Three things to remember from Verizon’s Data Brach Investigations Report

Every year around this time, Verizon releases its Data Breach Investigations Report, referred to in the trade as simply the “DBIR.” Verizon is one of two companies you call if you’ve been breached and you really want to get to the bottom of what happened and try to keep it from happening again. (Mandiant is the other.)

My CISO hates this year’s edition because of its Joy Division-inspired cover and some of the cutesy writing. But it still makes some valid points that I wish everyone would take to heart–and those points remind me why so many people in my field of work listen to Joy Division.

Read more

Dave vs. Mmm-Bop

NPR recently released its Songs of the Summer, which invokes memories of summers past by conjuring up (or dredging up, in some cases) songs you couldn’t go anywhere without hearing. Songs like “Crazy” by Gnarls Barkley (2006), or “Hips Don’t Lie” by Shakira (also 2006). Or the bane of 1991, the unforgettable “Summertime” by the equally unforgettable DJ Jazzy Jeff & The Fresh Prince.

In 1997, one of the songs of the summer was “MMMBop” by boy-band Hanson. And mercifully, I avoided hearing it. I remember the summer of 1997. While everyone else was listening to that, I was listening to aging bands like The Cure and Echo and the Bunnymen, and that habit saved me. I managed to make it until 2004 without hearing that boy-band staple. It’s an achievement I’m proud of. Read more

New Order, Joy Division, surviving and moving on

I couldn’t tell you the last time I thought about Joy Division, and then one of my college classmates posted a story about a stash of Joy Division and early New Order master tapes showing up in the basement of a former bank, along with guns and gold (but presumably, no butter). Yes, the jokes write themselves.

Instead of talking about the contents of the tapes, the story talked about New Order going on tour. I was vaguely aware that Peter Hook quit the band, and another story on the site discussed that: New Order is back together without Peter Hook, and Peter Hook is planning on touring as himself and playing Joy Division songs. And he’s writing a book about his time in Joy Division.

As a guy who spent way too much time listening to Joy Division in college, and who for a time ran the largest Joy Division tribute site on the Web, yeah, I have some opinions on all that.

Read more

Why piracy matters

Rob O’Hara offers an interesting perspective on piracy.

I agree with him. 20 years ago, copyrighted material offered presence. It was something special.

Computer software was mostly sold in specialty stores. And if you wanted something, the store might or might not have it. There was a bit of a hunt involved. I still have fond memories of going to Dolgin’s, Babbage’s, and other long-gone stores to buy Commodore software. Sure, I pirated some stuff (who didn’t?) but mostly confined myself to out-of-print stuff that you couldn’t otherwise get.

Believe it or not, I took pride in having a shelf of paid-for software.

Music was the same way. Back then, the average record store had a comparable selection to your local Target. If you decided you liked Joy Division or Sisters of Mercy, you had a long road ahead of you to collect all their stuff. Acquiring material that was far off the Top 40 path took time and effort, not just money.

Today it doesn’t matter what you want, you can probably find it in 30 minutes online. Legally, or, in most cases, illegally. Like a friend asked me about 10 years ago when broadband connections became attainable and this stuff started to change, “How can data be rare?”

The solution some people give is touring. That works for musicians, but not so well for everyone else. Book signings aren’t very profitable for most authors. There’s no close equivalent at all for software. Charging for service works for application software, but not at all for games.

The solution is to find other ways to make a living.

The loss? Culture, frankly. Music gets reduced to the lowest common denominator. Record labels can’t (or won’t) take a chance on promising young bands whose first few records don’t sell. Had U2 come on the scene in 1999 instead of 1979, it never would have made it. The Joshua Tree was a huge seller, but who’s ever heard of Boy and October? By today’s standards for first and second albums, they were flops.

The result is we see a lot more acts like Justin Timberlake, who can make a lot of money fast. If they fade from view, it doesn’t matter, because the record companies can always manufacture a replacement. Which leaves little reason to take a chance on someone who does things differently and takes a few years to really burst onto the scene. The environment doesn’t really favor the development of someone like Talking Heads, the Moody Blues, or much of anything else that deviates from the norm today. Or U2, for that matter, who may sound mainstream today, but they sure didn’t in 1980.

I see other arenas suffering too. Name me an innovative video game. There’s been very little innovation since Wolfenstein 3D came into being in 1992. Virtually everything since is just a variation on that same theme: Shoot everything that moves in a 3D environment. Yawn. That wasn’t even very innovative–it’s just that it happened in 3D. There were plenty of shoot-everything-that-moves games out there in the mid/late 1980s for the Nintendo NES. Wolfenstein itself was a remake of a 2D shooter from the early 80s for 8-bit computers called Castle Wolfenstein.

Creative people who want to have a house and a car and a few things to put in it find other ways to make a living. Like writing or doing graphic design for Pizza Today or another trade magazine. It’s steady work. It’s not glamorous and won’t make you famous, but it pays the bills. And it’s niche enough that it’s unlikely to be pirated.

Someone may find a way to make things work in this new reality. Odds are it won’t be someone in Washington. And it probably won’t happen tomorrow. Which is a shame.

My first impressions of Pandora

So I’ve been messing with Pandora, a new music service.

It’s interesting. Not foolproof, but interesting.The theory goes like this: Have highly experienced musicians overanalyze pop music, identifying its tonal qualities, and based on the qualities you find in a song that the masses (or any given individual) like, predict other songs that will have the same appeal because they share the same tonal qualities.

So I signed on, and it asked me for the name of a band or a song that I liked. So I picked “City of Blinding Lights” by U2 out of the air.

Two songs later, it played “Read ‘Em and Weep” by Meat Loaf.

Say what?

I gave it a chance. I thought more of Meat Loaf when he was a one-hit wonder than I did after he made that comeback in the ’90s. And this song is the epitome of why.

Let the record state that I don’t like over-the-hill wanna-be hard rockers singing songs that were originally written by Barry Manilow!

Note that I’m emphatic enough on that point to break out the italics and the exclamation point. I’m almost emphatic enough to break out the blink tag.

If I lose coolness points for not liking Meat Loaf-sung Barry Manilow cover tunes, then so be it.

I suppose it did have somewhat similar musical qualities to U2’s City of Blinding Lights. But this just goes to show there’s more to music than just, uh, the music.

To its credit, it did pick out a song by Delirious? that I liked.

But I guess U2 isn’t exactly the best experiment for something like this. While U2 has a reputation for all of its songs sounding the same, any serious U2 fan will point out that it’s several of U2’s hits that sound similar. But if I were to whip out a few of U2’s lesser hits, like, say, “A Day Without Me” off Boy and “The Fly” off Achtung Baby, to name two of the better songs off their two best albums, you might be hard-pressed to identify the band.

And since that’s one of the things I really like about the band, I abandoned the experiment. Tonal qualities alone won’t find another U2.

I forgot about the first time I ever heard “I Still Haven’t Found What I’m Looking For.” The reaction? “U2 records albums?” Yes, when I was 13, I thought U2 just toured and put on political demonstrations and that making records was an afterthought.

Sometimes the appeal isn’t just the music and how it’s played. Need another example? Anyone care to do a survey of how many people watch Jessica Simpson music videos with the volume muted?

So now that I’ve talked about why Pandora can’t work, let’s talk about when it does work.

After the Meat Loaf indignity, I typed in “What About Everything, Carbon Leaf” into Pandora. And it came back and said it didn’t know that song. So I just typed in “Carbon Leaf.” It came back and described Carbon Leaf as a band that uses subtle harmonies, electric instruments up front, a mixture of acoustic and electric in back, and prominent percussion.

I’d never thought about it that way, but that was what made the band catch my ear in the first place. The line “What about aeroplanes?” had a lot to do with it too, but Pandora’s technical description tells how the band said, “What about aeroplanes?” Had it been Pantera asking “What about aeroplanes?” I probably wouldn’t have liked it as much.

But when I think about the alt-rock that was being recorded in the early 1990s, before it became all-grunge-all-the-time, that description of Carbon Leaf pretty much could apply to the songs by Sugar, Material Issue, Aimee Mann, The Connells, and, for that matter, even Weezer, that I liked.

So out of curiosity, I punched in “The Sisters of Mercy.” It came back and asked if that was a song or a band. I had the band in mind, rather than the Leonard Cohen song. Leonard Cohen is an example of someone whose lyrics I like, even when I often don’t like the music.

It identified the Sisters of Mercy as having hard rock roots, electronica influences, and an emphasis on minor key tones. Fair enough.

Problem is, it gave me Pig Society by Dope, Loco by Coal Chamber, and Set Me Free by Velvet Revolver, followed by Big Truck by Coal Chamber (which sounded like a monster truck rally).

How much does Andrew Eldritch know about monster trucks, anyway?

Once I gave it enough thumbs-downs, it tried Sonic Youth on me. Sonic Youth isn’t very goth, but it’s a much better fit than something called “Big Truck.”

So I decided to see what it said about Joy Division. “Punk influences, mild rhythmic syncopation, extensive vamping, electronica influences, and minor key tonality,” it said. OK, basically Sisters of Mercy minus the heavy metal with a little punk instead? I’ll buy that. I let it play. So far, no songs about monster trucks, but the songs it did play were songs I wouldn’t mind hearing again. Tactic learned: If you punch in one band and don’t like what it finds you, punch in the name of a somewhat similar band and see what it finds.

For entertainment value, I have to give Pandora some props. Sometimes the entertainment value is unintentional. But hey, even Babe Ruth only hit a home run 8.5% of the time. There are worse ways to discover new music than this.

Like turning on the radio, for instance.

New Order is back?

A week or so ago I was in the car with my fiancee and a song I’d never heard before but that seemed strangely familiar came on the radio. "Sounds like New Order," I said. She said she was thinking the same thing but mentioned someone else it sounded like.

"That’s a Peter Hook bassline if I’ve ever heard one," I said. "Gotta be New Order."

I heard the song again this morning, and this time, the DJ said who it was. "Yes, the ’80s band," he added.It just shows how out of touch I’ve become. Ten years ago I followed that band’s every move, being (at the time) an incurable Joy Division fanatic. Since Joy Division was gone forever, New Order was the closest thing I was going to get. And sometimes I settled for the side projects, although they were almost always disappointing.

It’s a good song, I guess (though I still don’t know the title). It didn’t instantly resonate with me like their 1993 comeback "Regret" did, but it’s a whole lot better than anything else that took up space on the same album with "Regret."

But I guess it shows how priorities change when we get older. A search revealed the album was released about a month ago. There was a time when I’d run out on my lunch break and buy it on the basis of the band’s name on the cover. I just don’t do that anymore. I bought half my collection of CDs on the basis of one song, or on the basis of who recorded it, and I’ve been bitten way too many times.

A couple of weeks ago I was in the record store and I listened to a whole pile of discs and had a blast. But I walked out empty-handed. It was a great way to spend that evening, but I didn’t hear anything that made me want to spend 17 bucks. And it could very well be a year before I go do that again.

Am I getting old, or is there that much less interesting stuff out there now than there was in 1987?

Who wants to build an MP3 jukebox when you can go shopping?

I was going to cannibalize a computer to turn into a Linux-based MP3 jukebox–I figure get the OS up and going on it and figure out later what software to run on it. It’ll take me a while to get the sound card and wireless NIC working in it, I’m sure. Especially in Debian. If it turns out to be too much of a struggle, I can cave and run Red Hat or SuSE on it since they’re likely to just autodetect the stuff. And then I’ll be a Linux wimp, yeah, but hey, I’ll be a Linux wimp with a really cool sound system.
I ended up going to the store. A couple of stores. I needed vitamins and shampoo and fabric softener. It was really weird hearing “A Letter to Elise” by The Cure as background muzak in Kmart. Not that I was complaining.

I also wanted that Plumb CD I asked about yesterday. I could have saved some money by ordering it online, but I was impatient. It had a once-in-a-lifetime song on it and I wanted it. It was a longshot but I looked. Nope, no Plumb at Kmart. Just Newsboys and DC Talk–the kind of stuff my post-college girlfriend Rachel tried to get me into in 1997. I know a lot of people like them but I just couldn’t get into them.

I guess for me it was a good sign. As far as secular music goes, if it’s sold at Kmart I probably don’t like it. So I should probably expect the same for contemporary Christian music too.

Best Bait-n-Switch had it. So I got it, hopped in the car, put it in the CD player, and turned the volume up a bit. Maybe it’s just how my brain is wired, or what’s been on my mind lately, but “Real” just resonates. To me, it’s an instant classic, like “Day After Day” by Badfinger or “If You Leave” by OMD or “Love Will Tear Us Apart” by Joy Division.

I’d tell you about the rest of the album but I’ve had that one song on repeat play for most of the night. I think the last time I did that was six years ago with “Want” by The Cure–which turned out to be a smart move, since there wasn’t much else listenable on that particular record.

Here’s a promising site

I’ve been poking around at songfacts.com. For music junkies like me who want to know absolutely everything about their favorite songs, this site’s a fix. They’ve got something to say about the majority of the songs U2 and Peter Gabriel ever recorded. It was interesting to find out what Gabriel’s “Here Comes the Flood” was really about. Read more

Failures (of the modern man).

I love Joy Division references. For those of you reading this on the front page who can’t see the title (I’m sure I can fix that but I’m lazy and it’s late), I titled this “Failures (of the modern man),” which was the title of an early Joy Division song. I don’t remember what it was about. It was just a really cool title.
I saw another ghost today. Not literally. A ghost from the past. Someone I knew a long time ago, someone I hadn’t seen in eight years. I know I looked vaguely familiar to him because we made eye contact and he gave me the I-know-you-from-somewhere-but-I-don’t-know-where-so-I-won’t-say-anything look. I gave him the very similar I’m-pretty-sure-I-know-who-you-are-but-I’m-not-saying-anything-just-in-case-I’m-wrong look.

I met him in 1991. I’d just turned 16 and this was my first job, at a place called Rax, a now-defunct fast-food joint whose specialty was roast beef sandwiches. I was ambitious and worked hard. I had several reasons for working: It was something to do. I liked having date and weekend money. (Not that I got many dates–so it was mostly weekend money.) It was another place to meet people outside of school.

A lot of people looked down on me because I was working in a restaurant, and a fast-food restaurant at that, and it made me mad sometimes. I got the job easy and I didn’t want to make a lateral move, so it made sense to stay there. At that point in time, it was virtually impossible for a 16-year-old male to get a job outside of food service because until you turn 18, you can’t be prosecuted if you steal stuff. At a fast-food joint you can steal little stuff but they can fire you for doing it, and that’s usually enough deterrent. And I was ambitious. This was my job until I turned 18 and could get something else. Then when I turned 18 it was hard to get something else because not many places were hiring in 1992. We were in a recession. So I stayed until I left for college. No shame in any of that. I worked hard, I did the job well, I was good at it, and I did move up. My next job was in retail, hawking consumer electronics for two summers and two Thanksgiving and Christmas breaks. My next job after that was as a part-time computer tech, which grew into a full-time network administrator job.

I’ve been a young professional for just over four years now, and I can look back over the four years, see good reviews, a lot of work accomplished, and a steadily increasing salary, presumably a reflection of how my employers have valued my work. My car’s a 2000, I wear a tie most days, and I command respect. I guess I turned out OK.

Back to this guy I saw yesterday. He worked part-time. He was the guy who walked around the mess hall “dining room” and cleaned off the tables. He swept the carpet. He washed the trays. He got people refills. He was a good guy, a nice guy, personable. He didn’t strike me as dumb either. I remember him being reasonably articulate. He’s not of old European stock; he’s at most a second-generation American and more likely he’s an immigrant, but he had a very light accent.

I don’t know how well respected he was. One night I came in, and the general manager asked me to fill out the night’s lineup. The positions were usually pretty obvious. You had to be 18 to run the slicer, so you’d put the 18-year-old there. One of the people working until close took the salad bar, and the other closer took the drive-thru. Of the two people left, one took the dining room and one took the front register. Most of us had our specialties. I was good on the register, fast at making change, so I was usually on the drive-thru or up front. So I filled out the lineup, handed it to her, and asked if it was OK.

“No, put [this guy] on front cash,” she said, then laughed. “No, it’s great. Post it.”

I don’t know when I last saw him. The store closed in 1993. I left a little before that to go to college, but I remember the store’s last day. I don’t know if I came in just to say goodbye, or if I came in that day to get my last paycheck. I know I didn’t see him that day. The store fell on tough times near the end, because the company was struggling big-time, and just about all of us knew it. More often than not, we went without someone in the dining room. The salad bar person or the front cashier would pop out there and clean up the dining room when things were slow, which was often. He probably didn’t make more than $4.50 an hour, but if the store could save 9 bucks by not having him there from 5-7, the pressure was there for them to do it. He may well have sought employment elsewhere long before the store closed.

I saw him today. I was bad today. I rarely eat fast food anymore, because it’s terribly unhealthy, but today I had a Jack in the Box craving, so I went there. And there, working the dining room, was a dead ringer for the guy I was talking about. This guy had a beard, and he looked older, but it’s been 8 years, so of course he looks older. The name on his badge was a diminuitive form of the name he used when I met him, and it’s not a terribly common name. If I were a betting man, I’d eagerly wager a hundred bucks it’s the same guy.

And I felt bad. I’m 26 now. I said something derogatory about yuppies a couple of weeks ago, and one of my coworkers said, “But you are one.” And I guess he’s right. I wear a tie. I drive a 2000. I can afford a ritzy apartment. (I prefer to bank the money instead.) I’ve done OK.

And here’s a former coworker, in all likelihood in his 60s now, still doing the very same job he was doing when I met him more than 10 years ago. I confess I don’t know what minimum wage is these days because it’s been eight years since minimum wage affected how much money I made. And I never made minimum. My starting pay was $4.50 an hour, when minimum was $4.35.

While all fast-food jobs, outside of management, are considered unskilled labor, cashiers are generally paid better than the people who clean dining rooms. I doubt he made much more than minimum 10 years ago, and I doubt he makes much more than minimum now. Meanwhile, the only way minimum wage affects me is by raising the price of things like soft drinks and milkshakes.

And I’m wondering, where did it go wrong? Maybe he likes working fast food. I don’t know. But he didn’t look particularly happy, so I doubt it.

You can learn a lot in 10 years. I’ve been slacking. I wanted to know Unix by now. I also wanted to be able to read Greek and Hebrew by now. I can build and administer simple Linux servers now, but the only non-English language I know is Spanish, and I sure don’t know much of that. I can find the bathroom and I can ask for three of my favorite foods, I know a good way to get funny looks is to say, “Llavo mis manos con sopa de pollo,” and when one of my coworkers curses in Spanish, I know she’s cursing but I usually don’t know what she’s saying.

But I have learned a lot.

Why hasn’t he? Where were his opportunities? Did he choose not to better himself, or has the door been slammed in his face? I know it’s not the government’s responsibility to see to it he betters himself, or necessarily even to give him opportunities, but isn’t it his neighbors’ responsibility? What have they been doing? What should they be doing? What should I be doing?

Those are tough questions I don’t have an answer for.