John Benson dot com

While the website doesn’t reflect it yet, I received word that I’ll be presenting at Shmoocon 2008.  I’ll be talking about how the e-discovery process works, how organizations can reduce the cost of litigation, and how truly frightening the security surrounding e-discovery is.If you’re going to be there and would like to get together for a beverage…drop me a line. ###On a theoretically related note, the video and audio for my talks at DEFCON 15 should be available in their RSS feed soon. 

A couple years ago my trusty Dell laptop started to take a turn for the worst. Like many Windows users I could see the telltale signs that things were up. Our old friend, the Blue Screen of Death, reared its ugly head a few times and the system felt unstable in general. This was well outside my reinstall cycle so I quickly ran a full backup to make sure I didn’t lose everything and within an hour there was a lovely clicking noise coming from the hard disc.

I quickly dispensed with a couple first level help desk personnel and eventually found a person with authority to authorize a replacement for me. The drive would arrive in a couple days and as long as I was comfortable with it, I could do the replacement myself. Expecting a long wait without a laptop, I was pretty pleased until I learned the catch. I had to mail the old drive back to Dell for remanufacturing. I wasn’t about to send my drive anywhere, let alone to have my data given to some future participant in a similar process.

I explained that I wasn’t going to have it because there was sensitive information on the drive. Explaining to the support guy that I was obligated to keep the information secret, he put me on hold to find a solution. The only way that Dell would allow me to keep the drive was to sign an affidavit…which was fine with me until I read the affidavit which read that I was a US Government Contractor with classified material on the drive. I had neither.

After some critical thinking by both of us, we came to the conclusion that since Dell was expecting a drive with a mechanical problem that it could be in any form imaginable. This was a great deal because

1. I got my first hands on experience with the inner workings of a laptop hard drive.
2. I found out how hard it is to actually smash platters.
3. Dell got a drive with some mechanical problems to salvage.

Fast forward to a couple months ago when the logic board on my Mac went out. It wouldn’t turn on so the girl at the Genius Bar went right into the paperwork. She explained that if the hard disc had to be replaced I wouldn’t be getting any of my old data back. I asked about receiving the old one for a while so I could try and retrieve the data in that case and she told me that couldn’t happen. I didn’t really sweat that since I had a week old backup at home. Then she brought the house down with this one..

What is your administrator password?

I looked at the other guy working the Genius Bar who knows my background a bit more and we both started to laugh. I needed a new logic board…there’s no reason for them to know any of my passwords…let alone the root. She said it was so they could test it to make sure it would boot. She was sympathetic and we both settled on something random to put on the form.

Is keeping hard drives a security issue as Dave Winer thinks? Not really.

Your machine belongs to the person at the keyboard whether it be you, the Geek Squad kid making $7 an hour and stealing all the porn he can find, or the guy who took your laptop out of the back seat of your Range Rover sporting that trendy Apple sticker.

This is one of the many reasons to use encryption. If I send my Mac to be serviced and the hard disc has to be replaced tomorrow I’m confident that the recipient has access to none of my information. While it’s true that Apple needs to take security more seriously and certainly shouldn’t be asking people for their passwords just keeping the drive is only a vulnerability if you make it so.

Something tells me that Bruce Schneier doesn’t lose sleep over this.

  The other day I received an email out of the blue from an outfit called Schmap who produces interactive travel guides for cities around the world informing me that my photo (see above) had been short listed to be a part of their guide to Tampa.   Considering how easy it would be to just gank the image without my permission, I thought that it was pretty nice that they let me know.They’ve obviously been doing some digging considering that the image only has seven total views since being posted last spring but it is a heck of a shot and makes for some cool wallpaper despite being taken on a point and shoot camera.

I’ve been working with the Getting Things Done method for organization for a while, but the system never really kicked into high gear until I fully embraced the Weekly Review.When reading David Allen’s book and listening to his lectures the Weekly Review is touted as the most important component and the hardest to adopt. It seemed strange to me that this would be the hardest part to stick to when getting started, but within a couple weeks it just didn’t occur to me to revisit everything that was going on in my life when it was placed into such a bulletproof system.When I started my job at the Firm, I learned that I’d be sending in a weekly report to the Director every Friday. While some people probably would view this as a painful task considering how busy things tend to get, a feeling of joy washed over me. Now I would be personally accountable on some level for completing the most important GTD component.My weekly review includes shutting my door (it’s an open door Firm so this is rare during the week), putting on my good headphones and listening to Miles while spreading my Hipster PDA all over my desk. I’m able to write down all my open projects on a legal pad first. This pad will then be transcribed to a text file which I send in. After getting everything current down, I ponder any other projects which I’d like to fully commit to and begin.The next step entails taking everything from the legal pad and old Hipster PDA cards and creating fresh ones. While seeing so many tasks crossed off is nice for gaining a sense of accomplishment, having to flip the context cards (@office, @mac, @calls, @email, etc) over tends to be a pain and makes the system less bulletproof.Even if you aren’t accountable on a weekly basis to someone, I’m guessing that it would be a great habit to develop. Not only are you accountable but it can be great for reminding the other people you work with that you are waiting on something when you know they may have forgotten.

For the past couple months I’ve been shopping around for a CMS (Content Management System) to use for the next version of my website. When I first started using Joomla, it had some real promise. Adapting my designs to its PHP framework was relatively straightforward, their IRC channel was helpful and they had a new release on its way.

More than a year later their next version still hadn’t reached stability and the previous version was showing dust and security vulnerabilities. Considering how security conscious I am, the idea of getting owned by a trivial XSS exploit was unacceptable.

I tried Drupal (again) and while the installation process has improved, the documentation is still more obtuse than Farnsworth on Contracts. Drupal developers are in high demand right now and as much as I would love to join their ranks, the amount of time and effort that would be involved just isn’t acceptable considering I’m a busy guy.

It was about this time that I came across ModX, another open source CMS. Let me say that it is by far the best option for a designer/developer with a similar background as myself. Quite simply I want to be able to take a mockup, adapt it to HTML/CSS and drop in some simple calls for content areas.

Working with ModX was such a nice experience that I was actually looking forward to the usual day of pain that is the final adaptation of my markup to the content management system.

This was about the time when I asked myself, “How do I promote this article to the front page and create the RSS feed?” This is where ModX seems to wander into the land of Drupal with what appears to me to be a fork into a “snippet” called Ditto.

So there I sat on Sunday morning…already in somewhat of a foul mood knowing that the Chiefs were destined to be embarrassed by the Donkeys (which of course happened) realizing that even though all my markup was done I was in for a long few nights of reading documentation and using trial and error to put the final product together.

It was at this point that I had a moment of clarity. One of the reasons that I don’t produce enough content is because the CMS doesn’t play along and it can be a real pain in the ass to write more. Knowing that producing quality writing was a higher priority than placing another design in my portfolio I downloaded Wordpress again.

The install on my local network was so smooth that I didn’t even drop all my content in locally before exporting and uploading.

My content was migrated to Wordpress by the early evening and I was finished with plenty of time to relax before finally having a full week in the office.

So what is my outlook for a full redesign? I’ll work through one of the many Wordpress design tutorials to adapt my design to Wordpress and use ModX for other content areas such as my design portfolio. This way I’ll be able to pump out as much direly needed e-discovery analysis and opinion as I can without spending costly hours trying to learn how someone else thinks.