All hail Grannemanus - Emperor of Security!

Benign dictator gets the popular vote

Letters Scott Granneman of SecurityFocus this week elected himself Emperor of Security, and promptly issued some edicts by which his cowering citizens might lead more secure lives. And the result? All hail Grannemanus! Well, more or less:

Your view of the history of the Roman Empire is a bit skewed, IMO. You refer to the empire being 'brought low ... and plunging the lands it had conquered into darkness for a millennia.' In reality, it was only the western portion of the Roman Empire that fell into 'darkness for a millennia', and that largely due to it being overrun by Germanic tribes. The eastern portion of the Roman Empire (typically misnamed 'Byzantine Empire', a name completely unknown to them since it was invented in the west centuries after it ended) survived until 1453, free of the 'darkness' that afflicted western lands.

I used to have a view much as you describe. It wasn't until I did a lot of reading of history on my own that I learnt that what I was taught in school wasn't the whole story, but a skewed story with a distinctly Western bias.

TR Valentine

We reckon the fun-loving Germanic tribes would disagree about the "distinctly Western bias", accused as they are of provoking a thousand years of darkness. Mind you, they would never have got further than the Rhine if Grannemanus had been calling the shots...

Hail,Grannemanus! You get my vote - as long as your "Mandatory anti-virus, anti-spyware, and firewall software" edict accepts ZoneAlarm, AVG, et al.

PS When you settle in - invade Britannicus again, and sort out our idiots (starting with Blair, Livingstone and Vice Chancellor Alistair Smith)

Stan Sutherland

If we voted for Emperor, you'd get my vote. I'd take issue with one decree and add a new one but that's far less than I disagree with most politicians.

1. Mandatory Anti-Virus, Anti-Spyware, Firewall. This one needs reworking. Properly configured AV would be useful on all systems to prevent human forwarding of undesirable code. Anti-spyware is limited to Windows. Firewalls are included with all the BSD's, Linux, MacOS and even Windows. Perhaps they should simply be turned on?

2. Egress filtering for ISPs. Many DDoS attacks are created by sending packets with forged return IP's. If ISP's do not allow hosts on their network to transmit forged packets onto the wider internet then many DDoS attacks are immediately defanged.

3. A final suggestion is to re-instate the Colisseum-style games. Spammers and other cybercriminals could be gladiators. The crowds (and thus popcorn revenue) could be huge! ;)


A couple of points: Emperors are generally "appointed" by the Praetorian Guard (ask Claudius); and if you "take issue" with them, the best you can expect is permanent exile to the east. That's Judea, btw, not Norwich.

Fines for insecure software. Make that *big* fines for gross negligence. I'm thinking in particular of the Outlook "viruses" based on M$ having violated the mandatory provisions of the 1992/3 MIME specs, and the informatiive discussion (within the RFCs) of the dangers of ignoring these provisions.

Secondly, don't exempt opensource. That'll only add a layer of legitimacy to the kind of FUD we have now with "indemnification".

But ...

Who is to collect these fines? I want my share, to compensate for the damage done to me by spam, and the time (and productive business) lost to fighting it.

Nick Kew

Fines, eh? If that's not tough enough for you, the people and the senate of Grannelandia, read on...

First of, I would like to request that if you do publish this letter, you withhold my name.

I work for a large multinational oil company, and in the oil industry the same way you have problems with security in the computer world, we have problems with safety issues. People get themselves killed, or cause other people loosing all their toes or other nasty things I am sure you would rather not hear about. Mostly due to stupidity (rings a bell doesnt it). Now the current trend is to try and influence peoples behaviors and culture.. They are trying to make people think safety. I believe this does not work, as proven by all the bloody investigations I have had to do as to the root cause of certain stupid incidents (e.g. tripped on shoe laces, fell of truck bed and broke his wrist, how stupid can you get?)

So, I supreme grand master of quality and safety issues came up with the following idea. I used my coorporate customer entertainment budget to secretly put thugs on my payrole. Whenever somebody causes a stupid safety incident, we send the thugs over to chop of one of his fingers and rough him up a bit. In the IT world, you could start by making them chop off his index fingure, and once recovered and he comes back to work, you repeatedly give him tasks involving left clicking on the mouse.

This I believe, with appropriately placed rumours that these thugs seem to only hit people who cause breaks in security (such as loosing laptops), will eventualy start a culture where people think twice before loosing a laptop or downloading "free" software from unknown sources onto office computers.

Fear is the tool any powerful emperor should utilise to enforce law and order and thus bring harmony and peace and secure networks to the IT world.

Name withheld by request.

Why so many rules? There is only one required: - Anyone ignorant is barred from using a computer. Penalty is many years imprisonment(*).

That means that 99.999% of the population will be barred from using a tool they cannot manage. A Good Thing(TM). You are not allowed to drive a car without a license, why should you be allowed to spoil the net?

The next advantage is that we reduce the number of people walking the streets, since 99.999% of the population serve hard time in prison. With any good law, we might extend the ignorance clause to cover 100%-1 (-1 because the emperor goes free, of course, unless you treat the emperor as not being part of the population, i.e. a godlike figure afterall). Then we can all go to prison, i.e. nobody left to spoil the net, i.e. only the emperor is left, i.e. problem solved.

Now, how is that for a decree from highest hand?

-- Greetings Bertho

(*) Since copyright infringers are organised hard criminals nowadays, ignorants should be treated with even less respect and suffer harder punishment.

PS. Maybe there just should be a poweroutage of a month and see how civilisation behaves and copes without all the computers. Maybe we then find out that we do not need them all the time.

Why bother with prison? The arena is packed with hungry lions and the people are baying for blood...

And who, you might ask, is big enough to take on Grannemanus and his massed legions of loyal followers? Answer: the feared hoardes of Ballmerix the Belligerent who have, from their humble beginnnings as Redmond hunter-gatherers, gone on to conquer much of the civilised world, Alcatel included:

You say in the article: NAP, due to ship with Longhorn in 2007, provides a policy enforcement bolt-on to Windows that allows admins to restrict access to networks to machines without up-to-date OS patches, properly installed firewalls or anti-virus updates. The policy enforcement platform will also be bolted onto Microsoft Windows Vista.

Think about this for a while. If this comes to pass, only Microsoft machines will be able to connect to Microsoft machines, and only ones that are "up to date". Who says they are "up to date"? Why Microsoft of course. Can they connect to older machines? No, please spend money to upgrade to the latest Microsoft software. Can they connect to the Apache web server? No, it might have something "bad". Spend more money and get a Microsoft server. Nice that Microsoft has a "selling oppourtunity" here. No, Microsoft isn't a monopoly, we can trust them. Ob. movie reference: The Presidents Analyst - "TPC".

Tom Watson

Of course, the fearsome reputation of the Ballmerixii may be nothing more than black propaganda promulgated by their sworn enemies the Neelie Kroesians:

I know its popular to assume that a big corporation must be in the wrong, but I also think the EU commission and its college-professor expert may be very naive. Not only do computer-science professors have little real-world undstanding of commercial software, the EU commission is also being manipulated by the conflict between Microsoft and its competators.

Don Mitchell

On the other hand...

MICROSUCKS is the scum of the earth and should be fined 10 million Euro per day for each and every day they fail to comply with the EU mandates.


Or thrown to the lions, perhaps?

Right, that's enough bellum gallico. Let's cheer ourselves up with a few missives on the UK government's html shocker. As we noted yesterday, the BBC's isn't much better:

You don't need Firefox to see that the Beeb's code is non-compliant.

Andy Cook

It gets worse. The Direct Gov site quoted as an example of best practice fails the W3C HTML Validator on its homepage and it also fails automated AA compliance checks using the Watchfire BOBBY accessibility validator.

In fairness, the Direct Gov site probably does a lot that is right and a bigger issue for me is the extent to which the culture of building sites to pass automated testing has become ingrained, often at the expense of genuine accessibility.

Andy Holt

Re: article about government website HTML being a mess, and in particular the remark saying that "many authoring tools do not generate compliant HTML and make it difficult to edit the coding". This is bull quite frankly- Macromedia Dreamweaver 8 is wonderful for this if you tell it what type of XHTML to make a new document, and I'm using it to maintain sites which have 30kb worth of template littered with PHP, let alone my various nearly-as-full-of-PHP include files! Someone who works on government websites really can't blame "tools" - that adage "a bad workman [or woman as the case may be] always blames his tools" springs to mind...

David Perry

Tools like demoroniser have been around for a _long_ time, in "web years". The problem is not the lack of tools. The problems are:

1) vendors actively subverting standards to achieve browser/composer "lock in"

2) web-monkeys simply not caring.

3) Web-monkey herders completely incapable of understanding what their simian subordinates are doing, or are meant to be doing.

Plus, of course, users who, given a choice, will "go for the pig every time" :-)

Mike Albaugh

Of course, we invited readers to have a shufti at our own html. A mistake?

You might want your techies to look at your site's HTML compliance as well ;)

line 5 column 5 - Warning: <link> inserting "type" attribute
line 6 column 5 - Warning: <link> inserting "type" attribute
line 7 column 5 - Warning: <link> inserting "type" attribute

Paul Austin

Right - Reg Emperor of Tech Aaron had a look at this. Having consulted the HTML standard again, he says he's "not convinced that adding type="text/css" to <link rel="stylesheet"> is either necessary or remotely useful, but there is some text in the standard that seems to suggest you should". Accordingly, he's sorted it.

So, all is well with the world. Except on the mean lawns of London's parks, where rollerskating coppers have been defeated by humble turf.

Lester - UK bad guys aren't more evolved than their US counterparts (I won't speculate about France or the Netherlands) - Florida cops have guns. If the miscreant tries to flee over grass the rollercop simply shoots him. Why didn't the Daleks think of that?

Regards, Michael

Why bother with the skates at all, then? Just shoot the bastards.

I speak from experience that it's quicker to run over turf in rolerblades than to take them off, though the wheels tend to get mud in them. I wonder if some kind of instantly retractable wheels might work, or maybe something that converts at the click of a heel into something like this:

Another thought is that the (suddently inappropriately named) plods could use those mini-scooters, which could at least be carried without having to spend time taking them off first. Or perhaps a cross country version of rollerblades is in order, (to rollerblades as a mountain board is to a skateboard)

I await my consulting fee from Plod Central :)

Cheers & God bless Sam "SammyTheSnake" Penny

Don't hold your breath.

Yes, of course the criminal mind will find the grass. Then someone will legislate that the grass should be taken out (you know it helps the criminals). Then the environmentalists will say that taking the grass out increases the greenhouse gases. So the argument goes on. What was wrong with running after the bad guys. Aren't the police in good shape, or do they frequent too many KrispyKreeme outlets in the process of aprehending criminals?? Oh, well .....

Tom Watson

I am sure the ID card scheme won't contain such basic flaws.


Of course not - it's far too well thought-out to trip up on such a simple oversight.

Finally, a Scientologist writes in reply to the suggestion that Katie Holmes will be obliged to keep quiet while dropping the forthcoming spawn of Cruise:

Regarding your "article" on Katie Holmes:

What a load of ridiculous lies.

I've been a Scientologist for 20+ years. That is just bull.

Tom Cruise already issued a statement (which you can read at stating the true facts.

Nobody's forcing Katie to be quiet.

The signs are for overly chatty nurses, NOT for the mother. There is no Scientology "dogma" about being silent. L. Ron Hubbard's ADVICE was NOT for the mother but for people AROUND the mother.

You've taken a sensible advice aimed at creating a comfortable environment for the expectant mother and turned it into some sort of freak show. That's stupid, and mean-spirited.

All you have to do is call your local Scientology Church, and ask the Chaplain, and he'll set you straight.

My wife and I have two children, have been Scientologists for years, and we both can tell you that there is no "birth ritual" or any such nonsense in Scientology doctrine.

Quoting tabloids makes you worse than them.

Greg Churilov

That's yer lot. Have a nice quiet weekend and remember: stay off the grass. ®

Sponsored: Network DDoS protection