Blogs

Security Analysis for Start-up/Real Organisations

And it's not that frightening. The main reason to sit down and get a handle on your security is to stop worrying about it. Almost all attacks in real-life involve following a single weak seam through an organisation. Not zero-days, not brilliant ruses, no NSA, no black magic. Just twisting one small mistake into another. Take the HBGary hack from a few years ago. HBGary was a high-end security consultancy in contact with both the NSA and Interpol. One of the founders literally wrote the book on infecting Windows machines.

Galápagos Islands of P2P

Current P2P funding models show extreme vertical integration. A typical platform will internalise everything from marketing to settlement - and do so for both capital raisers and funders. There are several reasons to do this...

C&L Magazine - Payments Information in the Real World

C&L article

I'm now published in Computing & Law magazine. My article is Payments Information in the Real World: Peering through a Broken Text File - essentially a long whine about the state of global wire transfer networks.

Why so many P2P lending platforms? Why now?

There are many start-up financing platforms styling themselves as "social lending", "p2p lending" and so on. Always centred around an online loans exchange, some sort of specialised money transfer system, and, a perfectly accurate, emphasis on the "real people" on the other side of the loan. I've had a ring-side seat to some of this, and don't get me wrong it is on the most significant things happening in finance today, but I think some of the Facebook+Credit=Profit cheer-leading is muddled. P2P lending is not an asset class. It is a continuation of the way computer networks have been shifting bottlenecks in finance for over 30 years.

Reposting my degree project: Hearsay

Hearsay is a protocol for peer-to-peer social networking over the XMPP chat protocol. I wrote this back in 2004, so it pre-dates Facebook coming to the UK!

The specs start from page 57.

Download as PDF

Cleanroom Techniques for Office Geeks

My portable Linux desktop for sysadmins lives on GitHub if that's all you came for.

Medical and health metaphors are ubiquitous in everyday IT security. Computers get infected, cured and healed. And to a degree, they work. Computer viruses do spread through networks in way that resembles a biological virus. Anti-virus products do "disinfect" machines.

Bitcoin: A Little Slice of Future Shock

This is the second of two parts. The first one is here. As before this post is more of an attempt to fit a narrative to my research notes than a clear vision of the future. Read the links!

“This sort of reasoning is the long-delayed revenge of people who couldn't go to Woodstock because they had too much trig homework.” - Stewart A. Baker, NSA General Counsel

Bitcoin: Somewhat Useful

This is the first of two parts. The second part deals with the future of digital currencies in general.

"Bitcoin has worth just because a bunch of people on the internet have agreed it is worth something - like Psy." - The Colbert Report

SHORT VERSION: Bitcoins are today mostly for speculation and sheer novelty. For most businesses they will never be cheaper than cards, for a few, mostly internet-only businesses, they are a viable option.

Innovation is a Word That Mostly Defines Our Own Ignorance

Innovators do not get up in the morning and think "I'm going to change the world!", they wake up and think "That pretty obvious, I wonder why no-one's done that yet." If they move on to actually doing that, and they are successful, someone else will call them innovators.

Testing Time Dependent PL/SQL

One of the main reasons web developers (like me) shy away from placing business logic in the database is the difficulty of testing it. One of those problems is how to test time dependent code - monthly billing cycles, repeat reminders, interest payments, etc. Code that's usually very important to get right. (And tends to run unattended at 2am.)

Oracle does offer a way to set the internal system clock to a fixed time for testing.

Pages

Subscribe to RSS - blogs