RSG Model Works

I gather the Mayans, perhaps, specified a date for “the end of the world”. Plus or minus some corrections. I’m not sure I care. I am not sure I see people around me caring.

Ancient peoples they’re not, but the vogonesqly named NRO (Number Resources Organization), the elves watching the relevant inner workings of the Internet, are about to run out of IPv4 addresses. Really, this time. It’s not a drill. We’re not at the other end of that curve. We’re down near the bottom of the barrel now, really.

What to do? IPv6. Just like folks figured out back in the late 90’s. We, the enterprise-class network community, should migrate to IPv6. Now. Before some subsector among us does it and renders everyone else a Decnet-hopping 3270 screen user. Because that’s what it’s going to take to connect every iThing to every Smartmeter to all the computers bouncing around our world. Sooner or later everything in your world bigger than a toaster (maybe bigger than a slice of toast) is going to want an IP address. And the v6-based solutions are likely to win.

ASIS 2010 Annual Conference/Exhibition, Dallas Texas. Yep. Went to Dallas. Went to the show. So some good things (vendors actually using syslog, managed switches being demonstrated.) Saw some things I’m not thrilled with (proprietary protocols used with encryption, serial to ethernet converter products (in 2010 !!!) Is this marketplace getting more network-clueful? Yes? Is it still of concern? Yes. The technology available this year in the ASIS exhibition hall can do wonderful things. It can also be deployed in astoundingly insecure ways. It’s a curious mix of decades-old technology (did I mention a serial-to-ethernet converter, on sale in 2010 ???) and people walking around asking for IPv6. I do feel safer knowing that vehicle barriers big enough to stop a truck are available today. I hope that the integrator who deploys that applies the finest workmanship to that collection of Allen-Bradley ethernet-attached process control electronics huddled in the metal housing on the side of the unit. Don’t make me ask if you can telnet into the vehicle barrier…

Rodney is speaking at ASIS 2010 (Dallas), Tuesday (Practical Measures…
to Protect your Physical Security Networks, with Ray Bernard) and
Wednesday (Advanced Persistent Threats, with David Morgan.)

I like this (from XKCD: “Debian Main” is the title) …

I especially like the fact it works as artwork, in case I ever do a presentation on unauthenticated/untrustworthy package update mechanisms. It reminds me of Skype, when they try to unilaterally update my machine, or Apple, when it tries to claim Safari – the initial installer – is an “upgrade” to iTunes for the Shuffle.

Here’s the fake camera I bought in the store the other day, when I found myself standing in line behind the other physical security installer dude 😉

It’s a “Bunker Hill Security” Item 95154 (warning: imitation camera, do not use for actual security monitoring purposes blah blah blah…) (800 number on documentation is Harbor Freight Tools’ order status line) camera.

It might be a fake but the package clearly documents it uses two 1.25 inch phillips head wood screws and has two 1/4 diameter holes with 5/32 slots. It doesn’t document that the two mounting holes are about 2 inches apart but this does indeed count as useful installer documentation, so this product, for what it claimed to do, gets a “doesn’t suck” rating on installation.

Remember that the next time I get grumpy whilst looking for a nut driver appropriate for YOUR IP video cameras…