SPEEDY Shows Up
Tuesday, May 10 2005
At 15:01:31 GMT (8:01:31 PDT) another computer, SPEEDY.pnl.gov, showed up on
my blog. The user did a google search for blog huffman and clicked
viewed the blog posting
Blogs mentioning Boomershoot.
At 15:02:31 SPEEDY clicked on the link to the home page of my blog.
At 15:05:46 SPEEDY viewed the posting
Boomershoot pictures and video from Jason M.
At 15:06:32 SPEEDY clicked on the link to my personal web site
At 15:07:30 SPEEDY viewed the blog archives for the month of
At 15:07:39 SPEEDY viewed the blog archives for the month of
At 15:08:26 SPEEDY viewed the blog posting
I should just go to bed.
At 15:08:56 SPEEDY clicked on the link for the post category
At 15:09:03 SPEEDY viewed the blog posting
Busy, busy day and it's not over yet.
At 15:09:11 SPEEDY viewed the blog posting
It's a good thing I'm not superstitious.
At 15:09:26 SPEEDY clicked on the link for the post category
At 15:09:29 SPEEDY viewed the blog posting
What I'm working on and why (which I
deleted off from blog on May 18 even
though news about this project is openly available on the
At 15:09:49 SPEEDY viewed the blog posting
Internet access anywhere.
At 15:10:08 SPEEDY viewed the
Image Galleries on my
blog. He was confronted with the following title and thumbnail pictures:
Joe and Barb
Random pictures of Joe and sometimes Barb
At 15:10:11 SPEEDY, as with previous investigators, showed the most interest
in the one with me wearing a holster and gun on my hip and clicked on
the center picture.
At 15:10:17 SPEEDY clicked on the left hand
At 15:10:21 SPEEDY clicked on the right hand
At 15:10:35 SPEEDY went back to my personal web site and clicked on the link
to my webpage for
At 15:11:18 SPEEDY clicked on the link to the WMV compilation:
At 15:15:33 SPEEDY clicked on the link to the
At 15:16:07 SPEEDY again clicked on the link to the
At 15:16:21 SPEEDY after doing a google search for
site:blog.joehuffman.org clearance viewed the blog posting
National ID card is on its way. As it stands this post is modified, as
explained here, from it's original form.
At 15:17:17 SPEEDY clicked on the link to the home page of my blog.
At 15:17:46 SPEEDY after doing a google search for
site:blog.joehuffman.org site:blog.joehuffman.org classified (yes, the site
restriction was duplicated) viewed the blog posting which has now been deleted
but is reproduced below:
National security and secrecy
Bruce Schneier has a
post up today about the balance between security and secrecy. Often you
are more secure by being less secretive. He links to
this testimony before Congress which, indeed, is excellent testimony. At
first I had my doubts about his position. Often times when people claim some
bit of information isn't useful or important it's simply because they lack
imagination or skills to utilize that information. And so I can imagine that
when people say something like only 10% of classification is for legitimate
protection of secrets they just didn't understand how all that information
could be utilized to cause the U.S. harm. But as I read on a bigger picture
began to emerge. Openness with information enables distributed processing.
Rather than just a few “experts” having access to critical data you have
thousands or perhaps millions of people with access. They might not be the
“best and the brightest expert“ with a government approved need to know but
they may be in the right place at the right time to recognize that some tidbit
of data only they have will connect two sections of “the jigsaw puzzle”. Sort
distributed processing using ordinary computers can accomplish great
things that if done using single task computers would be too expensive.
Another example would be presence of weapons in the hands of private
citizens. On the average they aren't as well trained in the use of weapons as
Federal Air Marshals or perhaps (this point is debatable) even
the FBI and local law enforcement. But the distribution of power to a wider
section of the population means that there is a greater chance some means of
defense against attack will be available and readily deployed rather than
waiting and hoping for the “experts“ to arrive in time to save you.
My personal experience with classified data has been that I could
understand why the classified information I had access to was classified. It
made perfect sense to me. There wasn't really any over classification of
stuff. But perhaps it was because I dealt with different types of data.
Stuff we know about our enemies that we don't want them to know that we know.
Or tools we use that if discovered would allow them to defeat them. Or maybe
it's just because I looking for justification for the decisions that had
already been made. I do know that when I write up something which might be
classified (making my handling of it much more difficult) I play a little
game. I do my best to write it in such a way that it isn't classified. This
is much to the consternation of the person doing the classification. I
remember one document that no paragraph was considered classified (they have
to mark things classified/unclassified on a paragraph by paragraph basis).
Yet the paper, taken as a whole, was obviously very sensitive information.
They ended up classifying one paragraph and I had to place the entire document
in the safe, in the locked room, in the specially locked area of the
building. But I made them earn their pay for causing me the extra hassles of
dealing with that paper as classified. And someday they may end up having to
justify classifying that one paragraph which, on it's own, doesn't qualify for
More thought is needed on this topic and I'll be looking at the classified
material I handle with a much more critical eye than before.
At 15:19:04 SPEEDY, using the previous google search, again viewed the blog
posting What I'm working on and why
which I deleted on May 18, 2005..
At 15:19:41 SPEEDY, using the previous google search, viewed the blog posting
At 15:20:48 SPEEDY, using the previous google search, viewed the following
blog posting which I deleted on May 18, 2005.
Some of the work I do
Nearly all of the work I do has at least some classified component. There
is one project that doesn't. This
article describes some of the problems I'm helping to fix.
Hundreds of times a day, hackers try to slip
past cyber-security into the computer network of Constellation Energy Group
Inc., a Baltimore power company with customers around the country.
Patrick H. Wood III, the chairman of the Federal Energy Regulatory
Commission, warned top electric company officials in a private meeting in
January that they need to focus more heavily on cyber-security. Wood also
has raised the issue at several public appearances. Officials will not say
whether new intelligence points to a potential terrorist strike, but Wood
stepped up his campaign after officials at the Energy Department's Idaho
National Laboratory showed him how a skilled hacker could cause serious
Wood declined to comment on specifics of what he saw. But an official
at the lab, Ken Watts, said the simulation showed how someone could hack
into a utility's Internet-based business management system, then into a
system that controls utility operations. Once inside, lab workers simulated
cutting off the supply of oil to a turbine generating electricity and
destroying the equipment.
Describing his reaction to the demonstration, Wood said: "I wished I'd
had a diaper on."
Also Bruce Schneier has a
post today about SCADA (System Control and Data Acquisition) security.
SCADA is a broad term for technology that is used for things like electrical
power generation and distribution, to sewage treatment plants, to water
distribution, to chemical plants. There are some security holes that need to
be plugged and there are lots of people working on the problem. The problems
are not technically all that tough. More difficult is the making the business
case for upgrading the exsiting systems. And how do you measure the benefits
and risks of making the system more secure (or not)?
At 15:21:18 SPEEDY, using the previous google search, viewed the
Name that bullet.
At 15:21:34 SPEEDY, using the previoius google search, viewed the
blog posting below which I deleted on May 18, 2005.
More impact from the Los Alamos screw up
Tuesday I metioned the Los Alamos mess caused a minor impact on me.
Another hit just occurred from the same screw up.
Secretary of Energy Spencer
Abraham today ordered that all Department of Energy (DOE) operations using
such controlled removable electronic media (CREM) as classified hard drives
or computer discs conduct an immediate stand-down to improve procedures for
protecting such media.
PNNL, where I
workd, is a DOE laboratory. This “stand-down“ doesn't directly affect me at
this time. It could have and it still might. But the internal email say that
our earlier activities were in preparation for this sort of thing and we
should be back up and running at full speed by Monday morning.
At 15:21:50 SPEEDY, using the previous google search, viewed the
National Security Issues.
At 15:22:09 SPEEDY, using the previous google search, viewed the blog posting
What did you do today ... for freedom?
At 15:22:33 SPEEDY, using the previous google search, viewed the blog posting
I just invited 'the enemy' to Boomershoot 2005.
At 15:22:36 SPEEDY clicked on the link to the home page of my blog from the
previous viewed post.
At 15:24:05 SPEEDY clicked on the link to
At 15:24:19 SPEEDY clicked on the link to the post category
At 15:57:26 PUCK returned to the blog home page.
At 21:06:12 WD31448 viewed the home page on my personal web site
At 21:06:24 WD31448 viewed the home page on my
At 21:06:44 WD31448 viewed the
Links page on
At 22:03:26 SPEEDY came to the home page of my personal web site
www.joehuffman.org by clicking a link on
an old personal website
of mine for which I don't have web logs.
At 22:03:30 SPEEDY clicked on the link to the web page
At 22:04:28 SPEEDY clicked on the link to the web page
At 22:05:13 SPEEDY clicked on the link to my blog.
At 22:17:00 SPEEDY clicked on the link to
Contact on my blog.
At 22:20:57 SPEEDY clicked on the link to the
archives for my blog.
At 22:25:23 SPEEDY viewed the blog posting
Home life update (Kim mostly--what else?).
At 22:27:54 SPEEDY viewed the blog posting
Airport security is still a joke.
At 23:07:27 PUCK went to the home page of my blog.
At 23:08:23 PUCK again went to the home page of my blog.
There were no further contacts from PNNL investigators this day.