Petrie Multiplier

This Petrie Multiplier concept is interesting.  The tech community likes to think we are data / fact driven, so applying modeling to explain sexism seems like a good tactic to demonstrate how problematic the issue is.

Dystonica had a Firetalk on Friday that covered the concept I had meant to attend but bailed on.   I need to manage my time at conferences better.  I’m always entirely burned out by the end of the regular sessions.    In any case, the talk was filmed and placed on YouTube.  The talk seemed to go well.  There is that comment at the end from the audience requesting great security people.  I’d rather work with mediocre security professionals that are good people than a bunch of people that are amazing at what they do but unbearable to be around.  A healthy work environment is important.

Ladies Lunch Con seems like a great idea.   I go to conferences in general as group therapy to see that there are other people dealing with the same professional frustrations that I deal with.  I don’t understand the controversy.  It isn’t like a feature of the conference was women’s only.

ShmooCon 2014

ShmooCon seemed very policy focused this year.  I liked it.  The NSA debacle is going to shape the industry in the years to come.  We need to talk about it.  Hopefully we as an industry push for more encryption, but we’ll see.

Bruce Schneier argued the tools and techniques the NSA used will be in the wild in the next few years.  They probably will be, but I don’t think that will change the threat landscape that much.  Blackhole Toolkit is gone.  Now I deal with CryptoLocker infections.  CryptoLocker will eventually morph in to PowerLocker and then something else will replace it.  Perpetual war?

@Quadling made a comment during a talk that Windows XP is the COBOL of our generation.  Is it?  I don’t know anyone claiming they will be XP free in the next few years.  I’ve seen Windows NT active in the late 2000’s.  Will there still be XP in 2020 and beyond?  Most likely.  Will the state of network security be advanced enough to mitigate the threat or will we still be battling NAC technology implementations?

Of the vendor area, I was most impressed by Parsons.  Their Crash Analyzer seems like an interesting concept.  Using GPO, you update your Windows systems to send their error reports to an internal server.  The internal server analyzes the reports for malware.  That seems like an extremely elegant solution to finding some malware as well as monitoring for general stability issues.