Someone should explain to the fine folks at Central Command that after the documents are on wikileaks is not the most effective time to turn off the server. http://oneteam.centcom.mil is down as I write this. It seems they shut the whole box down, not just the Web server off-line.

Wikileaks says:

February 27, 2009

WIKILEAKS EDITORIAL

Wikileaks has cracked the encryption to a key document relating to the war in Afghanistan. The document, titled “NATO in Afghanistan: Master Narrative”, details the “story” NATO representatives are to give to, and to avoid giving to, journalists.

An unrelated leaked photo from the war: a US soldier poses with a dead Afghani man, in the hills of Afghanistan The encrypted document, which is dated October 6, and believed to be current, can be found on the Pentagon Central Command website “oneteam.centcom.mil”: [UPDATE Fri Feb 27 15:18:38 GMT 2009: the entire Pentagon site is now down–probably in response to this editorial]

http://oneteam.centcom.mil/isc/Shared%20Documents/NATO%20Master%20Narrative.doc

The encryption password is progress, which perhaps reflects the Pentagon’s desire to stay on-message, even to itself.

I fight this same fight every day in my job and we have no better luck than CentCom. We just don’t get to shut down the servers when people screw up.

John Robb theorizes that the current global depression is a stress test for nation states:

Nation-states are now caught between two irresistible and strengthening forces:

1. A dominant, turbulent, and uncontrollable global super-network, that is pressuring/weakening/buffeting nation-states from above.
2. Super-empowered individuals/groups rising up from below that are ready to pounce on or exploit any demonstration of nation-state weakness.

So far, the vast majority of thinking re: the response to the stress test has been a revival of early 20th Century methods/theories of activist government. I’m fairly sure that this is a sterile response to the challenge.

From an Information Risk perspective, corporations are like nation states here. The overall economic situation is pushing companies down and driving budget cuts and weakening the companies’ ability to act from above. Meanwhile, poor morale and accumulated/earned disloyalty is pushing up in the form of ignorant/unconcerned, negligent and malicious employees.

Lest it be said that I’m nothing but doom and gloom, here’s Red vs. Blue’s take on the financial crisis.

So remember, it could always be worse. At least you’re not having to share your guns and base with the other team (yet).

Crisis of Credit is one of the most accessible explanations I’ve seen yet of the current credit crisis. In eleven minutes, it explains leverage, CDO’s, risk layering, and how they all interacted to create the Credit Crisis in a clear, concise manner.

I wish I was this good at accessibly and succinctly explaining complex concepts:

The Crisis of Credit Visualized from Jonathan Jarvis.

From the BBC:

A French battleship sunk in 1917 by a German submarine has been discovered in remarkable condition on the floor of the Mediterranean Sea.

The Danton, with many of its gun turrets still intact, is sitting upright in over 1,000m of water.

It was found by the Fugro geosciences company during a survey for a gas pipeline between Algeria and Italy.

…

The final resting place is a few kilometres from where people have traditionally thought the ship met its end.

“The French Admiralty did argue with us for a while that it should have been several nautical miles away, but we reminded them that modern GPS methods are more accurate than the sextants they used in those days,” said Mr Hawkins.

In other words, the French Admiralty tried to pull the Who are you gonna believe, us or your lyin’ eyes? routine.

Keep this anecdote handy for the next time you’re dealing with metrics. Good metrics frequently discover that the Conventional Wisdom is flat-out wrong and that things are not what or where people thought they were. A little humor can go a long way toward defusing the situation, getting people out of a defensive posture and back on track to thinking productively about the problems at hand.

First, a talk from TED by Barry Schwartz titled, “The real crisis? We stopped being wise”

I couldn’t agree more with what he has to say. Two of my favorite lines:

“Rules and incentives may make things better in the short run, but they create a downward spiral that makes them worse in the long run” (08:46)

“Rules prevent disaster, but what they guarantee is mediocrity.” (10:25)

Like Wisdom, good Risk Management is about decisions. Security is about rules.

Then, for an example of some very non-wise thinking, let’s take a look at what is being written about DRM in Windows 7:

That Photoshop stopped functioning after we messed with one of its nag DLLs was not so much a surprise, but what was a surprise: Noting that Win7 allows programs like Photoshop to insert themselves stealthily into your firewall exception list. Further, that the OS allows large software vendors to penetrate your machine. Even further, that that permission is responsible for disabling of a program based on a modified DLL. And then finding that the OS even after reboot has locked you out of your own Local Settings folder; has denied you permission to move or delete the modified DLL; and refuses to allow the replacement of the Local Settings folder after it is unlocked with Unlocker to move it to the Desktop for examination (where it also denies you entry to your own folder). Setting permissions to ‘allow everyone’ was disabled!

Windows is attempting to provide “security”–but not for the owner of the system. Rather, they are installing powers that I’ll bet will be exploited far more to reduce the value and usefulness of the platform than to actually make things better for anyone but industries who are still trying to deny the obsolescence of their business models. But just think of the fun that the malware will have with its new-found powers.

Basically, the only person who’s getting shafted in this deal is the customer. If you’re a company, even a (decaying) natural monopoly like Microsoft, consistently shafting your customer in ways that they notice and care about is not good business.

(h/t BoingBoing and BoingBoing))

I will freely admit to enjoying the SEC’s management getting berated in this video. I am not a fan of incompetence at any level, but especially at senior levels.

Back ten years ago now, I worked in Risk Management for a now-infamous investment bank writing the software that actually calculated our risk (and I wrote the risk models themselves, ironically the part of the system that no one else in the IT group was interested in). Initially, I did market risk (attempting to predict how well or poorly our trading positions would do as market conditions changed) and later counterparty credit risk (calculating our net exposure to other banks, private bank customers, hedge funds, etc. so we could ensure that collateralization agreements were being met). I loved calculating net positions, by the way. Something about distilling down a huge pile of seemingly unrelated trades into a set of concise, useful information was (and still is) beautiful to me.

Occasionally, I would sit down to talk to the regulators as they did their scheduled audits and what were essentially inspection tours. I would get called in to explain exactly how this number or that number came to be on the computer screen, once because it was a bug but usually just as some sort of gotcha game to make sure we could prove that the computere was saying what we wanted it to say.

They were universally the most under- and un-qualified people I interacted with in a professional capacity during my tenure in investment banking. We would routinely find ourselves explaining not just intricacies but fundamentals of how the business of foreign exchange worked–to the people who were supposed to be able to regulate us!

I asked one of the Directors if this was a normal level of regulatory competence, and he assured me it was. To paraphrase his response, “Why would anyone who understood this stuff be working for the government at a fraction of what they could make actually doing it?”

As this video demonstrates, even an activist SEC wouldn’t have caught Madoff. The Director of Enforcement doesn’t even know how they failed. While his scam delivered returns that anyone qualified to be in the business knew were impossible, there were enough people unqualified to be in the business at the brokerages, banks and regulators that he could keep the party rolling for years.

h/t to Blah3 for the video.