Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for July 29th, 2010

Carnivale: Two Seasons of Goodness and Then A Blight from HBO

with 5 comments

Back in 2005 a show came to HBO that I got in drips and drabs over time while I was a “Travelling Man” for IBM. Since I did not have HBO at home and still don’t I had to finally catch this whole show on DVD. I have just finished watching both seasons of the show and I felt compelled to write a review. The show was Carnivale.

Carnivale takes place in 1934, the depths of the depression in the blighted land of the dust bowl. From the start, it is an incredibly well shot and designed show that really places you in the setting of depression dust bowl life even better than the Dorthea Lange picture of the migrant worker. You literally feel the dust and parching heat of the place and time by just looking at the scenery and of course, the players. Never a more dusty troupe will you ever see.

The basis of the show is the epic battle between good and evil that takes place on the earthly plane after the war in Heaven came to an end. Evidently, every generation has the chance of being led by evil or good according to the deal that was struck between Satan and God. A savior and a devil are born with each generation and they may, or may not, fulfill their destiny to do battle and decide the fate of man.. For that generation at least.. Until the Omega.

In this generation you have Ben Hawkins, a boy who has been shunned by his insane mother and in the start of the show, we find has escaped the chain gang to be with her and try to help her. She refuses his help, which could heal her by the laying of hands upon her, and dies. Ben, moves on to escape the law with the local Carnivale and begins the journey of discovery of what he is as well as hasten the epic battle to come.

The Good:

Fantastic cinematography, set design, costume design, and general historical accuracy down to the language of the time and place! This will be darkly wonderful and dry for you to watch. You will feel like you are literally sitting next to that migrant worker as well as give you a taste of 1930’s carny life.

The Acting was well done and the writing of the characters well defined if not a little cryptic at times.. But that cryptic nature makes you want to know more, so you make a point of watching the next episode. There was not one episode that left me thinking.. Meh, maybe I will not see it next week when it was on tv.. The only problem I had was.. I didn’t have HBO except in hotel rooms!

The story was well defined and had you wondering at every turn just where it was going to go. You had hints and visions of possible futures but you really were left with your imagination as opposed to too many foreshadowing scenes that gave everything away. The interplay of the plot lines both historical and present really kept you going too. All in all, a story that was originally a book that was turned into a series that kept most of its content. This was one of the reasons for its downfall though. The series was just too costly to continue according to HBO and thus, in the end I have a gripe about the ending…

The Bad:

As mentioned above, the cost of the show and the sudden decision to pull it from HBO left it in the lurch. Much of this due to the story lines and arc of the show being presented in book/chapter format. By killing it in the second season, the writers were left to tie up some loose ends hastily and end it with as much finality as they could and still serve the story…

Which, really did not happen.

At the end, the story was forced enough that the last three episodes felt like you were being rushed out of your seat at a busy restaurant by a harried wait staff. You got to eat, but you got heartburn for it really. The story suddenly shifted into high gear with a feel akin to a speed walking version of “The Stand” and the new “Canaan” took the place of Las Vegas.

Additionally, I found that the plot device used to foil the evil one was a bit of a kluge, however, had it been part of the larger arc later discovered through the writers pitch document, then it would not have made it seem too forced. But, because this show was given the axe, the story line and end falls flat. I think though, that I need to find out if the writers etc, knew that this was the end when they had it in the can or, did they think season 3 was coming still? If so, then the pace was just, the pace and my perception of it different because it was “the end” according to HBO.

All in all, the ending left quite the opening for continuation should someone pick up the mantle. However, since its 2010 and Hollywood would rather make crappy re-makes than original works, I hold out little hope of redemption through the arc being finished out.

Final Analysis:

  • Carnivale was a fantastic show that got the usual short shrift from the studios.
  • HBO screwed the pooch.
  • Clancy Brown is America’s scariest actor
  • This show leaves you wanting to Google a LOT of things
  • It includes Templars, Renne Les Chateau, and other mythos and that is ALWAYS cool
  • See it all on DVD.. I promise you you will not regret anything but its ending
  • Once you have seen the series read the “Pitch Document” it will give you more to work with

“Ok children.. Let’s shake some dust”

CoB

Written by Krypt3ia

2010/07/29 at 18:44

“Strutting and fretting his hour upon the security industry stage, And then being heard no more”

with 4 comments

The Frustration And Gnashing of Teeth:

Recently, I have heard others lament the state of the “security industry” as well as have posted about my own adventures into the land of FUD and Security Theater as well as a side trip into the shadow lands of denial. My last post about a call that went awry also got responses from others in the business including Mr. Reiner, who had a post somewhat similar to what I had written about, but took it further. His post mirrors much of what I am hearing and feeling myself now 13 years into it.

  • The industry has become just that, an industry that makes cookie cutter security and passes mediocre services as “state of the art”
  • The industry is now full of salesman and charlatans like Gregory Evans and Ligatt
  • The clients still just don’t get it and often do not want to
  • There are too many bells and whistle firms but too few true “holistic” security offerings out there
  • The exploits and vulnerabilities are growing at a rate faster than Moores Law and never will there come a time when you can catch up
  • Nothing is truly secure
  • Regulations are inadequate mechanisms for security best practices inspiration (notice I do not say compliance here)
  • Coders and the companies that hire them are coding insecurely and do not wish to change that
  • Greed is Good (Gordon Gekko)

Generally, the experience out there is that as everything else that someone loves to do as an avocation which turns into a vocation, becomes not so much fun anymore when business gets involved…. Especially big business. Unfortunately, this is exactly what has happened today with information security/technical security. It has become a pre-packaged, pick your services lunch counter style of operation and you rarely get what you really need and instead get the fatty happy meal instead.

Taking A Step Back:

As professionals in the field we all have different skill sets and personal bents on and in the security theater. I am putting us all into the “theater” because really, we are all like Shakespeare’s players who: “struts and frets his hour upon the stage, And then is heard no more” We are in fact often times the character of “The Fool” The one man who is the outward conscience of the king and the one person in the court who can tell the truth to the monarch that they indeed have no clothes on. Of course this really only works for those who are contractors/consultants and can then leave the site after leaving a report on their vulnerabilities and how to fix them. Unfortunately, if you are a full time employee of said “court” you may indeed find yourself in the oubliette quickly enough. We need to embrace this fool role and then decide just how we will approach our careers as well as the means in which we ply our trade for the betterment of the courts we serve in.

One must remember that we all serve the will of the king… And sometimes the king is an idiot, lout, Luddite, or schmuck.

My Goal Here:

My goal with this post and what I think is shaping up to be a series of them, is to cover the players involved here, the game being played, and the realities of our business. So many of us are running into the same walls and I have been hearing the same things over and over from you all out there as well as in my own head as I deal with clients. All too often we do our best to tell the client that they have things that are vulnerabilities within their organizations as well as their infrastructures all for naught.

Others see the bigger picture of with everything that we do, there still is always a way into the org and their infrastructure and a method to steal their data. All too often this also happens because of simple low hanging fruit attacks such as SE attacks or completely un-secured networks that lack policies and processes that might in fact prevent much of the attacks from happening were they documented and in force.

Still others see the grand scale of not only the snake oil salesmen out there but also the malfeasance of the companies that make the software and hardware systems (might I mention ATM machines Deibold? yeaaahhh I think I will) that are completely insecure and egregiously so! Even in this day and age where hacking/cracking is so prevalent they STILL do not want to take the time and the effort to code securely… And as Weld Pond said today

“YOU SHOULD BE ASHAMED OF YOURSELVES! THESE ARE SYSTEMS THAT PASS OUT MONEY!” *paraphrase likely there*

To that end, I have created the following framework for the posts to come. Some of them are posed as questions and if you like, you can comment answers that you think apply. Overall though, I would like to pull the security industry apart as well as the motivations for not only the vendors, but also the clients. I want to lay out all the players and variables, examine them all, and then come up with a strategy for what I am currently calling “Holistic Security” (I know all scented candle touchy feely new age sounding) A method of looking at the security needs of a client and offering them what they really need as well as methods to bring that client to the troth to drink from the security well.

I know.. This is going to be nearly impossible huh?

It’s either this or just packing it in and walking away though… Really… Once you reach a point where you hate the job and you feel constantly that you are doing nothing to change things you either have to walk away, or make drastic changes happen.

What do you think? Don’t you think that with all our SE and other skills we ought to be able to overcome all this?

Check out the future post framework and let me know… I will work on the players tomorrow.

CoB

The Players:

Some of us Just Want to Have It Done Right:

Some of Us Just Want to Hack and Do Cool Shit:

Some of us just want to Be Researchers:

Some Are Just LIGATT:

The Playing Field:

Current Approaches to Security Auditing:

Can There Be A Holistic Security Approach?:

Can We Get Companies to Code Securely and Ethically?:

Opposing Forces:

The Government and Compliance:

The Corporation and the Seven Deadly Sins:

Crackers, APT, and Bulgarians Oh My!:

Every Fortress Falls:

Troy

Sparta

Lockheed Martin

Is There A Framework and Methodology For Holistic Security?:

Security Basics:

Security Awareness vs. Human Nature:

Policies, Procedures, Standards, and Compliance:

Penetration Testing:

Social Engineering:

Written by Krypt3ia

2010/07/29 at 01:42