The Federal Agency Data Breach Protection Act

Written on September 28, 2006 | by RP Mickler | Leave a Comment |

This week, Rep. Tom Davis (R-VA), Chairman of the House Committee on Government Reform, introduced H.R. 6163 the Federal Agency Data Breach and Protection Act, amending Title 44 of the United States Code, to strengthen security requirements related to security breaches of data.

Really, the act should be renamed to The Federal Laptop Control Act because the language is specifically crafted towards controlling laptops and announcing laptop losses in a timely fashion. This probably has more to do with the negative publicity received from a rash of government laptop thefts over the last year, than “data breach and protection”; at least, we the people are offered a policy in admitting to the government’s embarassing faux-pas. (You mean, we _allowed_ somebody to burn a CD of 26.4 million veterans records in the first place?)

The act introduces requirement for reporting on laptop thefts or losses; sets up a requirement for announcement to Congree and to all known individuals affected; mandates guideance on determining what “timely” is; mandates the agency give guideance on follow-up actions and assistance with identity theft monitoring; and mandates agencies develop and maintain an inventory of personal computers, laptops, and so on (what, serialized asset control wasn’t already happening?).

Because this is a Federal law, this would impact only federal government agencies and not commercial, state, or municipal institutions, but this isn’t what we need. What is really needed is a broader, more encompassing piece of legislation that consistently outlines “due care” obligations and penalties for all institutions that negligently allow theft, loss, or destruction of an individual’s Personal Private Information (PPI). It’s not enough to just scope out child data (COPPA), medical data (HIPAA), financial data (GLB), and educational data (FERPA) and say that this information is particularly private. Instead, we need a bill that suggests all information is private and that there are consequences for “data breach”. That, indeed, would lead to a much higher level of “protection” for all.

Russell Mickler works a technology consultant in Battle Ground, WA, USA. With over thirteen years of experience, Mickler holds a CISSP, MCSE, a Masters Degree in Information Technology, and is pursuing his Doctorate at Walden University. His website can be found at www.micklerandassociates.com; he can be contacted at mickler@micklerandassociates.com.

Microsoft SyncToy for WindowsXP

Written on September 25, 2006 | by RP Mickler | Leave a Comment |

I was doing some research on the Windows Mobility Center in Windows Vista when I came across SyncToy. SyncToy is a downloadable free utility that allows the user to set parameters on a source destination folder to a target destination folder, then automate the copy, move, and deletion of files from one folder to another.

This add-in is useful for those user’s who’re frequently synchonizing various folders and media – like digital cameras, for example – so SyncToy has had a significant amount of input from end-users in the photography field. What is interesting about this utility is that it looks like a graphic user interface for RoboCopy: an old command-line tool that’s found in the Resource Kits for Windows Server ever since the old NT 4.0 days. Not only can you handle the synchronization of images between locations, any file will do, and there are five configurable options for SyncToy – much like RoboCopy.

SyncToy can be downloaded from Microsoft and it’s free – recommended for use on a Windows XP SP 2 station; SyncToy’s white paper can also be downloaded.

SyncToy and some of its functionality will be incorporated into the new version of Windows, Microsoft Windows Vista, due out in January 2007. SyncToy is available now for WindowsXP users.

R
www.micklerandassociates.com

An 802.11n Explainer

Written on September 22, 2006 | by RP Mickler | Leave a Comment |

A, B, G, N – wait a minute: any preschooler could tell you that’s not the way the alphabet works. However, that’s the way standards are understood by the IEEE.

The Wireless 802.11n standard was approved in draft in January 2006 and isn’t due for finalization until next year, around July 2007, and Linksys has already released a router – catch that snazzy antenae – and new products are shipping with N-capable adapters. It looks like it’s relevant and it’s going to stick.

What is 802.11? It’s the wireless LAN standard used to inetrconnct PC’s to commercial and private networks. When you think WiFi, you think 802.11, you just may not know it. Previous releases of 802.11 have included versions A, B, and G. N will likely be the latest and greatest – the next step in networking evolution.

And what an evolution it is. This is a 200+mbps OTA (Over-The-Air) standard with an indoor range of 50 meters (roughly 150 feet). This is a significant improvement of nearly fifty feet over the wireless signal over G, and, a 4x throughput improvement; some of the literature suggests that up to 400mbps or .5gbps isn’t out of the question.

N is the next generation of wifi appliances that will likely litter the small business, cafes, residential neighborhoods, and urban hotspots. Consumers, swimming in a sea of VOIP, televideo applications, and uTube streams, this kind of bandwidth on the wireless device looks perfectly reasonable. Who wouldn’t want to watch the latest “24″ episode streamed to their PDA, laptop, or other gizmo? Yes, N is supposibly backwards compatable to A, B, and G, although there has been some discussion that the N-signal disrupts G networks – this has some time to play itself out, but those are the reports thus far.

Now, is the small business interested in an upgrade? Likely not – sorry to disappoint my sponsor – as wireless access is probably useful for the occasional convenience of using the roaming laptop during a meeting or coffee break. The extra expense of upgrading the router, and, your network interface cards (if you can – most of this equipment is now on the laptop motherboard and can’t be swapped) probably won’t add up to a bunch of ROI. You can email just as fast and you probably won’t notice any difference when browsing.

Where this product will make a difference is when the physical line is sacrificed for wireless convenience. The time is coming where the wired device will become impractical. Networked appliances, print servers, VOIP telephones and other gadgets, televisions, NAS-solutions… when a majority of small business traffic is OTA, it makes sense to beef up the backbone.

Therefore, a word of caution. An investment in N now may be like an investment in A in 2001, which was quickly displaced by the popularity of B in 2003, and which was subsequently improved upon by G in 2004. To avoid a cycle of perpetual upgrade, or, to contain the risk of adopting new bleeding-edge technology like wireless-N, wait a while; give it until January 2008 to see where the market’s gone by then.

HP Wins 2006 Truste Privacy Award

Written on September 22, 2006 | by RP Mickler | Leave a Comment |

Opinion: The Guru Speaks…

Around the time that it was privately revealed that HP Chairwoman Patrician Dunn was using phone and email records to spy on her board of directors to locate a leaker, TRUSTe and the Ponemon Institute announced HP to be the Most Trusted Company for Privacy in 2006. They were handed the award on March 7, 2006 in Washington D.C.

According to the TRUSTe press release, here’s what David Lear, an HP Vice President for Corporate, Social, and Environmental Responsibility had to say:

“HP believes the protection of privacy is a fundamental measure of HP’s integrity, both as a business and a global citizen. We support that belief with a global, company-wide privacy organization to ensure our policies are enforced. Keeping up world-class privacy standards is a matter of constant diligence. We hope to lead by example and help create a safer Internet. TRUSTe is helping to raise these issues in a positive way through these recognition programs.”

Whew, these kinds of disconnects can be embarrassing, eh? Keep working on that constant diligence, David; you can probably file that award under “Privacy” – next to the folders containing the indictment of your directors. Now that is leadership by example.

R
www.micklerandassociates.com

Fight Spam Smarter!

Written on September 21, 2006 | by RP Mickler | Leave a Comment |

So a lot of clients have asked about spam this week. Many of my clients feel helpless when it comes to spam and are uncertain how to be able to stave-off the flood of unsolicited email. Believe it or not, though, the small business does have a variety of options available to them:

1. Legal Remedy
2. Education
3. Client-side Software
4. Server-side Software and Configuration
5. Dial-Up Listing (DUL) IP Addresses

First, there are legal tools available to consumers and to business. The Federal CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act) addresses legal requirements for solicitors that use email and websites for commercial advertisement. The CAN-SPAM Act of 2003:

1. Bans false or misleading information in email solicitation.
2. Prohibits deceptive subject lines in email solicitation.
3. Requires that email recipients are given an opt-out method.
4. Requires that commercial email be identified as an advertisement and include the sender’s valid physical postal address.
5. Deceptive commercial email subject to laws banning false or misleading advertising.

The CAN-SPAM Act is enforced by the FTC and may refer complaints to the Department of Justice for civil and criminal penalties. Each violation can subject a party to fines up to $11,000, and if there is intentional hacker-like mechanisms involved, additional fines and criminal imprisonment isn’t out of the question.

Small businesses and consumers should visit the FTC’s website on spam for more information. If you receive a suspicious email, the FTC encourages you to forward that email to spam@uce.gov to have it examined and placed into a national database. And if you wanted to go a bit further, you could file an online complaint with the FTC for investigation.

How effective is enforcement? Questionable. Many spammers are outside US jurisdiction – using the FTC to enforce spam requirements, though, is one way to help build their knowledge base and make it better for everybody.

Second, there are some common-sense and practical tools that small businesses can do to educate their employees on the risks that encourage and facilitate spam. Knowledge is Power: educate your staff. The Federal Government offers Onguard Online – a website dedicated to informing the consumer on best practices. Personally, I think this advice is practical and easy to digest; a good resource for the small business.

Third, some technical tools for the client computer. If you’re running Microsoft Outlook 2003, enable the Junk Email Filter and use Microsoft Update to manually update your spam definition file. Set your filter to “high” and keep a good eye on your Junk Mail folder – sometimes, legitimate content will be placed there. This provides a layer of protection built into the email application itself. Also, purchase an anti-virus package with built-in anti-spam protection. These kinds of software will investigate email prior to it being introduced to your email software, and it provides another layer of protection. For a freebie solution, a buddy of mine recommends Panda Software to his clients. Hey, free is good, and something like Panda can offer a bit of protection, but watch problems with support and compatibility.

Fourth, some technical tools for the email server.

1. Your email application server should be appropriately patched and all relaying either managed to a specific IP, or, all relaying and proxy-services turned off all together if at all possible.

2. Anti-virus should be current and the operating system patched to prevent your system from becoming a mail zombie for spammers.

3. Take a few minutes to review its SMTP relaying configuration. If your shop runs Microsoft Exchange, I’d highly recommend the Best Practices Analyzer Tool. A freebie from Microsoft, it analyzes the configuration of your Exchange installation and will spot significant problems or mis-configurations, and give you instructions on how to fix it.

4. Run a 3rd party anti-spam filter. This intercepts messages just like an anti-virus solution and scans its content against a definition file. Some good commercial names in this area is Symantec’s Brightmail solution and the Extensible Messaging Platform from Korsmeyer; a personal opinion: never run 3rd party freebie anti-spam product on your server – this would seem like an invitation to disaster. Now, if you run Microsoft Exchange 2003 and have patched up to service pack 2, I recommend you get to know the Intelligent Message Filter: the native anti-spam filter inside of the Exchange product. It’s not sophisticated (Microsoft is pushing its hosted services for higher-scale), but it’s something. A lot of small businesses I meet don’t even have this appropriately configured and working for them.

And finally, dial-up xDSL accounts are issued from a pool of IP’s from the ISP that are categorically classified as DUL IP’s. Some email servers actually filter or prohibit DUL-IP’s from delivering, relaying, or receiving email. Sometimes you’ll get an NDR (Non-Delivery Report) citing a failure due to your IP being in the DUL list. In this kind of situation, if you’re hosting your own mail server, the small business needs to upgrade their residential service to a commercial service to be assigned a static IP, or, consider a PPOE connection with their ISP, or, look at the ISP “smart hosting” their mail services on their behalf. This would avoid both being treated like a spammer, and, being attractive to spammer automation on the web.

My experience tells me that most small businesses concentrate on client-side software tools only, when in fact, there’s a more holistic strategy to consider. Good luck in blocking that spam!

Online Education Advertising Outpaces Onground 11:1

Written on September 18, 2006 | by RP Mickler | Leave a Comment |

Again, doing a little research into the perception of online versus onground education, I wanted to look at the differences between marketing spend in both environments. I ran across an interesting article and set of discussions at the Chronical of Higher Education. One particular article did catch my attention concerning the emphasis on advertising spend by for-profit online institutions that exceed traditional non-profit or public institution spending nearly 11:1.

Blumenstyk’s article cites a study performed by Samuel C. Wood, a former assistant professor of business and lecturer at Stanford University, who compared the business model of Apollo (Phoenix University), CEC (AIU University, CTU Online), and ITT Technical Institute to health clubs. The idea is to attract and retain through service subscription.

For-profit institutions have a natural emphasis on advertising. According to Blumenstyk’s article, public and nonprofit colleges spend 1-2 percent of their revenue on advertising whereas for-profit institutions spend 23 percent (Blumenstyk, 2006). This doesn’t suggest that public or non-profit institutions aren’t spending more on advertising (the article indicates that spending on advertising is going up to compete with for-profit visibility), but Woods asserts that nonprofit and public educational systems then dedicate more after-tax revenue “…on instruction and on services and support, a category that typically includes such things as the registrar, cultural and athletics programs, and career counseling.” (Blumenstyk, 2006).

This study had an interesting graphic breakdown of Revenue and Expenses for a nonprofit and for-profit institution:

http://chronicle.com/photos/v52/i35/5235-a35-differences.jpg

I wanted to get the students voice on the influences of advertising on attracting and retaining students within for-profit institutions. I did come up with a number of interesting websites, demonstrating that there was enough passion behind these ideas to demand securing a URL and provisioning web-space for their opinions on somebody’s server.

Disparanging remarks concerning the practices found at the University of Phoenix: http://www.uopsucks.com/

Disparaging remarks concerning the practices found at Capella University: http://www.capellauniversity.org/

A reasonably good discussion on CEC’s AIU program: http://badbusinessbureau.com/reports/ripoff79114.htm

My thinking here was: where’s the blogging from these institutions _promoting_ their services rather than allowing these disparaging voices to be the _only_ voices? In my simple Google search, I found more negative than positive commentary here. If Googling and online advertising can influence student opinion on making a decision, why aren’t either online or onground institutions in this space _promoting_ themselves through viral marketing?

In my brief study, I think there is a connection between visibility and the appeal of what the for-profit institution has to offer the online student. Interestingly enough, in the AIU discussion, there were an equal number of people supporting their experience at AIU as those who were attacking the brand. There is a certain product twist on what the for-profit institutions can offer that speaks well, I think, to the practical problems faced by students today concerning time, money, schedule, and other life-commitments. I’d like to study more how traditional institutions are spending advterising on re-branding themselves to compete with the online competitor – spinning their brand so that they can appear to address the challenges of the new student.

Woods article would seem to suggest that a potential on-ground spin on this problem would be to emphasize the investment in student services, curriculum, administration – rather than on attracting new students to continuously move them through the program. This will be a challenge for non-profit and public institutions, I think. With limited or constrained budgets, the message of traditional institutions could be drowned out, or, they’re likely to redirect large portions of their operating budget to advertising expenses, perhaps diminishing the competitive advantages that Woods articulates in his study.

Maybe traditional institutions would want to create an online “subsidiary” whose brand can be positioned to compete with the for-profit model, whereas the risk to quality and services can be contained? Or, in the least, simple (hardly expensive) explorations into more interpersonal commentary on the students’ experiences that promote the online or onground modality would offer a contrarian opinion to what’s first hit upon in Google.

May 5, 2006. Blumenstyk, Goldie. “Why For-Profit Colleges Are Like Health Clubs.” The Chronicle of Higher Education. Found on the World Wide Web on September 18, 2006. URL: http://chronicle.com/free/v52/i35/35a03501.htm.

Does Online Education Suck?

Written on September 16, 2006 | by RP Mickler | Leave a Comment |

I hoping for some help and comments on this one especially from current and former students, educators, and administrators.

I was at the car dealership the other day and was in line to pay my bill. During the time in line, I had received a call from a student and was providing some advice on how to approach an upcoming assignment. I hung up the phone by the time I was at the counter.

“You’re a teacher,” said the girl behind the counter. She was probably in her early twenties. “Where do you teach?”

“Here and there,” I said. “Mostly for online universities, graduate and undergraduate.”

She looked at me puzzled. “Online? Is that really for real? I heard it really sucks.”

I was taken back by this one but who could blame her? I receive spam like this every day:

Want the degree but can’t f1nd the t1me?
WHAT A GREAT IDEA!
We provide a concept that will allow anyone with sufficient work experience to obtain a fully verifiable University Degree.
Bachelors, Masters or even a Doctorate.
Think of it, within four to six weeks, you too could be a college graduate.

In reading stuff like this, one would almost think that getting an online degree isn’t very legitimate yet … does it suck? That was a new one on me and I teach this modality.

So I gave a bit of rant: the education process online is more self-directed; it’s good for the learner with constrained time; electronic resources makes the content more current and relevant; there’s numerous schools trying it from public secondary ed through established universities and private for-profit educational systems.

Now, unconsciously, I was also thinking: well, the rigor of assignments are seemingly more laxed in the online classroom; sometimes contractors don’t make excellent teachers; traditional academic principles can be overshadowed by convenience; problems with plagiarism are exacerbated by the medium; variability in teaching styles and curriculum can really throw off the student’s groove; and heck, the splendor of Pomp and Circumstance ain’t all that special when it’s played across your PC speakers. Huh, maybe online education does suck.

So I thought I’d bring this to my readers. What do you guys think? How’ve you liked the experience? What could be improved or changed? What’s your take on online programs? Has it lived up to your expectations?

What’re some of the numbers on this, I wonder – what kind of metrics are useful in evaluating “consumer satisfaction” in online academics. I’m going to be doing a little research on this as the month goes on. For now, I’d like to hear from anybody on the topic. Thanks for your time!

Where to Find a DBA

Written on September 15, 2006 | by RP Mickler | Leave a Comment |

A former student of mine wrote me today asking where they might be able to find a qualified DBA for their startup. I wanted to pass along my response.

***

Hey Bill – good to hear from you!

I have a couple of recommendations:

1. Craigslist. DBA’s and other tech professions stay plugged in to the job openings here. Best news is this site is free, and, all tech professionals I know have this on feed (we receive these broadcasts to our desktop).

2. A couple of other job sites that would be frequented by technical talent that you may want to consider advertising with:

http://dbajobs.com/
http://www.computerwork.com/
http://information-technology.careerbuilder.com
http://www.dice.com/
http://www.jobs4it.com/

3. Monster.com has communities of interests for direct marketing to, like this SearchOracle function that helps you find Oracle-specific talent. I think almost all of the major employment sites have functions like this:

http://searchoracle.techtarget.com/careers/0,289753,sid41,00.html

4. Try a contractor for a while – temp to hire, recruiters will weed the resumes and work with you to secure the talent you’re looking for. You pay a premium for their services but you do get guarantees on talent and a means to turn away talent that are incompatable with your needs. Personally, I’ve had tremendous success with RHI (Robert Half).

http://www.roberthalftechnology.com/portal/site/rht-us
http://www.teksystems.com/
http://www.accenture.com/

5. One more venue would be the website of your DBMS package – be it Oracle, SAP, Sybase, etc. Usually these folks have tools on their website to channel users of their product (like yourself) to a qualified expert.

Good luck, sir!
R
www.micklerandassociates.com

"Hi – I’m a Mac…"

Written on September 13, 2006 | by RP Mickler | Leave a Comment |

Anyone seen these commercials?

You know them. These two guys are standing on a white screen. A hipster introduces himself as an Apple Macintosh; a nerd says he’s a PC. The hipster is energetic and sly; the nerd is business-dressed and geeky.

These commercials drive me crazy because the assertions they make are patently false. For example, the hipster says that he’s not vulnerable to viruses or attacks from hackers. Yet, Apple and Adobe just released a security advisory today that affects the vulnerabilities of the Mac platform.

Curious about this, I decided to go to the National Vulnerability Database to see what kind of vulnerabilities were identified for the Mac platform in August 2006. There were seventeen identified vulnerabilities for the Apple platform:

There are 17 matching records. Displaying matches 1 through 17.

CVE-2006-3506 VU#737204 Summary: Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to “processing a path name.”
Published: 8/21/2006
CVSS Severity: 4.9 (Medium)

CVE-2006-0395 Summary: The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.
Published: 8/4/2006
CVSS Severity: 5.6 (Medium)

CVE-2006-3505 VU#566132 Summary: WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated.
Published: 8/2/2006
CVSS Severity: 7.0 (High)

CVE-2006-3504 Summary: The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as “safe”, which could allow attackers to execute Javascript code in local context when the “Open ’safe’ files after downloading” option is enabled in Safari.
Published: 8/2/2006
CVSS Severity: 5.6 (Medium)

CVE-2006-3503 VU#605908 Summary: Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed GIF image.
Published: 8/2/2006
CVSS Severity: 5.6 (Medium)

CVE-2006-3502 VU#651844 Summary: Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled.
Published: 8/2/2006
CVSS Severity: 5.6 (Medium)

CVE-2006-3501 VU#172244 Summary: Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image.
Published: 8/2/2006
CVSS Severity: 5.6 (Medium)

CVE-2006-3500 Summary: The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an “improperly handled condition” that leads to use of “dangerous paths,” probably related to an untrusted search path vulnerability.
Published: 8/2/2006
CVSS Severity: 7.0 (High)

CVE-2006-3499 Summary: The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications.
Published: 8/2/2006
CVSS Severity: 1.6 (Low)

CVE-2006-0393 Summary: OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang.
Published: 8/2/2006
CVSS Severity: 3.7 (Low)

CVE-2006-0392 VU#527236 Summary: Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image.
Published: 8/2/2006
CVSS Severity: 5.6 (Medium)

CVE-2006-3498 VU#776628 Summary: Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request.
Published: 8/2/2006
CVSS Severity: 10.0 (High)

CVE-2006-3497 VU#514740 Summary: Unspecified vulnerability in the “compression state handling” in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive.
Published: 8/2/2006
CVSS Severity: 5.6 (Medium)

CVE-2006-3496 VU#180692 Summary: AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition.
Published: 8/2/2006
CVSS Severity: 2.3 (Low)

CVE-2006-3495 VU#168020 Summary: AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users.
Published: 8/2/2006
CVSS Severity: 1.6 (Low)

CVE-2006-1473 VU#575372 Summary: Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors.
Published: 8/2/2006
CVSS Severity: 2.3 (Low)

CVE-2006-1472 Summary: Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determing names of unauthorized files and folders via unknown vectors related to the search results.
Published: 8/2/2006
CVSS Severity: 2.3 (Low)

I don’t mind the commercials – they’re kind of clever, but I really don’t like being lied to. Instead of pushing Disney movies across iTunes, I’d suggest Jobs concentrate on truth in advertising next quarter: the Mac platform isn’t nigh-invulnerable – it, too, is supceptable to error, intrusion, and bugs. It’s just the wrong message to suggest that the Mac PC (yes, folks: it runs an Intel processor now…) – and Apple development practices – are somehow infalable. This assertion is patently untrue.

So the next time those guys come on the screen, I want the geek to just whack the hipster upside the head. A smug look will overcome the geek’s face. “That felt better.” Apple logo. Fade out.

R
www.micklerandassociates.com

The Mirror of Erised

Written on September 11, 2006 | by RP Mickler | Leave a Comment |

I’m a news junkie and I’ll be the first to admit that I’m hooked on CNN’s Pipeline service. Pipeline allows for four video channels of nonstop news to be delivered to my desktop 24/7.

On Sept. 11, Pipeline ran (and has been airing) the 9/11 events as they happened – chronologically – on one of the channels. This allows you to relive the moments as they happened, in the midst of chaos, confusion, and destruction. In a morbid way, we can observe the speculative news commentary now with 20×20 vision: we’re watching a movie we’ve seen before. We know the plot, the weapon, the suspects by heart. The terror is predictable. We wait for our favorite scenes.

I’m reminded of J.K. Rowling’s Harry Potter series and the Mirror of Erised. Not to give too much away if you haven’t read the book, the mirror allows Harry to view his greatest dreams and wishes – a fantasy wherein the mirror’s watcher can go mad. Harry spends too long in front of the Mirror to be with his dead parents; it only through accepting the present does Harry pull himself away from it.

Right now, Pipeline is our Mirror. How we use this technology to gaze the events of that day and relive the moments, segment by segment; our greatest wish maybe we expect the outcomes to be different. Maybe if we can replay it enough, maybe we’ll catch something we didn’t experience before. Maybe another scrap of evidence, another piece of understanding… to explain and understand. Ultimately, even though we’ve got the technology to relive this and broadcast it all over the world, somehow, we must pull ourselves away from the Mirror to deal with the present.

I wonder how new technology and invention will allow us to record our lives and subsequently relive its most painful moments? In our future, technology might force us to revisit the past – over and over again – preventing our usual momentum to accept and push forward. Hopefully we will have the courage to close the past even though we’ve the capability to relive it.

R
www.micklerandassociates.com

Bio

Archives

Categories

Blogroll

Twitter

Contact Information

The Federal Agency Data Breach Protection Act

Microsoft SyncToy for WindowsXP

An 802.11n Explainer

HP Wins 2006 Truste Privacy Award

Fight Spam Smarter!

Online Education Advertising Outpaces Onground 11:1

Does Online Education Suck?

Where to Find a DBA

"Hi – I’m a Mac…"

The Mirror of Erised