We spoke about the conference atmosphere itself, cybercrime, cyberwar, the risk of Cybergeddon (yes, I know), and the claim by Eugene Kaspersky that Apple is ten years behind Microsoft when it comes to security.

Not that Mr Kaspersky would ever, like, troll the entire planet.

What we didn’t talk about, really, was the two stories that have been published so far:

• Russian crims evade transaction profiling, which details a trans-national organised crime operation profiled by Mikko Hypponen.
• DNS poisoning the thin end of a wedge’, in which domain name system pioneer Dr Paul Vixie supports my argument that fiddling with the internet’s fundamental navigation systems probably isn’t such a great idea.

The audio is of course ©2012 Australian Broadcasting Corporation, but as usual I’m posting it here as an archive.

Here’s what I wrote last year when, just like this year, I was on the ZDNet Australia team:

• AusCERT 2011: Firms ignore ID theft risk, in which Bennett Arron explains that police forces don’t yet take this stuff seriously enough. Has this improved? I’m seeing talk but no action.
• AusCERT 2011: Son of Stuxnet within a year: expert, in which Eric Byres explains why the Stuxnet worm — the presumed US-with-Israeli-help anti-SCADA attack on Iran’s nuclear program — would spawn a wave of copycats. This didn’t happen. Why not?
• AusCERT 2011: Black hats and whitegoods, a story which was provided with the year’s best headline by CBS Interactive’s Brian Haverty where I discussed how the Internet of Things and a billion smart appliances would be the vector for a new wave of attacks. This hasn’t happened — yet — but is it still just around the corner?
• AusCERT 2011: Bank theft goes truly mobile, in which Amit Klein, chief technology officer at Trusteer, predicted third-generation anti-banking malware on smartphones by Christmas. Did this happen? Well, not really. Why not?
• AusCERT 2011: Silent victims thwart cybercops: Qld Police, in which Detective Superintendent Brian Hay, head of the Fraud and Corporate Crime Group of the Queensland Police Service, bemoaned the lack of hard data. I know how he feels. Do we have any yet?

The feeling I get from scanning those headlines is that there’s always a lot of scaremongering but the threats often don’t materialise. Are the threats over-stated? Does pointing out the threats trigger an effort to counter them, thus defeating them? Is it all just a bit too screechy?

And over the last year there’s been so much talk of imminent cyberwar. Is that just this year’s fashionable scary thing on a stick? I intend to ask a few questions. And I’ll plug it again: Thomas Rid says we shouldn’t believe the hype.

I haven’t yet looked in detail at the conference program but will do so over the next few hours. What do you reckon I should be investigating?

[Update 16 May 2012, 0625 AEST: Changed second paragraph to emphasise that I am covering the event for ZDNet Australia this year as well as last.]

“How do you think that tweeting your day plans affects your personal safety?” asked Ravneel Chand a short time ago. Overall, I reckon it actually increases my safety. Here’s why.

Background first. Here’s today’s “daily plan” tweet which, like those on pretty much every other day, is tweeted shortly before I settle down to work.

Thu plan: Bump out Waratah Cottage; 1032 train to Sydney; lunch (where?); errand Newtown/Enmore; write something; evening TBA.

Later in the morning I mentioned that I’d be catching a later train. And then, just as I left the house:

Mobile: Cab, shortly, to Wentworth Falls; 1132 train to Sydney Central; train to Town Hall station; 1335 walk to SEKRIT hotel and check in.

Clearly the fear being expressed is that by knowing my movements some bad person could more easily do me harm. But let’s do a proper risk assessment. You start one of those by enumerating the risks, and then you look at how this additional information might change those risks.

As I see it, my “personal safety” risks are someone deliberately wishing to do me harm, accidentally injury by something external to myself, or a medical emergency that isn’t triggered by anything external.

I’ll dispose of the last two first. Whether accident or medical emergency, nothing in my tweets will cause or stoop that happening. But if the world knows where I am then my safety is increased. If I can only fire off a tweet or SMS that says “I’ve been stabbed” of “chest pain” then emergency services have more information to go on. If I fire off no message at all and simply go missing, well again my steps can be retraced and I’m likely to be found more quickly.

The one people fear most is the violent assailant. An assailant will either know me and wish to harm me because of that association, or they’ll be a random.

If the assailant wants to harm me because they know me, then they’ll be motivated and put some effort into it. Given that my work, phone number, email address and plenty of photos are already online, they could easily find me by other means and follow me until I was somewhere alone.

They could even just contact me and arrange a meeting. Heck, I cover information security issues: they could just pretend to be a confidential source and ask to meet me somewhere and “tell no-one”.

Similarly for anyone else, it’s pretty easy to find out where they live or work, and just start a surveillance operation from there.

If this assailant is an amateur, they’ll have likely already drawn attention to themselves through some angry or threatening communication. I’ll already be taking steps to avoid them. If they’re a professional, well I’m screwed no matter what because they’re far better at this game than I am.

At the risk of over-stressing this point, if someone wants to do me harm because I’m me, then that’s unlikely to become more of a risk because they know which train I’m on. “Oh, Stilgherrian’s train arrives not long after mine. I think I’ll stab him then.” No, I don’t think that’s how things work.

If the assailant doesn’t know me, then why would they be wanting to harm me? Well now we’re talking something like mugging me for my wallet or phone, or getting into a fight somewhere. In which case the fact that I’ve told the internet where I am doesn’t change that risk. The risk is about where I am, who else is there — along in a dark alley while drunk is obviously bad here.

Twitter is a remarkably apt name for this social messaging service, because we can use it to maintain a continual ambient awareness of each other’s state of being regardless of location.

Against this negligible or perhaps even zero increase in risk, tweeting my movements provides remarkable utility.

Friends and colleagues can coordinate with me with minimal effort. Far more than once I’ve had someone join me for a meeting or a drink because the chance presented itself. PR minions — if they bother to look! — know when not to call me because I’m on a train. And so on. People have volunteered restaurant recommendations or travel tips.

I should say, though, that the risk profile might not be the same for everyone. These are the choices I’ve made with open eyes.

To understand these issues better, I can thoroughly recommend the work of Bruce Schneier, and in particular his book Beyond Fear: Thinking Sensibly about Security in an Uncertain World. Indeed, every politician should read that book before opening their mouth about anything related to risk and security.

In 2008 I criticised Rudd’s slow digital revolution.

Dig into Budget Paper No. 2 and there’s a frustrating lack of detail and commitment.

Of $4.7b promised for the National Broadband Network [this was the original 12Mbps fibre to the node policy], only 0.16% has been committed: $2.1m this financial year and $5.2m next for “establishment and implementation”. The remaining 99.84% — you know, actually building the thing — is all “nfp”. Not for publication. We’ll get back to you…

The rest? All. Too. Slow. And. Vague.

In 2009 I complained that the machinery of Australian government is as outdated as the steam locomotive and the electric telegraph in The Budget? How quaint! They’re just made-up, you know.

Here we imagine that once a year we can produce a Big List of Numbers that’ll cover everything our “modern” nation-state will need to deal with for the next 365 days.

We proclaim it Good or Bad for this or that self-interested sector of the community on the basis of a quick glance, a gut reaction, and the need to create a narrative that’ll attract an audience or justify a pre-existing political zealotry.

We pretend to believe numbers like “$20 million over four years” when only a tiny part of that might be committed in the coming financial year and the rest, still to be confirmed in the next Budget, is therefore nothing but wishful thinking.

The reality, of course, is that the world moves faster than this. We experience a sudden global financial crisis, and must immediately tighten our belts by … um … giving away $900 cash to everyone.

In 2010 I complained of More NBN vagueness, border control and cyber-safety re-allocation. It’s not a bad read, but I’ll leave you to click through to that one.

And by 2011 I was clearly over the whole thing, writing Ritual shenanigans, but hey, this is government.

Riddle me this. What is the actual point of the federal budget process and all the lock-up shenanigans that go with it when the biggest bucket of money related to the technology sector by far, that National Broadband Network thing, isn’t even on the books?

What is the point when the way that NBN money is being spent – and is it $26 billion or $36 billion or $43 billion or that $50 billion scare-number that Malcolm Turnbull pulled out of some random orifice and keeps repeating unchallenged? – it is all SEKRIT thanks to those magic words “commercial confidentiality”…

What is the point of this annual ritual – built on the assumption that we can publish a set of numbers in May that will, in this complex and rapidly changing world, still be meaningful six months down the track – when the government has to respond to changing circumstances? Such as urgently building a fibre-to-the-premises network? Or responding to a global financial crisis? Or starting a land war in Asia? Or handing to every taxpayer $900 because, um, oh, shut up stop asking questions and buy a new TV.

I went on about “$20 million in suck-up-to-Tasmania funding” and “Labor’s half-arsed internet ‘filtering’ policy” and “loud-mouthed entrepreneur Ruslan Kogan” and noted:

Just be aware that all of this could be changed in an instant, budget process or not, if a minister gets on a plane with the Ranga-in-Chief with a few numbers scribbled on the back of an envelope.

So, what the fuck will I end up writing once the budget papers drop onto government websites tonight? Especially given that my shoulder is “out” and I won’t be able to get it fixed until tomorrow afternoon — my birthday! — and I’m scoffing codeine? Suggestions please!

They shall grow not old,
As we that are left grow old,
Age shall not weary them,
Nor the years condemn.
At the going down of the sun,
And in the morning
We will remember them.
Lest we Forget

[Photo credit: The rosemary sprig was taken from Matthew Hall's Twitter page from 2008. If I owe someone for that usage, I'll make good.]

So far there’s really only just been time for straight reportage from the launch and set-piece criticism from the opposition. It’ll take a few days at least, perhaps even a week, before analysts have done real analysis on who’s getting the network when and whether that’s been decided by politics rather than practicalities.

(Of course one way around that would have been far greater transparency from NBNCo, including putting their raw data and the software they used online for all to see and cross-check. But like that’ll ever happen.)

I daresay I’ll end up writing more about this over coming weeks. Meanwhile here’s an interview I just did on ABC 702 Sydney and ABC Regional Radio around NSW with Dom Knight.

The audio is ©2012 Australian Broadcasting Corporation. But these program items usually aren’t archived on their website so here it is.

(These events are part of the City of Perth’s Innovation Month. It looks like there’s some good stuff happening, including the screening of some classic futuristic films.)

DigitalMe is a full day of activities that “takes the individual on a journey through the digital landscape of blogging, video, personal privacy, personal reputation, mobile web and social media helping to demystify the digital world and understand more about your personal digital footprint.”

My half-hour session at 2pm is “Destroying your world, tweet by tweet, like by like”:

Facebook, Twitter and social mobile applications encourage you to share your life. But what happens when you share too much? Every time you share, tweet, email or browse a website you leave a digital footprint that reveals far more than you may realise — or want. Find out what Facebook, Twitter and the secretive online advertising companies know about you and take control.

I covered some related themes in a piece for the Sydney Morning Herald a few weeks back.

DigitalMe is being held at Northbridge Piazza. It’s free, but you’ll need to register online.

I’m flying into Perth on Thursday 26 April around lunchtime and leaving on Sunday 29 April in the mid-afternoon. My schedule is fairly open so far, so other diversions are welcome.

A funny thing happened on Twitter the other night. Someone unfollowed me for being offensive. That’s not so unusual. The unusual bit is who unfollowed and what offended them.

Around 10pm I received two emails.

“The two government media releases I just received, when combined, indicate a rather distasteful piece of opportunism behind the scenes,” I tweeted.

“1. HMAS Maryborough intercepts a SIEV off Ashmore Reef, 34 passengers and 3 crew aboard. 2. ‘Another boat as Coalition “turn back” policy continues to unravel’, timestamped minutes apart,” I said — and I’ll run the tweets into continuous prose to make your reading easier. I am nothing if not considerate, dear readers.

The first media release was from home affairs minister Jason Clare, the second jointly from him and minister for immigration and citizenship Chris Bowen.

I was outraged by the combination.

“Dear Ministers Bowen and Clare, YOU are the government, so YOU set policy. And the boats’ arrival is determined by the passengers’ need. Dear Ministers Bowen and Clare, any fool who can read a chart of numbers properly knows policy our end is irrelevant. Fuckwits. Dear Ministers Bowen and Clare, we’re the richest fucking country in the world. Show a bit of fucking compassion.”

Having vented my spleen, I moved on to congratulate Russia for trolling Eurovision 2012 and ponder whether, hypothetically speaking, Vaseline conducts electricity. Don’t ask.

A short time later, someone with the handle @ashmidalia tweeted, “@stilgherrian And this is where I click ‘unfollow’. For the offensiveness more than the inaccuracy. But there’s plenty of each.”

“Bye,” I replied and then, to no-one in particular, “I wasn’t aware I was obliged to provide ‘suitable entertainment’ for random arsehats who hadn’t even bothered to say hello.”

And then I noticed that @ashmidalia was Ashley Midalia. The name rang a bell.

LinkedIn soon told me that Midalia is Chris Bowen’s deputy chief of staff. A staffer from one of the offices responsible for my anger! Maybe he was even the strategist in question.

Fuck me dead! This cunt of a political staffer — an ALP staffer no less! — was offended by my language! The poor delicate little petal!

“Well if I’m wrong I’m happy to be corrected,” I tweeted to the world.

“But I still think it’s disgusting that the richest nation in the world continues with this outrageous treatment of desperate people. And I still think it’s disgusting that politicians use their arrival as a trigger to attempt to score party political points. I reserve the right as an Australian to express the true strength of the emotions behind that by using equally strong language,” I said.

“Besides, over my three decades in media Ministers and their staffers have used that sort of language and worse about me so it’s hypocrisy [to complain about my language].”

“My genuine understanding is that the level of boat arrivals tracks the level of refugee movements globally. Happy to see counter evidence.”

Having exhausted my combination of anger and bemusement, I calmed my shattered nerves with a gentle episode of “The Thick of It”.

Now I won’t get into the whole boat people thing today, but this whole “offended by swearing” arsehattery got me thinking.

Australians swear.

Swearing what we do. It’s as normal as breathing.

Our reputation for swearing is recognised around the world.

When I called American internet entrepreneur Jason Calacanis a “prick” back in 2008, it caused a minor outrage in the blogosphere. But Calacanis himself understood.

Coming from anyone else but an Australian, he told me, he would’ve been offended. But he knew that being called a prick by an Australian was just foreplay.

Indeed, only a few weeks ago no less a personage than a Minister of the Crown (do we still say that?) told me, “Mate, you need to get a fucking life!”

As a conversation-starter, after offering coffee and a comfortable chair.

Sometimes a few f-bombs and c-bombs are precisely the precision munitions needed to deliver a powerful message.

When I headlined my expletive-laden rant about the Google+ social network Right, Google, you stupid cunts, this is simply not on! that blog post ended up being read by more than 100,000 people, triggering plenty of thoughtful discussion and even an anonymous message of support from deep within Google’s bowels.

I was criticised for it, but the reality is that without those expletives the article would have been just another ho-hum whinging blog post read by a couple hundred people, if that.

A cunt or two cuts through.

And sometimes well-crafted profanity can be sheer poetry.

Besides, Mr Science tells us that swearing is good for you.

No-one has the right not to be offended. And it takes two people anyway, one to give offence and one to choose to take it.

Swearing is honest, healthy and thoroughly Australian.

Offended by swearing? Fuck off!

[Image: Twitter bird drawing by Hugh McLeod.]

The promo, as I told you earlier said:

In a connected world where information sharing is easier and has more impact than ever before, is the current framework of FOI, information security, privacy and archives laws and practices delivering the information society needs in a timely and appropriate way? This panel discussion will be about:

• assessing the effectiveness of current information access and security laws and methods — are they hopelessly broken?
• the culture of secrecy and withholding by government agencies
• how technology and activism offer those with the skills and motivation some alternative and very powerful ways to access and reveal information, and
• what can be done to address the current state of things and move to better ways of making information available when and where it’s needed.

I was the first speaker, talking about the new, disorderly ways of liberating information, using the Anonymous crack of Stratfor as an example. Since then, though, we’ve discovered that the whole thing might have been an FBI sting operation against WikiLeaks!

Recordkeeping Roundtable has posted the audio of the entire event: opening remarks by moderator Cassie Findlay; me; the speech by former diplomat Dr Philip Dorling, who now leads the journalistic pack in FOI stuff; the speech by Tim Robinson, Manager, Archives and Records Management Services at the University of Sydney; and the question and answer session.

Here, though, is a tweaked and slightly less bandwidth-hungry version of my speech.

[The original audio recording by Cassie Findlay was sampled at 44.1kHz. This version has the audio levels compressed and normalised, and re-sampled to 22.050kHz. It's posted here under a Creative Commons BY-SA license.]

Could it be that Ben Grubb, deputy technology editor at Fairfax news sites smh.com.au, theage.com.au, brisbanetimes.com.au etc, is the secret love child of independent Member for Kennedy, Cloncurry’s own Bob Katter?

If you have a theory about what the connection might be, do tell me in the comments. People do need to know.

And no, I am not going to reveal who sent me the image.

If you find it to be particularly disturbing, do let me know and I’ll suggest some remedies.

Computers can tell when your daughter is pregnant. Sometimes they know even before you do. In a recent feature for The New York Times, Charles Duhigg describes how Target in the US analyses everything it knows about its customers. A young woman buying unscented lotion, a large handbag, zinc and magnesium supplements and a brightly coloured rug is likely to be pregnant. So Target dispatches coupons for baby clothes.

When a father stormed into a store complaining that his teenage daughter had received the coupons, Target was forced to apologise. But days later, he realised the store was right…

You can click through to read the whole thing. But since it was written for the dead-tree paper and not the website there are no links.

Here’s the links to my sources:

• The New York Times feature by Charles Duhigg, How companies learn your secrets.
• A Forbes summary of that piece, How Target Figured Out A Teen Girl Was Pregnant Before Her Father Did. It’s a good summary, but I do recommend reading the full NYT version.
• An article explaining how Forbes capitalised on the NYT article in web traffic terms.
• A 2006 piece from The Guardian explaining how much could be gleaned from the AOL web search logs, even though they were supposedly anonymous.
• An article in Wired explaining similar things.
• The 2010 academic paper Myths and fallacies of ‘personally identifiable information’ [PDF] by computer scientists Arvind Narayanan and Vitaly Shmatikov. I reckon if you look for more papers from these guys you’ll discover a lot more of interest.

You might also enjoy some of my more recent articles on related topics:

• Hacked or not, Ludlam’s a target of spies, ZDNet Australia, 25 January 2012.
• Aus becoming surveillance state: Ludlam, ZDNet Australia, 20 January 2012.
• Hey Facebook, we want to share, but this is ridiculous, Crikey, 23 September 2011.
• Yet another free pass for Aussie spooks, CSO, 16 September 2011.
• Has Facebook killed the undercover cop?, CSO, 25 August 2011.

I wrote a piece for Crikey today, explaining the positive spin the company was putting on it all, and pointing out that Twitter does still need to justify its valuation of $8.4 billion when its revenues are a mere $100 million.

But Crikey is suffering “technical issues” right now, and I can’t point to that article just yet.

Until then, here’s an interview I just did on ABC 702 Sydney and ABC Regional Radio around NSW with Dom Knight.

The audio is ©2012 Australian Broadcasting Corporation. But these program items usually aren’t archived on their website so here it is.

The audio is ©2012 dmgRadio Australia, but here it is ‘cos it hasn’t been posted on the radio station’s website. Besides, this is a reasonable plug.

Long story short, less than half an hour later I’m live on air chatting about the whole thing, including who Anonymous are and what their motives might be, and what might happen next.

Thanks to technical difficulties my end I couldn’t record 6PR’s audio stream, and there wasn’t time to sort that out before we went live. So this audio was recorded my end, and that means I sound just fine on my quality microphone and the radio station is at the other end of the phone.

I’ve left in a bit of my conversation with the producer before and after so you can experience The Magic of Radio. Technically that’s a breach of the NSW Surveillance Devices Act 2007 because I didn’t seek permission first but, like, shut up.

Yes, it really was just two seconds from me getting ready to being live on air.

The audio is ©2011 Radio 6PR Perth Pty Ltd, but since they don’t archive these interviews I reckon it’s fair enough putting it here provided you just listen to it and I link back to 6PR and encourage you to listen. If you’re in Perth. Or if you want to stream it.