a secret key. Depending on the type of encryption and the length of the key, it can take the fastest computers from seconds to millions of years to brute force decrypt the data. For any scheme more complicated than a simple character substitution (replace each “A” with “x”), the encryption process eliminates the duplicated strings. “George Washington” will most likely be encrypted into different strings at each occurrence.

Therefore trying to compress encrypted data is just a waste of time, and can actually make the data bigger since there is some overhead just to define the type of compression and other parameters needed to decompress it.

Some compression algorithms support some level of encryption. For example, when you create a ZIP file you can specify an encryption key. Many of these algorithms are very weak and subject to easy attack, plus you must send the key to the receiver by some means. I watched a coworker email an encrypted ZIP file to a partner, then send a follow-up email with the password. If the receiver’s email was compromised, then the cybercriminal just received the data and the key.

Both compression and encryption can take significant processing effort on each end. Usually it takes fewer resources to decompress data than to compress it. Since stored data needs only be compressed once, when it is stored, and is often decompressed many times, this attribute is desirable.

Normally, encryption and decryption times are very close to each other on the same platform. Obviously, the actual times depend on the hardware characteristics of the platform.

You should always encrypt sensitive data, whether it is personal or financial data that is protected by regulations or laws, or proprietary information for a company or classified information for a country.

Whether you choose to compress data is a simple business decision: do you save enough money or data transmission time to justify the added cost of compressing and decompression the data.

The last word:

If you need to compress and encrypt data, first compress the data, then encrypt it. That works and you get the full benefit of the compression. However, the process introduces a vulnerability to attack the encryption.

As mentioned earlier, each compression algorithm adds a header in front of the compressed data. That header defines the compression type and a bunch of parameters and is of a fixed format. It is possible to determine the type of compression that an organization uses or accepts by simply trying different compression schemes and see which ones are accepted. It then becomes far easier to attack the encryption since you know how the clear-text message starts.

Comments solicited.

Keep your sense of humor.

Walt.

Read Full Post »

A “Half-Life” is the amount of time required for the amount of something to decline to half its initial value. Those of us of a certain age remember that from the discussions of how long the fallout from nuclear explosion would be dangerous, and rest of you get periodic reminders of that from events like Fukushima. When we were in Norway this summer, there were radioactive reindeer; seems they were eating moss still radioactive from clouds that had drifted over from the 1986 Chernobyl accident.

Secrets have half-lives also: how long does it take for half of your secrets to become known to others. Countries have millions of secrets, companies thousands of secrets, and people maybe dozens of secrets. Each secret represents a fact that if revealed to the wrong entity could cause harm. Countries “classify” documents or even individual facts, and establish large organizations and complex processes to protect those secrets. Countries usually also have large organizations whose sole purpose is to steal the secrets of others. Companies have trade secrets, often about exactly how their products or services are created or delivered, but also about their internal financial processes and contracts with partners and customers. People have secrets about things they have done, or didn’t do, that they would rather their spouse, employer, doctor, or tax collector never found out.

Patents are not secrets. Patents are published in the one or more country’s Patent Office and are freely accessible. International law protects, to some extent, the owner of the patent. In order for the patent owner to reap the financial benefits of the patent, the patent must be shared.

Secrets also have time limits. The foreign travel plans of high-ranking government officials are often classified to enhance the safety of the individual but often so as not to reveal where or why the individual is traveling. Consider the case of National Security Advisor Henry Kissinger’s visit to Beijing in 1972. These kinds of secrets are only secrets for a specific period of time, often measured in days or weeks.

But many secrets need to be kept secret for years or decades. One such trade secret is the formula for Lena Blackburne’s Rubbing Mud that is used to fix the feel of baseballs for major league play. That formula, and the location of the mud hole, has remained a secret for over 75 years.

The half-life of secrets used to be measured in decades. A person could designate that their boxes of papers would not be opened until their death or longer. That worked for Mark Twain and his autobiography, which was not published until 100 years after his death. That did not work for Harper Lee. She kept her first novel locked up saying she did not want it published. Go Set a Watchman was published this year while she is still alive.

With todays cybercriminals, including government and organization sponsored cyberterrorism, the half-live for secrets on computer networks is measured in months.

Almost always, secrets must be shared. Lena Blackburne is not the only person making that NBA Rubbing Mud, especially since he died in 1968. Every trade secret is shared with those in the company that need to know the secret in order to actually build the product. The trick to keeping a secret is to minimize those who know the secret and pay attention to each of those people.

One of the biggest dangers to a secret is sharing-creep, the phenomenon that occurs when you add just one more person to the “need to know” list, or someone who knows tells someone else. At the highest levels of government classified documents, security agencies try to keep track of every individual who has the right to know the secret and the places where the secret is stored at all times. This is why, for example, that one of the Department of Homeland Security’s jobs is to know where every computer system containing government classified information is physically located, determine what secrets are on the system, and check that the system is protected by appropriate physical and network security mechanisms, and that everybody who has access to that system is also cleared for the information on the system. Companies with critical trade secrets have similar processes. One of the key activities for a government or commercial organization after an identified data breach is to determine exactly what information was compromised.

A related issue for secret loss is the velocity of the loss. In 1750, a secret could not move more than about 20 miles in a day – the speed a man or a horse could walk. If you discovered that a secret was stolen, you could often literally run down the culprit in a day or two, and severely limit the damage. With the Internet and the Cloud, it takes your secret less than a second to get anywhere in the world, and to dozens or millions of individuals. A single misdirected email or text message, or a singe disgruntled employee or contractor (e.g., Edward Snowden) or employee or contractor not following your security policy (e.g., Hillary Clinton) can put a significant number of secrets at great risk.

Figure out what your company’s critical secrets are, and pay attention to whom those secrets have been shared. Remember that any meeting, whether in a conference room or virtual, that has a smart phone or tablet present is a potential leak. You cannot tell what is being recorded and what will be done with the recording.

The same is true in your personal life. Any stupid thing you do can be on YouTube in seconds, and the more stupid the more likely. Of course, the same is true if you do something great, like the passengers who subdued the Islamist terrorist on the train in Belgium. Video of the attack was on YouTube before it appeared on breaking news announcements.

The last word:

The biggest example of sharing-creep is your Social Security Number. Originally implemented in 1935 as part of the New Deal, it was solely used to track individual’s accounts with the Social Security Program. In the original law it was illegal to use the SSN for any other purpose. In the late 1970’s, Virginia was using your SSN as your Driver’s License number, and that use was struck down as illegal in Federal Court.

In addition, the IRS was prevented from sharing information with other agencies. Decades ago I worked with someone whose father was a Bookie (i.e., worked in the numbers game for organized crime). He always indicated on his Federal Income Tax form that his occupation was Bookie, and reported every cent he illegally earned. He did not want to get in trouble with the IRS over his taxes, and knew that the IRS could not pass that information on to law enforcement at any level.

But now, thousands of individuals have access to your SSN; it is your key identifier for almost all financial relationships, and, thanks to Obama Care, all health care related activities. The United States uses the Social Security Number as the identification number for every member of the Armed Forces. All of this information is stored on the Internet, which varying degrees of vulnerability

Comments solicited.

Keep your sense of humor.

Walt.

Read Full Post »

(This is another special posting by Suzy.  I hope you enjoy it.)

Many people like to go out for dinner and dancing.  Especially when they are single and looking for a companion or after the children have grown and they enter into that much more desirable and relaxed form of dating.  In my childhood I thought dancing was wonderful and that everyone knew how to do it.  My great-grandfather, Pop, would dance me around my grandmother’s living room and out to the sun porch.  A sun porch was a common feature of a row house in the early half of the 1900s. It opened almost fully onto the parlor or living room.  It had at least one wall full of windows that allowed for solar heating in the winter and more air flow in the warm months.  Grandmom’s had a sofa above which hung a very faded tapestry on one wall and a straight chair by the front door.  The radiators under the window were hidden by the white boxes that had rattan fronts and pots of sansevieria on top.  Oh, yes, a sun porch also served as a foyer.  The limited amount of furniture made for a lot of space to play and dance.  Pop liked to waltz.  His wife’s brothers had had a dance band that played at the spas along the Rhine River in Germany.  Everyone said that Pop and Mom Kate were great dancers.  The brothers would play the waltzes of the late 1800s and the couples would twirl around and around.  As the children came, then the grandchildren, and finally me, a great-grandchild, Pop would dance and teach everyone just how to do it. I last saw Pop when I was six.  For us dancing was still a game.  Moma said that as she approached the dating years he became more exacting.  She loved dancing, so he must have been rigorous rather than harsh.

When we would visit with my great-Aunt Emilie she would dance with me through her living room and into her foyer.  I was very small, and Aunt Emilie wasn’t much taller standing at 4’10”.  Her house wasn’t very large.  We had to stop as I reached upper elementary school.  There was no longer enough room to move between and around the furniture.  Just like Pop, her love of dancing was lifelong.  When my brother, Jim, married Pat, Aunt Emilie danced and danced.  She was well into her 80s then.

My parents were dancers as well.  Being of the World War II generation their tastes were more for Foxtrots and Swings.  B.K. (before kids) they danced frequently.  With each of our arrivals, time and discretionary spending became more restricted and the amount of dancing lessened.  Mom would fall into cascades of giggles when she told the tale of going to a Squadron Party early in the World War II years. Stockings were rationed, so she and her friends would use iodine to color their legs.  She was a nurse and the iodine was easy to obtain.  Dad, being a Navy Lieutenant, was in Summer Whites.  When they were doing a Swing, he would slip her between his legs, pull her back, and toss her up.  As the evening progressed a brown stain began to appear on the legs of his whites and her “stockings” gradually disappeared.  The whites were ruined but the memory tickled her the rest of her days.

As I approached dating years dance was becoming less of a partner thing and more of a rhythmic movement relatively near your partner.  There were still some “slow” dances, but they were primarily “swing and sway” in time to the music.  My dating years saw the advent of the twist, shrug, mashed potato, pony . . .  It was the 60s scene.

Walt, my life’s love and partner otherwise known as husband, had played instruments in bands throughout his school years.  Most were marching bands, with the occasional concert band thrown in for variety.  The Marching Band at the University of Delaware was renown for its half-time shows with lots of movement and “pictures” drawn on the field as the musicians marched to and fro.  He has always loved music of all genres. Dating for us was mostly movies, a few plays and concerts, and lots of walking and letters.  Neither of us had much money to spend on anything but school stuff.  We joked about his summer job going from a regular work week to 80 hour work weeks after each Independence Day.  That gave me time after my summer job to make my clothes for the next school year.  He went to the University of Delaware.  I went to Kutztown State College (now University).  One didn’t spend overnights before marriage so weekends were absolutely out of the question.  He graduated in January 1969 and began working for Burroughs, the same place that had given him so much summer overtime.  I graduated Memorial Day weekend that year.  We married in August.  I began teaching after Labor Day.  We were both working on our masters degrees.  Soon we moved across country and began exploring the US in any spare time we had.  Then our boys filled our days, and nights.  The only times dancing entered the picture would be when I would dance infants around the house or the wedding of a friend.  Walt didn’t want to dance.  With each passing year and event he wanted to get on a dance floor less and less.

When we approached our 30th wedding anniversary Walt asked if I would like to go on a cruise to celebrate. He had never wanted to go on a cruise ship as he believed there would be nothing to do all day long. Did I mention he has a Type A personality?  I truly wanted to go, but as it was his 30th wedding anniversary also and I didn’t want to make it too uncomfortable for him.  The travel agent and I found a short trip:  one week, leaving from NYC for 2 stops in Bermuda and back.  Did I remember to mention that Walt didn’t want to go to any islands as they would be claustrophobic?  We flew to NYC from Lansing, MI, and boarded the Norwegian Crown.  She was a beautiful, older ship with lots of lovely mahogany trim.  Our anniversary being in August there were still hurricanes playing up the Atlantic seaboard along the pathway from the Caribbean toward Bermuda, so the ship ride was more than just forward motion.  I noticed on the daily news sheet that dance lessons were scheduled and told Walt that, with the waves tossing the ship the way they were, no one would ever know if he took a misstep on the dance floor so we should check out the lesson.  Did I mention that Walt is a perfectionist and only wants to do things when he can do them correctly?  We went to the lounge/theatre which had a retractable stage that uncovered a great wooden dance floor.  Only later did we begin to appreciate how good it was.  Everyone had the same challenge as we fought for a balance against the waves.  The instructors did manage to get us all moving around line of dance in a basic slow Waltz.  The second lesson was Foxtrot.  The syncopation was more difficult, but the waves made that problematic.

Bermuda was perfectly lovely.  Beautiful weather, beautiful people, beautiful plants, beautiful beaches.  Walt found that relaxed vacations really are, well, beautiful.

The sea days on the way back were even more rocky than those on the way out.  We renamed one class the “Tangle”, as that’s what we thought we resembled as the dance floor moved beneath our attempts at Tango.  The dance lesson venue moved to the lounge on the top deck which only amplified the motion.  Our last lesson was the Cha-Cha.  Even the lady instructor was having trouble standing.  I see her now in her tight, short skirt, very high latin dance heels and the backs of her knees quivering as she strained for balance.  We learned one of the most important lessons about shipboard dancing:  The more motion of the ocean the more one should opt for short-stepped, faster dances.

On the return flight to Lansing, Walt confessed that he had enjoyed the cruise ship.  That an island, for a few days of vacation, was a charming place to be.  AND that with a “few” dance lessons maybe he could conquer this activity.  Dancing, like any other activity or sport can be addictive.  We have now celebrated our 40th wedding anniversary with a return cruise to Bermuda.  We have spent the last decade on various cruises, visiting several islands (and a couple continents), and learning to do ballroom dancing.

I could become very officious at this point and establish the health benefits of ballroom dance:  improved coordination and balance being primary.  Memory support as you learn new steps and patterns. Then, you could choose any activity and get that.  It has also opened a world of friends and companionship that we would never have entered otherwise.  Most important of all, we are having great fun together.

Walt’s last word:
Dancing helps shy folks get up and do what needs to be done.

Comments solicited.

Keep your sense of humor.

Walt.

Read Full Post »

Hoop Street

(This is another special posting by Suzy.  I hope you enjoy it.)

Have you ever laughed just for the sake of laughing?  I mean laughed so hard that your eyes began to tear, your sides began to ache and your belly started to cramp.  Then you try to stop, look across the room to the person sharing the moment and you both start all over again. This often happened somewhere around the dinner hour when I was growing up.  It would always come out of nowhere and usually be completely inane.  One such incident became a recurring affair and thus attained a life of its own.

My grandfather died the night my mother opened in her senior year high school play.  My grandmother and her father insisted Mom play her part.  Grandfather Ted had been ill for a long time so his demise was no surprise.  Grandmom remained a widow for many years, by choice, as there were several gentlemen who were interested.  Eventually, after WWII, Mom marrying Dad, and my advent, one of those ‘brother of a friend’ things happened.  Grandmom had had a swain, Charlie, whom she dated before choosing Ted.  After Ted’s death and Charlie’s wife’s death they began seeing each other.  Adults then didn’t “date.”  They “saw” each other, mostly in mixed company.  Grandmom decided that Charlie was a nice friend, but she didn’t want it to go further.  Charlie started seeing Clara and they were married soon after.  Guilt or friendship, Clara decided Grandmom would like to “see” Clara’s brother, Richard. Richard had been married twice before and had an apartment on Hoop Street in Philadelphia.  Grandmom and “Uncle” Richard decided that their lives would be better together so, on 14th of December 1951, in a snow storm, Dad and Mom drove Grandmom and Richard to their wedding and wedding dinner.  That also comprised the entire wedding party.  The snow kept everyone else away.  Dad helped Richard move his things from the apartment on Hoop Street to Grandmom’s house on Barker Avenue in Sharon Hill, PA.  Fortunately, “Granddad” Richard didn’t have a great many belongings, just personal stuff.  But the snow kept coming, they had to put chains on Dad’s Buick.  They did that more than once, since they had to travel on streets with trolley tracks which would seem to eat the chains.  Being only 4 years old at the time, I wasn’t privy to all the details of this exciting escapade, nor was I especially interested.  Richard was a nice man.  I had just gotten another grandfather to dote on me.  All was right in my world.

Charlie, Clara, Grandmom, Richard (1958)

As time passed their anniversary got short shrift.  They never had a great deal of money, and the anniversary was in the middle of preparing for Christmas celebrations.  Sometimes, often on a visit to Ocean City, NJ, to visit Clara and Charlie, the grown-ups would recollect the excitement of the wedding day and chuckle.  One summer evening, around the dinner table at Grandmom’s house, the grown-ups began to plan a trip to the shore.  Clara’s daughter and grandchildren were to be there so Grandmom wanted to take my brother, Jim, and me.  Speaking of Clara and Charlie, the adults began to reminisce about the wedding in the snow and retrieving Richard’s things from his apartment on Hoop Street.  They chuckled.  Someone added one more thing they remembered and everyone laughed out loud.  Another memory was added to the list and the laughter grew.  Another memory and the laughter got raucous.  Mom and Grandmom had their napkins to their mouths but nothing was stifling the guffaws the came from so deep inside of them.  Richard had tears streaming down his face as he was both laughing and snorting.  Dad was almost roaring he was laughing so hard.  Jim and I sat there completely baffled.

Richard, Grandmom, Suzy, Jim (1958)

After that, all anyone had to do was say “Hoop Street” and that evening and its laughter would be remembered and begin again.  Sometimes gently, but frequently, the folks who were there laughed so hard they couldn’t stand straight.  By the time I was in high school, anytime someone at home thought one of us needed a laugh all they did was say, “Remember Hoop Street?”  The giggling would begin.  Hoop Street. More giggles. Hoop Street! Outright laughter.  Hoop Street.  Hoop Street.  Hoop Street.

For those interested in fact:  I’m not sure that Hoop is the correct spelling of the street name. The street may be renamed, or gone by now.  Richard would have lived there some number of years ending in December 1951.  I saw the apartment house once.  I was under 6 years old when one summer evening, after one of these giggling sessions, we were driving through the city of Philadelphia and Dad told Mom he would show her the building where Richard had  lived.  We turned left onto the street where it teed into another.  It was lined with 3 or 4 story classic, brownstone houses.  Each had half dozen or so steps with heavy stone railings up to the front door.  Many had bay windows.  At that point, early 1950s, many were subdivided into apartments.  It was a lovely neighborhood and not in and of itself the cause of the merriment.

The last word:
This is for Suzy’s baby sister, Karen, who wondered what all the hilarity was about.

Comments solicited.

Keep your sense of humor.

Walt.

Read Full Post »

Most of the people I talk to say 2010 will be a good year for their company. Many tell me “2010 is the year to make money.” Some say it optimistically, some with a tinge of fear, as in “or else.” This fear-laden optimism implies that this may not be a great year for employees. Companies still aren’t hiring.  Management seems to be afraid of making a commitment on more cost until they get some better indication that 2010 won’t be another 2009. They fear too much uncertainty. You, as the employee, are likely to face the year without much help.

You have your objectives.  Hopefully, they’re SMART objectives: specific, measurable, attainable, realistic, timely.  Hopefully your goals help your boss, your business unit, and your company achieve their goals. Now what? What’s in your way of achieving those objectives?

You have done the initial steps.  You have prioritized the objectives based on the value they bring to the organization and to you. You are focused on the top two or three objectives, and willing to abandon the others if necessary. Where necessary you have broken down large objectives into small steps with individual time goals.  For each objective, you know who the stakeholders are: the people who are relying on you to complete your objective, your customers, and the people who you are relying on to complete your objective, your suppliers.

In my experience, obstacles fall into two main categories:  distractions and surprises.

Distractions are those things that don’t really help you achieve your goals but take time.   Surprises are things that happen instead of what you wanted to have happen.

Some common distractions:

  • Your manager wants a weekly report of what you do.  He doesn’t actually read it, but somebody combines a bunch of them to go up to the next level of management, who doesn’t read them either. I’ve tried some common tactics: forget to send it (one time that worked for 3 months), or just send last week’s with a new date. If those don’t work, my advice is to keep it short and focused on accomplishments towards your objectives and what you want your manager to do to help.  If you spend more than 5 minutes on it you are probably just throwing time away.
  • Some new VP comes in and wants to know what you do, and your boss wants either a single slide with 20 things on it, or 20 slides going into ridiculous detail.  In my experience, it is best to focus on three things: what you are responsible for, what your objectives are, and what help you need to achieve those objectives.

The goal is these cases is to make your boss part of the solution.

Other distractions are things like client problems, or requests for help from others. Look at each of those distractions in terms of its priority to the organization relative to your objectives, and to the potential impact to your stakeholders. Sometimes it is worth doing something solely to keep a stakeholder happy. Often it is appropriate to just say “no.” Do so politely. Explain why. Be prepared to explain why to your boss.

Most surprises fit into two piles: one of your suppliers didn’t finish his task on time, or one of your customers doesn’t like your result. There is also the possibility that you just didn’t achieve one of your goals. I had a software development manager who told me 6 weeks before a major new product release that the product would be delayed by a year. I’ve had a client tell me that he no longer needed the custom product he ordered the day I delivered it.

What went wrong? A total lack of good communications with my stakeholders. I didn’t know that the product would be delayed because I didn’t talk to my supplier.  I didn’t know that my customer’s needs had changed because I hadn’t asked.

Talk to your stakeholders often. Depending on the complexity of the program, you may want to also talk to your supplier’s stakeholders, or your customer’s stakeholders. It is a lot easier to react early than late. If downstream you will need another organization’s help, keep them informed on your progress and any changes in the schedule. That makes their lives easier, and makes them more likely to strive to support you.

Expect change. If things aren’t changing, its time to have a serious conversation with your stakeholders. In all likelihood, one of them is so busy trying to deal with change that she hasn’t taken the time to tell you about it yet. Plan for change. If your objectives were set up based on the hope that nothing would change and nothing would go wrong, you will fail.

The last word:  “Perfection is the enemy of the good” (usually attributed to Voltaire). Strive for good enough. Strive for what satisfies your customer’s requirements, but no more. Watch your suppliers, especially in technology. The engineers will always try to get one more feature, or tweak some interface, or …. Make sure you understand the real requirements from your customer, and make sure your suppliers understand also.

Comments solicited.

Keep your sense of humor.

Walt.

Read Full Post »