• A fascinatingly disturbing thought…

    Dr. Neil DeGrasse Tyson offers us a “fascinatingly disturbing thought”: Not only does he remind us that our perception of intelligence is laughably flawed, but he reminds us that any superior race out there (e.g. the kind that could achieve interstellar travel) would likely look at us as if we were chimps. Like we look…

  • You posted the business hours, not me…

    Safeway (@safeway), my local grocery store. A few blocks from home, where I go several times a week. Also the home of my pharmacy, where I spend an inordinate amount of money, including almost $1100.00 yesterday. That is not a typo. Tonight, I get there at 11:47 and find the door closed, even though they…

  • Twitter, the Ultimate Better Business Bureau

    Over the last year, I have learned that Twitter has become the ultimate medium for getting a company’s attention. When you complain about a company and include their @ name, the potential for a lot of people to see it is there. As such, companies have quickly figured out to be very responsive, and very…

  • Invariably, All Good Software Shall Pass

    Countless times, we see software that has promise go away. We get hooked on a new app or new software package, it gets better, we sing its praise. Ultimately, and invariably, at some point the developers take a sharp turn away from sanity. I haven’t upgraded to the latest major version of iTunes because of…

  • Book Review: Kusters Yakuza

    I don’t review books that often, especially not recently. While I read my share, they usually end up as side discussions with friends or a quick comment on Facebook. One topic that has always fascinated me is the Yakuza. I’ve read a variety of books on the subject over the years, including Confessions of a…

  • CVSSv2 Shortcomings, Faults, and Failures Formulation

    [This was originally published on the OSVDB blog.] The Open Security Foundation (OSF) and Risk Based Security wrote an open letter to FIRST regarding the upcoming Common Vulnerability Scoring System (CVSS) version 3 proposal. While we were not formally asked to provide input, given the expertise of managing vulnerability databases, along with the daily use…

  • Why I Don’t Attend the RSA Conference

    For years now, I am asked if I will be at the RSA Conference (RSAC). Invariably, I answer no because I will not subject myself to it, or support the conference in any way. The short answer as to why, is that it is basically the “Comdex” of InfoSec. Overly large, full of flash, and…

  • Subway, the Missing Inch, and Karma

    In case you hadn’t heard, Subway is embroiled in a lawsuit over them serving up 11″ sandwiches, while advertising them to be 12″. While it doesn’t sound like much, those missing inches add up over time. There is also the whole truth in advertising issue. I’ve been going to Subway for a long, long time.…

  • Selling out, a bit at a time…

    I sold out when I signed up for Google, Gmail, Facebook, Twitter… might as well sell out a bit more and use WordPress. While guest-blogging recently, I found out that the managed WP site is actually pretty well done for a stable, mostly intuitive blogging platform. This will also help ensure my spew stays around…

  • CVE Vulnerabilities: How Your Dataset Influences Statistics

    [This was originally published on the OSVDB blog.] Readers may recall that I blogged about a similar topic just over a month ago, in an article titled Advisories != Vulnerabilities, and How It Affects Statistics. In this installment, instead of “advisories”, we have “CVEs” and the inherent problems when using CVE identifiers in the place…