Superconductor

There's a theorem from mathematical physics that may have an application in the workplace. This is the virial theorem, and its workplace analogy may explain why every job has its annoying parts.

One version of the virial theorem roughly says that for a finite collection of point particles interacting gravitationally, the time average of the kinetic energy is half the time average of the potential energy, or

<K> = - <U> / 2

The virial theorem is useful to astronomers because you can use it get a good idea of masses of distant objects, which you can't really observe, from their kinetic energy, which you can observe. The reason that we think that dark matter exists is basically from observations like those plus the virial theorem.

Driving in to work today, I had the thought that an appropriate analogy for the virial theorem the workplace might be that the bad parts of a job are always proportional to the good parts of a job. In my experience, this seems to have always been true.You probably have some relationship like this, for example:

<Bad> = - <Good> / 2

When I was an officer in the US Army, there were lots of good aspects of the job. There's nothing in the world as rewarding as working with soldiers, for example, and getting paid to work with explosives and fire guns is also lots of fun. To make up for this, however, there's also the fact that the military is really part of the government, so you're really part of a large, mind-numbingly bureaucratic organization.

Or when I used to do what's probably best called applied physics research, it was great fun working with things like lasers and electron microscopes. To make up for this, however, there's the never-ending battle that you have to fight to get funding for those expensive gadgets.

Or when I did mergers and acquisitions consulting, it was great fun getting a look inside lots of different companies in lots of different industries and seeing how they worked. The pay wasn't bad, either. To make up for this, however, there were the 20-hour days and the backstabbing from other consultants (particularly the lawyers) involved in the M&A projects that you had to keep a constant eye out for.

So although I'm not sure that you can write down a set of assumptions that lets you rigorously prove an analogy for virial theorem for the workplace, it certainly seems to be true. If there's a job out there for which it doesn't hold, I'd definitely like to hear about it.

If the number or size of the parties put on by vendors at this year's RSA Conference is any indication, the information security industry has fully recovered from any affects of the recent recession. Luckily, I recently saw an episode of Mythbusters that made surviving these parties much easier than it was in previous years.

The Mythbusters episode that I saw compared the hangover caused by drinking from beer to the hangover caused by drinking liquor. Somewhat surprisingly, they found that beer causes a much worse hangovers.

Armed with this research, I developed a strategy to deal with the numerous parties at this year's RSA Conference: stick to martinis and drink no beer. Drinking martinis also helps in another way. Martinis taste terrible so you're much less likely to drink too many of them. After a single sip from a martini, you're usually more than happy to wait a long time before taking another sip. Beer, on the other hand, doesn't have this built-in rate-limiting feature, so you're more likely to drink too much of it.

This strategy worked perfectly. By sticking to martinis I was easily able to keep my blood alcohol content well within the limits allowed for driving, and the next morning I felt no obvious effects from the parties at the RSA Conference the previous night.  

When I recently logged in to the ISSA web site, I was surprised to see that the web site apparently thinks that I'm in rural Libya somewhere. Here's what its map showed for my location:

Based on this, the 10 closest ISSA chapters to me are Italy, Abuja, Egypt, Spain, Switzerland, Istanbul, France, Romania, Israel and Lagos. Voltage often supplies speakers for ISSA meetings, but I don't think that we've sent anyone to any of these locations yet, even though they're apparently fairly close to us.

I didn't know that there are actually two chapters in Nigeria (Abuja and Lagos). Maybe keeping one step ahead of all of the spammers requires lots of security professionals. Maybe there's a different reason. The population of Nigeria is roughly 150 million, or about half the size of the US, so there must be lots of businesses there that need information security people.

I recently came across "Cinema Fiction vs Physics Reality: Ghosts, Vampires and Zombies," by Costas Efthimiou and Sohang Gandhi. This paper discusses how ghosts, vampires and zombies are portrayed in books and movies and looks at what's actually possible and what's not.

Ghosts have lots of problems with physics at a very basic level. They can't both be incorporeal and do the things that they are shown to do in books and movies. That should be fairly obvious.

Vampires have problems with the exponential growth of the vampire population that they would cause. I hadn't thought that before, but when you hear it, it's fairly obvious. Suppose that a vampire needs a single victim each year and that this victim then turns into a vampire. After one year, you have two vampires. Each of these two creates two more the next year. Each of these four then create four more the next year, etc. This growth quickly gets out of control and leaves the entire world populated by vampires. So the fact that people exist is proof that vampires don't exist, at least not vampires as they're portrayed in books and movies. (This analysis might not be quite accurate because it doesn't account for the ability of people like Kristy Swanson to keep the vampire population in check, but it's probably close enough.)

It turns out that there's actually a factual basis for zombies. Maybe this is why Brian Keene's zombie books are so popular. I'm personally more fond of zombie stories like Robert Bloch's "Maternal Instinct," but I seem to be in the minority in this particular case. Much like people who think that reading papers about the physics of ghosts, vampires and zombies is interesting.

And it's apparently not just physicists who worry about zombies. Lucy Snyder, the wife of Gary Braunbeck, one of the best horror writers in the world, has written a book Installing Linux on a Dead Badger and Other Oddities that tells why people in the corporate IT world should worry about them.

Here's what this fine book has to offer:

• "Installing Linux on a Dead Badger"
• "Authorities Concerned Over Rise of Teen Linux Gangs"
• "Your Corporate Network And The Forces Of Darkness"
• "Faery Cats: The Cutest Killers"
• "Graveyard Shift"
• "Dead Men Don't Need Coffee Breaks"
• "Business Insourcing Offers Life After Death"
• "Corporate Vampires Sink Teeth Into Business World"
• "Unemployed Playing Dead To Find Work"
• "Trolls Gone Wild"
• "The Great Vüdü Linux Teen Zombie Massacree"
• "Wake Up Naked Monkey You're Going To Die"
• "In The Shadow of the Fryolator"

There's also a book coming out soon that tells how Dante Alighieri was inspired to write the Divine Comedy, at least the Inferno part of it, by seeing the results of a zombie infestation. My copy should be arriving next week.

I'm sure that there's some way to make this relevant to information security, but I don't see it right now.

While editing a standards document this morning, I was reminded of an e-mail exchange that I had a few years ago on the mailing list for an entirely different standard. On this particular list, someone was discussing what bad things an administrator of a certificate authority could do if they abused their administrator rights. They called this a "rouge CA," and really didn't seem to understand why that particular term didn't mean what they thought it meant.

Apparently, people have been confusing the words "rogue" and "rouge" for quite a while. Some people tell me that this confusion became the most obvious in 1987, when people were discussing the game Rogue Trader, inadvertently turning it into a game in which players tried to make a killing trading in either cosmetics or other red-colored commodities.

In any event, after some discussion of the dangers of "rouge CAs," I had to add a comment or two to the discussion that didn't really relate to the security issues that were being discussed. I said that I hadn't heard of a "rouge CA," and asked if these were discussed in a standards document that I hadn't "red." I also made some comment about how I was skeptical about the very idea of "rouge CAs," and speculated that it really wasn't the kind of idea that a reasonable person would "make up."

This may not actually have been as funnny as I think it was.

The replies to my less-than-helpful comments showed that many people on this particular list really didn't understand the difference between "rouge" and "rogue." Based on the additional comments that tried to connect cosmetics and certificate authorities in some clever way, it seemed that one or two other people did, but most didn't.

Oddly enough, the people who were confusing "rogue" and "rouge" all seemed to be native speakers of English. People who had learned English as a second language didn't seem to confuse these two words at all. I wouldn't be surprised if similar mistakes, like marketing people talking about "flushing out" details instead of "fleshing out" details are also generally limited to native speakers of English, but that's a rant for another post.