Although I appreciate that many people find Twitter to be valuable, I find it a truly awful way to exchange thoughts and ideas. It creates a mentally stunted world in which the most complicated thought you can think is one sentence long. It’s a cacophony of people shouting their thoughts into the abyss without listening to what anyone else is saying. Logging on gives you a page full of little hand grenades: impossible-to-understand, context-free sentences that take five minutes of research to unravel and which then turn out to be stupid, irrelevant, or pertaining to the television series Battlestar Galactica. I would write an essay describing why Twitter gives me a headache and makes me fear for the future of humanity, but it doesn’t deserve more than 140 characters of explanation, and I’ve already spent 820. http://www.joelonsoftware.com
although twitter has replaced some blogging (the kinds of blogging that just takes links, quotes and pics) it will not replace those thoughts that take longer to explain
far from the chaos of all, you should select those that send meaningful information to twitter in the form of
* things happening real-time (protests, disasters,....)
* bypassing censorship (Iran, China,...)
And for the rest I agree, for me it is just a repetition machine and a realtime link index.
I see in the log that readers from institutions and organisations and press from all over the world are logging on again
I am back unless they shut it down or want to fire me
And it are facts and only the facts
I hate no one and I love you all :)
All the internal commercial and office politics I don't give a damn
But good to see you coming back
take the RSS feed or the twitter
I have to clean up a bit but essentially it will work on three levels
* dashboard (links and tools and special pages)
* this blog (some articles, mostly Belgian)
* diigo (already 30.000 links and everything that interests me)
Oh and just to be clear not everything is organized as it should be or tagged or whatever. If I would start doing this It would become a day job and I am not paid for that. And the more I organize the less I think, read and write.
Oh and yes It can be that I will be talking about other things that are risk involved and have in a strict sense nothing to do with itsecurity at the most limited view. I have a higher level of security in which electricity and risk and other things are also important. Even IT is sometimes just a small part of the risky lives we live in this risky world and how we are enjoying every minute of it :) Imagine that we wouldn't have to worry about anything and everything would always work as it should and everybody would always be nice to each other and fair and honest ?
Also to be clear this is my PERSONAL opinion and fact misson. Not only letter on this blog can be attributed to my other campaigns (ISOC) or my employer. This is my personal space of personal freedom in a democratic society in which I disclose things that anybody can already find on the internet if he knows how.
Stuff that I receive will be handled accordingly. It may be published. It may be held secret and sent to the appropriate channels. If you want your name to be kept secret you should say so from the beginning (and in that case use proxy and other anonymous routes to send your material). If even if you want it published there are unacceptable risks because this blog has a certain redistribution and readership, it will be so.
We are here to secure the Belgian internet for its users, by any lobbying and investigation possible by Belgian law. (not much in fact)
Monday there will be the official announcement of the Belgian CERT something we have fought for since 2004 and got into Belgian law in 2006 and pushed as the highest priority since 2008. I won't work there, for those who have asked. I can now relax a bit and don't have to play freelance CERT without having the resources.
Friday was the first day of Brucon which is organized by a group of good guys and some girls and proves that there is a will to make things happen and to work together. I helped a bit today, but it is mainly their work and they should be proud of their work. It was a good event and there were many people. Tomorrow there is even a party. I won't be there I have family from the US coming over and before they leave to discover more or Europe, I should spend some time with them and my family.
I am already looking forward for Brucon 2010. The minister didn't come and the public annoncement of CERT (or any announcement) didn't happen. His loss. He lost the opportunity to get the historic picture of a minister being applauded by the community for realizing something they have been fighting for for years. His loss. If I angered some people by my hardhanded tactics to try to force the situation, excuse me. I bluffed and I have lost this time.
If you are asking yourself if those sql attacks against the Belgian banks were just an accident or some stupid attacks from kiddies or one of the smartest weapons (together with xss for example) around, you should go to this presentation
Brucon the Belgian place to be for securityminded IT people 18th-19th september
If you are in Belgium the 18th and 19th of september you should go to Brucon.org in Brussels. It is not free but I don't think there is any ITsec happening in Belgium where so many people that are thinking about and working with ITsecurity will be together. Not the commercial stuff, not the salespeople but the real ITsec researchers, testers and 'hackers' (refusing the limits of discussion).
If you are serious about Itsecurity you should be present.
If it is not for the speakers, it is to network.
Belgium is a small country, so if you want to know who is an active ITresearcher and will make name in the future (or already has like some bloggers) you can't miss this event.
http://www.brucon.org (there are still some tickets available, but you shouldn't wait too long)
The last year we had several times to use all our imagination to keep people out of court or to publish information about critical securityproblems with some ITprojects (EID). It was clear that with the very vague Belgian cybercriminalitylaw we were very limited in our possibilities and we had to be sure that we had our back covered before doing anything. An open discussion about ITsecurity is something different as also some University researchers discovered.
The last year we also pushed for some new legislative and policy decisions and some are more or less established (the decision to establish a CERT finally) but some other still need some initiative. It was clear that even if we had some influence from the bloggersworld that we had to move up the ladder to the level were we would be involved in the discussion instead of discussing them afterwards.
My readers also know that after 5 years my family around me asked me to take some hard decisions and put me before some hard choices. The virtual world is beautiful but even if you are all day before your computer, you are alone. And all the rest is one big illusion. So I also decided to use my limited resources in a more effective way.
The only goal of EKZ, mailforlen or Belsec is just to change policy so that the internet becomes more safe for everyone. I am not making many friends with that and the victims of the present situations don't understand very well what is all about, but in the end if our actions lead to a more secure internet and a more responsable attitude and response by those responsable for guarding and securing this and other digital networks, it won't be in vain, how little progress even may be.
So after some discussions the last months, belsec has decided to integrate into an international organisations and to try to get some policy things and some thoughts about ITsecurity directed in a better way. The international organisation is ISOC and the Belgian Chapter will set up a group about esecurity. All details are not really filled in yet and some things may be changed during the course of events, but ISOC belgium has the clear intention of setting ITsecurity on the top of the agenda.
This is normal because you can't have quality or good communication or transactions without security. Security is the beginning and ending of everything that is code. And you are only as secure as the weakest link.
There are many and big plans but it is my intention to begin one step at a time. Also we will try to push for self-regulation and responsability in a first phase. If it seems totally unrealistic, than the government will have to step in. But normally the online Belgian world will have to understand that it is in their best interest to act more responsably and to set up their own strict self regulations and controls and punishment proposals if they want to be the safest place on the world wild west.
For us it is a new beginning. We will do our best not to offend someone or to come out with proposals that won't take the other side under consideration. We will do everything to work with people and organisations or institutions and hope that they will understand that with a bit of good will we can accomplish much.
I have already heard a lot from some people and some initiatives and organisations have already contacted us to work with us. You can still contact us, we are always open for new ideas and initiatives. We will however try to limit double work or to rewrite the bible.
You can find us at http://www.isoc.be
The information on these blogs will not be updated anyhow. It is not yet clear if we will migrate totally to isoc with the rest of the information around here.
For the flemish people, read De standaard tomorrow.
I don't know what will be written, so it will be a surprise.
Thanks and good bye
ps Belsec was a collective and not everything written under the alias is to be attributed to the person that will take part in the ISOC structure in Belgium from now on. He will deny having written himself anything here. Just for legal reasons.
The goal of my action is changing things and setting things in motion. It is not looking for ways to earn more money or to promote myself. The goal is a public service.
To change things you have to change laws and to set the necessary institutions and organisations into place and to make those that could be responsable act as if they are.
We have been doing this from this blog and this information in Belgium. Some of the Belgian security bloggers have even set up Brucon.org which is the first ITsecurity event in Belgium. I hope it helps pushing more people to do things, to do research and to have open discussions about the risks of all those new cyberpossibilities if you don't take security as a basis of your design (and not as an afterthought).
More news will follow in the coming days, but this blogaction is closing down. It has been a very interesting last 5 years (ekz, ITenquirer, belsec) but as new opportunities arrive by which we can do much more with less effort and with more authority, we are obliged to take them and use them. It would be irresponsable for us not to take that opportunity.
If it proves to be a fata morgana, we will be back again, no doubt about that.
Secondly, there is now a National CERT in preparation and it is up for that CERT with people who are paid to do their job to do their job and it is up for the parliament and the stakeholders to see to it that they are doing their job as they are supposed to do. They shouldn't be thinking for a second that they only have to do a little more than me or just use what is being used here. They have to do it by themselves. They are paid to do it, they are intelligent enough to do it, so they just should do it. And no excuses. This is not a job for volunteers who have other things like jobs and families and a private life to think about. Volunteers come and go, while a national CERT should be there to stay.
Thirdly It should be clear to everyone that I can't be Belsec and the new positions at the same time. It should be clear that this is for everyone a new beginning of a continuing battle for a secure internet in Belgium and that old disputes and thoughts are a thing of the past and that we will all have to work together in some form or another to get this going, one step at a time. So it is better to stop the Belsec thing altogether so it is clear for everyone that the Belsec period - as an activist provocateur period - is over and that the time of searching for practical solutions and propositions has started. Something we also have already proposed during the hearings in our parliament.
Those who have contacted me in the last years will receive soon an email with more information and a proposition to join me in this new opportunity to get things changing a bit faster than we are used to in cyberworld here.
I loved every minute of it and I appreciated the millions of visitors the last years.
I am sure that the other Belgian security bloggers and brucon will continue to do their thing. If there are people who want to start also a security blog in Belgium they should get into contact with brucon.org.
ps some resources will not be updated anymore and some will be deleted. The idea is also that new and more tools and resources will be available for members of the organisation.
When I tried to upload the XML OPML file to bloglines it was the same story again. Folders were a mess, older folders and feeds were coming back and not all feeds were added. So It decided that enough is enough and I am not going to spend some hours at trying to fix this.
So I thought of something better. Here is the OPML file of all the feeds. You can import it for your personal use. If you want to incorporate it as such or a bit changed in your website, than you should contact me before - out of courtesy I think.
It is a personal selection and many of the folders have been re-organized to make it easier for me to work with in Google Reader. There are fewer of them but the selection now is more or less permanent.
Some feeds are also gone - you will find them on the dashboard but just to warn you - the dashboard only works well with firefox (Internet Explorer takes a lot of time) and when you have given it enough rights (noscript will for example block a lot of things). I have taken away many of the self-loading things and try to limit it more to feeds and links but some things are better when you can follow them directly (for example the speed of the Belgian websites and the malware monitor).
The next big update is for september. There are a lot of other feeds waiting to be added and there will also be some cleaning up. Feeds that don't publish stuff very often are no feeds and will be retired except if they are important an sich.
In the dashboard itself a few hundred links have been added so far. The dashboard is changing also. Now that the feeds have been re-organised, the dashboard will be the next point of attention. The weather page is gone because it took to much loading time. It has been added as links on the map page.
The freeware blog will also get a new future in september. It will present freewares day with a direct download. The selected freewares will be useful as I use them myself.
The ebookblog is still under consideration and work.
I am shifting through some hundreds of links and feeds. The result of which you will be able to see and use in hte coming weeks.
But what is amazing is that so many people seem to have gone. So many ITsecurity blogs and hackersforums (you need to get your info from somewhere). Just gone.
It is just a pity that they are gone. Meaning that all their work is just gone. It is out there somewhere. But maybe someone in the ITsecurity business should start a project of archiving all the papers en analyses and blogs. Because - as bugs sometimes seem to be years old - someone somewhere may find the thing he is looking for at that time to resolve a problem that has been written about now but that nobody cared enough about to fix it.
It also reenforces the argument that we need a real cert with real people who are paid to work all day because it is clear that you can't let the security of your networks depend only on activists and volunteers.
At some time they will just stop. There are other things in life than being a volunteer or activist.
Skynetblogs have been under attack from some Ukranian spammers and that has led to some functional problems and to some blocking problems. The first are technical problems that were at one side the result of the intensity of these spammers and at the other side the result of the limitations that skynetblogs had to impose on its own community. (and no you can't export your blog around here and leave....)
This has been going on for some weeks now but if you thought that the skynetblogs team has even thought of taking the necessary actions (expect from panick and treating the problem as it arises) than you are dead wrong.
One of the very active bloggers cms has been the victim since some weeks now. They say that everything is under control now, but that is not - I repeat NOT - true.
First to cms (the problem - that you didn't find nor your friends nor the technical teams of skynet is in these comments somewhere - probably a bit of infecting code)
Diese Website kann Ihren Computer beschädigen. Also Spits Jeronimo Hey Tjsoolders, Kom mo' binn'n en zet ulder neere! Take a seat please and have a fruitpunch! It tastes like bittersweet strawberry and ... cms.skynetblogs.be/post/.../imucon-armageddon-spreading-the-disease - Ähnlich -
Don't ask me why Google results are all of sudden in German for thit page but this is the blocked page that is the culprit of it all.
So clean it up and make a Google webadmin account. Imucon.be is malware according to badware.org and they even have a blog around here
So what should happen now to stop this
1. They will have to reinforce their captcha's. They are too simple.
2. They should desactivate a bunch of sleeping blogs so no comments could be send to them so they couldn't be used as another hop in the malware infection.
3. Letting code in your comments is just plain stupid nowadays. YOu could now make hidden iframes in it that even Google won't see but that will still redirect the visitor if he has not a secure pc or browser.
Yes these are hard choices, but it are hard times also for the community around here so it is time to take hard decision - at least for the time. You could declare it orange for the time and install those limits and apply those limits according to the technical and security situation.
So whatever the blablabla and the propaganda and the listen-to-me-I-can-talk-too repeaters of what is the hype of the day, there is nothing social about web2.0
Take RSS feeds. The RSS feeds are in different formats (atom and xml and rss and whatever inbetweens I may have forgotten). If you think you can just use them in whatever RSS reader you may use, forget it. THere are feeds that go in Bloglines, but in Netvibes or Google reader. The reason I use feedburner is that they can make it easier to be used everywhere.
Take widgets. That dream of having your info in a small box next to you on your desktop or your webpage or blog or social page or whatever. Do you really think you could use those widgets on whatever html, xml or whatever service you are using. No try importing Google widgets in Netvibes and vice versa. Doesn't work that good.
I am thinking of killing the widgets and just keeping the links and the feeds. They seem to load faster. They are also very badly coded sometimes. I don't think they will ever replace pages. But maybe the pages should look more like widgets (that is to say have less stuff on and around them (popping up and under).
Those two things are making life very hard for an information-watcher. Hard to maintain and hard to set up.
Maybe we need to be more functional and less siteminded. The future is for he who integrates the different functions of the information gathering and management process or makes a coalition of services to offer an unified solution.
I would love for example to be able to click and save my links in Google reader directly to diigo.
In the end only a few such services will remain and they will survive by working together or going under each apart.
I have been playing around with different startpages but netvibes seems to be the best one around. So this is the format everything is moving to, it will be the central place.If you want to follow the updates there, you must become member of netvibes. Than you can copy whatever things I have made to your own pages. And as long as you don't abuse it or present it as your own I don't have a problem with that. Just don't expect that I won't change anything around there. Things will be changing weekly and links may move from place or to be subdivided or reorganised.
The biggest re-organisation will be the replacement of the linkmodules and a big number of direct search modules in simple text links.
Because it takes too much time loading all that stuff and it is too difficult to check the links in their linkmodule (especially if you have many).
So you will see more and more feeds and text blocks with links coming up in the differen pages. On this blog you will find a directory of the pages at your left of the blog.
I think most of the names speak for themselves. Only the feeds need to be realtime and very practical or they need to be so specific that you need to have a global overview. The news of the last week you can look up through Google, but what is happening today you need to see at one glance on one page from different sources in different languages.
For the moment a big battle between the last big remaining online Feed readers is on its way. It is between the good old Bloglines and the Feedreader from Google. Both have their advantages and their problems (and the OPML code between the two is not functioning as should)
We use both here. Because Google Readers starts faster if you have an enormous list of feeds. But only Bloglines gives you the possibility to share your feeds (and not the postings). In an open intelligence environment, this is important because you give the source of your selection to everyone who could select other things or propose new feeds and sources (please do).
We also use diigo because they keep (sometimes it is not 100% far from it) a cached copy of the article.
So how does the information flow go ?
The information comes in by feed (if there is a feed and don't tell me there are feedmakers for pages that don't have a feed, they work more often not or half or aren't readable) in Google Reader. There is a selection of things to share (feed in the belsec folder of bloglines). Some of these things are worthy of further reading and are copied to dijgo. And the most practical are published on the dashboard (still heavy under development). The most interesting are published as a posting with some comments (you know me). And all of these postings are reposted on twitter.
For the moment I am trying to get more things done with diigo. So some feeds (bookfeeds for example) are for example not active anymore. The reason is that the collection of the links goes directly by diigo. Like many sites they don't have feeds for everything.
Once a month the OPLM collection of feeds from Google reader is transferred to Bloglines. THe next update is for in 2 weeks or so and already this will be a huge update and cleaning.
One thing that is already happening is that feeds with only alerts (viruses, spam, attackers, exploits) have been moved to the dashboard at Netvibes. But the dashboard will be explained in another posting. But you will see that (even if there is still much work to do) that you will find a more or less complete page with very practical online tools and alerts for each subject that we find interesting.
Just as a reminder. You can't sell this stuff, even not repackaged or integrated into a bigger package. And you should relink.