I would like to know who gives the Good Design award for a bike stand that has no security?

Sure the Meandre by mmcité looks good but it seems to me the most fundamental requirement of a stand in the city would include some kind of security — help prevent bikes from being stolen. Preventing accessories (seat, pedals, etc.) from being stolen would also be nice.

Bike stand Meandre by mmcité has won Good Design Award 2009‘ awarded by the Chicago Athenaeum (Museum of Architecture and Design in Chicago). mmcité product came through in tough competition of world’s famous manufacturers and managed to catch attention of international jury.

I see no practical way to lock the frame, let alone protect the bike parts, in this design.

Aside from the security issues, I also do not see how you would fit more than one or two bikes into this stand. The handlebars, especially on touring and mountain bikes, prevent such a close configuration — it’s a lot of wasted material.

Skating on Stilts is a blog that says it is about “why we aren’t stopping tomorrow’s terrorism”. A post today discusses Emergency Powers to Respond to a Computer Attack.

Note the disclaimer in paragraph six:

So, if operators of our power grid are dumb enough to run their systems by relying on the Internet and Windows XP, then the bill’s authority to order emergency measures would apply to the providers of electric power, to their ISPs, and to Microsoft. Otherwise the ISPs and Microsoft are in the clear. As for the rest of us, including our search engines, we’re in the clear from the start.

Dumb enough?

At this point I wonder if the author, Stewart Baker who served as General Council for the NSA and worked in DHS under President Bush, has a clue about security let alone how utilities depend on and use technology.

Utilities have critical systems (as defined under NERC CIP 002) that run Windows XP and they also rely on the Internet. Critical systems not only include those involved in bulk power generation and distribution systems but also the daily operations systems including financial management and market systems. That is not to mention the expanding use of the Internet for smart grid and smart metering systems.

Why bash utilities for using Windows XP? I mean if he had said Windows 98 we might have had a laugh or two but Windows XP? Gartner just started recommending that enterprises begin migrating from Windows XP…by 2012.

Microsoft will support Windows XP with security fixes into April of 2014, but past experience has shown that independent software vendors (ISVs) will stop testing much earlier. “New releases of critical business software will require Windows 7 long before Microsoft support for Windows XP ends,” said Steve Kleynhans, research vice president at Gartner. “Organizations that get all of their users off Windows XP by the end of 2012 will avoid significant potential problems.”

I am not defending Windows XP. It is just a simple reality that it is widely used by bulk power and it is still a supported operating system. There are significant security concerns with Windows XP yet it is misplaced to blame a single supported OS for security failures. In other words it is not the technology, stupid.

Remember how President Bush signed Executive Order 13231 in October 2001? The security recommendations in that order went something like this:

1. Identify SCADA systems connected to the network
2. Disconnect those systems from the network

That is not what I would call smart security; and we wonder why we are in such trouble with security of critical infrastructure. The irony of the Order is that it carried the title “Critical Infrastructure. Protection in the Information Age”. Perhaps it could have had the alternate title “Welcome to the information age, please disconnect for safety.” Switching from Windows XP to some other OS does not fix everything. Same for getting “off” the Internet. Much better to recognize how to handle these as a reality of any modern IT environment.

Although well-intentioned, Baker’s blog post would have been more effective if he had done some basic research on information security and technology used by utilities. His reference to Windows XP and the Internet as dumb choices really just reflects poorly upon his own knowledge of security risks and what authority the government needs to help manage them.

I suggest, for example, that FERC quickly tighten up the NERC CIP. It currently allows too much leeway for entities — they can dictate scope unreasonably, which can turn it into something like a bad SAS70. Force more accurate scope through prescriptive compliance based on NIST SP. Handing out almost open-ended amounts of rope to energy companies seems to have just gotten them severely tangled or worse. Even Sarah Palin, after the latest disaster, has become an advocate for far more industry regulation.

With all that said the key to Baker’s analysis seems to be found in the concluding paragraphs when he asks

…do we want the President to look as helpless as he looks today in response to the BP spill?

Make the President look good? That sounds eerily familiar.

Worthy advised Brown: “Please roll up the sleeves of your shirt, all shirts. Even the president rolled his sleeves to just below the elbow. In this [crisis] and on TV you just need to look more hard-working.”

Give the President more authority so he can look better during a crisis? Just to look better? That does not sound well-reasoned at all to me. Give more authority if a user is qualified and there are adequate controls in place to prevent catastrophic mistakes and misuse.

I have to say, before I get on to the usual data about pit bulls, that I am surprised to see the dalmation appear in a list of dangerous dogs. Apparently they are aggressive towards people, which does not fit well at all with my image of them riding in fire trucks.

It turns out the spotted breed actually gets along really well with horses. Fire engines used to be pulled by horses. Thus the connection between fire departments and dalmations has nothing to do with safety to humans.

I still think they are nice dogs. Right, with that out of the way, Dog Bite Law says pit bulls and rottweilers are the most common dogs involved in fatal incidents:

“Studies indicate that pit bull-type dogs were involved in approximately a third of human DBRF (i.e., dog bite related fatalities) reported during the 12-year period from 1981 through1992, and Rottweilers were responsible for about half of human DBRF reported during the 4 years from 1993 through 1996….[T]he data indicate that Rottweilers and pit bull-type dogs accounted for 67% of human DBRF in the United States between 1997 and 1998. It is extremely unlikely that they accounted for anywhere near 60% of dogs in the United States during that same period and, thus, there appears to be a breed-specific problem with fatalities.”

Saw that coming, didn’t you? These statistics beg the usual questions. Are pit bulls frequently in situations where there is a high likelihood of violence, or is there a high likelihood of violence in situations where there is a pit bull? German shepards and dobermans, for example are typically used for guard or police duty. That would make them far more likely to be involved in incidents like biting people. Dalmations seem to be around fires a lot…