Aardvarks to Zorillas - Anything goes

Interesting book that is written for the non-programmer and the programmer, who has the technical abilities but lacks the marketing skill to peddle his wares. There are some obvious stories as to the need to plan and the approach but there are a lot of other stuff that would assist the man of ideas. The book starts in a typical way as to where you can start with an idea for the iphone, that can become the million dollar idea. It brings down your enthusiasm with stories about how nearly 99 percent of the applications in the store are not making the millions but the select one percent. The book covers the store, the various pricing tiers and a lot of material can be had for 99 dollars once you become part of the Apple Developer Connection. It does give a good overview of the apple iTunes store for the un-initiated. The books in interspread with Interviews with successful UI designers who made it in the store, as well as the people from the industry (the advertisement industry). The

The Wiki Leaks, that we have the privilege of looking at spans over four decades and some of the material that we have seen so far, we look at the thoughts and processes of various U.S Governments. The idea that such a wide array of ideas and strategy that emanate based on the intelligence of the few that man these information gathering posts that develop the milieu of a country is something astonishing and provides lots of inputs as to the way we think, do and also how we evolve strategies to achieve objectives. As always in my posts, now is the time for me to veer of the present day politics and put forward my thinking as to how the powers over the years have garnered opinions to move public opinion in favour of a move that is adopted by any country. The Orwellian Maxim stands All animals are equal but some animals are more equal than others. George Orwell , "Animal Farm" English essayist, novelist, & satirist (1903 - 1950) As common folks and people, we are m

Was reading an interesting article, now that I have lost the link, I may not have it here, though I would fill that in once I get hands on it. This article was how the fingers knows what you are typing even though your eyes reading the content says you typed in wrong. This was done in a research that talks about how they introduced typos, some of the typos were introduced even when it was typed proper and some typos were corrected randomly. The conclusion of the study was that, the finger paused a second, when it typed fine, but the eyes looking at the screen, saying you got it wrong. The pause is because of the auto recognition of the fact by the fingers when you make a typo or that you are sure that you got the correspondence between the eyes and the fingers. Reading the article, made me wonder, have we not always remembered our passwords for different sites. Many a times I have had the opportunity to go to a website and even without thinking for a moment, the fingers go and hav

Am asked many a times , hey, we need to get ISO 27001 certified and then asked to make themselves compliant within a few weeks. I go through the long process of explaining the steps required and the terminology that is often used as part of the compliance exercise. In this ramble, I will try to capture the salient requirements as to what constitutes the process and the time lines generally applicable (I am generalizing here) to get compliant or to go for certification. Before taking it further, I will say this " YOU CANNOT GET ISO 27002 certified" ISO 27001 is the management standard that details on the processes - THE ISMS - and you certify against this standard. The Annexure to the standard details the controls that are recommended to achieve the objective. These are brief details as to the nature of controls required. However, a detailed version of the controls in the ISO 27001 annexure is found in ISO 27002. ISO 27002 can help the organization to achieve ISO 27001 certif

Many a times there are arguments about the best way to go ahead with a plan as to the contents of Policies, Standards and Procedures. The major factor in the successful roll out of such an exercise has been debated and is more cultural and is a product of the person at the helm. However, a good evolution has to have elements that are integral to the success of the endeavour. Let us look at some of the elements of a policy. The policy is at the highest level and is a statement of the intent from the top management, agreeing to have a clear direction as to the need to protect information assets. Enforcing the policies are the standards, these are directions to achieve the goals enunciated in the policies. Many a times , once the policies are derived, it is that much more difficult to evolve a set of standards in line with what is in vogue in the organization. This is because of the fact that there are processes that have been evolved ad hoc, addressing issues over time and have become

Many have asked me to give more details as to why my blog is called Aardvarks to Zorillas. The idea was to make it much more interesting that saying A to Z, anything goes. To get to know as to what are the various elements that I am blogging here about  - from Information Security, History, Religion, Technology and Science. They are not scientific treatises, but general journalistic write ups with their grammatical errors ( I leave them there, for the fact that these are made as rambles - Rambles are just a thought process that just comes about over time and they are typed into the blog in one go, no proof reading, no relook into what has been typed, no editing... Rambles as it ought to be. The idea of the blog is also to just vent my thoughts, the time when I do not find somebody to bore to death. Just to record the thought and it makes for interesting reading after a few months. You would be surprised at the prose that had flowed out of your head, no semantics, but clearly the use

QR Codes have been in vogue for nearly two decades particularly popular in Japan. With the advent of the Android platform, we have oflate started to see a lot of information in the form of QR Codes being pushed across in billboards, magazine covers,advertisements. With the density of information that these QR codes affords, we would be seeing a slew of applciations that would use these codes to deliver content as well as become a preferred way to digitize content through a modus that is easy and simple. Already we are seeing product labels having these codes embeded to find more information, this is for the discerning customer, who wants to check the details of the product before they purchase the product. This can contain information that is useful for the customer, like product details, where they are procured from, a nice little recipe or to lead you to a set of web sites or a way to call them or register the product. The different applications that this can be put to is tremendou

Biometrics is touted as the solution to all identity problems we have. It is like Manna from heaven that would solve all the problems associated with user IDs and passwords and tokens and make everyone so unique because of the fact that they have finger prints, retinas, face geometry, hand geometry, wrinkles on the face and whichever set of controls required to ensure that the person identifying himself is him/her. However, this identity is under pressure from a set of technologies, that helps in recording it in such minute details that with advances in technology these could be replicated without much ado over time. Lets look at Cameras with super sensitive irises. These Cameras with high resolution sensors to the tune of 50 Mega Pixels announced recently by Canon and other Japanese Camera Leaders, makes you wonder, if your iris is protected at all. Can somebody take a shot of your iris or a shot of your fingers, make a copy of it and run away with your identity. It is a possibility

Thinking about the concept of God, it is clear that humans looked at something beyond them to ensure that there exists order in the society they lived in. This concept was paramount to the success of humans as a race and evolved into the civilization that nurtured into what we are today. The concept worked fine as long as the various communities that were governed by a particular god served the purpose without much ado. The present conflicts can be seen in this context. As boundaries overlap, the concept of god overlaps and therefore the confrontation between various gods and results in conflict. Most conflicts are fought in the name of godhead. God heads might change to the concepts followed in various religions to the change of the god head into a generic term like democracy, at least the new god democracy is generic and representative of all the thousands of gods we have across the world. God and religion are very important aspects in maintaining order in society. When the gods

Am looking at using some of the web cameras as a tool to capture the birds in my bird feeder. Started googling for some of the options as it comes to using the camera and have the intelligence to go around and make some of the awesome shots of birds and other animals as they come in for a morsel. Well looks like there are a few options for the unitiated and the bold. I am looking at some of the available software to achieve this objective. iSpy : Neat little application open source and does a wonderful work of capturing pictures when motion is detected. Unfortunately Windows Only and loathe them because of how resource hungry they are. Zone Minder :  is a cool little application, runs on linux and provides you options to control multiple cameras and do a lot more stuff. It is a good animal to have and runs and suports a lot of camera sets as well as web based control framework. Ugolog Cannot be called open source, though provides a neat little service to check out the details of

From the way nature movies are made to the pretty pictures of animals that adorn your walls, the question remains Are the animals really wild or shot at one of these animal factories. A intersting take on the most loved scenes of the most interesting shots that we saw and was in awe. Is it not shocking to find them as having been faked? Been travelling across India and other parts of the world looking for wild life refuge, Have we seen something great or was it easy to spot an animal that is supposedly free ranging in that area? A trip to Sariska to look at the tigers and three days of toil and not a single one spotted. ( By then may be most of them might have been slaughtered), A few days at Nagerhole, Zilch, Looking for Nilgiri Tahr near Munnar - ended up with some of the domesticated ones - Well atleast they were free ranging, but just got used to humans that they hang around near them for their forage. Trying to check out Grizzlies in Yellowstone. Three days and none spotted and

There are many ways to send a blog. This is one of them, have a Google Voice Extension on Chrome and keep sending them out. Cool. Period

Many a times we talk about vulnerabilities, exploitations and other specific issues that cause an would be attacker to be successful in breaking into systems. But looking at the different varieties of attacks and other specific payloads used for the break in at the end of the day, it has always been a brute force or a social engineering attack that benefits the maximum, at least from the attackers point of view. All the recent XSS attacks like the one against Apache, JIRA are all because of the fundamental weakness - Humans - As long as we have people handling certain activities and ways of doing things, these kind of  breaks would continue and go on for a long time. Many say two factor solves the issue, but have in my experience found so many two factor fobs having their  primary username password scribbled or hanging on the fob. How useful that is. The purpose of the two factor can be easily defeated and again it is the indefatigable (wow where does that word come from - may be it

Off late we have been seeing a lot of comments and brickmanship from Governments about how a blackberry needs to shut down its services in the the name of security. So why is this a problem. As it is known, blackbery uses encryption when it sends out mails. This is done with the help of a Blackbery Enterprise Server (BES). The idea behind it is simple. When you install a BES, you create a key. This key is used when you add up your Blackberries when they are added to the System. A certificate is downloaded from the server based on the seed provided by BES. A typical Assymetric Key Algorithm. Is this the only place where mails can be exchanged securely. Is there not other options for any would be misuse of encryption technologies. Would you ban VPN clients on the blackberries because somebody can use the services.  In the name of security it is becoming very easy for many to arm twist organizations to fall in line. Why would a multinational organization using blackberry services allow

Is it not cool to blog using a Google Voice Account. Does not cost a penny

Many a times it is difficult to find the reasons as to why a cloud application security is very different than any other approaches. A cloud is very similar to a private hosted data center sans the physical security aspects of it. The various components that build up the system can very well be built into the cloud. IdMs, RBACs, Key or Token based Systems. It is only a matter of time where in the Cloud Providers will partner with all these providers to get the economies of scale. The approach to the cloud model is not very much different than to a colocation or a private cloud. The Hypervisor is another component that needs to be managed as part of the Vulnerability Management of resources. What is applicable in a traditional model is still applicable to the cloud and in addition the concerns of the cloud. A few questions to answer.. It is more a logical data flow diagram which can help you identify the type of data on move and at rest and the necessary logical controls therefore r

Some of the apps in my iPad. Check out as I introduce some of other interesting ones as I get a snap shot of the screens. To take a screen shot, all you have to do is hold the Menu Button and the Switch Off button in the ipad or the iphone to take a snap shot.  The screen shots on the left are from my iTunes. I have not yet synched my applications and there are a few that I would review and post my comments. Keep on the watch out.

Google bought a company called Simplify Media. The web site does not talk about it much but we can see that the services it was offering are to be withdrawn by June 30th 2010. However, we have been seeing a audio stream that we can listen to when we search on google. This technology is supposedly have come from Simplify Media. This may also become a tool for the Google Android Platform soon. Keep watching this space for more as they unfold.

The Iphone 4 may look like a power house with lot of new features. But as always Software is the key, if you can run the older devices - the 3G and 3GS with the new Iphone OS 4.0. Most of the features are already in. The hardware may have the muscle to multi task, but then multi -tasking on a puny little processor is always limited. Have seen Android Phones - they always multi tasked - suffering if you have too many apps running in the background. So what are the real changes that would make the move to the new hardware breath taking or need to have. FaceTime. The dual cameras?? The N800 and N810 from Nokia had a similar feature and the same restriction. The Video Conferencing is limited to the same devices. Except that the camera on N800 was VGA cam, whereas you would get 1.3 MP on the iPhone 4. The device has a meatier battery to last  a bit longer but may be the new multitasking would eat away those advantages. The other major difference would be .. We are going to be bo

Cloud Security is of two types. The Public Cloud Security and the Private Club Security. Both the options need a set of controls that are different and needs to be addressed separately. The Private Cloud Security is just an extension of the security parameters that are taken into consideration when we handle physical servers. Each device as in every other case are to be addressed as an individual entity and the process and procedures that are applicable to a physical box are applicable to the virtual ones. However, there is one major difference, the host machines, Each host machines may host different servers and services on a single physical device. Considering this , it would be wise on the security team to ensure that they are grouped based on the criticality of the applications hosted. There are a few pros and cons of such an exercise. The first major advantage is that you ensure by grouping sensitive servers to a single physical host and take all necessary precaution to  pro

Devices that have varied capabilities are increasing in number. This would lead to the inevitable deluge of devices connecting through Bluetooth, Wifi, Wimax, Fiber and any other medium that is considered good enough for data to be carried over. The present set of tools that we use for securing networks are part of the risk management stance of an organization. The complexity of the varied devices is making it much more difficult and the balance between productivity and the technology advantage is lost if the organization does not use the latest in technologies. We are seeing Contractors and end users who want to use their own devices. They want to connect to "The Networks" and the Infosec practitioner is to provide the needed connectivity to resources at the same time ensuring that the data is protected. The Contractor may work for our competitor, how do we ensure that he has access to systems that he needs access to. This is where the new breed of products would come in

Humans have inundated the world with plastics. We see plastic nurdles everywhere. Humans have driven the crude oil supplies to precariously low levels that it is impossible to extract oil at a reasonable cost!!! This could all happen in the next hundred years. What would it take us to clean up the environment. Would the landfills become the sources of material in the future, well it could be so. The most valuable resource in the world is the Landfill of today. Humans might make a way out to use the nurdles and plastic all over the place and digest it into energy and fuel. Plastics are formed from petroleum products and a new way to digest them and make them into energy may be the way to go. At the present production levels, there would be nothing left other than tons and tons of plastics across the world. From Antarctica to the Arctic the world is a big garbage bin and humans would start to mine this waste in hundred years to power themselves for the next 100 years. What next?

Want to make your presentations to convey a powerful message. A few choicest sentences to help you going.. We need to cascade memos about our dot-com third-generation innovation. It's time to revamp and reboot our four-dimensional logistical matrix approaches. At base level, this just comes down to synchronised administrative options. We need to cascade memos about our four-dimensional digital time-phases. Only geeks stuck in the 90s still go for holistic third-generation programming. This is no time to bite the bullet with our global monitored hardware. Forward-looking companies invest in compatible transitional hardware. I can make a window to discuss your knowledge-based relative concepts. We need a more contemporary reimagining of our 'Outside the box' policy projections. And many more.. Check this link.. http://plainenglish.co.uk/examples/gobbledygook-generator.html

Buying the iPad - the cheapest version the 16GB model for 499 USD is the first step into the Apple iPad World. The iPad needs the paraphernalia of other things to be complete. To start with is the sleeve cum stand that they peddle to you is 39 USD. But it helps you to have a resourceful wife. This is the contraption that she made for my iPad. It works and comes with the iPad. The BoM for the holder are 1. Th e iPad Box 2. Two Popsicle Sticks 3. A Sharp Knife. Check out the pictures you would get the idea.

Is this a kindle killer - Sort of and May be yes. We love colors and colors make our lives interesting. The iPad brings that to the ereaders and much more. I have tried using the iPad in the last few days and have liked the great screen and the sensitive touch screen on the iPad, but there is a large laundry list when it comes to nice to have features. As always the case, an Occam's razor hangs over its head, we expect it to do much more than that - after all it is an Apple product. There are quite a good bad ugly list for this product. I have in this post rambled on those lines after using the device for the last few days. The Good: It is apple quality build. Have not seen any other company, which has the industrial design team as apple does, it shows and the now familiar aluminum billet laser engraved to fit the components, oozes class and has the finish and finesse. The product has a great screen, from the colors it displays and other aspects of it. Though I hate device

History The stories told by the victors - An non objective descriptions of things lied over the years History is always in the making. What you live on today is history tomorrow. But over the years, as it unfolds, we see a clear pattern. This pattern if we look at it is very obvious, slowly but surely we have a tendency to fudge things and write history as it needs to be perceived to meet our ends now. (The present) It is unfortunate that alternatives even though they exist are subjected to obfuscation and over time they are lost in the quagmires of document repositories around the world. Lets see how this phenomenon unfolds. Lets say that an event X has happened to such a certainty that it exists in the collective conscience of the general public. But as the Government or as a body with sufficient muscle to change public opinion, there is a campaign to bombard with information over time about the event in such a way that people have to perceive it as required by the body that wields

web 4.0 Virtual Keyboards and the new Web 4.0? Well thought why not make it Web 4.0? Whats my concept of Web 4.0? There are a few areas that would be interesting to mull about.. This is beyond Web becoming a Services Oriented behemoth. This is the next level wherein devices start interacting among themselves a supply chain linkages that bring about changes that would change the way we do things? Lets see how things would be with this example? 1. You are looking at a recipe on your microwave oven? Well you loved the recipe http://allrecipes.com/Recipe/BUSHS-Gnocchi-with-White-Beans-and-Pesto/Detail.aspx Presto, the microwave makes a service call to your refrigerator, oops a few ingredients are missing.. reports back to you and then makes a service call to your grocer for the missing supplies. The grocer promises to deliver the goods in the next few minutes. The grocer makes a service call to his inventory manager and the robotic system delivers the goods requested and pushes it on the c