Friday: Ball and Chain

/11 Comments/in , , , /by

This end-of-the-work-week observation is a little different. I’ve posted some not-jazz jazz for your listening pleasure. This piece called Ball and Chain is performed by a loosely joined group of people who worked on development of a subgenre of jazz during the 1990s. It’s called M-base — short for “macro-basic array of structured extemporization” — which relies on improvisation along with non-European elements as jazz does. But its artists’ deliberation in composition combined with a more contemporary flare set this style of music apart from other jazz.

Sample a couple more pieces with a little extra estrogen — Cassandra Wilson’s vocals in You Don’t Know What Love Is, and Geri Allen’s keyboarding here with Esperanza Spalding and Terri Lyne Carrington performing Unconditional Love at a recent Jazz in Marciac festival. Wilson and Allen have both been members of the M-base collective, along with Steve Coleman, Robin Eubanks, Graham Haynes, and Greg Osby. I recommend searching out each of those folks in YouTube to explore their continuation of M-base in their work.

That’s enough to get you through your Friday evening nightcap. You’ll probably need one after this stuff.

Volkswagen’s Dieselgate

Living in a Digital World

  • Twitter says it wasn’t hacked after millions of users’ account data appears online (Bloomberg) — Hey, listen up, boneheads complaining about your Twitter account being locked: 1) Change your password periodically (like every 12 weeks) and 2) DON’T USE THE SAME PASSWORD ON MORE THAN ONE ACCOUNT. Looks like some folks haven’t learned that once one account is breached, more are at risk if they use the same password or a previous iteration from another account. ~smh~ It would take very little to create a database of breached addresses from multiple platforms and compare them for same passwords. If, for example, [123456PW] is used on two known accounts, why wouldn’t a hacker try that same password on other accounts attached to the same email address?
  • Oklahoma state police bought debit card scanning devices (KGOU) — They’re not merely reading account data if they pull you over and take your card to scan for information. They may confiscate any funds attached to the card, too, under civil forfeiture. This is ripe for abuse and overreach, given poor past legal precedent. Why is a magnetic strip any different than your wallet?

Economics of a different kind

  • Economics don’t match reality, and the root of the problem is academic (BloombergView) — Each of “coffee house macro,” finance macro, Fed macro, and academic macroeconomics are grossly out of sync with reality. But the root of this distortion is the one thing they all have in common: their origin in academic economics. Yeah — academia has become little more than an indoctrination factory for the same flawed concepts, while reducing any arguments against the current “free market uber alles” thought regime.
  • Adbusters isn’t waiting for academia; they’re ready to Battle for the Soul of Economics (kickitover.org) — Check it, social media warfare has begun.

That’s a wrap on this week. I’m fixing myself a stiff belt and shuffling off to bed. Catch you Monday, the Fates willing and the creek not rising due to climate change.

Share this entry

The SSCI Contemplates Splitting CyberCommand from DIRNSA

/1 Comment/in /by

The Intercept’s Jenna McLaughlin liberated a copy of the Senate Intelligence Committee’s Intelligence Authorization for 2017 which was passed out of committee a few weeks back. There are two really shitty things — a move to enable FBI to get Electronic Communications Transaction Records with NSLs again (which I’ll return to) and a move to further muck up attempts to close Gitmo.

But there are a remarkable number of non-stupid things in the bill.

I’m particularly interested in this language.

Screen Shot 2016-06-10 at 9.01.03 AM

Unless I’m completely misreading it, this section would require the Director of NSA to be a separate person from the head of CyberCommand. It would require Admiral Mike Rogers’ current dual hat to be split.

Correction: DIRNSA and CyberCom would only need to be split if CyberCom gets elevated to be a full combatant command.

That’s a recommendation the President’s own Review Group made back in 2013, only to have the President pre-empt PRG’s recommendation before they could publicize it. It would also likely have some impact on NSA’s decision, earlier this year, to combine the Information Assurance Directorate — NSA’s defensive organization — in with its offensive mission.

Frankly, I think our entire cybersecurity approach deserves a more open debate. The IC has done a pretty crummy job at defending us from attacks, and it’s not clear what purpose their secrecy about that serves.

But I am intrigued that SSCI seems to think NSA should retain its defensive capability, independent of all its offensive ones.

Share this entry

Monday Morning: Tarantela [UPDATE]

/15 Comments/in , , /by

I could listen to this piece on a loop. It’s Santiago de Murcia’s “Tarantela,” performed by noted lutist Rolf Lislevand. The instrument he is playing is as important as the music and his artistry; it’s an extremely rare Stradivarius guitar called the Sabionari. While tarantellas more commonly feature additional instruments and percussion like tambourines, this instrument is stunning by itself.

You can learn more about the Sabionari at Open Culture, a site I highly recommend for all manner of educational and exploratory content.

And now to dance the tarantella we call Monday.

Wheels

  • What’s the German word for ‘omertà’? Because Volkswagen has it (Forbes) — Besides the use of obfuscation by translation, VW’s culture obstructs the investigation into Dieselgate by way of a “code of silence.” And money. Hush money helps.
  • Growing percentage of VW investors want an independent investigation (WSJ) — An association 25,000 investors now demands an investigation; the problem continues to be Lower Saxony, the Qatar sovereign-wealth fund and the Porsche family, which combined own 92% of voting stock.
  • VW production workers get a 5% pay raise (IBT) — Is this “hush money,” too, for the employees who can’t afford to be retired like VW’s executives? The rationale for the increase seems sketchy since inflation is negligible and VW group subsidiary workers at Audi and Porsche won’t receive a similar raise.
  • Insanity? VW Group a buy opportunity next month (The Street) — Caveat: I am not a stockbroker. This information is not provided for investment purposes. Your mileage may vary. But I think this is absolute insanity, suggesting VW group stock may offer a buy opportunity next month when VW publishes a strategy for the next decade. If this strategy includes the same utterly opaque organization committing fraud to sell vehicles, is it smart to buy even at today’s depressed prices? The parallel made with Apple stock is bizarre, literally comparing oranges to Apples. Just, no.

Bad News (Media)

Cybersec

  • Organized criminals steal $13M in minutes from Japanese ATMs (The Guardian) — And then they fled the country. What?! The mass thefts were facilitated by bank account information acquired from an unnamed South African bank. Both Japan and SA use chip-and-pin cards — so much for additional security. Good thing this organized criminal entity seeks money versus terror. Interesting that the South African bank has yet to be named.(*)
  • Slovenian student receives 15-month suspended sentence for disclosing state-created security problems (Softpedia) — The student at Slovenia’s Faculty of Criminal Justice and Security in Maribor, Slovenia had been investigating Slovenia’s TETRA encrypted communications protocol over the last four years as part of a school project. He used responsible disclosure practices, but authorities did not respond; he then revealed the encrypted comms’ failure publicly to force action. And law enforcement went after him for exposing their lazy culpability hacking them.
  • Related? Slovenian bank intended target for Vietnamese bank’s SWIFT attempted hack funds (Reuters) — Huh. Imagine that. Same country with highly flawed state-owned encrypted communications protocol was the target for monies hackers attempted to steal via SWIFT from Vietnamese TPBank. Surely just a coincidence, right?

Just for the heck of it, consider a lunch read/watch on a recent theory: World War 0. Sounds plausible to me, but this theory seems pretty fluid.

Catch you here tomorrow morning!

* UPDATE — 1:20 P.M. EDT —
Standard Bank reported it had lost 300 million rand, or USD $19.1 million to the attack on Japanese ATMs. First reports in South African media and Reuters were roughly 11 hours ago or 9:00 a.m. Johannesburg local time. It’s odd the name of the affected bank did not get wider coverage in western media, but then South Africa has a problem with disclosing bank breaches. There were five breaches alleged last year, but little public information about them; they do not appear on Hackmageddon’s list of breaches. This offers a false sense of security to South African banking customers and to banks’ investors alike.

Japan Times report attribute the thefts to a Malaysian crime gang. Neither Japan Times nor Manichi mention Standard Bank’s name as the affected South African bank. Both report the thefts actually took place more than a week ago on May 15th — another odd feature about reporting on this rash of well-organized thefts.

Share this entry

Friday Morning: Mi Ritmo

/9 Comments/in , , , /by

Oye como va
Mi ritmo
Bueno pa gozar
Mulata

— excerpt, Oye Como Va by Tito Puente

This Latin jazz song was on the very first album I owned — Santana’s Abraxas. I have no idea what possessed my father to select this way back in 1971 because he’s not musically inclined. I prefer to think he was persuaded by the music store staff to buy it for me rather than think the cover art did it for him. To this day I don’t dare ask; I’d rather live with my illusion.

Perhaps he simply liked Oye Como Va by Tito Puente and decided I needed it. Maybe that’s what he wanted to listen to when I played the album over and over again, ad nauseam. The song is still easy to listen to even when played by a septuagenarian, isn’t it? Though Puente probably still felt the same way about this song in his last live performance as he did when he first recorded it in 1963.

The personal irony I’m certain my father never considered: the last line is a reference to a mixed race “mulatto” woman. That’s me.

Vamos, amigos!

Wheels

  • South Korea frustrated by Volkswagen’s response to Dieselgate (Yonhap) — Hard to tell how many VW passenger diesel cars with the emissions controls defeat tech have been sold in South Korea to date. Last year’s sales of 35,700 suggest VW needs to exert itself a little more than offer to recall a total 125,000 cars.

Technology Trends

  • Breakthrough in memory technology could change computing dramatically (IBM via YouTube) — I’m still trying to wrap my head around this; could be the simplicity of the underlying science seems so obvious I can’t understand why it wasn’t discovered sooner. Using polycrystalline rather than amorphous material, more data can be stored and in a manner which is stable and not prone to loss when electricity is cut. This technology could replace DRAM at flash memory prices. Imagine how quickly systems could begin processing if they could avoid seeking programs and data.
  • Google’s annual I/O event chary on enterprise computing (ComputerWorld) — Wonder if Google executives’ expressed intent to focus on the enterprise is a veiled threat directed at Oracle? The I/O annual conference didn’t have enough enterprise applications to satisfy the curious; is Google holding back? Or are there pending acquisitions to fill this stated intent, ones not yet ready for publication? I wouldn’t be surprised to see Google launch something on par with Salesforce or Zoho very soon. Google Drive components already compete with or are integrated with some of those Zoho offers in its small business offering.
  • Android’s coming to Chromebooks — finally! (Google Blog) — I’ve put off buying another laptop until this happened, guess I’ll look at the first three models on which developers will focus their development. The applications available for Android phones have been mind-boggling in number; it’d be nice to have the same diversity of selection for laptops. And then maybe desktops in the not-too-distant future? That would really make a dent in enterprise computing.

Cybersec

  • Security camera not password protected? Police may be able to tap it (Engadget) — Love the subhead: “Don’t worry, it’s supposed to be for a good cause.” Just add the invisible snark tag. Purdue University researchers found surveillance cameras could be tapped to allow law enforcement to monitor a crime scene. I don’t know about you but this sounds like a backdoor, not a convenient vulnerability. If the police can use it soon, who might already be using it?
  • Qualcomm mobile chip flaw leaves 60% of Android devices exposed (Threatpost) — Not good, especially since this boo-boo may affect both oldest and newest Android versions. But a malicious app is required to take advantage of this flaw, unlike the Stagefright exploit. Android has already issued a patch; the problem is getting it to all affected devices.
  • LinkedIn’s 2012 breach yielded info on more than 100 million accounts (Motherboard) — Only 6.5 million accounts were initially breached — but that’s only the first batch published online. The actual haul from 2012 was at least 117 million accounts, now for sale for a mere five bitcoins or $2200. Are you a LinkedIn user? Time to check Have I Been Pwned? to see if your account is among those in the breach.

Climate Crises

  • Record high temp of 51C (124F) recorded in India (The Register) — Drought continues as well; article notes, “Back in India, relief from the heat is expected when the annual monsoon hits. The cooling rains generally arrive in mid-June.” Except that with a monster El Nino underway, the amount of rain and cooling will depart from average.
  • Polymath Eleanor Saitta considers climate change and comes to some grim, mortal conclusions (Storify by @AnthonyBriggs) — If you’re a policymaker, you’d better worry about dealing effectively with climate refugees and deaths in the millions. Maybe billions. Refugees from Syria will look like a minuscule blip. If you’re not terrified, you should be.

Looks like it’s going to be a lovely late spring weekend here — hope you’re going to have a nice one, too. See you Monday!

Share this entry

Wednesday Morning: Meet Me on the Floor

/6 Comments/in , , /by

I admit it, I’ve betrayed my kind. I’ve been remiss in my responsibilities, haven’t been equitable.

To fix that, you need a dose of estrogen, stat. This morning’s medication is Veruca Salt’s Volcano Girls.

Feel better soon, eh?

Wheels
Mitsubishi’s Tetsuro Aikawa to leave, asks Nissan to name replacement (Bloomberg) — Announcement comes six days after Nissan announced it would buy a controlling interest in Mitsubishi. Nissan’s CEO Carlos Ghosn indicated he does not intend to subsume and phase out the Mitsubishi brand; this may have encouraged Aikawa he was leaving the company in good hands. I wouldn’t bet on some overlap between Nissan/Mitsubishi being eliminated.

Suzuki apologized for using the wrong fuel economy tests (Reuters) — Suzuki says it didn’t need to change its declared mileage data based on correct testing. I sure hope independent testing confirms this, though I suspect the same study which revealed Volkswagen’s cheat would have indicated additional validation needed.

Volkswagen says it will focus on profitability, pronto (Bloomberg) — Investors are restless and complaining about VW’s recalcitrance toward cost cutting in light of 16 billion euros it set aside for fixes and claims due to Dieselgate. Executives’ pay is on the butcher’s block. More than a little overdue as VW execs knew about the emissions controls defeat’s detection two years ago.

Forensic scientist reports to NHTSA Chevrolet’s dangerous cruise control problem (Zdziarski’s blog) — PAY ATTENTION TO THIS IF YOU’RE A LATE MODEL CHEVROLET OWNER. Read the linked post; Chevrolet’s response is deplorable, asking drivers to modify behavior rather than supply/fix product to work as documented and sold.

The (Fossil Fuel) Business
Goldman Sachs downgrades stocks to neutral while going bullish on oil (Bloomberg) — I like the subhead on this article: “Too many things to worry about.” ~LOL~ Excess valuation, lower growth, “a wall of stock market worries” encouraged the bear move. Things not explicitly mentioned: the U.S. and Australian elections and Brexit referendum outcome.

But…bullishness on oil out of whack (MarketWatch) — Another LOL-ish subhead today: “The fine print shows Goldman analysts believe oil will struggle to easily top $50.” So GS is telling its clients to reduce excess oil holdings while conditioning overall market to firm up what’s in their clients’ portfolios? ~smh~ Just as above, not mentioned in this take are any elections/referendums.

Note, too, that neither of these reports mentions Iran.

Anadarko Petroleum downgraded to neutral by Credit Suisse (Trade Calls) — You want another confusing take on fossil fuels? Read this article. Supports MarketWatch’s calling out GS on oil, though Anadarko also includes natural gas.

Total SA’s CEO Pouyanne pooh-poohs France’s ban on shale gas (Bloomberg) — Man, this dude is as arrogant as his predecessor. France could simply outlaw any imports without a certificate of origin, and force the industry to figure it out. Yet another article that doesn’t mention Iran, which sits on one of the largest natural gas reserves in the world. Pouyanne’s predecessor was cozy with Iran, too. So why all the attitude about North American shale gas imports?

Artificial Intelligence
Hedge fund used AI to pick through Fed Reserve’s minutes (Business Insider) — Using AI gleaned from a competition it hosted, Two Sigma fund analyzed the Fed Reserve. The app used Natural Language Processing and found some interesting trends. Wonder if the results would be different using Google’s SyntaxText open sourced this past week?

NSFWhut?
Cynically opportunistic marketing push promotes so-called ‘anti-Zika’ condoms (IBTImes-AU) — Pharmaco Starpharma Holdings and condom-maker Ansell will give Australia’s Olympians “Dual Protect” condoms lubricated with VivaGel for “almost 100-percent anti-viral protection” against Zika. Never let a perfectly good health crisis go to waste, right?

CDC says any condom will work against Zika (MarketWatch) — Yeah. That. I said this already: condoms are recommended for other viral STIs like herpes and HIV, will work fine for Zika, no special anti-Zika condom required. But you have to use the consistently and for at least six months after exposure to Zika since the virus can remain in men’s reproductive system for at least that long after infection.

ONE company will release condoms in 56 different sizes (Glamour) — Holy schnikes. This is a broader range of sizes than men’s off-the-rack suits. No excuses about not wearing condoms, there will be one bound to fit gents. Would be nice if ONE could hit the market with these in Brazil before the Olympics. (And don’t turn your nose up at Glamour. It’s one of the better articles I read today, includes some good links.)

There’s enough material to get you over the hump. Catch you in the morning tomorrow!

Share this entry

SEC Says Hackers Like NSA Are Biggest Threat to Global Financial System

/4 Comments/in , /by

Reuters reports that, in the wake of criminals hacking the global financial messaging system SWIFT both via the Bangladesh central and an as-yet unnamed second central bank, SEC Commissioner Mary Jo White identified vulnerability to hackers as the top threat to the global financial system.

Cyber security is the biggest risk facing the financial system, the chair of the U.S. Securities and Exchange Commission (SEC) said on Tuesday, in one of the frankest assessments yet of the threat to Wall Street from digital attacks.

Banks around the world have been rattled by a $81 million cyber theft from the Bangladesh central bank that was funneled through SWIFT, a member-owned industry cooperative that handles the bulk of cross-border payment instructions between banks.

The SEC, which regulates securities markets, has found some major exchanges, dark pools and clearing houses did not have cyber policies in place that matched the sort of risks they faced, SEC Chair Mary Jo White told the Reuters Financial Regulation Summit in Washington D.C.

“What we found, as a general matter so far, is a lot of preparedness, a lot of awareness but also their policies and procedures are not tailored to their particular risks,” she said.

“As we go out there now, we are pointing that out.”

Of course, the criminals in Bangladesh were not the first known hackers of SWIFT. The documents leaked by Snowden revealed NSA’s elite hacking group, TAO, had targeted SWIFT as well. Given the timing, it appears they did so to prove to the Europeans and SWIFT that the fairly moderate limitations being demanded by the Europeans should not limit their “front door” access.

Targeting SWIFT (and credit card companies) is probably not the only financial hacking NSA has done. One of the most curious recommendations in the President’s Review Group, after all, was that “governments” (including the one its report addressed, the US?) might hack financial institutions to change the balances in financial accounts.

(2) Governments should not use their offensive cyber capabilities to change the amounts held in financial accounts or otherwise  manipulate the financial systems;

Second, governments should abstain from penetrating the systems of financial institutions and changing the amounts held in accounts there. The policy of avoiding tampering with account balances in financial institutions is part of a broader US policy of abstaining from manipulation of the financial system. These policies support economic growth by allowing all actors to rely on the accuracy of financial statements without the need for costly re-verification of account balances. This sort of attack could cause damaging uncertainty in financial markets, as well as create a risk of escalating counter-attacks against a nation that began such an effort. The US Government should affirm this policy as an international norm, and incorporate the policy into free trade or other international agreements.

After which point, James Clapper started pointing to similar attacks as a major global threat.

I don’t mean to diminish the seriousness of the threat (though I still believe banksters’ own recklessness is a bigger threat to the world financial system). But the NSA should have thought about the norms they were setting and the impact similar attacks done by other actors would have, before they pioneered such hacks in the first place.

Share this entry

Tuesday Morning: Speed of Love

/12 Comments/in , /by

This video fascinates me. I’ve watched it a number of times since Nerdist shared it last month; it’s the 24-minute long set by Freddie Mercury and Queen at the 1985 Live Aid concert held in Wembley Stadium.

Nerdist noted the audience’s response reflects the speed of sound — the visible ripple of fans’ hands speeds across the crowd in response to the sound as it leaves the stage area and travels across the venue. The gif they shared was taken about 16:37 into this set, just as the band begins We Will Rock You.

I think there was more at work here because earlier snaps of the audience reaction during Radio Gaga (roughly 4:25 onward) don’t show the same marked wave across the crowd. But several points in the set Mercury interacts with the audience, coaxing them to sing and shout along with him.

And then at 16:35 when he begins We Will Rock You, the crowd is completely in sync with him. They adore him and are utterly engaged. The wave is not just sound but their feeling for Mercury and his performance.

Can you imagine a politician who could induce such a response?

Cybersecurity
Adobe Flash must die, and Google’s slowly exterminating it in Chrome (Ars Technica) — By year’s end, Flash will be disabled by default in Google’s Chrome browser. It will only play when manually enabled. All part of the slow migration to HTML5 away from risky Flash.

Antivirus app halts heart surgery (Ars Technica-UK) — Holy crap. Why does medical equipment need antivirus software to begin with, let alone how does an A/V app launch and run during surgery?

Artificial Intelligence
Dude, that female TA you hit on? An AI bot (Sydney Melbourne Herald) — Wow. Future’s already here and you can’t tell you’ve been dissed by both your prof and the chick-bot-TA.

A series of tubes
Remote healthcare not ready for prime time (ScienceDaily) — Study using fake patients to test direct-to-consumer teledermatology remote health care systems found security problems with IDs, poor-to-bad assignment of clinicians, many errors made in major diagnoses, insufficient warning to pregnant patients when meds prescribed, just for starters. Think of this as Healthcare Internet of Things Fail.

Super. Fast. Wireless. Internet. Coming. To. YOU! Really? (MIT Technology Review) — Ugh, so breathless with excitement they are about this startup called Starry. I was, too, initially, but we’ve been told this crap for more than a decade. Since this requires the cooperation of Verizon, AT&T, Facebook, and Google to standardize on this platform AND reception relies on line-of-sight, I’m not holding my breath.

The Business
New business for Amazon to tackle: its own private label groceries (Techcrunch) — Amazon doesn’t want to leave a penny on the table. If customers are too price sensitive to click their Dash button for a big name brand consumer good, they’ll offer their own instead. Prime accounts only, though; first goods will be heavy on baby needs, which makes sense given parents are often a captive audience.

Norway’s sovereign (oil) wealth fund to sue Volkswagen (AP) — Fossil fuel-created fund owns 1.64% stake in Volkswagen. It’s suing to protect its assets exposed by VW’s emissions controls cheat. Imagine me laughing at oil suing a car company for the manner in which it promulgated oil consumption.

Norway’s Statoil to launch first floating wind farm (Bloomberg) — This company is well ahead of Shell when it comes to diversifying energy production.

Flint Water Crisis
Michigan’s top law enforcement agent unaware of Michigan State Police “quiet investigation” (WZZM) — Still scratching my head over this one. Why did the governor ask MSP to conduct an administrative — not criminal — investigation, omitting the state attorney general? And who’s conducting a genuine criminal investigation, including the governor’s role?

Gender Equity
Toy maker(s) insisted Iron Man 3 movie must have male, not female villain (The Mary Sue) — In other words, Marvel’s big sweeping superhero movies are really just very long trailers to sell boys’ toys. Girls and women need not apply. I have no idea how they can make a decision based on any realistic data given the dearth of female villains on screen and in toys. Is this just some lame argument for inequity in front and behind the camera?

Running behind, probably read too much today and swamped my processing circuits. Hope mid-week becomes a little more focused — catch you tomorrow!

 

Share this entry

Thursday Not-Morning: Stupid

/11 Comments/in , /by

Jeepers. I need hip waders. There is just so damned much stupid over the last 24 hours. It’s a veritable flood.

The Future is here, and it’s stupid

  • Law firm “hires” first artificially intelligent lawyer (Futurism) — Oh how nice. Treat human misery like a fungible commodity by using IBM’s AI ‘lawyer’ Ross to process bankruptcies. Want to bet it’s cheaper to hire paralegals to do the work Ross does? Want to bet Baker & Hostetler’s Ross will be replaced by a competing internet-based firm processing bankruptcies even more inexpensively? Hey Congress: doesn’t it say something to you about the number and kind of bankruptcies when a ‘robot’ can process them?
  • Facial recognition expected to be $6 billion by 2020 (Curatti) — No invasion of privacy issues there, nor any security risks whatsoever. No chance at all two or more people have the same facial characteristics in terms of dimension.
  • Chinese tech company prepares for future where our consciousness lives forever in a computer (Bloomberg) — This is really creepy, and yet very much possible in the near-term future. If AI can nearly reproduce you from your social media, why can’t it replicate your consciousness?

The Past remains, and it’s stupid, too

  • Staffing company Portico sent home a receptionist for not wearing high heels (BBC) — A petition emerged in response, asking Parliament to outlaw such policies; 100,000 signatures mustered overnight. They’ve reversed their position today after a furor arose about their policy requiring women to wear 2-4 inch high heels on the job at a PriceWaterhouse Cooper facility. PwC says it’s not their policy. Come on now — it’s 2016, not 1956. It’s just plain stupid to ask workers of a specific gender to wear attire for looks — attire which causes discomfort and is not recommended by doctors.
  • Belgian beer company changes iconic American brand name to pander to voters (AdAge) — Take one of the oldest and most recognized U.S. brands on which hundreds of millions of dollars have been spent to entrench an immigrant’s name into the American psyche. Then remove it and replace it with the country’s name for six months. My gods, the stupid on this one. Fortunately a West Michigan brewer is taking advantage of this opportunity with ‘Murica! I could use one right about now.
  • Some SAP accounting software users attacked because they screwed up in 2010 (The Register) — Talk about time travel. I’m sure there’s some folks who’d like to go back to 2010 and execute that security patch correctly this time before hackers smite their business to smithereens.

The Present’s no gift

  • Don’t feed the sea turtles (Scientific American) — Surprise! When tourists feed junk food to sea turtles, the turtles’ health mirrors that of humans fed the same crap.
  • Study: Ransomware cybercriminals provide better, faster service than internet service providers (Nature) — Not even a rational comparison next to Comcast. Seems like there’s a market opportunity here; if crooks held a machine hostage AND offered a PC tune-up, would PC owners happily fork over cash? Hmm.
  • Marijuana use during pregnancy increases risk for pre-term birth (ScienceDaily) — What a surprise that a psychoactive drug combined with toxic by-products from smoking a plant product might have negative effects on pregnancy.

Ugh. Hope tomorrow is kinder to us. See you in the morning!

Share this entry

Wednesday Morning: Wandering

/4 Comments/in , , , /by

This music video is the result of an insomniac walkabout. I went looking for something mellow I hadn’t heard before and tripped on this lovely little indie folk artistry. Not certain why I haven’t heard Radical Face before given how popular this piece is. I like it enough to look for more by the same artist.

Let’s go wandering…

Volkswagen: 3.0L fix in the offing, but too late for EU and the world?

  • New catalytic converter may be part of so-called fix for VW and Audi 3.0L vehicles (Bloomberg) — The financial hit affected dividend as reserve for fix/recall/litigation was raised from 6.7B to 16.2B euros. VW group will not have a full explanation about Dieselgate’s origins and costs to shareholders until the end of 2016.
  • But Netherland’s NO2 level exceeds the 40 microgram threshold in 11 locations, violating EU air pollution standards (DutchNews) — Locations are those with high automobile traffic.
  • UK government shoveled 105,000 pounds down legal fee rat hole fighting air pollution charges (Guardian-UK) — Look, we all know the air’s dirty. Stop fighting the charges and fix the mess.
  • UK’s MPs already said air pollution was a ‘public health emergency’ (Guardian-UK) — It’s killing 40-50,000 UK residents a year. One of the approaches discussed but not yet in motion is a scrapping plan for dirty diesel vehicles.
  • Unfortunately global CO2 level at 400 ppm tipping point, no thanks to VW’s diesel vehicles (Sydney Melbourne Herald) — Granted, VW’s passenger vehicles aren’t the only source, but cheating for nearly a decade across millions of cars played a substantive role.

Mixed government messages about hacking, encryption, and cybersecurity enforcement
Compare: FBI hires a “grey hat” to crack the San Bernardino shooter’s iPhone account, versus FCC and FTC desire for escalated security patching on wireless systems. So which is it? Hacking is good when it helps government, or no? Encryption is not good for government except when it is? How do these stories make any sense?

  • State of Florida prosecuting security researcher after he revealed FL state’s election website was vulnerable (Tampa Bay Times) — Unencrypted site wide-open to SQL “injection attack” allowed research to hack into the site. Florida arrests him instead of saying thanks and fixing their mess.
  • UK court rules hacker does not have to give up password (Guardian-UK) — Computer scientist and hacker activist Lauri Love fights extradition to U.S. after allegedly stealing ‘massive quantities’ of data from Fed Reserve and NASA computers; court ruled he does not have to give up password for his encrypted computers taken into custody last autumn.
  • SWIFT denies technicians left Bangladeshi bank vulnerable to hacking (Reuters) — Tit-for-tat back and forth between Bangladesh Bank and SWIFT as to which entity at fault for exposures to hacking. Funny how U.S. government is saying very little about this when the vulnerability could have been used by terrorists for financing.

Well, it’s not quite noon Pacific time, still morning somewhere. Schedule was off due to insomnia last night; hoping for a better night’s sleep tonight, and a better morning tomorrow. Catch you then!

Share this entry

James Clapper’s Latest Effort To Fearmonger about Snowden’s Damage

/8 Comments/in , , /by

In addition to getting him to admit the US can’t fix the Middle East but we have to stay because our “leadership” is needed there, in this column David Ignatius asked James Clapper, again, about how much damage Edward Snowden has caused.

Clapper said the United States still can’t be certain how much harm was done to intelligence collection by the revelations of disaffected National Security Agency contractor Edward Snowden. “We’ve been very conservative in the damage assessment. Overall, there’s a lot,” Clapper said, noting that the Snowden disclosures made terrorist groups “very security-conscious” and speeded the move to unbreakable encryption of data. And he said the Snowden revelations may not have ended: “The assumption is that there are a lot more documents out there in escrow [to be revealed] at a time of his choosing.”

Let’s unpack this.

Clapper provides two pieces of evidence for damage:

  1. Snowden disclosures have made terrorist groups “very security-conscious”
  2. Snowden disclosures have “speeded the move” [by whom, it’s not entirely clear] to unbreakable encryption

That’s a bit funny, because what we saw from the terrorist cell that ravaged Paris and Belgium was — as The Grugq describes it — “drug dealer tradecraft writ large.” Stuff that they could have learned from watching the Wire a decade ago, with a good deal of sloppiness added in. With almost no hints of the use of encryption.

If the most dangerous terrorists today are using operational security that they could have learned years before Snowden, then his damage is not all that great.

Unless Clapper means, when he discusses the use of unbreakable encryption, us? Terrorists were already using encryption, but journalists and lawyers and US-based activists might not have been (activists in more dangerous places might have been using encryption that the State Department made available).

Neither of those developments should be that horrible. Which may be why Clapper says, “We’ve been very conservative in the damage assessment” even while insisting there’s a lot. Because this is not all that impressive, unless as Chief Spook you think you should have access to the communications of journalists and lawyers and activists.

I’m most interested, however, in this escrow idea.

“The assumption is that there are a lot more documents out there in escrow [to be revealed] at a time of his choosing.”

Snowden and Glenn Greenwald and Laura Poitras and Bart Gellman have said about a zillion times that Snowden handed everything off before he went to Russia. And everyone who knows anything about Russia would assume if he brought documents there, Putin has had them for almost 3 years.

Sure, there are surely documents that reporters have that, reviewed in the future by other people, may result in new disclosures. But the suggestion that Snowden himself is asking the journalists to hold back some of the documents “in escrow” is rather curious. Why would Snowden withhold documents until such time that the technology behind disclosures would be out of date.

I mean, it’s useful as a basis to claim that Snowden will continue to damage the IC when there’s actually not that much evidence he already has. But it doesn’t make much sense to me.

Ah well. In the article Clapper says he’ll be around for 265 days, which means around February 9 of next year, someone else will take up fearmongering about Edward Snowden.

Share this entry