You are currently browsing the monthly archive for October 2008.

(…kind of random ramble here…maybe I think it sounds silly in a few weeks…)

I never really “got” Neal Stephenson’s concept of federated and FRANCHISED governments in Snow Crash. I mean, I understood he was trying to feel all cyberpunk and future-y, but I didn’t immediately see practical drivers which would necessitate the transformation. Beyond Stephenson’s plot need for a  fictional generic doom and gloom everything falls apart into a gritty underworld backdrop, what would be the systems benefit of evolving into a real life situation where government is significantly geographically non-contiguous and people have to buy in to their state of choice? No answer.

Fast forward a few years. The other day I attended the kick-off for the “National Cyber Security Awareness Month” this year at the national press club.  Suits from the non-profit org, Symantec, and DHS were on the panel. They talked about their plans to raise awareness (it seems to involve schools, but not much else?) and current threats (ye olde “insider threat” spiel. What a cop-out. Who are your insiders? Your users? Your business partners? Your supply chain? The wife and kids at home who are on the same network as your laptop? The starbucks-going-public? Wake up. You don’t have an inside. But, I digress).

Apparently this is the fifth year there has been an awareness month. Wow. I’ve certainly never noticed it before. Why is that? At first it seemed like the government just couldn’t get its shiot together. But then you have to wonder two – why is this a government issue at all (why arent people self-organizing?) and is this limited to security awareness? Are we having these issues coming to social consensus elsewhere?

(Bear with me here, I havent completely thought this post out yet)

It really seems that the answer to the second question is a resounding yes.  We cannot seem to come to agreement on anything in the US lately…and when we do, it’s a conclusion based on only the most oversimplified non-complex versions of “facts”.  The reason the government is involved is because people throw up their hands and go “this is too much! help!”

Why is it too much?

A combination of too much data and a lack of common interests and needs on a geographical basis.  A geographically federated state system assumes that people nearest each other have the most in commun wrt value systems, needs, desires, beliefs, culture, etc.  Do we have that now? Somewhat…but not nearly, IMO, as much as we used to and maybe not as much as we need to.

Look at it this way:  If 30% of people in one area agree on something, but so many other people disagree that the 30% is a majority, it’s the 30% that gets represented ultimately. That’s expected and fine when it happens on some issues. But what happens if interests and values have become so diversified within geographic voting/opinion districts that this kind of discord is the norm?  We may be vastly over-normalizing our opinions to the point where they’re not meaningfully reflective of reality and no one will ever happy with the results.  We’re essentially making decisions based on noise.

Related to voting, and more pertinent, is that we’re not having nearly as many -conversations- or -dialogue- between people based on geo-centric shared interests. Rather, we’re talking over the internet and national TV. People with shared interests are collaborating around the world. Virtual communities of interest have become as normal in many areas as real ones.

This is where Neal Stephenson’s franchised governments start to come into play.  States are usually formed around a group of people in one “place” with shared values and interests. If we virtualize and abstract out “place”, what do we end up with?

Can we or should we reorganize voting/opinion districts around these opt-in shared communities? You choose which group to join and be a part of.  Everyone in said virtual community votes and that virtual community subsequently votes in large polls/electrions the way its community voted.

Would that work? Would it help? Is that where we’re headed?

This post obviously needs to be fleshed out in a lot more detail, but I really dont have the time. Just thinking out loud :)


I’ve spammed this particular link everwhere else I can think of, but still neglected to post it here on my blog.

Basically, I was approached a few months ago by a senior editor of Symantec’s online magazine “Norton Today” because they were interested in doing a piece on Art and Security. I was approached because of my old work in security data visualization and the fact that’d I’d started to rework and hang the pieces in art shows like Artomatic and My Space on 7th.

Anyway, the interview went really well (in addition to being a lot of fun) and it’s now online at:

(Edit: This link now appears down after a few months. Symantec has republished the article here: )

They used a few older images in their Flash slideshow (My fault – I didnt get them newer images in time).  These were the originals we used at NetSec to do analysis and which have been in a number of presentations (and were in the batch I sent to ArcSight as examples when they were still developing Interactive Discovery, iirc).

You can find the “art” versions that I’ve hung up in galleries at the following link:

I’m still interested in working more of these, but have been moving from graphing – which was a necessity of the business at the time – into a broader field of ontological information/concept representation in art.

(This is in addition to my media experimentation with / interest in projection. I think Id like to merge these two tracks together in the future, but havent gotten there yet.)

So I recently bought a ton of film strip gear off of Craigslist. Do you all remember this stuff from elementary school? Or if you’re older, high school? They’re basically like slide presentations, except the images arent ever cut from the strip. You insert the strip in a projector or personal viewer and play either a tape or a record for a sound track. When you hear a BEEP on the sound track, you flip to the next image on the strip. 

I always thought they were dumb in school, but I did want to make my own at the time and they’ve been on my mind a lot lately for whatever reason. So, I was pretty thrilled when someone on artdc pointed out a craigslist ad the librarian at Queen Anne school in Upper Marlboro had put out: 4 projectors, 3 personal viewers, and 60 strip presentations for $100. Holy Cow!

Anyway, I got all this gear delivered to work (it takes up…an entire…cuber….) last week and have slowly been hauling it home and playing with it. I’ve found I want to explore three potential uses for it: 

1. Cutting up and reusing the material from the film strips in other art as light-driven collage material

2. Making an actual film strip in the old style they have with the simple lettering and exagerated imagery and doing a projection show of some sort

3. Using the projectors and gear as part of photo still lifes.

One of these three is obviously easier than the others, so I’ve started out taking pictures of the projectors and strips (Paivi also has been photoing some of the images projected).  I put up a few of the recent shots on flicker and one of them made the DCist’s photo of the day:


Some of the other shots are here:

So lately I’ve been monitoring (for various reasons) the SCADASEC mailing list run by Bob Radvanovsky.  In the course of a mostly unrelated discussion, Gadi Evron linked to the Estonian National Cyber Security Strategy and I decided to look it over.

It was of particular interest because it was written in the wake of the massive DoS attacks against Estonia and it marks probably the first government strategy written by a state that has had to deal with both being attacked as well as the international coordination/input involved in responding to them. We certainly have our own unique issues to deal with, but it’s definitely gives some intriguing insight.

There were a couple of things that stuck out because of their heavy emphasis:

  • Making their legal framework more consistent and interoperable in a way that would allow them to more effectively respond and handle threats. They found it to be decentralised and, in fact, partly contradictory.” This is going to be a huge problem for the US down the line…even more so than it is today.

  • The role of general society (vs government) in responding to threats as well as the importance to the state of the free flow of information to/from society: „Our task rests on a prescient awareness of the need to balance, on the one hand, the risks associated with the use of information systems and, on the other hand, the indispensability of extensive and free use of information technology to the functioning of open and modern societies — and the understanding that this is a challenge confronting not only Estonia but also the rest of the world. The growing threats to cyber security should not hinder the crucial role of information and communications technology in impulsing the future growth of economies and societies.”….” In our modern, globalising world, economic success and a high quality of life can be achieved only through recognising the great importance of the efficient handling of knowledge and information to the proper functioning of our societies. The very term ‘information society’ denotes a setting in which human values of all kinds are created, maintained, manipulated and transmitted in a standardised digital form; it is a further feature of an ‘information society’ that all members have access to such information through a complex data exchange network.” The US tends to address the material and business impacts of the internet and their cyber infrastructure, but we rarely talk about the critical role it plays in defining society itself now.  If we continue to divorce business and government from society, we are going to continue to wonder why everything seems to be sliding away.

Other points I noted:

  • They have a national SOA-like (data exchange layer) backbone with DNSSEC: and „“At the beginning, it was developed as an environment that would facilitate making queries to different databases. By now, a number of standard tools have been developed for the creation of eServices capable of simultaneously using the data of different databases. These services enable to read and write data, develop business logic based on data etc. The X-Road must enable to do any common data processing operation. Proceeding from this principle, several extensions have been developed for the X-Road: writing operations to databases, transmission of huge data sets between information systems, successive search operations of data in different data sheets, possibility to provide services via web portals, etc. The main component of the Estonian public information system architecture is the secure data exchange layer, X-Road, which is based on the public Internet. Although X-Road uses the Internet, it meets all three objectives of information system security – availability, confidentiality and integrity. The number of X-Road’s central components has been minimised and data exchanges between two information systems using X-Road are able to continue in case of its disruption. X-Road’s infrastructure includes countermeasures against both temporary disruptions and attacks aimed at hindering the provision of services. But because new forms of attack and threats in cyberspace are constantly emerging, it is necessary to develop further X-Road’s security measures” Our businesses can’t even seem to get this together, how can they? For god’s sake…we NEED a data interface layer like this in our infrastructure or we’re going to drown in our own unused inefficient data stores without ever being able to synthesize the kind of knowledge we need to in order to function as a society.

  • Their perspective on the nature of current threats: “The current and well known security objectives – confidentiality, availability and integrity of information – are no longer sufficient to ensuring cyber security. To secure the critical infrastructure, it is necessary also to address the severity of disturbances in its functioning, non-repudiation and authenticity of information sources.” I guess all I can say to this is “duh. Why dont we talk more about this publicly on a government level?”

Follow me on Twitter

My Art / Misc. Photo Stream