My favorite quote so far on how to reduce injury when running is from the NYT

The “one best way” isn’t about footwear. It’s about form. Learn to run gently, and you can wear anything.

When is that not true? If gently means less risk, then learn to operate with less risk and you can do anything. Tautologies are fun. But there is a more serious message found in the detail of the story.

The human body can be trained to run and reduce the risk of injury from impact. That training can never be replaced completely just by technology in a shoe. So you are better off learning to run at least some of the time without any shoes because it gives the best feedback and form that will reduce the long-term risks of injury.

We were once the greatest endurance runners on earth. We didn’t have fangs, claws, strength or speed, but the springiness of our legs and our unrivaled ability to cool our bodies by sweating rather than panting enabled humans to chase prey until it dropped from heat exhaustion. Some speculate that collaboration on such hunts led to language, then shared technology. Running arguably made us the masters of the world.

So how did one of our greatest strengths become such a liability? “The data suggests up to 79 percent of all runners are injured every year,” says Stephen Messier, the director of the J. B. Snow Biomechanics Laboratory at Wake Forest University. “What’s more, those figures have been consistent since the 1970s.” Messier is currently 11 months into a study for the U.S. Army and estimates that 40 percent of his 200 subjects will be hurt within a year. “It’s become a serious public health crisis.”

Alternatively, surface areas could be scrutinized better for total impact. The story does not mention that most human history of running predates asphalt and concrete. What’s the cost again of paving everything into an unforgiving solid to support heavy vehicles? Dirt and leaves on the ground now probably look better than ever. But I digress…

Six months after being told he should never run again, [Cucuzzella, a physician, a professor at West Virginia University’s Department of Family Medicine and an Air Force Reserve flight surgeon] finished in 2:28, just four minutes off his personal best.

“It was the beginning of a new life,” Cucuzzella told me. “I couldn’t believe that after a medical education and 20 years of running, so much of what I’d been taught about the body was being turned on its head.”

The article conflates this educational failure with a propaganda campaign by a shoe company.

When a few of Nike’s shoes didn’t fare so well in the 1981 reviews, the company pulled its $1 million advertising contract with Runner’s World. Nike already had started its own magazine, Running, which would publish shoe reviews and commission star writers like Ken Kesey and Hunter S. Thompson.

Of course it gave itself good reviews but that does not answer the question of why anyone believed them.

Just as the shoe reviews were changing, so were the shoes: fear, the greatest of marketing tools, entered the game. Instead of being sold as performance accessories, running shoes were rebranded as safety items, like bike helmets and smoke alarms. Consumers were told they’d get hurt, perhaps for life, if they didn’t buy the “right” shoes.

Oh, security and fear. That seems like the same thing being used to sell barefoot running, but maybe this time the tests will be fair and the data accurate.

The 2011 SF ISACA Fall Conference schedule for next Tuesday has been updated.

T2 In-Depth Seminar Risks and Controls in Cloud Computing, which I wrote about earlier, has the following changes.

1. The presenters will not be required to speak to NIST cloud audit guidance. Each is expected to present their own.
2. Amazon will now open and close the seminar. The panel moderated by PwC at the end of the presentations has been replaced by the PCI DSS QSA firm for Amazon, IO Active. In between the AWS presentations will be salesforce.com and myself.

Presenters:

• Chad Woolf, Compliance Leader, Amazon Web Services
• Scott Gregory, Information Security Compliance Leader, Amazon Web Services
• Robert Fly, Head of Product Security, salesforce.com
• Crispen Maung, Sr. Director of Technology Audit and Compliance, salesforce.com
• Davi Ottenheimer, President, flyingpenguin
• Robert Zigweid, Principal Security Consultant, IO Active

Session Abstract:

Do you want to know where data resides in the cloud? How data is protected and secured in the cloud? Who has access to your data? What happens when your cloud provider dissolves? Is there a disaster recovery plan. Find the answers to these questions and the latest risks, controls and audit guidelines in the Cloud Computing environment in a one day track that will be presented by leading cloud providers and control experts. Each presentation is interactive and will include a Q&A session. You will find yourself confident about your understanding of the risks and controls in Cloud Computing after this daylong session.

This should be a spirited and detailed look at the current state of compliance in the cloud. Hope to see you there.

vNinja.net poses the challenging question “Why Can’t I Syslog my VMware ESXi Installation?”

Since ESXi supports, and actively encourages, the use of an external Syslog service for log file safekeeping and monitoring, shouldn’t the installation logs for ESXi also be logged externally if configured?

[…]

I was very surprised to see that there is no option to configure syslogging until after the installation is finished and the host configuration script(s) runs (ks.cfg).

By using a ks.cfg script you can automatically configure syslog settings, but since that happens after the installation is done, and the host is potentially rebooted, the installation logs are lost (ESXi logs are not persistent by default) unless you run something that copies them over to another location before the reboot happens.

Philosophically this reminds me of what Sartre wrote in Existentialism and Humanism

What do we mean by saying existence precedes essence? We mean that man first of all exists, encounters himself, surges up in the world — and defines himself afterwards.

In other words it takes an external force to enable a remote log configuration at a point earlier than a system itself has any awareness. An upgrade is an easier situation to address, since the system is already aware of itself. A first build, however, at the early stages with few bits in place begs the question of when installation really begins. Before a system exists it will not be able to log remotely.