In today’s news there’s been a big thing about Barack Obama defending the right to build a mosque near the Ground Zero site in New York.

The best bit of it all though was the quoted parts of the speech…

We must all recognise and respect the sensitivities surrounding the development of lower Manhattan, Ground Zero is, indeed, hallowed ground. But let me be clear, as a citizen, and as president, I believe that Muslims have the same right to practise their religion as anyone else in this country.”That includes the right to build a place of worship and a community centre on private property in lower Manhattan, in accordance with local laws and ordinances. This is America, and our commitment to religious freedom must be unshakeable. The principle that people of all faiths are welcome in this country, and will not be treated differently by their government, is essential to who we are.”

He told the group of US Congressmen, government officials and foreign dignitaries that America’s tradition of religious tolerance distinguishes it from “our enemies”.

“Al-Qaeda’s cause is not Islam,” he said, “it is a gross distortion of Islam”.

And that’s the primary point for me – Al-Qaeda is not an Islamic cause, the current phase of “islamic terrorism” isn’t about islam at all, it’s just about terror. Anyone who thinks that these terrorist episodes are about religion really is a bloody moron – religion is (as always) the convenient talking-point to support the ’cause’.

Yesterday I noticed a new spam / scam / phishing email that seems to have appeared.

It purports to come from Amazon, and tells you that your order has been despatched, along with some links that are clickable.  The links actually go off to a russian site, but I’ve no idea what that does, and have no intention of finding out.

The biggest clue that it’s a spam/scam are

• the prices are all in dollars (which is a bit of a giveaway for us in the UK)
• you haven’t ordered anything from Amazon
• it’s got a link to “see the ordered items”, rather than just listing them in the mail
• the email address it’s been sent to isn’t the one you’ve got listed with Amazon

But all told it’s one of the better spam/scam/phishing-type emails of the moment.  Best to publicise it and be aware of it.

All quiet round here at the moment, as my brain is utterly failing to process stuff.

I’m stuck with reading a metric butt-load of security stuff (as written about at the tail end of last week) which is about as interesting as you’d expect.

Check out this – it’s the first paragraph of the documentation, which (as I understand it) is meant to make you want to read more…

CLASP — Comprehensive, Lightweight Application Security Process — is an activity-driven, role-based set of process components whose core contains formalized best practices for building security into your existing or new-start software development lifecycles in a structured, repeatable, and measurable way.

In any game of Buzzword Bingo, that paragraph/sentence will get you “House!”

There’s 600+ pages of this shit to wade through, so posts here might be a bit slow

In the run-up to the Festering Season, I had one hell of a lot of work coming in with some documentation that needed doing in order to get us what’s known as PCI-DSS accreditation. PCI-DSS stands for “Payment Card Industry Data Security Standard”, and it’s a total fucking nightmare.

Anyway, one of the big steps in attaining this PCI-DSS standard is to have somewhere around a metric shit-ton of paperwork. No kidding. There’s some 230-odd points in the PCI-DSS standard, and each one of the bloody things needs documenting. It’s a serious bit of work just getting all the paperwork done.

With the other stuff I also had to do in order to get everything in place, the documentation took a back-seat, and we ended up getting it done by me speaking into a dictaphone, and then getting an audio-typist to type it all up. It was supposed to save me a stuff-load of time. And it worked – I’d got all the dictation done in two and a half days, and the typist did everything in time for mid-January.

Or so we thought.

It turned out that the audio-typist was a tossbag, and didn’t actually do all that much in the day they were in – at the end of which they said they’d done it all.

Cunty fucking bugger.

It’s taken me the intervening three fucking weeks to get things back to where I thought I was in mid-January. Three weeks of doing this sodding documentation, three weeks of making sure it’s right, and that it all makes sense. Oh, and still doing all my normal insane workload as well.

This goes some way to explaining why I haven’t been writing much on D4D in that time – I’m utterly damn sick of typing, and didn’t have the time or headspace to do much here.

I’ve just now finished the documentation for PCI-DSS. We’ll review it tomorrow and next week, so I’m sure there’ll be some edits. But that’s just fiddly crap – the most important thing is that I’ve broken the back of it. I’m done.

I’m also utterly fucked. But that’s beside the point. I’m done with the documentation.  Happy, happy day.

Over Christmas there was yet another terrorist “attack” in a plane over the US. And as a result, Fuhrer Brown has said that full-body scanners will be brought in to all the main UK airports because ‘they’re crucial in the fight against terrorism”. Which, frankly, is bollocks – the experts don’t even agree that the explosives used by Umar Farouk Abdulmutallab on Christmas Day would be found by a full-body scanner.

I’ve written before about Security Theatre, and really this is all more of the same.

What makes me really laugh though is all the shite that politicians spout about doing this “because we won’t give in to terrorism”.

• Every single time you take a flight and have to take your shoes off for a search, terrorism caused it.
• Every time you go through a full-body search from now on, that’s been caused by terrorism.
• Any time you can’t take a drink or shampoo abroad, that’s been caused by terrorism.
• Any time you read about ID cards or airport security, that’s been caused by terrorism.

And actually, for pretty much all the above items, you could replace “caused by terrorism” with “caused by the threat of terrorism”. Because most of it isn’t actually related to terrorist acts – it’s related to “plots”, rather than the real thing.

Basically, if you’re travelling by plane, you’re affected by terrorism or the threat of it. Every time you’re affected, you think about why you’re being affected. And bang, terrorism wins yet again.

In fact, the only recent occasion where terrorism really hasn’t affected things (yet, anyway) was the bombings in London on the 7th July. Certainly that event has made people more aware of the risk of terrorism and suicide bombers – but it hasn’t involved extra security checks, or changes to the way we live.

So wittering on about not letting terrorists win, while adding in new pointless security measures “to prevent terrorism”, that’s terrorism winning its case.

With the new job I’m actually finding myself in a fairly serious position of trust and responsibility – quite weird, for having only been with the company for two months.

For example, I’m completely responsible for the security of the data, a lot of which is seriously sensitive. That’s fine, I’ve been there before with other sets of information, but the sheer scale of this one is what makes it a bit intimidating. The stuff I’ve inherited from my predecessors is – to be polite – a bit shambolic, with what looks like a lot of “Oh, that’ll do” workarounds. So I’m getting to fix these things, and that can be a bit stressful.

This week has been (and still is, to some degree) a high point on the stress levels, because of two big jobs.

First, I’ve had to change all the encryption methods on the site, to bring it into accordance with some industry guidelines. That means de-crypting the existing data, re-encrypting it with the new method, then de-crypting it all again to make sure it matches the first set of de-crypted data. For 75,000 records. Suffice it to say, there were *lots* of backups in place, so I could roll it all back whenever.

Second – and this is due to be happening either tonight or tomorrow – we’re moving all the database stuff over to the new server. Again, having a seperate server for the database is a requirement of the industry standards but means a lot of work – killing the site, taking backups, copying them to the new server, and restoring the data. We could have used replication to copy one database to t’other, but to be honest I’m happier with the slower method which I’m familiar with in this case, rather than one I haven’t needed to use before.

Along the way, I’m also now a key-holder for the office – something else I don’t actually mind, and have done plenty of times before – but again it’s that responsibility, that trust which I still find surprising. I shouldn’t, but I do.

The final piece of this has started this week, as we’ve now got a new developer on board so I’m now in charge of a team of three developers, having to set up all the infrastructure for development areas, change control, training, documentation, everything. I’m responsible for two other people’s jobs as well as my own. That’s the scary bit – in the case of the new developer, I’ve been the one to interview him, I’m the one who’s said he’ll do the job. If I’m wrong, then he’s going to go, and won’t necessarily have anything to go to.

It’s all a bit of a leap into the – what? It’s not unknown, I’ve run small teams before, and run other businesses before I got back into IT and Web stuff. But it’s a big leap for me all the same, from where I was working last year as sole developer for one of the local councils, and now I’ve got a team, a set of plans, and a whole shitload of work.

Weird the way things work out sometimes, isn’t it?