Introducing the Hitchcock

Some trucks have testicles, mine has a Hitchcock.

The Hitchcock on the truck.

The Hitchcock on the truck.

Yes, that’s supposed to be the outline of Alfred Hitchcock.  It looks a lot like Harambe though…

Hitchcock in profile

If you want to make one, check out the Thingiverse thing here.  Download all files, open the zip up, and under “files” you’ll find an “stl” file.  Hop on over to, click “start manufacturing”, and upload that “stl” file.  I used regular PLA plastic and printed in white to try to avoid any discoloration due to sunlight inevitably breaking this thing down.  If you want a recommendation for a specific hub to use over there, these guys printed this Hitchcock, and I’m sure they’ll do a great job for you too.

For the next go with this, I’ll add some definition to the print, and maybe change the way the right side and bottom are laid out.  Having something that looks like Harambe is also great, but it might be a clearer joke to everyone else in traffic if it’s clearly Alfred Hitchcock staring back at them.

Confidentiality and Integrity vs Availability

In computer security, there are three main axes for consideration – confidentiality, integrity, and availability (CIA).  These are commonly thought of as things you desire out of a secure system.  You want your communications to only be available to the intended agents, you want them to remain unchanged except when you intend them to change, and you want them to be available when you need them.  Preferably, you want your communications to have all of those properties.

Organizations make trade offs between CIA daily, and in the real world increasing one necessarily decreases another.

This fact is obvious to most network security practitioners – but only considered in theory.  In practice, organizations trade off CIA each time they make a decision about their information systems.

This fact is not obvious to an organization’s decision makers – management.

Most computer security decisions seek to increase confidentiality and integrity without considering the costs to availability.

This is visible primarily in the standard Information Technology world, as contrasted to the SCADA/ICS Operational Technology world where most recognize availability as king.

To demonstrate C&I vs A, consider the way we “improve the security” of our information systems in the traditional IT world.  Improvements generally focus on the C&I, and they do so by adding defense in depth, or defense in breadth.


Defense in depth, first.  Add a security measure to your IT system that is of a type not currently available – add a firewall, an IDS or IPS, include SSL introspection, endpoint virus scanners, host-based firewalls, host-based anomaly detection…  There are always new ways to add defense in depth.

These are methods that directly add fragility to your IT system!  This type of fragility is similar to a child’s model bridge that is supported by one popsicle stick at each end, perhaps leaning against a wall.  Popsicle sticks snap, breaking the bridge, in the same way that network infrastructure has the potential to disrupt your network.

Security infrastructure components have a non-zero probability of causing a problem with part of your organization’s mission.

When you add defense in depth, you are gluing a popsicle stick to the bottom of the bridge’s current supports.  You’re making those bridge supports longer by one popsicle stick.  Now the chances of the bridge breaking have increased – the older stick can snap, or the newer, or both.  The probability for the older stick snapping and the bridge breaking remains the same, but you’ve added in a new possibility with the new stick.

In network security a popsicle stick snap looks like a device blocking legitimate traffic (false-positives), a device providing a new attack surface area for adversaries, a device adding just enough to the packet TTL that delivery fails, or a device delaying traffic long enough to disrupt communications at higher levels in the network model.

Adding defense in depth can provide benefit to confidentiality and integrity, but increases network fragility.  An increase in network fragility necessarily reduces network availability.  The reduction in availability may be difficult to detect, and most of the time has negligible effect.  However – networks are in place for months and years, and over that time the availability reductions become noticeable.


Defense in breadth is again like gluing an additional popsicle stick to the end of the existing bridge supports!  It is not similar to taping a second popsicle stick to the existing ones, nor is it similar to adding another connection point to the bridge for a popsicle stick.

Defense in breadth is adding a second version of an existing defensive measure with the idea that, if the first didn’t catch a bad guy maybe the second will, and we’ll still have caught the bad guy.  Increasing defense in breadth by adding measures to the system has all the same negatives as increasing defense in depth, all of the same outcomes, and increases fragility of the system in the same way.

Adding network redundancies can improve availability, but stretches manpower, limiting the benefits of redundancy to availability.


In practice, manpower is limited.  This is as true in the field of network security as it is in every other field.  The limited manpower that is monitoring your networks today is having some amount of success – you are able to use your networks with some level of CI&A.  By increasing the number of defensive measures those employees must maintain, and increasing the redundancy measures they must maintain, you are requiring more of those limited manpower resources.  This is all in addition to the growing size of other parts of your enterprise and the growing network requirements of our information age.

There is, of course, a rate at which you can increase C&I defenses, and increase network redundancy, and increase manpower, and remain in front of your decreasing network availability.  However, increases in organizational size increase complexity and decrease your return on investment.

Implementing new confidentiality or integrity measures at a constant rate requires exponential increases in availability investment.

This is unsustainable!  Not to mention the fact that every organization has monetary resources and management motivation that will give out long before availability is substantially improved.

Of course – this type of problem has been common in history.  Automation technology and process improvements (defensive/operational tactics) usually save the day, and they can here too, but they are one more thing that will add complexity and fragility to your network, thus reducing availability.  The measures become self-limiting in the same way as before.

Others have discussed the trade offs in C&I vs A – however the idea that C&I trade off vs A is mostly found in discussions of availability’s more human needs.  For example, the idea that increasing C or I by implementing password restrictions makes it more likely that a bank manager will forget their password, and therefore will be unable to run the bank, decreasing availability.  Another paper discusses how confidentiality decreases as redundancy measures (availability) increases, due to increased attack surface area.  However, I have seen very little discussion of a decrease in availability of the underlying technical network consequent from implementing new confidentiality and integrity measures.  I have seen ample evidence of this, though, especially in the business networks I a most familiar with.

Managers of the networks I’m familiar with regularly mandate new security measures, nearly always designed to improve confidentiality or integrity.  Availability issues are always cropping up, and network complexity is rarely considered as a possible cause.  Network complexity is almost never fingered as a problem worth fixing, and increased manpower is always the solution.  Increased manpower is also rarely politically practical.

Lastly – this thought is related to the idea of byzantine failures causing catastrophe within a complex system.  Availability issues are simply the small catastrophes leading up to the major one.

What to do, what to do…

  • We must remember that measures designed to increase confidentiality and integrity necessarily decrease availability.
  • We must be bold enough to consider eliminating confidentiality and integrity measures.

Most of all, though,

We must always balance the risks related to confidentiality and integrity vs the risks to availability.

BBQ Chicken

I’ve been grilling for a while.  Years.  Have I ever taken it seriously?  Yes – well, seriously enough to find that steak recipe I like…  Seriously enough to find that grilled whole chicken recipe I like…  Seriously enough to switch to a charcoal chimney…  All-in-all, maybe more serious than the casual griller, but not much more serious than that.

This memorial day, it’s time to BBQ a whole chicken.  I mean – grill a chicken and use BBQ sauce.  I specify that because there seems to be some dispute over what folks mean when they say BBQ.

My method for grilling a whole chicken comes from the Serious Eats blog.  That article describes the author’s quest to find the best way to grill chicken, and I have found that it produces a wonderfully grilled roaster chicken in about 1.5 hours – a long time to wait, but just don’t plan to make this recipe in a hurry.

The gist is this:

  1. Start the grill with all the coals over on one side.  This will let you create a two-zone fire.
  2. Butterfly the chicken.  Stick metal skewers through it to hold it flat later.  I like roaster-sized chickens for this, because there’s lots left-over.
  3. Cook the chicken over the cool side of the grill, skin facing up, legs facing the hotter side of the grill.
  4. When the chicken breasts hit at least 120℉ and the legs are at least 145℉, flip the chicken over, skin-side down, onto the hot side of the grill.
  5. Cook until the breasts are 145℉ to 150℉, the rest should be 165℉.  This only takes about 10 minutes.
  6. Take it off and rest covered 10 minutes.
  7. Cut ’em up.

Ok – so how will BBQ sauce make this different?  I’m going to base this on another post from Serious Eats.  Some things that’ll be different from what they recommend there: I’m only flipping the chicken once, and I’m doing a whole chicken.  First, I’ll apply 1/2 tsp salt per pound, then let the chicken sit in the fridge uncovered 2 hours.  Then, I’ll butterfly and use a dry rub, and put it on the grill.  Then, after maybe an hour grilling, and well before the breasts hit 120℉ and I have to move to the hot-side, I’ll brush BBQ sauce on the skin side, maybe every 10-20 minutes.  Then after I flip it to the hot side I’ll brush BBQ sauce on the bottom once – it’ll come off shortly after.

Time to go to the store and get a roaster…  I plan to use the Meathead Memphis Dust dry rub – it’s good on ribs and pulled pork, so let’s try it here.

Ribs and Salmon

Time to try some ribs!  I’ll use this recipe with the Memphis Dust dry rub I used on the pork butts.  Also – we’re out of Salmon.  I’m going to do a double batch of the usual.  I’ll just do 6 pounds for four hours, then do 6 more for 4 more hours.

The inside of the smoker before starting.

I bought what I thought were 3 racks of ribs – 3 large vacuum-packed things of ribs from Costco.  About 30 lbs total.  What I didn’t realize is that each vacuum packed bag contains 3 racks of ribs…  So I’m going to do 9 racks of ribs.  This is stupid and I almost certainly don’t have enough room in the smoker, but it’ll all work out :-)

Nine racks of ribs on cutting boards.

1900, 5 May 2018: Started the smoker at 225℉ and started washing, salting and dry-rubbing the ribs.  I used 1/2 tsp salt per pound, although didn’t get it as evenly-distributed as I’d like.  I wish I had salted these earlier, but we don’t have the fridge space or the time.  I used up all the remaining dry rub from the earlier pork butts.

1950: Prep of the ribs is done, and they’re on the smoker.  The smoker is ridiculously full.  The ribs are leaning on each other.  This is silly…

2000: Beginning prep of salmon.

2040: Prep done, went and checked the ribs.  The smoker says the temperature is only 165℉…  That seems very unusual to me.  Typically, the smoker takes only a short time to return to temperature.  I tried to slide the racks away from the back wall, thinking that maybe something was in contact with the thermometer for the smoker.  I don’t believe that was the case.  I believe that the meat is restricting the flow of air too much.  I moved meat out from the back wall and opened the vent fully.  The smoker feels like it isn’t very hot…  The meat at the bottom though is quite warm.  There are two temperature probes in place.  One registers a meat temp of 120℉, and the other 75℉.  I think the former is in contact with bone, but it’s also likely that it’s the lower probe and the meat is actually hotter than the other meat.  This is going to cause a problem for me.  I don’t want some ribs to be much more done than the others.  I don’t want them to be cooked quickly.  I want slow cooked…  Hopefully the smoker airflow will work better and temperature will equalize, permitting the smoker element to turn off.  We’ll see.

2100: I opened the door again and used the other temperature probe on the meats.  The other probe, placed in meat on each level, registered between 133℉ and 140℉.  The probes in the meat registered 150℉ and 105℉.  I’m going to assume that the actual meat temp is 133℉ to 140℉, and that the probes are in parts of the meat that isn’t very representative of the correct temperature.  Most importantly – the meat is cooking at a somewhat consistent temperature throughout the smoker.

2200: I removed the bottom half of all the ribs – they were past the temperature I’d hoped to achieve, the smoker still hadn’t reached temperature, the lowest ribs looked like they were starting to burn.  Burn!  In a smoker.  Craziness.  I thought that by removing the bottom half I’d allow more smoke to circulate and bring the temperature up.  I tasted these ribs that were removed.  The ribs closest to the burner, and hottest, were tender and good.  They were almost what I’d hoped for.  The ribs slightly further away were tougher.  Still good, but not quite what I’d wanted.  I left the remaining half on for another hour, despite the other half already being at the desired temperature.

2300: I removed the other half of the ribs.  This second half seems to be as consistently tender as the hottest ribs in the bottom half.  This is what I’d hoped to achieve.  I’m happy, even if this did not go anywhere near plan.

0710, 6 May 2018: First 6 lbs of fish went into drying.

1126: Fish went on the smoker.  I didn’t clean the smoker at all – I dumped the water pan and refilled it.  This may impart some pork seasoning to the fish.  We’ll see.  I doubt it’ll be bad though.

1136: Second half of fish is drying now.  The smoker is definitely burning up some of that pork fat that was in there.  Hopefully that doesn’t impart a bad flavor to the fish.

1226: A lot less smoking from the pork remains, at this point.  I basted the fish – it’s clear that they cooked pretty hot for the first hour.  There is much more albumin than expected on them right now.  I’m not too worried though, it’s not too far off that second time I smoked salmon.  They might be done a little early.

1326: Turned temp up and basted.  Normal amount of albumin.

1426: Went out to turn the temperature up and baste the fish, and checked their temperatures on a lark.  The fish was done!  It was at the mid-high range of its intended temperature.  I brought it all in without basting it again.  I suspected that the smoker had been running a bit hot the entire time – especially at the beginning.  I think that beginning heat supercharged everything and the fish finished faster.  It tastes good…

1440: The rest of the fish is on.

1540: Lots of albumin again, it was probably burning hot again…

1740: Once again – right before I crank the heat to the top value, the fish is done.  Temperature is perfect, I pulled it off.  Tastes good.

Lessons Learned:

  1. It is possible to overfill a smoker.
  2. Clean some of the fat out of the smoker between goes so it doesn’t burn so hot.
  3. Sarah doesn’t like as smokey as the chicken got last time – this salmon may be too smokey for her, too.  Hopefully not.  Love that woman.