Monocle has a great photo feature in May 2007’s issue about “the brands that make our lives work”. In this particular instance, Monocle examines the Finnish fire department, and looks at what brands are represented when laying out the department’s equipment.

In addition to the obvious infrastructure tie, I think it’s interesting to look at the brands (i.e. companies) that are behind our daily lives. That’s infrastructure itself. Of course, it’s from Europe where they have a broader view of what’s behind the scenes, and they aren’t afraid to bring it out into the open…

(Though you can’t see the brands due to Monocle’s subscription requirement, know it’s mostly Siemens and other European companies. No surprise… but do pick up Monocle if you see it!)

Recently listening to the police scanner, Alex and I heard a call come across the air to summon the fire department to “Allegheny Center Associates” on the North Shore in response to a fire alarm. For those unfamiliar with Pittsburgh, “Allegheny Center Associates” refers to what is known locally as Allegheny Center Mall, a retail space/mall from the 1960’s that has now been turned into office and living space(!) in an effort to revitalize both the facility and the Northside as a whole. The mall’s living spaces have a local reputation for being student living space for both Point Park and Art Institute of Pittsburgh students. What is most interesting about the mall, though, is its conversion from a retail to office/living space and the story behind it.

I don’t know all of the back story, but when you go into the building, what clearly used to be an “anchor store” is now a home loan bank customer service center, and what used to be smaller stores off the main concourse are now mostly telecom companies, one of which was my destination: switch and data. Even the kiosks and platers from the building’s former retail life remain untouched–everything is “dated” in appearance; the building empty and quiet.

The Pittsburgh Business Times printed an article back in 2000 on the building’s transformation from a mall to an office space, and termed the facility a “telecom hotel”. Evidently, (and not surprisingly) the building’s manager has had a hard time finding companies that want to locate in the mall. Instead, they’ve found a eager and willing audience in telecommunications companies. Reasons cited in the article for their interest include the cement architecture of the building and its close proximity to the power grid, both important to companies looking to keep computers cool, protected and running 24/7/365.

What I also find interesting, and not mentioned in the article, is the necessity of fiber optic links to run a telecom company in today’s global age. Conveniently, and perhaps one of its failings as a retail mall, there is a major freeway (I-279) and multiple railroad tracks just south of the mall (map). These imposing rights of way may cut off the mall from the rest of downtown, but they also usually carry fiber optics (freeways and railroads usually being places safe from digging). The mall’s close proximity to the office towers that house Pittsburgh’s (few) large multi-national companies make the mall a more cost-effective, but still convenient place to keep associated communications and IT equipment.

It’d be an ironic turn of fate for something that may have killed the building’s original purpose to be the thing that saves it from the wrecking ball. It also just proves that when you have an asset (especially a tangible one), there is always both an audience and a way to present that asset to that audience, that can turn the asset into a sustainable, revenue generating part of your organization. “It’s all in the presentation…”

I was recently looking on the Internet to see what I could find for maps of fiber optic cable routes in the US. I wanted to find something like the maps on An Atlas of Cyberspace, but I wanted more detailed, vector format, nation-wide data files I could use to make my own maps.

I couldn’t find much–at least not detailed, not vector, and the data was never free. But come to find out, you can buy this high-quality, detailed data. It’s very expensive, but it seems there are (otherwise) no obstacles in terms of getting it. That is, you don’t need to be a government or telecom company to look at it. The prospects also look unfortunately bleak for using an FOIA request to get it from public records which might contain the data.

One commercial data provider kindly gives you a sample map from their product to see the level of detail they provide. The area of focus for the sample? Washington DC. How handy. And I thought this stuff was hard to get because of the “terrorism risk”? Just another way corporate control over what-should-be-public-information makes private companies tons of money… sigh.

I think the letter copied below explains the situation better than I can repeat it here, but during a recent interaction with UPMC Health Systems, I was surprised to find a lack of good security practice. How many more security breaches or information leaks need to happen before somebody starts auditing these systems for security issues?

Edward McCallister
UPMC Health Systems
200 Lothrop Street
Forbes Tower, Suite 10072
Pittsburgh, PA 15213

Dear Mr. McCallister,

I’m writing you as an information security professional because, during a recent interaction with your organization, I encountered behavior that could possibly lead to a breach of confidentiality.

Recently, I had trouble logging into the “MyHealth” portal to complete the necessary steps to receive my “Health Reward” offered through the University of Pittsburgh (where I work) and UPMC. I called the help desk, and was told that my account was locked. The operator (who was very nice, by the way) then confirmed my password with me. By confirming my password, I mean she read what I had originally entered as a password back to me over the telephone.

What is troubling is that she (or anybody) has access to my plain text password. This is not standard industry procedure. In this circumstance, operators can typically reset passwords to something known; the end-user is then usually forced to change passwords upon login. My point is that telephone operators (and anybody else) cannot see what the password is currently set to. This type of handling of passwords is even reflected in many operating systems’ password entry fields; the fields show asterisks instead of the actual characters as you type into them.

What makes this particular problem worth your attention? Passwords are usually authentication tokens tied to individual people; only I know my password. Administrators, for instance, may have access to my data under their own “administrator” credentials (accesses that are probably logged with their username for auditing purposes), but with the system as you currently have it set up, anybody can pose as what the system thinks is (and therefore logs as) “me”. It would be impossible for anybody to prove who “me” really was; it could be anyone that knows (or can find out) my password—me, any telephone operator or a system administrator.

What makes this even more dangerous? If a malicious individual were to gain access to your database, he or she could potentially have a list of plain text passwords. This would make it trivial for them to login using any of the compromised credentials, without the difficulty of having to “crack” a hashed password.

I take the confidentiality of my health information seriously and, as a steward of health information, I’m sure UPMC does, too. Part of enterprise security processes (and auditing), as I know from my education, is knowing who accesses what information when (and perhaps from where). Your system has security lapses of a type that prevent a reliable “mapping” of accesses back to the who I describe (assuming your system is secure otherwise).

I hope that you find time to discuss this issue with your information security team, and at least let me know that you received this letter and are working on resolving the issue.

Sincerely yours,

Jeffrey Maki

I know this might not be anything new, but I recently noticed a trend in some of my collected photos of things energy-related: the branding of various legacy energy sources as “eco”. So far, I’ve seen gasoline, coal and ethanol branded as “eco-friendly”. No doubt you’ve seen the TV ads from BP, Chevron or Shell extolling their new “clean energy” initiatives; but have you seen the latest railcars or billboards?

Despite increasingly prolific evidence to the contrary, big energy companies seem to think that if they keep saying it enough, it will become true. “Coal: clean green energy.” Granted, West Virginia (and parts of Pennsylvania) *is* coal country, so nobody around here wants to see “old coal” go away. This was confirmed during my work in MacDowell County, WV. During interviews with the economic development agency and other locals, the loss of coal operations was spoken about as a huge blow to the state; losing the little bit that’s left would be seen as even worse. It’s been hard for people to find new jobs after working for coal companies all their lives. How is coal supposed to stay relevant in today’s eco-fetish society? (Besides China being a huge new consumer of coal–maybe not from West Virginia, but still…) Personally, I think coal is a struggling, but likely soon to die enterprise.

In my opinion, there’s clear winners in the alternative energy fest, and clear losers. Losers? Big coal. American auto companies (with crappy, unpopular hybrid offerings). Big winners? Asian automakers (think Prius. Think profit.). And ethanol. Ethanol’s all the buzz, and who’s on the “receiving end” of this huge revenue stream? Check out ADM’s stock performance. Not bad. Can’t beat those government subsidies, and fickle environmental trends both going your way–nothing’s better for the stock price!