First I thought there was an exciting new flavor of ice-cream. Then I realized the title is “Self-Serve” not “Soft-Serve”. Then I thought this could be a new form of solo Tennis.

Alas, a library that carries my name at the University of Arkansas at Little Rock has deployed a bar code reader. They call it the Ottenheimer Self-Serve.

Welcome to Ottenheimer — serve yourself.

I am just glad it is not an RFID scanner. Yesterday I went on at length in my cloud compliance presentation at the San Francisco ISACA Conference about the security risks in RFID tags, including those used in a (controversial) trial at the Oakland and Berkeley libraries.

There has been no mention whatsoever of computers or malware (pun not intended) that could be related to the ecological catastrophe now unfolding in Hungary.

A reservoir southwest of Budapest holding an aluminum byproduct called “red sludge” collapsed, releasing at least 700K cubic meters into nearby towns.

Red sludge is an extremely toxic substance that contains heavy metals and acts as alkali on contact with skin. The blast-triggered poisonous flow has flooded three settlements.

Chemical burns from the sludge can take days to recognize. It has already entered streams and is now said to threaten the Danube river. With all news sources around the world bringing forward the human and environmental toll, I also noticed the CBC picked up on the usual issues of compliance:

Local environmentalists say they have tried to call the government’s attention to the risks of red sludge for years.

“Accumulated during decades … red sludge is, by volume, the largest amount of toxic waste in Hungary,” the Clear Air Action Group said, adding that producing one tonne of alumina resulted in two tonnes of toxic waste.

MAL Rt., the Hungarian Aluminum Production and Trade Company that owns the Ajka plant, said that according to European Union standards, the red sludge was not considered toxic waste.

The company also denied that it should have taken more precautions to shore up the reservoir.

“According to the current evaluation, company management could not have noticed the signs of the natural catastrophe nor done anything to prevent it even while carefully respecting technological procedures,” MAL said in a statement.

This position of MAL, a company started after privatization of the aluminum industry, will obviously become more and more difficult to defend as the impact severity of the breach increases. Their environmental protection page shows they knew the risks, and they tried to give assurances with terms like “fail-safe”:

Suitably localized, up-to-date, fail-safe ponds equipped with monitoring system are available to dispose the red mud. We devote ourselves to recultivate the red mud dumping area. The filled red mud disposal ponds are continuously covered with soil and plants.

Already the Hungarian government has stopped production at MAL.

An AP photo of the collapsed reservoir wall shows the magnitude of failure. Note the small yellow construction equipment in the bottom left corner:

David Litchfield’s part 7 in his series on Oracle Forensics is called “Using the Oracle system change number in forensic examinations”.

The paper demonstrates two tools. The first tool is “oratime”, which maps SCNs to timestamps using raw block data. The second tool is “orablock”, which dumps data from blocks including deleted data.

Unlike BBED (provided by Oracle) orablock is read only and the source code is available.

The Time article called “The Secret World of Extreme Militias” highlights an interesting point.

The threat model for their exercises is camouflaged as anti-insurgent and anti-Islamic but they more likely training to fight the US military.

“I don’t know who the redcoats are,” says Brian Vandersall, 37, who designed the exercise and tried to tamp down talk of politics among the men. “It could be U.N. troops. It could be federal troops. It could be Blackwater, which was used in Katrina. It could be Mexican troops who are crossing the border.”

Or it could be, as it was for this year’s exercise, an Islamic army marauding unchecked because a hypothetical pro-Muslim President has ordered U.S. forces to leave them alone. But as the drill played out, the designated opponents bore little resemblance to terrorists. The scenario described them as a platoon-size unit, in uniform, with “military-grade hardware, communications, encryption capability and vehicle support.” The militia was training for combat against the spitting image of a tactical force from the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), FBI or National Guard. “Whoever they are,” Vandersall says, “we have to be ready.”

I see Time’s point but I do not see the list as indicative of US military or law enforcement.

Aside from “in uniform”, which the Extremists themselves have adopted, the other characteristics fit just about any terrorist group such as the Mumbai attackers or those expected to hit tourist sites in Western Europe.

Maybe “encryption capability” is like a secret phrase that identifies establishment rather than anti-establishment enemies.

Apparently this guy comes with extensive encryption capabilities: