Subscribe to

Blogs

ASIS, day 3

 - 
Saturday, September 27, 2008
Much of today's discussion was dominated by standards, especially video standards and the seemingly competing PSIA and Sony-Axis-Bosch video standards groups. I say seemingly because there's a lot that can be misconstrued in the "standards" discussion. First and foremost, it's not even standards we're talking about. As has been noted often today, anything either group releases will really just be a specification. Without the verification of a standards body like SIA or ANSI, they don't quite reach the level of "standards," even if people talk about the specifications they hope to release in that way. Second, there's the perception on the show floor that the two groups are competing, and that both groups are competing with SIA in some way, but most conversations I've had with the interested players have seemed to indicate that everyone would ideally like to play together. As evidence, SIA treasurer Rob Hile was named PSIA chairman today, and as for creating a good relationship with SIA, he said today, "I'm personally going to take that on my shoulders." Are standards a big deal anyway? The are and they aren't. On one hand, just about every major camera company works with every major video management software company, so what's the big deal? Well, both David Bunzel, an originator of the PSIA, and Fredrik Nilsson, general manager at Axis, made the point that software makers like Milestone, Genetec, OnSSI, etc., spend way too much time and energy integrating cameras. What if they never had to spend that money again? Wouldn't that allow those companies to spend much more time and energy on improving functionality and adding features? Seems like a no brainer. So, no, the industry isn't being dragged down by a lack of standards, but, yes, the industry could be made much more efficient with a solid group of interoperability standards. I'll have more on this in the next paper.

Fake security signs in vogue, again

 - 
Friday, September 26, 2008
Apparently, faux security signs are back in vogue. A news outlet near Norfolk, Va., randomly checked seven homes that had security signs, and found out that four of the homes didn't have the security system to go along with the sign. One woman said she got the sign from her brother 15 years before. At least—judging by the photo in the story anyway—her sign is for an authentic security company (the one and only ADT). Faux security signs were fashionable at my house when I was growing up way back in the 1970s, but we didn't have a sign from a real security company. Here's what happened: Our house was broken into and the thief stole a TV or two, and not much else. (We were away, and I think there was about a week's worth of Boston Globes piled up on the front walk, no lights on in the house, and other tell-tale signs announcing that the Entwistles were on vacation.) To increase security, my thrifty father sent away for these little green stickers that had lightening rod decorations and proclaimed: "Warning! This home protected by Electronic Automatic Alarm System." I think he thought they looked pretty fake, but we put them on all of our doors and a bunch of windows. There were other new security measures implemented as well after the break-in: For added protection when we went away, my father used to cover up the TV in our family room—which was plainly visible through sliding glass doors— with newspapers. (This prompted one of my brothers to put a sign on the newspaper-covered television set--also visible from the glass doors-- that said ,"This is not a TV!") The newspapers and accompanying sign became a security tradition in my family when we went away. Maybe the stickers and newspapers deterred criminal activity; Maybe thieves just never showed up again. At any rate: We were never broken into again.

Ghost story makes it to Australia

 - 
Friday, September 26, 2008
Okay, some people prefer to suspend disbelief more than I do. The ghost-in-the-gym story has made it to Australia. I love how every story about this makes sure to mention that bugs, dust, and headlights have been ruled out. Those, of course, are the only possibilities. If it's none of those things, it must be a ghost. Clearly.

Security cameras capture ghost?

 - 
Thursday, September 25, 2008
If this were a Sherlock Holmes story, it might be "The Case of the Floating Orb." Let's use our deductive powers: Unexplained Orb Floating Around Dumbbells Baffles Gym Owners Security Company Rules Out Bug, Dust, Car Lights Why do I get the feeling that this story involves lots and lots of "dumbells?" OVERLAND PARK, Kan. -- A white orb repeatedly seen on motion-detecting cameras inside a Kansas gym has baffled owners and a security company. Yes, this is another one of those stories involving "a security company." They name the gym, but not the security company. Why is that? Security cams at the Overland Park gym videotaped the image hovering and lingering around dumbbells between 2 a.m. and 4:30 a.m. "Cams." That's a technical term. The motion-detecting system has been activated nine times at the business. By these same orbs? Always at the same time? It's unclear. Gym owner Kim Peterson said she's sure there is a logical explanation but her security company is unable to explain the events. Representatives from the security company said the system is activated by motion but a bug would not activate the model of cameras used at the gym. They also ruled out dust or headlights passing by from outside the gym. "I called my security company and said, 'Is there a lightbulb going out or do I need to get up and clean the lens?'" Peterson said. "They reviewed it and said, 'We have no idea what that is.'" The security representative said 600 other clients have the same system and had problems. I, Sherlock Holmes, will now solve this mystery: The system ... is CRAPPY! Now I know why the security company didn't want to be named. If this situation were unusual, maybe it would be interesting. But 600 other clients are having similar problems? Shouldn't that have been a bit higher up in this non-story? [[ Edit: Okay, someone pointed out another version of this story where the above sentence is "600 other clients have the same system but none of them have ever recorded a mystery." That version also contains camera being made plural as "camera's" and a fundamental lack of understanding about comma use, but is much more clear about this: "It leaves the frame, then comes back and kicked the motion sensors into action a total of 9 times between 2 and 4:30 in the morning." Interesting that two stories can be so similar and so different, no? ]] This could also be the solution to the mystery, though: "My 8-year-old said, 'Maybe Grandpa is just making sure you are OK in your new business, mom,'" Peterson said. "It could be a spirit," a woman at the gym said. "Nothing is impossible." "Woman at the gym" makes a good argument. Holmes is now going with this conclusion: It's the ghost of Captain Lou Albano! (Huh? What's that? Lou Albano's not dead? Hmmm. Back to the drawing board.)

Now the IT guys are paying attention (is that a good thing?)

 - 
Wednesday, September 24, 2008
Cisco's increasing activity in the physical security space is, predictably, drawing the attention of traditional IT media. Sometimes, they have something interesting to offer on a story, sometimes they muddy the waters. With this story, I think they muddy the waters. The actual content of the IT World Canada story is mostly fine, it's the title that's dead wrong: New standard to unite physical and IT security Wowzer! That would be awesome! But they're just talking about the PSIA (see discussion below and details here) and their device discovery API. How does something that lets video cameras integrate with video management systems "unite physical and IT security"? It doesn't, and I suspect the author of the story knows that, since it's not mentioned in the story at all, and some editor just slapped on an incendiary headline. Oh well. That'll happen. Still, this is the kind of confusion that can be created when industries that have long been separate start to come together, and it's important to define terminology and nomenclature early. By my definition, IT security is making sure no one messes with your network - firewalls, passwords, content filtering, network access, etc. There's no way that Cisco's cameras easily integrating with Genetec's video management software is going to have anything to do with someone hacking your network and stealing your data (or, for that matter, making sure someone doesn't hack your network and look through your cameras). Also, by the way, even the PSIA will tell you that what they've got to offer is a specification, and not a standard. There's a difference. Jeez.

Access Control Source Book/ISC East

 - 
Wednesday, September 24, 2008
Hey, if you're a manufacturer of products that can be used for access control, you can get in our upcoming access control source book by going here. Also, if you're going to ISC East and you've got a new product to push, go here. That's all the housekeeping for today.

Hold your hosses!

 - 
Tuesday, September 23, 2008
Nervous about this Wall Street bailout? Me too. On today’s Times op-ed page, columnist Bob Herbert said we should seek a second opinion on treasury secretary Henry Paulson’s bailout recommendation. (Herbert is hardly alone, plenty of pundits of all political stripes, economists, not to mention plain old taxpayers—agree.) Something needs to be done, and soon, but we’re talking about $700 billion. Read that slowly: seven hundred billion dollars. That’s a staggering amount of money, and this bailout’s got to work, the first time. As Herbert says, it just makes sense to take a couple days to explore “the weak points, the loopholes, the potential unintended consequences of a bailout of this magnitude.” Herbert points out “Lobbyists, bankers and Wall Street types are already hopping up and down like over-excited children, ready to burst into the government’s $700 billion piñata. This widespread eagerness is itself an indication that there is something too sweet about the Paulson plan.” He notes a very important point--that the bailout is not supposed to be a good deal for business, and quotes economist Dean Baker: “The idea is that you’re coming here because you would be going bankrupt otherwise,” said Mr. Baker. “You’re coming here because you have no alternative. You’re getting a bad deal, but it’s better than going out of business. That’s how it should be structured.” So, how should it be structured? I'm not sure, but let's at least talk about it a little. There's an interesting story In the Times business section about an successful early 90’s bailout in Sweden, which had managed to get itself into big problems because of "imprudent regulation, short-sighted economic policy and the end of its property boom." From the story: Sweden did not just bail out its financial institutions by having the government take over the bad debts. It extracted pounds of flesh from bank shareholders before writing checks. Banks had to write down losses and issue warrants to the government. That strategy held banks responsible and turned the government into an owner. When distressed assets were sold, the profits flowed to taxpayers, and the government was able to recoup more money later by selling its shares in the companies as well. “If I go into a bank,” said Bo Lundgren, who was Sweden’s finance minister at the time, “I’d rather get equity so that there is some upside for the taxpayer.” So what happened? According to this story, Sweden spent 4 percent of its GDP to rescue the banks. (The $700 billion bailout represents roughly 5 percent of the American GDP, the story says.) The final cost to Sweden, the story says, was 2 percent of GDP (though some say it was closer to zero) and Sweden seems to have survived very well thank you since that time. When my five brothers and sisters and I were kids, things from time to time got a little crazy in my house. When it was time to slow down and take a breather, my mother used to say (ok she used to yell) , "Hold your hosses!" (That's horses, for those of you who didn't grow up near Boston.) That's what Congress needs to do. This is a big deal. Let's get it right. We've got time to debate these issues. We don't have time to get it wrong.

What can we learn from IT standards processes?

 - 
Tuesday, September 23, 2008
I found an interesting article in today's Times about IBM throwing a bit of a hissy fit because a standards discussion was not going its way. Essentially, IBM is threatening to bail out of certain standards bodies unless they change the way they go about their business. For example, Microsoft submitted OOXML to the ISO under a so-called Fast Track process, which some opponents believed was too rushed and resulted in a poor-quality standard. Many countries and technical experts questioned the need for another standard document format. Similarly, people are labeling the PSIA (no, not the Professional Ski Instructors of America; the Physical Security Interoperability Alliance. Geez) the "Cisco Group," and expressing similar concerns, because the essentials of its first recommended specification (I'm going to get to the difference between a specification and a standard) came from a document supplied by Cisco. And this is why this standards discussion can get so murky. First, the difference between standards and specifications: A specification is a way of doing something issued by an industry group or manufacturer that's kind of like a recommendation or a theory on the best way of doing things. That specification only becomes a standard when an accredited body, like an IEEE or ANSI, vets that specification, puts it through its paces, and then issues it as an accredited standard. Second, the murkiness: Say you're a big manufacturer who'd like to get on this whole "open standards" wave, but would still like to retain its dominance in the marketplace, which was attained through a semi-proprietary way of doing things. Wouldn't you submit your specification for a way of doing things to a standards body and try to fast-track it through, so your way of doing things became the standard and all of your competitors had to play catch-up? And if your competitor did that, wouldn't you, like IBM, cry foul and threaten to take your ball and go home? So, here are some of the questions: Is Cisco using the PSIA as a puppet, knowing that it's done so much heavy lifting on creating the specification for device discovery that the PSIA member companies would be unlikely to change much and just generally be happy with it? Is the Sony-Axis-Bosch alliance (sorry, I mean the ONVIF) similar to IBM's fuss-making, or are they really the more "open" discussion? Here's the essence of the IBM position: IBM's guidelines are based on its belief that open standards increase the range of software products that are interchangeable. Standards prevent one software vendor from capturing a large part of a market by locking users into a proprietary format and limiting their ability to easily switch to another product. Microsoft has long been accused of dominating the market for office productivity programs due to its use of closed file formats. Microsoft changed course, however, and submitted its OOXML format to become an international standard, which means other vendors could implement OOXML in their products. But OOXML was criticized for being unnecessarily complex. Also, Microsoft was accused of pressuring countries to support the standard, which left companies such as IBM fuming. IBM is a long-time backer of ODF. The analogy to security is less than perfect, since the standards are much more developed in IT and security is really just beginning to iron things out, but the potential political situation seems kind of similar to me. Long-time backers of standards are going to resent new positions by old vanguards that, no, really, we're totally into this open standards thing. But that doesn't mean that the old vanguards don't have an ability to write good specifications that would actually be of benefit to the industry. What's going to be important is that people actually look at the documents being created by the PSIA and Sony-Axis-Bosch (and hopefully it won't come to the point where they're issuing competing specs for device discovery, because that would just seem wasteful) and actually figure out which makes more sense for the security community, and not just side with whomever they're friendliest. That would simply be counter-productive in the long run. We've talked here not too long ago about the benefits of standards, and they seem legion, but no one said the process was enjoyable.

Okay, I'm on Twitter now

 - 
Monday, September 22, 2008
I can't imagine how often I'm going to use this yet, but I am now on Twitter if you want to be my Twitter follower (I believe that's the right terminology) or want me to follow you: http://twitter.com/Sam_Pfeifle. I've also got a LinkedIn page, which you can find in the sidebar on the lower right, and a Facebook page, which I'm keeping for personal stuff right now, and a Myspace page, which is for my band, the Grassholes. Plus, I've got online identities in half a dozen online forums. All of this is getting time consuming...

Have you seen my lawnmower?

 - 
Monday, September 22, 2008
It's been a while since I've blown up some local television station's "security" story, so I'm going to indulge myself today. It's Monday, I'm eating lunch, and I can't help myself. Today's insanity is provided by NBC 12, out of Richmond, Va. It's titled "Break-in reminds homeowners of the risk of property crime." I'm entertained by the premise alone of this story. Essentially, homeowners in tony neighborhoods need to be reminded that they can be victims, too. It's not just in the ghettos that crime happens, you know. I mean, We did a search over the past three months, to see what other kinds are reported here. During that time, we saw three cases of theft, two cases of vandalism, and one report of burglary. Holy smokes. So three times, the housekeeper stole Ma's jewelry; twice, a couple of brat kids egged someone's house; and once, there was a burglary. In three months. In all of Colonial Place, a large part of Richmond, Va., which is a pretty big city. I'm floored by that. I'm shocked the National Guard hasn't been called in. Luckily, however, neighbor Todd Flowers is coming to the rescue: A recent shed break-in prompted a Richmond man to make a quick fix to his home security. And his ideas may help cut down on other area crimes. Excellent. Can't wait to hear what those ideas are. I'm all ears. This happened near Malvern and Stuart Avenues. Sweet. "The minute I saw the doors wide open I knew that they broke in," said homeowner Todd Flowers. Flowers did everything you're supposed to do. It just didn't matter. "And I had it latched right here," he said. "They just came with bolt cutters and snapped the lock right off." Everything you're supposed to do=put a lock on it. Good to know. Somewhere there's a book with a paragraph on what you're supposed to do to keep your gardening shed safe. That paragraph reads like this: Put a lock on the door. But the lock turned out to be the least of his worries, on a recent morning. The lawnmower was the first thing they grabbed. It's unclear how they've established the chronology of the crime. I'm assuming CSI guys were brought in to establish the timeline. "It was sitting right here," he said. "They stole the gas, but left me with the gas cans." I find this incredibly entertaining. So the thieves stole a lawnmower (virtually worthless - what are they going to do, put it on eBay?), but didn't want to carry the gas cans, so transferred said gas into another container? That makes zero sense. But, whatever. Not only that, but the thieves stole hundreds of dollars worth of other yard supplies, which all have to be replaced. "My blood pressure shot up and it was disappointing to see all my lawn toys stolen," he said. "You just feel violated." I know I feel violated. Anyway, weren't there going to be some new ideas on home (gardening shed, really) security here. I haven't found them yet. I'll skip ahead and look for them. Hmm. This might be them: "I think that people just need to be aware and do what they can to deter this kind of thing," he said. "Stay in communication with your neighbors, install lights." New ideas="be aware"; "do what they can"; "stay in communication with your neighbors"; "install lights." Do you think Todd can patent those? I'm guessing those ideas would be valuable in this whole anti-crime campaign the nation has embarked upon. Maybe he could get some signs made up. Or a web site. Todd's now taking his own advice. "So it's not a whole lot of light but its enough so you can see if there's anyone back here," he said. And hopes others do, too. Light pollution comes to Colonial Place, as gardening sheds everywhere are bathed in light. Odds are, those thieves won't be getting inside his shed again, anytime soon. "They, essentially have to rip the doors off," he said. Everything you're supposed to do now=get a bigger lock than you thought you needed. Also, this television station has no qualms about putting commas between subjects and their verbs. None whatsoever. They're grammar lawless, I tell you. Unfortunately, you can't be 100% safe from anything. So you do what you can to deter crime, but it happens all over the community so be aware. I think I saw that on a coffee mug once. Or maybe it was a bumper sticker. It's just so true. There might have been more commas on the bumper sticker, though. It's hard to remember. I've seen so many.

Pages