|
@@ -0,0 +1,205 @@
|
|
|
++++
|
|
|
+title = "Changing the world, one side project at a time"
|
|
|
+author = ["George M Jones"]
|
|
|
+publishDate = 2023-12-22T00:00:00-05:00
|
|
|
+lastmod = 2023-12-22T09:58:01-05:00
|
|
|
+tags = ["work", "100DaysToOffload", "compuserve", "history"]
|
|
|
+categories = ["blog"]
|
|
|
+draft = false
|
|
|
++++
|
|
|
+
|
|
|
+It is somehow fitting that the day I retire, the state of Ohio chose
|
|
|
+to unveil an historical marker outside the former headquarters of my
|
|
|
+first employer, CompuServe. I guess I'm history :-)
|
|
|
+
|
|
|
+{{< figure src="/ox-hugo/cs_history_marker.gif" caption="<span class=\"figure-number\">Figure 1: </span>[\"CompuServe Historical Marker\"](https://foo.com/BAR/BAZ.JPG)" width="400px" >}}
|
|
|
+
|
|
|
+I started in June of 1985, and, looking back, what was going
|
|
|
+on there was world changing: the first commercial email, the first
|
|
|
+online banking, the first online shopping, the first electronic news
|
|
|
+wire feed, the first song released exclusively online (Arrowsmith 1994),
|
|
|
+online chat (CB), OS and compiler development, VPNs (X.25 !), data
|
|
|
+over cable in '82 ...
|
|
|
+
|
|
|
+In the course of my career, it turns out that many of the things that
|
|
|
+mattered wound up coming out of individual side projects, not grand
|
|
|
+corporate visions.
|
|
|
+
|
|
|
+<!--more-->
|
|
|
+
|
|
|
+
|
|
|
+## <span class="section-num">1</span> Side projects {#side-projects}
|
|
|
+
|
|
|
+
|
|
|
+### <span class="section-num">1.1</span> The Eternal September, sorry. {#the-eternal-september-sorry-dot}
|
|
|
+
|
|
|
+One of my earliest lasting contributions resulted from a side
|
|
|
+project that I put my good friend [karl kleinpaste](https://www.linkedin.com/in/karlkleinpaste/), up to:
|
|
|
+creating the first Compuserve `<->` Internet mail gateway
|
|
|
+as a skunk-works project while we were both working at Ohio State Computer
|
|
|
+Science. Karl followed up with a USENET `<->` CompuServe gateway,
|
|
|
+which was soon copied by AOL leading to the [eternal september](https://en.wiktionary.org/wiki/Eternal_September)
|
|
|
+Sorry.
|
|
|
+
|
|
|
+Eternal September seems to be about to repeat it self with
|
|
|
+facebook's "threads" [implementing a gateway to Mastadon](https://techcrunch.com/2023/12/14/mastodon-founder-touts-threads-federation-saying-it-makes-his-x-rival-a-far-more-attractive-option/).
|
|
|
+
|
|
|
+
|
|
|
+### <span class="section-num">1.2</span> The Web Browser that never was {#the-web-browser-that-never-was}
|
|
|
+
|
|
|
+Then there was this web browser I wrote at CompuServe that would have
|
|
|
+let the masses access the WWW before most people had even dial-up Internet.
|
|
|
+But the corporate powers-that-be we're not sure this web thing was
|
|
|
+going to catch on, so it was never released. Vision !!!
|
|
|
+
|
|
|
+It depended on a graphics library and the WinCIM interface
|
|
|
+developed by
|
|
|
+[Steve Wilhite](http://curious.galthub.com/blog/2022-03-24/)
|
|
|
+(of GIF fame)
|
|
|
+
|
|
|
+
|
|
|
+### <span class="section-num">1.3</span> The editor that created Linux {#the-editor-that-created-linux}
|
|
|
+
|
|
|
+In early CompuServe days, Wilhite and I did
|
|
|
+ a little collaborative coding to to improve
|
|
|
+[MicroEmacs](https://en.wikipedia.org/wiki/MicroEMACS),
|
|
|
+ I posted the source code to the Usenet group comp.sources.amiga and it took on a life
|
|
|
+ of it's own thanks to Daniel Laurence, first being called
|
|
|
+ MicroGNUEmacs until RMS himself objected to the use of "GNU" in the
|
|
|
+ name.
|
|
|
+[Linus Torvalds (he of Linux fame) maintains a verison of MicroEmacs.](https://github.com/torvalds/uemacs)
|
|
|
+And
|
|
|
+[Carsten Dominik](https://sachachua.com/blog/2013/03/emacs-chat-carsten-dominik/),
|
|
|
+creator of
|
|
|
+[Org Mode ("Your life in plain text")](https://orgmode.org/)
|
|
|
+was an early user and was influenced by it.
|
|
|
+
|
|
|
+Org Mode is central to most parts of my life today. What goes around,
|
|
|
+comes around.
|
|
|
+
|
|
|
+
|
|
|
+### <span class="section-num">1.4</span> SANS, IETF, Flocon, the White House {#sans-ietf-flocon-the-white-house}
|
|
|
+
|
|
|
+Along the way I wrote [The Router Audit Tool (RAT)](http://port111.com/george/talks/Jones-2002-SANS.pdf).
|
|
|
+Offshoots of this work
|
|
|
+fed indirectly (via XCCDF) into the creation of STIX and TAXII.
|
|
|
+[John Stewart](https://www.linkedin.com/in/john-n-stewart/),
|
|
|
+the venture capitalist and former CISO and VP of Cisco and
|
|
|
+[Neil Ziring](https://www.linkedin.com/in/neal-ziring-779890a9/),
|
|
|
+ tech director at NSA, contributed code to the project while I was
|
|
|
+ leading it. Alan Paller of SANS convinced me to release it through
|
|
|
+ the [Center for Internet Security](https://www.cisecurity.org/) as one of their benchmark tools.
|
|
|
+ RAT started as a side project at UUNET.
|
|
|
+
|
|
|
+Also at UUNET I started what became RFC3871:
|
|
|
+<https://www.rfc-editor.org/rfc/rfc3871>. The IETF OpSec working group
|
|
|
+continues to this day as an offshoot ("Many fine lunches"?). This was
|
|
|
+a side project that spanned UUNET and MITRE.
|
|
|
+
|
|
|
+While at CERT (CERT/CC at Carnegie-Mellon, the original CERT, not
|
|
|
+US-CERT) I had the opportunity to chair <https://www.flocon.org/> twice.
|
|
|
+This was something of a side project for the organization, but one
|
|
|
+that got resources (my time).
|
|
|
+
|
|
|
+Also at CERT I had the opportunity to provide netflow analysis
|
|
|
+training to the White House SOC.
|
|
|
+
|
|
|
+
|
|
|
+### <span class="section-num">1.5</span> Side projects at Palo Alto {#side-projects-at-palo-alto}
|
|
|
+
|
|
|
+At Expanse/Palo Alto I spent a lot of time staring at Internet scan
|
|
|
+data, trying to figure out what vulnerable devices were presenting
|
|
|
+themselves to us (and hackers). An irony here being that 15 years earlier we thought
|
|
|
+scanning was always bad, and there were PhD theses around how to detect
|
|
|
+it.
|
|
|
+[Mike Collins](https://www.linkedin.com/in/mpcollins/)
|
|
|
+[is still cataloging scan traffic](https://gitlab.com/mcollins_at_isi/acknowledged_scanners)
|
|
|
+(give it up Mike, Internet traffic IS scan traffic :-))
|
|
|
+
|
|
|
+After Palo Alto acquired Expanse, I spent a fair bit of time understanding the
|
|
|
+vast array security-related data available for analysis in other parts
|
|
|
+of the company. In my judgment, Palo Alto may have the best overall
|
|
|
+collection of data for analyzing and addressing security threats, second,
|
|
|
+possibly, only to AWS. They actively work to use these data sources
|
|
|
+to protect customers, see
|
|
|
+[PanDB](https://www.paloaltonetworks.com/blog/2014/10/web-security-tips-pan-db-works/),
|
|
|
+for instance. I presented on my findings
|
|
|
+at an annual internal meeting of researchers. A side project.
|
|
|
+
|
|
|
+As part of that effort I met
|
|
|
+[Janos Szurdi](https://www.linkedin.com/in/janos-szurdi-b40b3598/)
|
|
|
+and collaborated with him
|
|
|
+and other AMAZING researchers in that division, mostly on informal
|
|
|
+projects such as an internal "Hackathon", my role mostly being to
|
|
|
+advise on the use of Expanse datasets. The result can be seen in
|
|
|
+[Janos' blog post about detecting stockpiled domains](https://janos.szurdi.com/blog/stockpiled-detector/)
|
|
|
+
|
|
|
+ At this year's internal research meeting
|
|
|
+[Tim Hofmockel](https://www.linkedin.com/in/tim-hofmockel-a31437100/)
|
|
|
+ and I explored further
|
|
|
+ applications of combining data sources to support security analysis to solve
|
|
|
+ our customers challenges.
|
|
|
+Such meetings are side projects for everyone, but the in-person interactions
|
|
|
+that happen there are what gets the creative and collaborative juices
|
|
|
+flowing and are often the source of further outside-the-box projects.
|
|
|
+I think that's why I like them, and why companies fund them.
|
|
|
+
|
|
|
+There is a possible patent coming out of some side efforts (this would
|
|
|
+be the first of my career).
|
|
|
+
|
|
|
+
|
|
|
+## <span class="section-num">2</span> The Amazon Leadership Principals {#the-amazon-leadership-principals}
|
|
|
+
|
|
|
+There is one set of corporate mumbo-jumbo I actually believe in:
|
|
|
+the [Amazon Leadership Principals](https://www.aboutamazon.com/about-us/leadership-principles). They stick with you. They form a
|
|
|
+way of thinking about the world and getting things done: Dive Deep,
|
|
|
+Learn and Be Curious, Bias for Action, Earn Trust, Disagree and
|
|
|
+Commit, Deliver Results. It's said that some Amazonians have to try
|
|
|
+hard to turn them off with family.
|
|
|
+
|
|
|
+I think one of the reason those struck such a cord with me is that
|
|
|
+I saw them modeled 10 years before Amazon was founded at an early,
|
|
|
+impressionable period in my carrer. You could not have found a better
|
|
|
+description of Steve Wilhite (but one would have to add laconic, curmudgeonly,
|
|
|
+self-assured, stubborn and a few other adjectives)
|
|
|
+
|
|
|
+I'm holding my Amazon stock despite Andy Jassey now being in charge
|
|
|
+and the FTC going on an anti-trust fishing expedition. The company is
|
|
|
+solid. And the leadership principals and customer obsession are a
|
|
|
+large part of it.
|
|
|
+
|
|
|
+
|
|
|
+## <span class="section-num">3</span> People matter. {#people-matter-dot}
|
|
|
+
|
|
|
+Yes, you have to have corporate vision statements to keep investors
|
|
|
+happy and make HR VPs think they are relevant, but so often what matters
|
|
|
+are the side projects, the accidents, and things that fly under the
|
|
|
+radar.
|
|
|
+
|
|
|
+I have it from Wilhite (30+ years ago) that the first DEC10 was delivered
|
|
|
+to CompuServe by mistake. It was then the computing arm of Goden United
|
|
|
+Life Insurnace Compay. They had ordered a smaller machine from Digital
|
|
|
+Equiptment Corporation. When the DEC10 arrived, they kept it, eventually
|
|
|
+started selling extra cycles as time-sharing (Cloud Computing, 1975),
|
|
|
+built a packet switched network, c.a. 1972 (take that ARPANet), started
|
|
|
+the first online service, c.a. 1979, and much of the world as we know
|
|
|
+it today was born.
|
|
|
+
|
|
|
+Shortly thereafter, Dan Piskur had to invent "Cybersecurity" _ab initio_.
|
|
|
+
|
|
|
+Wilhite left Ohio State during the 1970 riots to go do fun work on a
|
|
|
+big computer at a startup down the road. He never finished his
|
|
|
+degree. Too much to do. Things worked out. I think I can say the
|
|
|
+same.
|
|
|
+
|
|
|
+People matter. Individuals matter. Side projects matter (again,
|
|
|
+see [Wilhite and GIF](http://curious.galthub.com/blog/steve/).).
|
|
|
+
|
|
|
+So make your strategic plans, track things in your kan-ban boards, have
|
|
|
+project managers run your agile sprints, but remember
|
|
|
+
|
|
|
+> "Life is what happens to you while you're busy making other plans"
|
|
|
+>
|
|
|
+> --- John Lennon, 1980 in "Beautiful Boy"
|
|
|
+
|
|
|
+\#52 of #100DaysToOffload take 3.1, <https://100daystooffload.com/>
|