Any sales pitch mentioning WannaCry is a scam.

snake oil
To suffer a significant damage from WannaCry, you need to craft a redundant clusterfuck of FIVE SIMULTANEOUSLY MET conditions:

  1. Failure to learn from previous cases (remember Cornflicker? It was pretty much similar thing)
  2. Workflow process failure (why do you need those file shares at all?)
  3. Basic business continuity management process failure (where are your backups?)
  4. Patch management process failure (to miss an almost two month old critical patch?)
  5. Basic threat intelligence and situational awareness failure (not like in «use a fancy IPS with IoC feed and dashboard with world map on it», more like «read several top security-related articles in non-technical media at least weekly»)

And after you won the bingo, you expect you can BUY something that will defeat such an ultimate ability to screw up? Duh.

The greatest problem with "public" schools that they are NOT public.

Do you, dear public, pay for those schools?
You do… you pay exactly «for» but not «to». The schools actually receive money from the govt, NOT from you. And you have no control over the money distribution. When the money are given to the schools they don't bear your scent anymore — these are «govt's money» at the moment. The govt decides who takes the money, and for these money, a school has to appease the govt, NOT you. These «public» schools are indeed the govt's schools.

Americans seem to forget the old russian proverb:
Who dines the girl, he dances her.

An Open Letter To mr. Thunderf00t The YouTube Physicist In Chief For Debunking Bad Science

Dear mr. Thunderf00t, recently you have published a series of videos about melting gold in strange contraptions (or one might say «stupid setups»). This series culminated in the episode called «Will Burning Diamond Melt Gold?». I quote:
Gold melts at 1064 C, Diamond burns at 2700 C — this should be enough to melt gold, will a diamond melt gold?
Then you put a ~0.25g diamond on a 1g golden coin, ignite the diamond in the pure oxygen atmosphere and wait until the diamond burns a hole in the coin. The diamond burned happily to ashes and the coin remained intact.

This «failure» created confusion among yourself and your audience:
How so?! It burnt so HOOOOOOOT! and melted nothing...

Spoiler alert: ENERGY TRANSFER.

Given that few days before you successfully melted a bead of gold that was put in a cavity inside a burning graphite block (What a surprise that this contraption worked!), your confusion is legitimately cringeworthy.


I want you to understand the magnitude of this shame. Mr. Thunderf00t is not only an official scientist like many imbeciles are, he has a real discovery in his portfolio which is an achievement that the Steven Hawking's portfolio lacks of. Mr. Thunderf00t is a real scientist — not a cosmologist or something — he knows his science and he is capable of conducting meaningful experiments. A man of this qualification was driven astray by the notion of temperature. So much astray, that laymen of ancient Egypt would laugh at his «gold melting» contraptions being so obviously against even the most basic common sense understanding of thermodynamics available for humans since 10 000 years ago… 20 000? Once again, pay attention, a credible scientist forgets to calculate the energy balance of his experiment before burning real diamonds.

I therefore propose to remove the notion of temperature from the middle school physics curriculum, for it is overwhelmingly confusing and marginally useful.

make a funny experiment:
calculate «the temperature» of a 10 GEv proton, say X (note the amount of zeroes in the result)
and then ask a patented physicist: will a proton heated up to X Celcius deg melt a hole in a thin golden foil.

The Final Thought On The Minimum Wage

Picture that: You are a farmer.
You have grown a ton of potato and brought it to a marketplace.
You recon everybody sells potatoes for $1 and you decided to set the price to 0.9 so that you can return home earlier.
Presently, a group of well dressed respectable men with baseball bats approached you:
— Nice potato you have here, good sir. Do you know that the minimum price for potatoes here is $1?

1. do you believe these respectable men helped you sell your potato for a better price?
2. do you wish the minimum price to be set higher (e.g. $1.1)?

"Security Management" "Maturity" "Model"

A few days ago I twitted this picture:

RSA model for security management "maturity"
with a comment: guess what's wrong with this picture (hint: EVERYTHING).

Not everyone got the joke, so I think it deserves an explanation (sorry).

At a first glance it makes some sense and reflects quite common real world situation: first you start with some «one size fits all» «common sense» security (antivirus, firewall, vulnerability scanner, whatever). Then you get requirements (mostly compliance driven), then you do risk analysis and then voila, you get really good and start talking business objectives. Right?


It is a maturity level model. Which means a each level is a foundation for the next one and cannot be skipped. Does it work this way? No.

Actually you do some business driven decisions all the time from the very beginning. It is not a result, it is a foundation. You may do it an inefficient way, but you still do. With risk analysis. It may be ad hoc, again, depending on the size of your business and your insight into how things work, but from some mid-sized level you simply cannot stick to «checkbox mentality», you need to prioritize. Then you come with checklists and compliance requirements as part of your business risks.

The picture is all upside-down and plain wrong. I understand they need to sell RSA Archer at some point there and that's why they see it this way, but it does not constitute an excuse for inverting reality.

Anti-Vaxxers vs Vaxxers -- Another False Dichotomy

Undoubtedly we live in the age of false dichotomies… Somehow people are all talking (and fighting) about subjects with no substance.

Dear vaxxers and anti-vaxxers, your fight is ridiculous, and it is not because you are both partially right, it is because you are both completely wrong.

Have any one of you ever tried to DEFINE the subject of your debate? What do you think a vaccine is? And what to you think the category «vaccines» is? How can you make a utility/risk claim about ALL vaccines, piling together a smallpox vaccine that demonstrably saved the humanity and a flu vaccine that have never entered any testing whatsoever! Do these two share any INNATE properties at all? Can you formulate a property that all vaccines possess on their own, a property that can be observed in the vaccines themselves, all vaccines and nowhere else? This would be a characteristic property that gives you the least moral ground to speak about the «vaccines» as an object (entity). Until then, both of you vaxxers and anti-vaxxers, are engaged into a typical case of false entitification — there is no such entity «vaccines» that you pretend to be talking about. Therefore ANY CLAIM ABOUT ALL VACCINES IS GUARANTEED TO BE WRONG.

But there is still more hilarity in the «debate». Here is a logical scheme of the anti-vaxxer standing:
In a government-run hospital my child was given a shot, that was documented as vaccination. Shortly after the event the child became sick (as never before).
Let's assume we have a sufficient amount of the episodes like that (properly documented («there is no evidence» fanboys can go fuck themselves)).

How is this a reason to blame the sickness on vaccines? Let's control for all other factors… all those kids were perfectly healthy before the injection and so on and so on. If we determine beyond reasonable doubt that the sickness was caused by this particular injection, how is it a reason to blame vaccines? In order to blame vaccines on the ground described above, you must assume that the government-run hospital DID NOT lie to you about the injected substance!!!

So the anti-vaxxers' claim of the vaccines' malice is based upon the trust to the govt! The same govt that under a false pretense of vaccination and medical treatment injected kids with plutonium, gave people syphilis, created a polio outbreak (not even for scientific nor military purposes, just for fun). The govt that has broken the trust of the people over 9000 times, this govt the anti-vaxxers trust! — «govt said it was a vaccine, duh, vaccines are bad» — what a joke!

An open letter to mr. John Kelly the Homeland Security Secretary

Dear mr. Kelly,
do you realize that you lose the ability to attribute a suspect's social media account to the said suspect immediately after obtaining a password to the said account?
Once you own the password, the account is attributed to YOU, shithead, thus rendering all your claims about the suspect's alleged activity associated with the account completely inconsiderable.

Resign immediately! You know _NOTHING_ about security nor elementary logic, you are utterly unqualified for the Homeland Security Secretary position.