Fun fact: Google search ratios about problems, by OS

Search pattern	Number of results	Ratio of "problems"
"windows 98"	21,900,000
"windows 98" problem	6,770,000	30.91%
"windows millenium"	291,000
"windows millenium" problem	77,500	26.63%
"windows xp"	124,000,000
"windows xp" problem	61,400,000	49.52%
"windows vista"	80,900,000
"windows vista" problem	88,200,000	109.02%
"windows seven"	2,900,000
"windows seven" problem	551,000	19.00%

Monthly ITsec Leadership Quotes and Articles

• Influential Information Security Leader on the Identity Theft Awareness site.
• The oldie but still goodie An Absence of Leadership on the official site of Geekonomics.
• My excellent colleague Guillaume Deraedt, at a regional chapter of hospital CISOs: "A CISO handles non-conformity", as opposed to the compliance view of handling conformity.
  

Altering the philosophy of this blog

I have long felt that responsibility in information security was a hard management job.
I have always known, through personal temper, that leadership is an asset in every management position.

Yet it never appeared to me until a few semesters ago how much responsibility in information security was a job that required, most of all, leadership skills. For this reason, I have chosen to more regularly publish articles on this site about the leadership of information security, including good readings about it, even uncommented.

Among the reasons that conspired to enhance my point of view, here are a few:

• Working as responsible in this field for more than two years now.
• Realizing that the job is a drop about team management, a bucket about upwards management and an ocean about transversal and stakeholders' management.
• Realizing that security is a lot about conceptions and misconceptions, and that vendors are better at it than internal managers of any company. And that reacting to this situation takes a lot of communication towards the teams.
• Having Anton Chuvakin summarize one of my articles by naming my job "expert in security leadership", which made me think a lot.
• Reading books like "Geekonomics", by David Rice or "The CISO function [FR]", by Bernard Foray.
• Seeing that everyone is capable of designing a highly sophisticated security framework in his head, but less often implement it.
• Reading a lot of blog articles from security experts, and writing a few, complaining about people's behaviour and misconceptions and calling for help, for people to change.
  

In the end, I have decided that the best is to help myself, rather than wait for others to change or wait for "top management" to give full powers. Heaven helps those who help themselves, as is said on both sides of the English Channel.
So now comes the time when I emphasize on leadership.

Comments, praises and amazements welcome.

Hacking a speed cam

France nowadays is full of speed cameras serving car owners huge fines and the ability to loose one's driving license faster than ever. The rebellious French all look for a way to sidestep those speed limitations. Here's a very clever one [FR], though it will never work. And it's a good laugh anyway.

Disk full : Moving a Postgresql database data folder

For testing purposes, I set up a Postgresql 8.3 database on a Windows machine. The hard drive space was too little for the use, so I had to move the data folder to another location. (I could not use the saving mechanisms because the remaining space was not big enough even for the temporary files required for the operation.)

This proved to be quite easy. However, you cannot keep the database running.

1. You first stop the database service from the Windows from the Computer Management console,
2. Then move the data folder to a new location with more space,
3. Then modify the path in the config file postmaster.opts, in the data folder itself,
4. Then modify the path that's given to the service when it's launched by Windows : in the registry, edit the ImagePath string at key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pgsql-8.3
5. Then restart the database service from the Computer Management console.