Blog

I noticed on http://festivalinthepark.org/ that Charlotte’s “Festival In the Park” this weekend is still going ahead as scheduled, despite the Charlotte riots and curfews.  I was wondering how that is working out.  Are the artists and crafters actually setting up?  What were they told by the promoter?  Will anyone show up tomorrow and Sunday?  Are the police actually able to provide credible security?

My husband and i have been doing art fairs for 4 years now, and always try to be carefully strategic as to where to put our check out counter and cash area to ensure it is accessible only to us.  And until yesterday it was a great strategy.  Neither of us are certain how, but believe that it was toward the last minutes of the show that someone got in and took all of our $20 bills from below the till.  i am certain this was while i was distracted to the front of the tent by one customer, and my husband was pulling the vehicle up behind to begin the load out.  I shared our story with some of my friends who are fellow artists, and have had a variety of responses for how they handle cash.  The majority have indicated either an apron, fanny pack or some sort of bag that fits snug to the body.  I would love to hear your thoughts on how you handle cash.  I feel like such an idiot that i must have left up my guard for just a moment or two.  The only other explanation is that my neighbor has light fingers... because i expected her to be at the back of her booth, and thought nothing of seeing her close by.

    A retired diplomat well experienced in security, negotiation, and tact, my husband's complexion goes a little red when he senses insensibilities and totally uncalled for exaggeration (unless it's adeptly manipulated to draw out a laugh or two).  His reaction to such things is to research them immediately and try to discern truth from distraction; to tone down hyperbole so that rational thought might actually be encouraged.  Well, I'll let him take over:

     Such was the case when we received a no-reply email from ZAPP yesterday, the subject of which was "Four Important Updates You Should Not Miss!", one of which was "Note from the Department of Homeland Security About Internet Explorer."  Uh-oh, you think, I'm using IE, and I'm screwed!

     We're not trying to minimize the potential dangers we all face, but to enlighten those of us who are not computer experts or web professionals so that we don't naively fall prey to the cries of "wolf!" we hear so often these days.  The danger is still there, but why must an organization like ZAPP -- which plays such an important role these days for so many us here -- needlessly distort, overdo, and indeed fabricate facts in an attempt to scare us to move from one browser to another?

    ZAPP referred to "a widely distributed alert" from DHS that "advised computer users to stop using the Internet Explorer (IE) web browser," and wrote that DHS "stated that the browser is susceptible to a hack that could result in a security breach."

     Let's discuss this alert's origin, first.  The alert is yes, from DHS, but more accurately from their US-CERT (United States Computer Emergency Readiness Team), which actually issues alerts after culling software warnings from Carnegie Mellon University's "Vulnerability Notes" database.  Note that Carnegie Mellon has published over 46,000 vulnerabilities since September 26, 2000 -- an average of over 3,000 per year, or roughly 8 each and every day, 7 days a week.  Of those, US-CERT publishes alerts for the "most frequent, most high-impact types of security incidents ...".  To receive an emailed alert from US-CERT, you must be signed up to receive them; otherwise, you'd need to access US-CERT's website daily, especially if you're a system administrator for an organization (e.g., ZAPP).  Most everyday computer users, like you and we, don't need to see them (although it pays to be aware of all security alerts, be they physical, or IT-related).

     (We may also critique ZAPP's use of "DHS" as the alert's originator.  DHS alerts can take many forms, but they're usually not formally "DHS" alerts.  In addition to US-CERT alerts, these include advisories from NTAS (the National Terrorist Advisory System), FEMA, USCIS, and USCPB.  A little more specificity or elaboration would be more useful, practical, and less alarming.)

     Second, does this specific alert advise computer users to "stop using the Internet Explorer (IE) web browser"?

     It says (or more accurately, said) no such thing.  The US-CERT alert's specific recommendations are that "users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds," and for "those who cannot follow Microsoft's recommendations, such as Windows XP users, [they] may consider employing an alternate browser (emphasis ours)."

  Even more confounding is the fact that Carnegie Mellon published the vulnerability on April 27, US-CERT issued the alert on April 28, and on May 1, both Carnegie Mellon and US-CERT called attention to Microsoft's May 1 security update and resolution regarding the specific issue.  ZAPP's email is dated May 6!  It probably should be filed in our "Who Cares?" folder.  It looks like the problem was resolved a week before ZAPP scared the hell out of us with their DHS alert telling us not to use Internet Explorer.

     Third, ZAPP's email adds that it has "long recommended that ZAPP users utilize the Firefox, Chrome, or Safari browsers."  That's interesting, because according to their website:  "For optimal performance, use the most recent versions of Mozilla Firefox, Google Chrome, Internet Explorer, or Safari.  In our experience, Mozilla Firefox and/or Google Chrome are most compatible with ZAPP."  We don't know about you, but even in internet / software-speak, we find it difficult to make a distinction between "optimal performance," and "most compatible."  Contrary to their email with its ultra-scary DHS alert, it appears that ZAPP has also "long recommended" Internet Explorer for optimal performance.

     Finally, a rudimentary search of US-CERT software alerts will quickly reveal cautions concerning Firefox, Google Chrome, and Safari.  Where was ZAPP when these were published?

    So why would an organization like ZAPP publish a wolf-crying, potentially terrorist-related alert in an email like this?  Because their IT person was probably having a bad day.  And their email drafter was probably too confused (or web-innocent, like most of us), to question it.  And the person approving its issuance on May 6 was probably on a fishing trip and didn't realize the "danger" we'd all been in for a week and a half while he or she was busy catching trout.

     These are how things go sometimes.  So stay smart!  Be alert, but don't become paranoid.  Paranoia always calls for more work than is necessary.  (Such as installing and using a new browser, when the one you're already comfortable with, probably works fine.)  Paranoia can also freak out your neighbors.

Security is always an issue at the nation's art fairs with smaller events not having to pay much attention to it but the large ones that attract 100,000's of thousands of people beefing up their staff to insure the safety at their shows. When the Super Bowl was in Detroit a few years back I was on the staff and went to a meeting with not only local police but FBI, Homeland Security and border patrol officials speaking to us and briefing us on what to do. It was very sobering.

Texas' big show the Fort Worth Main Street Festival is taking place this weekend in the shadow of Monday's tragic occurrences in Boston. Festival organizers surely had their load increased in preparation for the event as they redoubled their security plans. The Fort Worth Police Department is deploying additional uniformed and undercover officers, as well as bomb-detecting K9 units, to areas in and around all large public events, said a city news release.

Suggestions that will be helpful to artists not only this weekend but going forward:

The release recommended signing up for a free service at www.nixle.com, where the Fort Worth Office of Emergency Management warns of natural or manmade emergencies in the area with texts and/or email.

Festival guests are asked to follow Homeland Security's caution: "If you see something, say something."

But because it's a free festival with 20 points of access, monitoring what people bring into it would be difficult, said spokeswoman Clair Bloxom.

"If someone saw a person leave a backpack at an artist's booth, you'd definitely want to report that to a police officer," she said. "We're encouraging people not to bring backpacks."

Guests also are asked not to bring coolers, said Jay Downie, event producer.

"If you bring a bag, keep it on your person," he said. "Any unattended bag will be confiscated."