Monday, March 15, 2010

a breakfast recipe

Ok -- It doesn't save the world. But all of us have to eat. Some of us need protein, but are not ready for very heavy things in the morning. So here is what I now like, after lots of experimentation.

A kind of heavy miso soup. With milk, plenty of food, but easy on morning digestion.

Start with --

1. A container of miso paste. Where I live, we have an H-mart. Lately, we buy a half-pound or pound container of aka miso, shinshu...

2. Some firm tofu. Costco has a nice option.

3. A can of salmon and a can of clams, also available in bulk from Costco.

4. A bag of sheets of wakame (also from H-mart).

(Since the miso paste and the wakame last very long, it all matches.)

Probably it would be good to have fresh scallion onions, or dried chopped onion,
as well.

To get ready --

have a small pot, a largish bowl, and a tea kettle.

First, I put water on in the tea kettle.

Next, using the BACK side of a big table spoon, push two very big spoonfuls of miso paste around
the sides of the bottom (third? half?) of the bowl.

Then... following my wife's preference... slice the tofu. I use about one and half of the pieces in
Costco's pack... each piece being about two inches by two inches by one inch.
I dump them, and the open cans (INCLUDING fluid), into the pot. I would put in chopped onions
at the same time, if I felt like it.

Then put enough water into the pot from the kettle to fill it to the top, and put it on high.

Then pour just enough water from the kettle (ideally about 130-140 degrees?) into
the bowl to cover the miso... no more than one third full. Use the BACK of the spoon
to squeeze and push the paste, to get it to dissolve completely.

Then cut about a sheet and a half of wakame into the bowl. With scissors, first cut it into
strips about one inch long, against the grain. Then point the edge down into the bowl, and slice off lots of little pieces (strips stacked on top of each other) down into the bowl.
Add fresh scallions if you have some.

And then, when you feel the pot has been done enough, just pour it into the bowl, hopefully filling
it to about the top.

When I do this, the big bowl has enough soup for about four breakfast sized bowls.
I eat one, and save the rest for quick microwaving on work days.

-------------

One funny thing. Our cat really, really likes this stuff. My wife wouldn't believe it at first...
but it really went wild with THIS broth... next wakame... next salmon and clams...
but still strongly preferred this tofu over the cat food it ignored nearby.
But this is an odd cat, which plays with mice and attacks coyotes.

That's all.

Saturday, March 6, 2010

power grids and cybersecurity

First -- thanks to Mitzi Wertheim and others on this list for getting me invited to
the energy conference at the National Defense University a few months back. It was
a great learning experience. One thing I learned -- really high priority that DOD assigned to the security and vulnerability of the electric power grid.
(Though I did hear the same message in a couple of hearings last year as well.) Because
the integration of renewables and the optimal use of plug-in hybrid cars requires more of a "smart grid,"
there is every reason to worry about the risk that the cybersecurity grid problems and trends might be even worse in the future
than they have been lately.

On many, many occasions I have heard electric utilities say things like "oh yes, we get attacked 50,000 times per day."
And once, over beer, a utility guy I was particularly close to confided with me about the really scary cat and mouse games they have to play, routinely,
just to keep things going even now.

And so... I don't have a complete picture of this issue, the way I think I do with energy. Please forgive if I report impressions which turn out to be false.
But in doing some due diligence for some personal computer issues, I have had to grope and do my best on some things that others might find interesting.
If one of you corrects some of my wrong extrapolations, please be tactful about it -- but please do not just regurgitate flawed conventional wisdom.

First -- some background. You have probably heard that "there is no such thing as an unbreakable operating system. First and foremost, security is a human thing
and a frame of mind and..." This is only a half truth. There is a lot of very important useful stuff going on in areas like
avoiding insider threats and in intrusion detection. (My friend the electric cat sure had use for a good sniffer to help him.)
But -- a lot of people who make useful products, in all areas of human endeavor, have a tendency to be unfair to other folks
who also make useful products different from theirs. There really is such a thing as an unbreakable operating system, and it has a crucial role to play
in areas like this. For example -- I'm willing to bet that those 50,000 attacks per day, AND the more serious ones my friend told me about,
were not insider attacks. An unbreakable operating system would help a WHOLE lot, especially since it feels like a kind of wrestling match where the sheer volume of attacks
is becoming hard to deal with. And the computer horsepower available for cyberattacks is growing per Moore's Law -- or faster.

Where to find an unbreakable operating system? As it happens, I was very lucky in graduate school to get to work on the GE-then-Honeywell Multics operating system,
which was developed as an outcome of very serious and rigorous research at leading universities. Theorems have been proven and books written. It became
the first operating system certified as approved for multiple security level jobs. It was the core of the World Wide Military Command and Control System (WWMCCS)
in the Pentagon for several years. (In time, Moore's Law and the market caught up with it.) They told me that a tiger team was sent to break it, with full access to
all the code (which was in PL/1, and far more intelligible than usual operating systems); they found just one trap door, easily closed, and that was that.
Multics embodied a then-new system called "ring brackets," among other things. Microsoft and Apple have both talked a lot about getting back to ring bracket types of security
in recent years, but there are certain issues in implementation. To put it mildly. Theorems only work if one is strict about making the assumptions of
the theorem valid. People tell me that the MOST reliable, unbreakable operating system available today is the Unix-based
system developed by Roger Schell for the National Security Agency (NSA). I believe that his famous "orange book" is available on the web.

But what about Windows? I have certainly known experts who say that use of Windows for really critical missions (like power grid operation?) is a security risk.
My older daughter once dated boys who wrote code for microsoft, and it was VERY clear that they were not enforcing the kind of rules required to comply with
unbreakability theorems. (My daughter did.) More seriously -- when Vista came out, I did a quick google scan through a lot of the new literature, and it became apparent
that Microsoft was more effective in enforcing their own ability to control a user's computer from the outside -- inevitably leaving the open spaces which make it actually easier
for a well-informed hacker to get in there. It cut back on ordinary USER control, not on hackers' rights. But still, I have used windows at work and at home, for a number
of practical reasons -- not least of them, pressure from IT groups, who have certain vested interests vis-a-vis microsoft, security or not security.

About a month ago, the winds of change started blowing -- HARD.

First episode we all saw -- on the surface. You probably remember the great "China raids google" scandal, which people are working hard to get past
on many levels on. Neither google nor China like wars; they have some common sense about Pareto optimal arrangements, even if it does
imply some mutual safeguards. One side effect -- google told a lot of customers: "It's not our fault that the government of China saw so many
of your emails. For god's sake, what do you expect when you use unencrypted wireless links?" And to all gmail users (including me) they inserted a discrete note
at the top of all gmail web pages, announcing "new security relations". Click on it and you see... https security is now the DEFAULT. We don't
want people hurting themselves by accident. You can change back if you want, but you have been warned. (Additional comment:
at a hearing on cybersecurity last year for Senate Commerce Committee, the guy who runs networking for AT&T basically said
"there might be some hope that someone might someday develop a way to make wireless communications REALLY secure, but it's not clear to us that this is really possible."
The Terminator 3 scenario is not so far off as people think.)

I checked with my wife, and she was skeptical. Sure enough, the change was ONLY for wireless connections. To get full security for ALL your gmail,
you need to click the "ALWAYS" http option in gmail settings. I do that, and it doesn't slow things down. Does it work? Two weeks ago,
I heard some pretty wild and fiery speeches threatening to overthrow the government of Iran, especially using facebook and Utube and twitter and such.
No mention at all of google. The fiery people were openly disdainful of the ancient email generation. So who did Ahmeijad complain about and crack down a week or two ago?
Not one word about facebook. It was gmail. I guess someone else thought enough about security to check the box. And, I hope, maybe google's https
is strong enough that the Revolutionary Guard, at least, would find it hard to crack routinely. Not so bad, on the scale of things. On modern computers, I don't detect any slowdown.

Next episode: after a year on the Hill, I come back to NSF to be told "We have determined that Eudora 7 is a security risk. We have put measures in place
to get rid of it, forcibly, from all computers at NSF." I said: "But wait, this is my entire file structure for the last 10-20 years. Even if I could find a way to
forward it to Outlook, it would be like taking a warehouse full of files on all subjects known to man, and just dumping all the contents into a huge heap on the floor."
But they said: "No exceptions. And no Eudora 6 or 8 either." I was not kidding about Outlook; it was hard enough to approximate real intellectual standards for even
one year, dealing with just a few subjects, on the Hill, using Outlook, even exploring its outermost limits. So I looked a lot closer.

First, the folks I rely on most tell me that Apple's new OS X, version 10.6, really is a close enough cousin of Roger Schell's kind of unix-based system.
Indications are that it's the closest thing to a truly unbreakable operating system I could get on the market, with a limited budget. On a close study -- Apple Mail
(PERHAPS with the add-on "leap") has the features I found essential in Eudora. Microsoft's Entourage 2008 was the next best competitor, but .. not quite for reasons
we could get into. So at this moment, I am now looking at a really beautiful new Apple computer, and about to make the final transitions. No need for
buying conversion software; IMAP servers (like gmail!!!) and OWA make it much easier than in the past to transfer email. (Difficulty of transfer was the main
problem with Eudora 7 -- even transfer to Eudora on a new computer!) I do wish I had noticed the IMAP option in google years ago. (google "gmail IMAP.")
So now -- I will be migrating to all Apple Mail for official work, all gmail/Eudora7 for all personal or less official stuff, and outlook at times as a kind of backup repository store but not active use.
An interesting related story -- did you notice the recent announcement from China of pervasive standards for all computer software and hardware products?
Part of this is undoubtedly "the great firewall of China" and neo-mercantilism, but not all. China has been worried about ITS cybersecurity
just as much as we have -- and perhaps a whole lot more effectively! I did try to discuss some of these issues with US government folks in past years.
For example -- to really protect all government agencies and infrastructure, it would be possible to enforce an incremental forced compliance (in all government procurement)
of software which not only meets unbreakability standards, but has a way the government can do AUTOMATED checking of all new source code to
be put in critical areas. I feel confident that Microsoft would be willing and able to respond to a proper phased-in rule. (If not, there's Apple...)

But what about the hardware aspect? If the hardware itself does not implement what the software thinks it is going to do... could chip builders
insert their OWN back doors? Not a joke. I once proposed that we broaden cybersecurity research to include crossdisciplinary hardware/software stuff...
but research is often a SOURCE OF MONEY. Certain local fat cats in computer science wanted to avoid the dilution of funding that would come if some
of the cybersecurity money went to hardware experts. (I doubt that recent liposuction has changed them much, but we should try to be open...)
The new Chinese standards do seem to suggest total awareness of all this. But in all honesty... I was not looking forward to the possibility of having to
learn about chip diagnostic procedures myself... it's not obvious what can be done if the chip manufacturer is not part of it. Most of that is overseas now.

There are some folks who will say of cybersecurity: "the Chinese may have standards, but we have a czar." But the Chinese and the Russians are
not the only ones on earth who have ways of dealing with czars.

========================================================
-- Have received some interesting feedback from that posting.

-- Some folks in industry are enthusiastic about SE-Linux which, they say, is a publicly available
version of NSA's unbreakable operating system. If you have a PC, and don't want to be a branch office of
China's data collection effort, you can just set this up and use it for ALL your network connections.
It has a package called Evolution -- at least two varieties, providing essentially the same capabilities as Office,
including email like Outlook. (I deeply respect China's active curiosity, but the same paths they use can be used
for many other purposes.)

-- BUT: the new national cybersecurity plan appears quite different in flavor, from the (limited) newspaper accounts.
There has been a long-standing dilemma -- to "build higher walls" to protect government and critical infrastructure
from things like overseas takeover attacks (which can literally burn out expensive power generators), or to create big
breaches in the walls and lower the walls, so that investigators can peer inside and keep an eye on things.
This relates to a point I alluded to -- do we protect the user from all others, including Microsoft, or do we protect microsoft
from the user? Logic says we COULD aim for stronger, higher and more transparent walls... but I haven't seen much of that.
It is possible that we are now moving towards greater ability to see terrorists living in America, but greater vulnerability
of critical computers outside the NSA.

-- One guy says:
Do read the second public draft of NISTIR 7628. It is at
http://csrc.nist.gov/publications/PubsDrafts.html#NIST-IR-7628

He reiterates the common theme of folks being funded in this area "there is no
such thing as an unbreakable operating system. You only need to reset a few wires.."
BUT: there have been string theorems proven guaranteeing unbreakability in a useful, practical way
**IF** certain conditions/assumptions are strictly fulfilled. Sure, there is always a risk of someone
changing the hardware and invalidating the conditions. Sure, those risks do need to be taken very seriously
as part of any general plan. BUT a quantum improvement in our ability to fend of attacks by people who DON'T
have physical access to the wires would be well worth the trouble... and may be downright urgent, given
the strain that I hear our power system is already under. Not to mention how viruses and crime and such have become
more and more of a hassle.

That said -- I have no idea what the security tradeoffs are between SE-Linux, Mac OS X and the real NSA unix system
derived from Schell. Nor do I know how theorems from folks like Berkeley researchers have been updated to account for varying
ways of handling communication with the outside world.

On my PC at home, I do not really plan to install SE Linux. It's not a sensitive government installation, and the power
of Evolution and of raw Office is just not enough for my purposes. I will probably migrate at home from Eudora
to Outlook, and use an add-on, Neo Pro, to maintain organization -- and PERHAPS use it as a client for gmail,
using gmail's IMAP capabilities, or even use Eudora as a way to access gmail using the IMAP capabilities (even though
it won't give true google and Eudora access together for anything but the inbox). At work, the new Mac does fine.

Rescue mail migrating from Eudora 7 to Eudora 8

Since Eudora 7 was such a great achievement -- I paid a heavy price by trusting too much, too long, and "upgrading" to Eudora 8. For those others who ended up paying the same price, here is what I learned about the way out:

1. Initially, mailbox migration from Eudora 7 to Eudora 8 seemed easy, except that all attachments get disassociated. When I started that migration, I wish the Eudora 8 folks had warned me of that, and pointed to their obscure webpage which suggests INSTEAD of the provided migration tool ... the use of other tools like Aid4Mail or Eudora Mail Cleaner. The search engine in Eudora 8 didn't really work either, from the start.

2. A few months later... all the mail in all my mailboxes but inbox just disappeared. Years of stuff. When I asked what could be done on the Eudora 8 forum...
no suggestions. The Eudora 8 mailboxes are actually Thunderbird mailboxes.
In my case, they had somehow become corrupted. (Maybe Vista to Windows 7 had something to do with it.)

3. I tried copying the Profiles file to a new Mac at work, and using Eudora Mailbox Cleaner. EMC worked fine on Eudora 7 files (with some tricks), but not
on this stuff. Eudora Mailbox Cleaner converts Eudora 7 mail to Thunderbird proper or to AppleMail, but for the sake of features and stability I went to Apple Mail.

4. The only thing which worked to save my correspondence in Eudora 8
was Aid4Mail Professional... writing to a pst file, imported to Outlook.
I can't modify some things in that folder (maybe not anything?),
but I do have full access to see all the mail, finally. The mail in "empty" mailboxes suddenly
became visible again.

5. Based on this mess... to get back Eudora 7 functionality at home,
where I had tried Eudora 8, I will now be using Outlook with the Neo Pro extension (which gets back a lot of what we had in Eudora 7).
At work, I have ported my old Eudora 7 mailboxes to Apple Mail,
where a certain extension will get back a lot of the old functionality -- though Apple Mail by itself is not bad, a whole lot better than Outlook for folks with a complicated life.
(Aid4Mail will let me back up the apple mail to outlook, even though our Exchange server at work does not allow me to upload Apple Mail folders.) (Also -- thank to my colleague who showed me how "special folders" -- created by clicking on an innocuous looking plus sign icon on the lower left -- let me do searches much closer to Eudora's than I had expected.)

OOPS: Neo Pro does what my colleagues claimed, but the plug-in recommended by local apple users doesn't look right. Instead, I will extend apple mail by getting rocketbox. It's at an early stage, but its does do the right kind of search already; combined with the nice filing capabilities of Apple Mail, it gets me where I need to be. The rocketbox guy plans extensions which would get
apple mail back up to all the things I needed in Eudora 7...


6. Should I have just kept using Eudora 7 and not upgraded? At work, they would not let me, for security reasons. (That's what drove me to switch to iMac at work.) At home, the mess of someday moving that email worries me...
though with Aid4Mail or use of Eudora 7 as a client of gmail with the IMAP option maybe I should not have worried so much. Still, gmail supports both Outlook and AppleMail as clients; Eudora 7 works... to some degree...
with a few tricks... for now... but Outlook with NeoPro sounds better.

7. A friend suggested getting SE-Linux to run on my home PC, to get me security at home as good as what I now have at work, or maybe even better. The Evolution programs are said
to be as good a Microsoft Office. But Outlook without the Neo Pro extension is not really adequate for me, and it sounds like a pretty big project in a lot of ways.

8. Recommendations for use of Eudora Mail Cleaner (a Mac-only program):
leave a few hours for it to do the job (if you have gigs of stuff), and do not do anything when it seems to be hung up on a small task. Don't use the script to rebuild mailboxes when it is done;
just do it all by hand, and be patient. (Rebuilding mailboxes is faster than the initial conversion...
but it's best to select, say, 10-40 mailboxes, and then hit mailbox-> rebuild... group by group
until you are all done.) But when the input was corrupted Eudora 8 mailboxes, the result
was full mailboxes with empty messages -- UNLIKE the result with Aid4Mail, where I can read everything just fine. (Is it read-only? Haven't figured that part out yet. Ideas welcome.
Can't rename or delete anything I have tried... even as administrator..).