Reading on NPR this evening:

How A-Bomb Testing Changed Our Trees

Back in the 1950s, the Americans, the British, the French and the Russians tried to impress each other by “testing” atomic weapons. This involved blowing up multi-megaton bombs in the air in remote places, but the explosions didn’t stay local.

This is an interesting tale of Carbon-14 created by our “activity”. Carbon-14 in the trees, Carbon-14 in Human DNA. This is allowing the study of cell life, etc..

I am not sure where to take this other than to tell you all about it!

To all my stateside bretheren and sisteren, it’s Election Day. If you haven’t already done so, go vote. Now. The Internet will still be here when you get back.

It’s Monday, and I don’t know about the rest of you, but I need a laugh. And whose expense is better to laugh at than Microsoft?

First, courtesy of America’s Finest News Source, we get an update on Microsoft’s newest ad campaign.

Next, via BoingBoing, we have video of the BSODomizer in action. This might be NSFW if the name, foul-mouthed nerds, or youtube video’s of ascii art representations of goatse would not fly in your workplace.

Of course, I feel I would be remiss if I didn’t point out that Canonical released a new version of Ubuntu Linux, Intrepid Ibex, on Thursday. I’ve upgraded & installed as necessary and thus far am suitably impressed.

Happy Monday everyone!

I realized the other day that Not Bad for a Cubicle turned two in December. As my family can testify, acknowledging birthdays on time is not one of my stronger points, so I’m about two weeks late on this birthday wish to myself.

A lot has changed since I first started bashing random thoughts into Wordpress and wondering if anyone but I would care. In March 2005, John Quarterman and myself were pretty much the only bloggers out there talking about Risk in the non-boardgame sense of the word, at least according to Technorati, and we apparently only had 33 posts on the subject between us.

Today, Technorati found a total of 47,001 posts about “risk management,” with more being added at a pace of over 100 per day. A lot of them are spam, but a lot of them aren’t.

So what’s changed? Has awareness of risk really grown that much over the past two years? I doubt it. From what I can tell, people are still making bad risk decisions at about the same rate as they ever have. Sure, work is being done to improve our ability to describe risk accurately enough to make good business decisions about it, but we’re still years away from from achieving even a reasonable facsimile of that goal.

In general, I think that more people are writing about risk management across different disciplines. Within the security world, in particular, FUD isn’t selling like it once did, so the spending and effort needs to be more firmly grounded in reality than in the past. In the same way that the exotic inevitably becomes mundane over time, much of what used to be “Information Security” is now just plain “Information Technology.” Throw in the commoditization of IT in general and it now takes more than just “Everybody is doing it!” or the specter of ueber-hackers to get a security budget approved.

This year, I’ve heard that I’ll be spending a lot of time doing business case development for security spending proposals. I’m looking forward to this for a number of reasons. First, it will give me a chance to put my money where my mouth is with regards to the potential benefit of risk assessment. Second, I’m hoping it will give me a chance to see first-hand how the non-IT executives react to Information Risk Management concepts. Third, I’m hoping that it will give me good material for this space going forward (assuming I don’t have to self-censor the posts out of existence).

I’ll continue to produce the rants essays on IT and Risk Management that you’ve come to know and expect, and hopefully you’ll continue to stop by. Thanks to everyone who has read, linked, and commented over the past two years. It’s been a lot of fun and it’s not over yet.

It’s election day, and it’s time to get out there and vote.

Even if it may not count.

From the Streetlight:

Or think of it another way: a single province in India (Uttar Pradesh) has nearly two-thirds the population of the entire United States, with over 180 million people - all in an area about the size of Oregon.

So, if you live in the US, enjoy your elbow room.

In order to tackle the recent flood of attempted comment spam I’ve been suffering under (hundreds of spam per day), I upgraded Wordpress from 1.5 to 2.0.2 this morning.

Other changes include a new theme since the old one didn’t seem to work after the upgrade and I did a little php hacking to include the “Recent Comments” to the sidebar.

All seems to be well at this time, but please feel free to note any issues, bugs, thoughts, comments, etc. that anyone has as comments on this post.

My secret is out.

Which Nigerian spammer are You?

I grew up walking behind a Snapper mower back and forth across my yard every week for most of the year (mowing, like boating, is pretty much a year-round sport in Texas). Years later, I pushed that exact same Snapper across my own yard after years in storage and doing nothing more than changing the oil, air filter, and sparkplug. The only other thing I ever had to replace was the wheels, which I actually wore out. It lacked even the most rudimentary safety features, but it started every time, ran like a dream.

Maybe it’s just nostalgia for cursing my way back and forth across the yard, but I really liked this article on Snapper’s decision to no longer do business with Wal-Mart.

“As I look at the three years Snapper has been with you,” he told the vice president, “every year the price has come down. Every year the content of the product has gone up. We’re at a position where, first, it’s still priced where it doesn’t meet the needs of your clientele. For Wal-Mart, it’s still too high-priced. I think you’d agree with that.

“Now, at the price I’m selling to you today, I’m not making any money on it. And if we do what you want next year, I’ll lose money. I could do that and not go out of business. But we have this independent-dealer channel. And 80% of our business is over here with them. And I can’t put them at a competitive disadvantage. If I do that, I lose everything. So this just isn’t a compatible fit.”

…

No lightning bolt struck. Except that Snapper instantly gave up almost 20% of its business. “But when we told the dealers that they would no longer find Snapper in Wal-Mart, they were very pleased with that decision. And I think we got most of that business back by winning the hearts of the dealers.”

The President of Snapper had the courage to assess the situation, accept the risk that he might never going to get back that 20% of sales that Wal-Mart was currently contributing, and still say, “No,” to Wal-Mart. That is the difference between a leader and the average senior executive today. He looked at what was best for his workforce, his brand and, as a result, his company instead of chasing whatever he’s told will be best for the share price this quarter.

He took the risk that enough of the people buying lawnmowers both know the difference between high- and low-quality mowers and that they will act on that knowledge, one which is apparently paying off for the company as the independent retailers who sold the other 80% of their product are rewarding them for their decision

My sweat-stained hat is off to him for it.

Since people keep asking me about this (three different times just yesterday) and since it’s gotten a fair amount of mainstream press coverage, I’m going to take a few moments to lay out my former-insider-view/personal thoughts on the match.com lawsuit accusing them of using “date bait” to keep subscribers paying longer.

From the AP Story in USA Today:

A recent lawsuit against Match.com charged the matchmaking service with sending a female employee out on a date with a male subscriber as “date bait” to keep him signed up. Another lawsuit against a personals service offered by Yahoo Inc. accused the Internet portal giant of creating fake profiles to entice subscribers.

Match.com denied the allegations and obtained an affidavit from the woman in question, who declared she never worked for the company. Yahoo refused to comment.

In the Match.com lawsuit, filed Nov. 10 in U.S. District Court in Los Angeles, plaintiff Matthew Evans made the “date bait” allegation against Autumn Marzec. He also accused the site of using fake profiles and sham e-mail “winks” from potential matches to keep him subscribed. Match.com, which claims more than 15 million members, offers a basic subscription for $29.99 a month.

Marzec said in a signed affidavit that she has never been employed by Match.com or its parent company, InterActive Corp., and has not worked for them as a contractor. On Monday, Match.com demanded that Evans dismiss the lawsuit, which it called a “totally baseless attack.”

Personally, I strongly suspect the lawsuit is utterly without merit. Match and Yahoo Personals are targeted because they are successful companies with deep pockets whom the plaintiff assumed would pay him to go away before reputational damage set it.

I worked for Match.com for almost 2 1/2 years as their Information Security Manager. I have also compared thoughts on this with other former employees who would also have been well-positioned to know about anything like this going on.

(more…)