Project

project

This is a leitmotif. You can only get away from it by scrolling down.

I make no claim at all to be a cartoonist (let alone a real artist). However, some people seem to like my cheesy little (mostly IT-related) cartoons, photos, and cheap sarcasm, so I figured I might start putting them together in the same place. That doesn’t mean you won’t find them elsewhere, though. You don’t escape that easily.

If you like I can has cheezburger or Gary Larson, or XKCD, or secmeme, you’ll be totally underwhelmed by this. On the other hand, if it raises the faintest suggestion of a wry smile, you might also like Parodies Regained, which stays firmly in my comfort zone (i.e. is almost entirely textual content).

I tweet everything I publish via @davidharleyblog, if you really can’t get enough. Be warned, a lot of the other stuff is Very Serious.

David Harley BA ex-CITP ex-FBCS ex-CISSP
Small Blue-Green World
ESET Senior Research Fellow
(See? Nothing to indicate any artistic merit.)

[Licensed under Creative Commons Attribution-NonCommercial 3.0 License. See the About page.]

Google owns up…

Once again, Google changed settings on one of my accounts because it didn’t know if I was over 18. I know I don’t look a day over 80, but still… Anyway, I thought that it was interesting that the company describes itself as an ad network. Not news to me, but I didn’t know they were proud of it. Perhaps FB – sorry, Meta – will follow suit…

David Harley

Facebook/Off

I’m not exactly a fan of Facebook. I first subscribed to it because I was in the IT security research field at the time and considered I should find out more about it. So I signed up to see how it worked from a participant’s point of view. However, some of my friends and colleagues in the security industry – who may well have signed up for similar reasons – quickly found me there and invited me to befriend them, and why wouldn’t I? Then some of my relatives and friends from outside the security industry also sent me invitations, and it would have been churlish to ignore them. Several years on, I find myself having joined various groups and following various pages because they coincided with my own interests.

Still, if you ever followed my blog articles, especially those written for ESET’s blog, it won’t come as a surprise to you that I was often critical of Facebook (and other social media platforms), and devoted a fair amount of attention to the scams and spam that circulated there. Even as my time in the security industry as a part-time blogger and editor was drawing to a close, I also built a page on the AVIEN blog called Anti-Social Media which was implemented as a resource for publicizing information from other sources relating to such material, since I certainly didn’t have the time to cover all those issues myself. (I was fortunate in that ESET was happy, for many years, to pay me to pursue such activities as well as doing the sort of work more directly related to promoting their brand.)

So, do I like Facebook? Well, I still value the social interaction, even though I don’t trust the company any more than I trust any other bloated corporate. And if I found myself shaking hands with Zuckerberg, I’d feel obliged to count my fingers afterwards. (Which doesn’t mean that I take every word attributed to a whistleblower like Frances Haugen as gospel, nor the comments of media-conscious pundits like Bruce Schneier, let alone those of self-aggrandizing columnists who know much less than Schneier.)

But do I despise all the people who use Facebook? Of course not, though I sometimes wish that someof them wouldn’t, or would at least apply more critical thinking to their interactions. So I find myself more than usually irritated at the amount of Schadenfreude exhibited by some people in the more rarified strata of the security industry at the self-inflicted PR disaster that took place when Facebook, Instagram and WhatsApp disappeared from the Internet for several hours yesterday. By ‘strata’ I mostly mean the technically adept people who wouldn’t be seen dead on Facebook (which is perfectly justifiable) and don’t give a flying whatsit about the billions of people who do use it because “they don’t know any better.”

I don’t suppose any of these gurus care about the opinions of a retired researcher (though to be honest my main contributions to the field were in geek-to-English translation rather than esoteric bits-and-bytes research). But I’m going to express them anyway, whether you read them or not. I’m not saying that you shouldn’t focus on the technical stuff, of course, but sometimes you need to give less thought to how much more you know than the common herd, and more to why so many people prefer to talk to each other on Facebook rather than listen to you lecture them on Twitter about how stupid they are…

David Harley

A Moment of Flippancy – Stewball

When I was young and a lot folkier than I am today, a song about an 18th century racehorse variously called ‘Stewball’, ‘Skewball’, ‘Skewbald’ and so on was very popular in folk clubs, especially in the form in which it was best known in the US. Even if you’re not in the least folky and haven’t ever heard that version, you probably know the tune as borrowed by John Lennon for his son ‘Happy Christmas (War is Over)’.

There is lots of information about the US and Irish versions as recorded by various people on the Mainly Norfolk page here.

Now comes the flippancy.

Coming across a rather nicely sung rendition of the US version by Stephen C. Mendel on Facebook, I was reminded that according to many versions of the song in both its US and Irish incarnations, the horse had two unusual characteristics:

  1. It talked to its rider and/or its owner
  2. It tended to drink alcohol rather than water

According to the US version often heard, “he never drank water / but always drank wine”, while the home-grown version popularized by Bert Lloyd tells us that after a big win “horse and rider both ordered sherry wine and brandy”.

So I suppose it was inevitable that while taking my daily exercise, I found myself singing (somewhat breathlessly):

Stewball was a racehorse
He isn’t much missed
He won lots of races
But only when p****d

Let me reassure you that I do not intend to divert my writing in general into the Billy Connolly school of songwriting, and hope not to expand this into a full-length song.

David Harley

Glowering Inferno

[There are people to whom I’m rather pleased to cause offence, but those who are made uncomfortable by even the moderate use of the f-word are not usually among them. If you do fall into that group, feel free to avert your eyes before you get down to the photograph that I’ve thoughtfully placed at the bottom of the page.]

Today my attention was drawn to a podcast project called The Word Bin  run by Fair Acre Press – an attractive idea from an independent publishing house that certainly looks worth taking a look at.

The idea behind The Word Bin is to invite people to comment on which words they’d like to consign to the trash and why. I was (and still am) severely tempted to contribute, but am reluctant because:

  • I’m more often vexed by whole phrases than single words
  • Most of the words that irritate me do so are context-sensitive: that is, they’re irritating because they’re used inappropriately – for instance, as a meaningless filler and/or cliché – not because they have no legitimate use.

Still, I’m not one to ignore the opportunity to vent – or at least glower at – a number of examples of annoying verbiage, so here are a few, not necessarily in ascending (or descending) order of aggravation.

  1. ‘Literally’

A context-sensitive irritation: it’s a word that has a valid and sometimes useful meaning, but seems mostly to be used as a synonym for ‘metaphorical’, which it clearly isn’t.

  1. ‘Of’

Removal of this useful little preposition might pose some tongue-twisting circumlocutory clauses, but would at least rid me of the need to listen to people who ‘should of’ paid more attention at school so that they’d know that “could’ve” is not pronounced “could of”. Though perhaps English schools are not always an English-secure environment. My wife, a former teacher, insists that a former head of department at her school regularly committed the same assault on my native language.

A former colleague with whom I shared editing duties in various contexts for many years recently presented me a mug with an inscription that addresses this and a number of similar bugbears – see below (at the bottom of the article), but only if you’re not offended by the frequent use of a certain four-letter word.

  1. ‘So’

So many people use this little word inappropriately at the start of a sentence (see what I did there?) that I’m tempted to consign it permanently to Nadia Kingsley’s sin-bin, but then I’d have to rewrite this sentence. I will say that when someone on our television uses it as a meaningless filler at the start of a sentence, the rest of the sentence is usually drowned out by the groans.

  1. ‘Generous’

Context-dependent: a tip in a restaurant or a large charitable donation may legitimately be defined as generous. However, when a government imposes restrictions – however justified – that imperils the livelihoods of citizens – it isn’t spending its own money when it subsidizes those citizens in the hope of keeping them employed. Much of the money being spent is drawn from taxes they paid, directly or indirectly. The first duty of a government is to use its income – and yes, the money it borrows – to protect its citizens, not to provide lucrative contracts for its cronies.

  1. ‘Unfortunately’

I think we could take it as read at this point that it’s unfortunate that so many people have died of Covid-19-related illnesses. At any rate, it isn’t necessary to repeat it several times during a speech or briefing. I’m not sure we need reminding quite so often that there are people behind the statistics. Of course, I’m in favour of politicians reminding themselves of that fact, but when they do so publicly and so often, I have to wonder if this is just empathy by rote, or shorthand for ‘circumstances for which we take no responsibility’.

  1. Alas

See “Unfortunately”. I used to quite like this charming and faintly archaic word until I noticed it used three times in two sentences by a politician not noted for reliability, competence, or devotion to the truth or even democracy. Which makes me wonder if it has become a Bullingdonian way of expressing sorrow without empathy or admission of responsibility.

  1. Corruption, Cronyism, Fake News

Would it be cynical to suggest that these are already covered by ‘politics’? 😦

David Harley

Living the Dream

My dreams are often mad, but usually in a pedestrian way that I manage to forget by the time I reach a keyboard. Tonight, however, I found myself telling a Mossad assassin that he would not reach the Commissioner tonight as he was even now on a train to Istanbul. Strangely, I was aware that this would stall the plot since mobile phones had not yet been invented, but proceeded anyway.

In any case, I’m not sure why this conversation was taking place on a housing estate in Shropshire, but I’m sure that Childers or Buchan would not have squandered this opportunity to play a part in the Great Game, on the Big Stage. After all, their authoring opportunities were largely restricted to endeavouring to avoid massive ‘conventional’ conflict across Eurasian borders. If I were to pursue this them in (probably virtual) print this morning, it would probably turn out that the story presaged the last days of the human race. Perhaps all stories do, at this point.

In any case, my progress towards a rational denouement was impeded by my pre-senile bladder, which woke me in order to send me to the bathroom. However lively my dream life may become, it seems that authoring an adventure novel would be an over-ambitious late addition to my bucket list.

David Harley

About David Harley

David Harley is an IT security researcher, author/editor and consultant living in the United Kingdom, known for his books on and research into malware, Mac security, anti-malware product testing, and management of email abuse.

Harley has worked in IT since the mid-1980s, working initially at the Royal Free Hospital in London. From 1989 to 2001 he worked for the Imperial Cancer Research Fund (now Cancer Research UK), where he eventually moved into full-time security. In 2001 he rejoined the National Health Service where he ran the Threat Assessment Centre. After leaving the NHS in 2006 to work as an independent consultant, he worked closely with the security company ESET from where he retired in 2019, having held the title Senior Research Fellow since 2011.  In 2009 he was elected to the Board of Directors of the Anti-Malware Testing Standards Organization (AMTSO), but stood down in February 2012, when Righard Zwienenberg, president of AMTSO, joined ESET, so that there wouldn’t be more than one Board member representing the same AMTSO member entity.

Bibliography

  • Anonymous; et al. (2001). Maximum Security Third Edition. SAMS. Chapter 17 “Viruses and Worms”, Chapter 18 “Trojans.”
  • Harley, David, Robert Slade and Urs E. Gattiker (2001). Viruses Revealed. McGraw-Hill Companies.  Co-Author.
  • Anonymous; et al. (2002). Maximum Security Fourth Edition. SAMS. ISBN 0-672-32459-8. Revised Chapter 17 “Viruses and Worms”, Chapter 18 “Trojans.”
  • Bosworth, Seymour, Kabay M.E.; et al. (2002). Computer Security Handbook. John Wiley. Co-wrote Chapter 49, “Medical Records Security” with Paul Brusil.
  • Paulus, S., Pohlmann N., Reimer, H.; et al. (2004). ISSE 2004: Securing Electronic Business Processes. Vieweg. Massmailers: New Threats Need Novel Anti-Virus Measures.
  • Bidgoli, Hossein; et al. (2006). Handbook of Information Security. Wiley. Volume 3, “E-Mail Threats and Vulnerabilities.”
  • Schiller, Craig A.,, Binkley, Jim; et al. (2007). Botnets: the Killer Web App. Syngress. Co-wrote Chapter 5, “Botnet Detection: Tools and Techniques” with Jim Binkley.
  • Harley, David; et al. (2007). AVIEN Malware Defense Guide for the Enterprise. Syngress. ISBN 978-1-59749-164-8. (Editor, technical editor, several chapters.)
  • Baccas, Paul; et al. (2008). OS X Exploits and Defense. Syngress. Chapter 3: “Malicious Macs: Malware and the Mac.” Chapter 4: “Malware Detection and the Mac.”
  • Bidgoli, Hossein; et al. (2008). The Handbook of Computer Networks. Wiley. Volume 3, “E-Mail Threats and Vulnerabilities.”
  • Eddy Willems (in process). Cyberdanger (already published in Dutch and German). Translation, review, editing, contributing some content.

Most of his writing since joining ESET is available here:

Most of his writing for other magazines, web sites etc. is available from or via the Geek Peninsula blog, as are most of the above writing.

Among his other security-related (sometimes) blogs are: