Lessons From A Ship’s Captain

What does a ship’s captain know about information security? A lot, apparently, if that Captain is Richard Phillips of Maersk Alabama fame. If you recall, this ship was the target of a failed hijacking attempt by four Somali pirates in April 2009. The ultimate failure of the hijackers, despite their early success in penetrating the perimeter of the ship, was in large part due to the leadership and strategic skills of Captain Phillips.

Captain Richard Phillips, left.
Captain Richard Phillips, left.

I recently had the opportunity to hear Captain Phillips speak at an event where the target audience was information security professionals. The lessons of the Captain’s experience were very relatable to that audience.

When Captain Phillips joined the crew of the Maersk, he took a couple of days to settle in and observe. He was concerned that security seemed a bit loose on board and decided to drill the crew. He did this repeatedly, each time learning from the failures of the previous drills. He and the crew, working together, improved things to a point where each member understood his role and responsibilities in case of an attack.

Sound familiar? Through iterative testing and analysis he helped his crew understand the policies and the actions that would increase their chances of repelling or surviving an attack by intruders. He made sure that any attack had to go through multiple layers of defenses. When the attack came, not everything worked as planned and practiced, but enough worked to ultimately assure the lives and safety of the crew.

From Captain Phillips’ experience, it reminds us of our need to have policies that make sense and procedures that can be followed, especially under the worst of circumstances. He reminds us to educate our teams and organizations on their roles in executing those procedures. We need to test, test and test again. Learn from failures and successes and you and your crew will survive to tell the tale.

Hopefully you won’t need the help of US Navy SEAL marksmen to repel your next attack.

Windows 10 Update – Unhappy Anniversary

The Windows 10 anniversary update came recently to my radio room computer. The folks in Redmond have some quality assurance problems to resolve. Here’s what I’ve noticed so far.

All my firewall rules were deleted. This means that as I run applications which require external access, I have to reauthorize them. While it is not a bad practice to occasionally review these settings, I would have preferred to do so at a time of my own choosing.

The WINUSB driver used by my Perseus SDR was deleted. I had to reinstall the driver and to do so, I had to go through the multiple reboots to allow installation of the unsigned 64 bit driver. Not fun.

My sound device settings were changed. The friendly name for the SignaLink USB sound card device that is connected to my Kenwood TS-2000 reverted to “USB Audio CODEC” and Windows decided to make that device my default sound and communications devices.

This update was hardly the best anniversary present that Microsoft could have given me.

September RF Bits in CQ – Erratum

cq-contents-sept-2016As luck would have it, a key URL for the software mentioned in my September CQ Magazine RF Bits column no longer works. That is because the author, Mike Guenther, DL2MF, decided to withdraw support for the DV4MF2 console for the DV4mini. Whatever his reasons, we have luckily archived a copy for your convenience. So if you arrive at a German language page with a “no more available” caption in English at the top, fret not and get your copy of DV4MF2.exe right here.

While the author has withdrawn support, the software nonetheless functions as it did when my article was prepared for your enjoyment. Other software for the DV4mini is also available and supported by Wireless Holdings, although lacking the nice Brandmaster XTG support that DV4MF2 offered.

It would be great if more radio amateurs released their software under some open source license so that work by and for the community could be continued as needed. We have far too much orphaned software in regular use in the amateur community. A perfect example of this is UI-View32. The author’s last wishes upon his death included the destruction of the source code. Yet, the program is still used by many amateur stations around the world. Imagine how much more useful the orphaned software could be if the source code were available for further development?

Android Security Just Got a Whole Lot Better

While Marshmallows are soft and gooey, Android 6.0.1 (Marshmallow) is one tough cookie. Marshmallow provides granular security controls that allow you to decide whether an application gets access to particular information. Tired of LinkedIn or Facebook trying to grab all your contacts?

Android Marshmallow allows for more granular control of application permissions.
Android Marshmallow allows for more granular control of application permissions.
Now you can control this behavior.

To take a look at these settings, go to Settings->Apps->Application manager. Pick an app and you’ll see a bunch of sliders that let you turn access on or off for that control. Newer app versions directly support the Marshmallow security model. Older apps don’t and may malfunction, but don’t let that stop you from trying out settings that meet your security requirements.

Blackberry has had this level of application security control for many years. It is good to see that Android is now taking application and data security very seriously.

Perspective of a former Gilfer Associates Employee

Anyone who listened regularly to the shortwaves back in the 1970s knew about Gilfer Associates of Park Ridge, New Jersey. They were a source of books, gadgets, and radios supporting the SWL habit. The company was run by Oliver P. (Perry) Ferrell and his wife, Jeanne. Perry was at one time the Editor of Popular Electronics Magazine.

I came across this recent blog post by Susan Ito, a former employee. It paints a nice picture of what is was like to work for the Ferrells as an after school employee.

How I Came to Love Shipping (and the Hot UPS Guy)

The “Rigged” Presidential Debate System

The Republican and Democratic parties are part of a cartel that want to prevent American citizens from being exposed to any candidate other than their own. They do this through a nonprofit corporation called the Commission on Presidential Debates (CPD). This “governance body” was created in the late 1980s after the League of Women Voters, formerly the sponsor of presidential debates, would not agree to limit participation to the two dominant political parties.

Are debates under these rules serving the interests of the American people or serving the interests of the CPD cartel? Any time the ruling class attempts to limit discourse to those subjects and participants that they have defined as representing their interests, it is YOUR interests that are likely being harmed.

Libertarian candidate Gary Johnson will be on the ballot in all 50 states of the union come November. He is polling at roughly 10% in nationwide opinion surveys. Clearly, the unpopular candidates of the two major parties have much to lose if Johnson is permitted to participate in the Presidential Debates. That’s why the Elephant and Jackass won’t let him play in their sandbox.

Attorney friends, could the RICO statues be used against the CPD to force them to extend participation? It would be interesting to see a RICO based class action civil suit filed on behalf of American voters as the injured class.