Sailing, Security

Multi-hull safety at sea and risk perception

Leave a comment

I was asked to represent my local A-Cat fleet this evening at a club race planning meeting, to help bring us into the fold with the other approved one-design classes. It was a surprise to find most of the questions about the A-Cat, and multi-hull racing in general, related to safety concerns.

I had to explain the various risk factors and the safety measures I thought were appropriate for a high-performance ultra-light racing platform. This would have been easier if others sailed the same or even similar type boats, but you might say the difference between an A-Cat and a typical club racer is akin to the difference between a Mosler MT900s and a Toyota Camry. We’ve been sailing enough in local events, fortunately, that the issues were discussed with some real-world examples and in the end the fleet was approved.

People on sailing forums sometimes ask about A-Cat security and here are my thoughts in a nutshell:

I say a good radio, whistle, strobe, water and spare set of goggles/glasses (prescription) are most critical…a wetsuit is also typical gear for us where thicker ones give a fair amount of buoyancy. The way I look at it these basic items significantly reduce personal risk and you could still need them even if you manage to stay with the boat after a spill (torn sail, dismast, etc.). It’s bulky but to keep it nice an tidy (and reduce windage) I always wear a giant rashguard over everything.

And that just takes me back to an old Outside article on how to calculate risks during recreation:

NO WONDER, THEN, that the optimal adventure experience for many enthusiasts is one in which the perceived risk is high but the actual risk is acceptably low. Running rapids is a good example. “People look at big whitewater, and their perception is that it’s very dangerous,” says Pamela Dillon, executive director of the American Canoe Association. “But the stats tell a different tale. In sheer numbers—including canoeists, kayakers, and rafters—the most common way someone dies boating is in a canoe, on flatwater, with no PFD [personal flotation device], drinking alcohol.

“Fifty percent of people who die in canoes and kayaks are out fishing,” Dillon continues. “They’re not tuned in to the skills and information they need to participate safely.”

If there’s just one thing you could say about A-Cat sailors, I think “tuned in” might be it. Here’s Glenn doing a nice fly-by for the race committee (note the flat water):

balance

Security

Happy MS patch Tuesday

Leave a comment

Well, twelve patches with nine rated as critical have been officially announced. The list of vulnerabilities is longer than the fixes, so I give MS credit for finding a way to reduce the numbers (ah, the cumulative update). Yet, at least one patch requires a reboot and several deal with exploit code in the wild, so the significance of the vulnerabilities should be reviewed:

Critical

* MS06-040 – Vulnerability in Server Service Could Allow Remote Code Execution
* MS06-041 – Vulnerability in DNS Resolution Could Allow Remote Code Execution
* MS06-042 – Cumulative Security Update for Internet Explorer
* MS06-043 – Vulnerability in Microsoft Windows Could Allow Remote Code Execution
* MS06-044 – Vulnerability in Microsoft Management Console Could Allow Remote Code Execution
* MS06-046 – Vulnerability in HTML Help Could Allow Remote Code Execution
* MS06-047 – Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution
* MS06-048 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
* MS06-051 – Vulnerability in Windows Kernel Coul d Result in Remote Code Execution

Moderate

* MS06-045 – Vulnerability in Windows Explorer Could Allow Remote Code Execution
* MS06-049 – Vulnerability in Windows Kernel Could Result in Elevation of Privilege
* MS06-050 – Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution

Security

Report slices into UK government knife amnesty

Leave a comment

A charity has some uncharitable words with regard to the government’s actions:

Chris Eades, author of the Centre for Crime and Justice Studies (CCJS) report, said: “Not enough is known about the carrying and use of knives or why people engage in those activities.

“Consequently, the government is constructing responses without any credible evidence that they will be successful.

“Knife amnesties will have a negligible impact since knives will be available as long as there is unsliced bread.

“If the goal of criminal justice policy is to reduce the number of victims and the harm they suffer, we should look at the root causes – the inclination or desire to resort to violence.”

Official statistics show violent knife crime in England and Wales has dropped in the last 10 years.

Sharp and very pointed analysis. The drop is apparently due to an overall decline in the use of knives, rather than effectiveness of the government program. But since when does an elected or even appointed official not take credit for positive results, regardless of their involvement or the real cause? Post hoc, propter hoc

Security

Apple announces archive utility

Leave a comment

The BBC has a report about a cool new feature for OS X that provides archive and restore capabilities that are usually found only in large well-run enterprise environments:

Apple has unveiled an auto-save system as part of an upgrade to its operating system (OS) designed for the Macintosh.

The Time Machine is a new feature in its forthcoming OS release, called Leopard, and lets users set auto-saves to hard drive or to online servers.

Files and folders can be backed-up and it also lets users search for files overwritten or altered in the past.

Excellent idea, but I wonder how they plan to handle the security of the archives. Can you encrypt them and, if so, how would you rotate and/or revoke the keys? Is there a secure-wipe function? I also wonder if the “alteration” detection is based on digests and, if so, whether the same capability will be made available for the running OS to detect suspicious activity?