Saturday, 8 December 2007

Primary Objective of Auditing

The primary objective of an auditor is to “Measure and report on risk”.

An auditor is empowered and engaged by management to solicit answers to the difficult questions about an organization. This is done in order to better comprehend how the organization is functioning and to identify risks that exist to the organizational missions and objectives. This process should allow the auditor to measure and subsequently report on risks so that management can understand and act on a risk.

The secondary objective of an auditor is to diminish risk through a process of raising awareness.

Once an auditor identifies a risk, it is reported to management so that they can do something. In this way, the auditor raises the awareness of management so the risks can be reduced. If management did not desire to reduce risk, they would not use an auditor.

Friday, 7 December 2007

Pipelined protocols

Pipelining is a network technique where the sender allows multiple, “in-flight” or yet-to-be-acknowledged packets to be sent before requiring an acknowledgement. The range of sequence numbers must be increased for this to work due to the number of outstanding packets. There is also an increased requirement for buffering at the sender and/or receiver.
Pipelining allows greater bandwidth.
There are two generic forms of pipelined protocols:

Go-back-N protocol
With an understanding of sequence numbers and sliding window it is possible to quickly understand the Go-back-N protocol.

The receiver sends an ACK for each frame as it is received. If a corrupted frame, F(n), is received or F(n)is missing (the packet failed to arrive) then the receiver sends a special N.ACK(n) to request that the sender start retransmitting from frame F(n).

Selective repeat protocol
This protocol can be executed using one of two methods:

  • The receiver sends only ACK's and the sender implicitly retransmits frames, or the receiver transmits ACK's to explicitly request a frame retransmission.
  • The sender buffers out-of-order frames until the missing frames are retransmitted.

As is suggested by the name, the receiver can “selectively” request retransmission of a frame. When using ACK's only, the absence of an ACK triggers the retransmission.

Thursday, 6 December 2007

Qualitative research in Psychology

Subjectivity and bias are two of the most difficult key criteria to meet in good qualitative research (Larkin, 2002). To achieve this goal, the researcher needs to formulate a methodology that develops logically and demonstrates an understanding. It needs to lead to a direct and coherent connection between theory and method with no factual inaccuracies or misunderstanding. Simply put, it must avoid the “anything goes” mentality that is the critique of qualitative research (Antaki et al., 2002).

There are several key concerns associated using thematic analysis. A crucial concern with qualitative research pertains to the idea of interpretivism. This is a suggestion that humanity is interpretive in action and in a conception of the conduct of those about us. More simply, we compel meaning on our environment both in cultural practices defined by collective elucidation and a paradoxically function as an “isolated individual”.

While the “concept” of thematic coding is undemanding, the practice is not so easy. It is imperative to maintain a taxonomic definition of codes as they are constructed. Consistency in the application of these codes is also essential. The intricacy of this method is in warranting a particular occurrence of code “A” as being functionally equivalent to the same as occurrence “B”. Trivial variation in vocabulary, language and even the approach used complicate the conclusion that “subject X” has an equivalent response to “subject Y”.

Language is a fundamental attribute of the human condition. Through language we share a perception of and order our consciousness. Ludwig Wittgenstein (S 5.6, 1922) suggested “the limits of my language mean the limits of my world” to espouse the proposal that language profoundly erects a substantial framework to interpret conduct. He suggests that the precise character and associations of this milieu are the quintessence at the heart of anthropology, sociology, social linguistics, and psychology.

There is an inherent “quantification” implicated with various type of thematic analysis. In generating “quanta” of occurrences concerning behaviours and responses that are clustered for “similar” features, conjectures that motivate qualitative research often animate the supposition that the disparity amid subjects contextualise to make those distinctions strongly significant.

This does not infer an innate defect with thematic analysis, but indicates one of the predicaments consequential with this methodology. Whereas significant correlations involving positions compared with contrasting cases do emerge, Thematic Analysis is problematic .Conducting research without diversions from profound theoretical issues, bias or subjective prejudges is intricate at best.

  • Antaki, C., Billig, M., Edwards, D. & Potter, J. (2002) “Discourse analysis means doing analysis: a critique of six analytic shortcoming.” DAOL Discourse Analysis Online, 1(1).
  • Miles, M. Hurberman, M. (1994) “Qualitative Data Analysis: an expanded sourcebook”. London, Beverley Hills.
  • Parker, I. (1992) “Discourse Dynamics: Critical analysis for social and individual psychology”. Routledge
  • Smith, J.A., Jarman, M. & Osborn, M. (1999) “Doing interpretative phenomenolgical analysis”. In Murray M. & Chamberlain K. (Eds.) “Qualitative Health Psychology”. Sage.
  • Wittgenstein, Ludwig Josef Johann (1922) “Tractatus Logico-Philosophicus” (5.6)

Wednesday, 5 December 2007

What is a Webbug?

By embedding a small (1x1) image into a page (the image being not noticeable) the site can make a call to another site (i.e. that of gator or another spam merchant).

This call to download the 1 byte image will set a cookie header. So the site sets a cookie that has an open domain. As you visit other sites (that may also have web bugs – and Google sells space for these) the cookie will be used to collect info on your surfing habits (referrer lines etc)
So the web bug with the cookie may be used to formulate info on what you do.

Every time that you go to a page with a Web bug, you create a log at the advertising firm. You make a call to their server to download the image and they will record the REFERER information.

Not all Web Bugs are small and insidious. In fact any graphics on a Web page that is used for monitoring purposes can be considered a Web Bug. Advertising companies have a preference to use the more sterile term "clear GIF" and are also known as "1-by-1 GIFs" and "invisible GIFs".

A Web Bug provides the site with the following information
  • The IP address of the host system that obtained (viewed) the Web Bug
  • The URL of the page that the Web Bug is located in
  • The URL of the Web Bug image
  • The time the Web Bug was viewed (downloaded)
  • The browser variety (eg. Mozilla, IE) used to get the Web Bug image
  • Any cookie values that where previously set in the browser
Web Bugs in Email
  1. A Web Bug can be used to find out if a particular Email message has been read by someone and if so, when the message was read.
  2. A Web Bug can provide the IP address of the recipient if the recipient is attempt to remain anonymous.
  3. Within an organization, A Web Bug can give an idea how often a message is being forwarded and read.

Web Bugs and SPAM

SPAM companies will often utilise Web Bugs. They do this for the following reasons:

  1. To quantify the number of people who have viewed the same Email message in an advertising campaign.
  2. To detect whether the SPAM message has been is viewed or not. This can provide the advertiser with a far more accurate statistic then simply collecting “read receipts”. Email addresses that are not recorded as having viewed a message are removed from the list for future mailings.
  3. To synchronize a Web browser cookie to a particular Email address. This method allows a Web site to validate the identity of people who come to the site by correlating the cookies on the system from the email and the web browser.

Tuesday, 4 December 2007


Some tools to consider in log agregation
Numerous tools exist in the commercial world, but you do not need to pay a fortune to enable logging in your organisation. I have included a few options in this port.

This is an easy to configure too that is available by default with Unix and most network devices and also can be added to Windows as a third party product (some commercial, some free). It runs over UDP 514.

Modular Syslog
This is a replacement for Syslog. It can be configured to use TCP, encryption and also supports being sent to MySQL. This is a powerfully functional tool.

Syslog-ng accepts logs as either TCP or UDP. For TCP however, syslog-ng is required at both ends. It supports content based filtering to sort and organise logs with an extensible facility and severity. Encryption and authentication is supported and best of all it can be run on a "chroot"'d system.

What Next?
What do you do with your logs now that you have them? Here again there are a number of free tools.
This will send your Windows event logs to syslog.

This is a simple search tool for your logs. Think of "google" for your logs. In effect it will allow you to find log information on a search.

The best for last.
Distributed Aggregation for Data analysis (DAD)
DAD is a Windows event log and syslog management tool that allows you to aggregate logs from hundreds to thousands of systems in real time. DAD requires no agents on the servers or workstations. Correlation and analysis is driven through a web front end.

It is still early days for this product, but keep watching. This is a powerful tool!

Monday, 3 December 2007

Peter Gutmann and disk recovery falacies and snakeoil

Peter Gutmann in 1996 developed a method to wipe drives in 1996. One of the issues that was not challenged at the time is the assertion that “obtaining a 0.95 when a zero is overwritten with a one, and a 1.05 when a one is overwritten with a one” is actually false.

What people seem to think is that a digital write is a digital operation. This is a fallacy. Drive writes are analogue. They have a probabilistic output. It is unlikely that an individual write will be a +1.00000 [1]. Rather - there is a set range. There is a normative confidence interval that the bit will be in.

What this means is that there is generally a 95% likelihood that the +1 will exist in the range of (0.95, 1.05) there is then a 99% likelihood that it will exist in the range (0.90, 1.10) for instance. This leaves a negligible probability (1 bit in every 100,000 billion or so) that the actual potential will be less than 60% of the full +1 value. This error is the non-recoverable error rating of the drive for a single write.

As a result, there is no statistically discernable difference to the drive of a 0.90 or 1.10 factor of the magnetic potential. What this means is that due to temperature fluctuations, humidity, etc the value will vary on EACH write. A consequence of this is that data recovery using an ESM is probabilistic. This is, the

What is being suggested by Peter Gutmann in his paper is that a 1.06 drive voltage factor will imply a previous +1. This is false. As I stated, a this is not correct. A +1 is anything in a range - normally and it has nothing to do with drive head placement. A normal write will create a reading in a range - nearly never a 1.00 but rather a 0.9 to 1.1 independent of the prior write.

There is no way to determine if a 1.06 is due to a prior write or a temperature fluctuation. There is a probabilistic occurrence of recovery at a rate better then 50%. This is true. However, recovering 60-65% of a disk track in a linear function is unlikely to provide any acceptable level of recovery and will not suffice as forensic evidence.

On top of this the issue of magnetic decay will come into play. This further skews the results. "Therefore it is theoretically possible to neutralize the last write, but only IF the head can be placed almost exactly over write spot.

No, this is false. Magnetic fields operate perpendicular to what we term reality (this is a big simplification). Magnetic field maths requires the unreal number i = SQRT(-1) for definition. Magnetic fields do not sum in real space as is implied by the statement, rather they act at 90 degrees to all physical dimensions (again a big oversimplification).


  • Prof. Dr. sc. nat. Lutz Schimansky-Geier (2007) "Stochastic dynamics and electromagnetic fields of confined random charges: from distribution to control" Institut für Physik Theoretische Physik (Stochastische Prozesse)

  • De Angelis, G F et al (1982) "A stochastic description of a spin-1/2 particle in a magnetic field" J. Phys. A: Math. Gen. 15 2053-2061 doi:10.1088/0305-4470/15/7/016

  • White, R B et al (1993) "Collisionless transport in a stochastic magnetic field" Plasma Phys. Control. Fusion 35 595-599 doi:10.1088/0741-3335/35/5/005

  • Hentschke, S.; Rohrer, S.; Reifschneider, N.(1996) "Stochastic magnetic field micro-sensor" ASIC Conference and Exhibit, 1996. Proceedings., Ninth Annual IEEE International Volume , Issue , 23-27 Sep 1996 Page(s):11 – 14 Digital Object Identifier 10.1109/ASIC.1996.551952

Sunday, 2 December 2007

A Weekly search for virtue and betterment

I try to follow Ben Franklin's course of 13 virtues. Each week I concentrate on the improvement of one virtue. These are are as follows:

  1. Temperance: Eat not to dullness; drink not to elevation.
  2. Silence: Speak not but what may benefit others or yourself; avoid trifling conversation.
  3. Order: Let all your things have their places; let each part of your business have its time.
  4. Resolution: Resolve to perform what you ought; perform without fail what you resolve.
  5. Frugality: Make no expense but to do good to others or yourself; i.e., waste nothing.
  6. Industry: Lose no time; be always employed in something useful; cut off all unnecessary actions.
  7. Sincerity: Use no hurtful deceit; think innocently and justly, and, if you speak, speak accordingly.
  8. Justice: Wrong none by doing injuries, or omitting the benefits that are your duty.
  9. Moderation: Avoid extremes; forbear resenting injuries so much as you think they deserve.
  10. Cleanliness: Tolerate no uncleanliness in body, cloths, or habitation.
  11. Tranquility: Be not disturbed at trifles, or at accidents common or unavoidable.
  12. Chastity: Rarely use venery but for health or offspring, never to dullness, weakness, or the injury of your own or another's peace or reputation.
  13. Humility: Imitate Jesus and Socrates.

Cookie Recipe


  • 125 grams butter
  • 50 grams caster sugar
  • 60 grams brown sugar
  • 1 large egg
  • 1/2 teaspoon vanilla (real vanilla - the pods or a paste)
  • 125 grams of plain flour
  • 1/2 teaspoon salt
  • 1/2 teaspoon bicarbonate of soda
  • 250 grams of chocolate (Dark is best for this)
  • 1/2 cup coarsely chopped almonds
Turn your oven on to preheat at 180 degrees Celsius (about 350 degrees Fahrenheit, gas mark 4). Get some baking trays ready (grease them, stuff non-stuck).

In a large bowl (or get the electric mixer) add the butter and sugars. Beat until light and fluffy. You are there when the colour starts to lighten, and the sugar starts to look less granular and blend.

Separate the egg (white and yolk). Wisk the egg white to a firm peak.

Add the egg yolk and vanilla and mix all of the above together well. ONLY use REAL vanilla (no extract or vanilla essence - it's the real thing and you will notice)!

Fold the egg white and the egg yolk mix.

The Dry Ingredients
In a separate bowl measure out and sift the flour, salt, and bicarbonate of soda.

Add the dry ingredients to the sugar/egg/butter mixture and fold them all together well.

Time to prepare the chocolate chips and almonds.

Now, the size of chunk. Never be scared to go large - a centimetre square would works just fine. The cooking process makes the chocolate go soft in the middle, meaning it's not hard when you bite in - so sometimes the bigger the better. Don't be afraid to experiment.

Stir in the chocolate chips and almonds.

Resist the temptation at this stage just to sit down with a spoon and eat it out of the bowl. Instead, drop the mix in tablespoon-sized scoops onto the baking trays. Leave plenty of space between scoops - the "batter" will spread out. You'll get about 6 to 12 cookies based on size.

Slide them in the oven and bake until they go golden brown, and the centres are still slightly soft to the touch. It's going to take about 12 to 15 minutes. Take them out, leave them to sit for 5 minutes. Then turn them on a cooling rack.

The world's BEST cookies (al a Craig), in your own home.