07.22.12
Sunday Gospel
“Heed these words, my disciples: When the crowd has not machine guns, it cannot protect itself from evil carrying a machine gun and a Glock.” — Chapter 2, The Compleat Sayings of American Jesus.
The President’s ‘Doomsday Cyberattack … Unrealistic’
From SecurityNewsDaily, on Friday:
The president’s opinion piece, placed on an editorial page usually hostile to his administration, was aimed at Senate Republicans who had opposed an earlier version of the bill on the grounds that it would create a new regulatory bureaucracy …
Meeting stiff opposition from conservatives, the bill in its original form could not garner the 60 votes needed to break a Senate filibuster. So yesterday (July 19), Lieberman introduced a watered-down version of the bill that removes the mandatory provisions and instead makes compliance with new cybersecurity standards voluntary.
The revision offers inducements for companies that choose to comply, such as protection from liability relating to a security incident …
Digital security experts are divided over whether the bill is necessary, and even whether the dramatic scenes depicted by Obama in his opinion piece are even possible ..
“Has a major attack happened? No,” said Steve Santorelli, a security researcher at Team Cymru in Lake Mary, Fla., who’s worked in the past for Microsoft and Scotland Yard. “Are they scanning and exploring? Almost certainly someone is, but it’s not clear exactly who or why.”
“There’s going to be an attack on specific trains loaded with what just happen to be specifically dangerous chemicals so that it or they jump the rails and cause a catastrophe?” asked George Smith, an expert on national-security technology at GlobalSecurity.org in Washington. “This belongs strictly to the last ‘Die Hard’ movie.”
“They could have run a simulation based on the plot of ‘Independence Day,'” said Julian Sanchez, a research fellow specializing in technology at the libertarian Cato Institute in Washington. “That would not be a ‘sobering reminder’ that alien invasion is ‘one of the most serious economic and national security challenges we face.'”
“There is little to zero evidence reservoirs and water systems can be significantly damaged by cyberattack, even if one grants the minor possibility of remote trifling with pumping systems,” Smith said. “Water purification and supply is a nationally distributed matter. There is no way to universally degrade it in the United States.”
A number of people were cited on what manipulation through SCADA might be able to do. The arguments remain the same.
Because something is vulnerable, often just potentially so, everything is vulnerable everywhere. And we have a peeping Tom at my apartment building so just think if he were at your place and became more ambitious, wanting to get into your rooms!
Because something, read everything, is computerized, and it is so easy to act maliciously through the net, everything is at risk.
Often the concerns are sincere. Often many are simply manipulative, too. We can agree it is good to always be mindful of security. However, there was a point, one we’re now past, when the story-telling turned abusive and strained.
Example:
Despite the fact that the facility’s computers were not connected to the Internet, Stuxnet got in and changed the software on programmable logic controllers (PLCs) operating uranium-processing centrifuges, causing them to spin out of control and setting back the Iranian nuclear program by more than a year.
“Many of the fundamental problems are caused by software vulnerabilities in PLCs that are impossible to fix,” Santorelli said. “They were never designed to be secure because the folks that developed them, like everyone else, never really saw this threat coming when the systems were built a generation ago,
“It’s sobering to think that the same PLCs that Stuxnet attacked are also in the rides that we take our kids to in theme parks every weekend,” Santorelli added.
So because a complex computer virus the US government developed and sent into the world, children at Disney’s and Dorney’s through the US are menaced by stuff our many anonymous enemies might make.
Security hawk arguments always work the same way.
Because we have done something, or can do something, and insist that it is trivial to duplicate, everyone else can and will do it to us. And the consequences will always be worse. All that is man-made is eventually vulnerable will be attacked.
“The stupid stupids at the Department of Homeland Security are dangerous, so as a demonstration I will now threaten to cause more alum to be put into a smallish tank of water somewhere in Houston!” cackled the fiend from his cyber-bunker, somewhere in the United States.
Meanwhile, the country passes through a decade of decay from much more well-explained and now mundane real world happenings.
And the security fixation on proving that everything is vulnerable, that not enough defenses are in place and that the defenders are not being listened to, their work threatened, occasionally will result in the potential for giving us the pleasure of another Bruce Ivins.
Again, my counter-arguments to the President’s opinion piece are here — at Globalsecurity.Org.
Many years ago — the late Nineties — I contributed a number of opinion pieces to the Wall Street Journal, all on computer viruses and cyberwar.
One, from 1998, is here:
Permalink Comments off
07.21.12
American douchebag
USMC Triple Amputee Wrestles a Gator Video
Deleted. Please forgive momentary lapse in judgment. Recommendation: Give up cable subscription.
Permalink Comments off
07.20.12
Hoist on own petard
From the wire, Fender Musical Instruments shelves its IPO:
Fender Musical Instruments announced Friday that it would be withdrawing its planned initial public offering (IPO) based on current market conditions.
“Current market conditions and concerns about economic conditions in Europe do not support completing an initial public offering at what we believe to be an appropriate valuation at this time,” said Larry E. Thomas, Fender’s Chief Executive Officer, in a statement …
After going public, the company was hoping to have roughly 26.4 million shares outstanding. This would have valued Fender at about $395 million, but that all goes out of the window now.
By gross tonnage, most of Fender Musical Instruments’ guitars and amplifiers are made in China and Mexico. Its US manufacturing is essentially an artisan and snob business, priced for the high end for music professionals, people on label contracts and people who perhaps played when they were young, but then went into lawyering or banking and want a piece to impress people.
However, guitar players — young to old — are not, on average, a wealthy bunch. And the lousy economy has hit musicians hard. There aren’t any deep pocketed men on the staff at Guitar Center, walking the showroom floors nationwide.
So the idea that everyone who owns a Fender-branded guitar or amplifier would buy stock to have a piece of the company is laughable. Guitar players aren’t part of the investing class, not even as hobbyists.
Which would largely leave Fender stock to those who buy its artisan custom shop goods. Yet Fender is also very definitely not Harley-Davidson, the iconic US motorcycle manufacturer.
With its off-shored manufacturing hitched to the low and middle ends of the market, those segments where consumers were the most blasted by the economic collapse and subsequent loss of jobs and dollars, Fender Musical Instruments did what it had to.
Fender — from the archives.
Permalink Comments off
Jeff Bezos’ plan to make more people miserable
The entire business strategy of Amazon revolves around devaluing labor, compressing prices, and taking the swag difference for itself.
With Mechanical Turk, it’s getting people to work on-line for free or almost so for the sake of small social parasite businesses. With Amazon shopping, it’s to put warehouses around the country, hire people at lousy rates and treat them poorly, so those with their consumer buying power still intact can have their stuff.
Having destroyed a lot of publishing, Amazon is striving to be Wal-Mart.
Now the idea to build more sweatshop warehouses so you can have diapers and toilet paper without going five hundred yards to the supermarket.
From the wires:
Same-day shipping has been the bane of Amazon’s existence and the single leverage brick-and-mortar retailers held over its online challenger. But Amazon may start offering same-day delivery as soon as next year, according to various reports, which could further alter the retail landscape.
Amazon has not confirmed the rumors but retail insiders believe it’s an inevitable move for the online retail giant. The Seattle-based company has been planning to add new distribution centers across the U.S. in states such as New Jersey, Texas, California, Virginia and Indiana and these new warehouses will be able to ship online purchases to consumers living in that state within hours. Same-day shipping by Amazon would be another blow to brick-and-mortar retail stores already battling the phenomenon of “showrooming,” an industry term for when customers examine products in person but buy the same goods online, often at a lower cost.
In 1999, TIME magazine made Bezos man of the year. In 1965 it did the same for William Westmoreland.
Permalink Comments off
A Righteous Man
Permalink Comments off
07.19.12
The President delivers his cyberscare story
The President delivers his digital Pearl Harbor story, not using the phrase because presumably has been told of its exposure to ridicule, in the Wall Street Journal (excerpted):
Last month I convened an emergency meeting of my cabinet and top homeland security, intelligence and defense officials. Across the country trains had derailed, including one carrying industrial chemicals that exploded into a toxic cloud. Water treatment plants in several states had shut down, contaminating drinking water and causing Americans to fall ill.
Our nation, it appeared, was under cyber attack. Unknown hackers, perhaps a world away, had inserted malicious software into the computer networks of private-sector companies that operate most of our transportation, water and other critical infrastructure systems …
It doesn’t take much to imagine the consequences of a successful cyber attack. In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home. Taking down vital banking systems could trigger a financial crisis. The lack of clean water or functioning hospitals could spark a public health emergency. And as we’ve seen in past blackouts, the loss of electricity can bring businesses, cities and entire regions to a standstill …
For the sake of our national and economic security, I urge the Senate to pass the Cybersecurity Act of 2012 and Congress to send me comprehensive legislation so I can sign it into law.
It’s time to strengthen our defenses against this growing danger.
Nothing new in the lede graphs, the President resorting to the stock scary cyber-wargaming and scenario-concoction the US national security apparatus has delivered since … always.
Historically, the meme is invariant, delivering news that everything is vulnerable. The entire nation falls over from surprise cyberattack.
First, let’s deal with the alleged coordinated attack on trains, one which causes them to jump the tracks, releasing toxic chemicals everywhere.
If you think about this a little it falls apart,
The US has a rail system, like all countries, and mistakes happen occasionally. These cause accidents and derailments.
And throughout the nation there are lights on the tracks that signal switches open and closed, and warning and so on. Plus there are controllers. Plus people who react immediately to side-strep or remedy problems.
There is not one master switch for all rail, hubs are scattered all across the US, thousands of them, I imagine.
So, with one sentence, you are asked to belive there’s going to be an attack on specific trains loaded with what just happen to be specifically dangerous chemicals so that it or they jump the rails and cause a national catastrophe?
The intelligence requirements just to start thinking about that are beyond belief. This belongs strictly to the last Die Hard movie, the one where the fired Pentagon security contractor battles McClain.
“Trigger the accidents and the release of the poison gases now!” cackled the fiend from deep within his cyber-bunker, somewhere in the eastern hemisphere.
So shame on President Obama or, more likely, a staffer for putting it in. So the occasional bad rail accident from normal human error will remain more likely than hack or cyberwar attacks on the same.
The presumption that this has changed, or is about to, is senseless.
To make another counterpoint, there is little to zero evidence reservoirs and water systems can be significantly damaged by cyberattack, even if one grants the minor possibility of remote trifling with pumping systems.
The hazard posed to water supplies was worked out early in the war on terror, motivated by fears of chemical and biological terrorism aimed at them.
Water is difficult to ruin, unless one is speaking about massive oil spills, run-offs into rivers from mismanaged chemical plants or massive industrial accidents that release materials into natural waterways.
Every year such events happen throughout the US. Recovery is swift.
In addition, water purification and supply is a nationally distributed matter. There is no way to universally degrade it in the United States.
For example, my brain tells me, and it’s usually pretty good at these things, that it would be virtually impossible to affect water in Los Angeles County short of destroying the Owens Valley, the Los Angeles Aqueduct, the Colorado River and the Colorado River Aqueduct. It would take an almost irreversible blackout in California to hinder the flow of water into LA County.
What, could hackers or cyber-soldiers blow up Pasadena Water & Power or make the complex unusable and all the water unpotable?
How do you do that locally in Los Angeles, one of the most populous places in the world? Water supplies in ponds are scattered everywhere, there is no one central water supply and plant to do something to.
Theoretically, if you believe someone can turn up the addition of chlorine, so what? You can’t supersaturate water with it. There is no way to turn water into bleach in everyone’s tap from the Internet. You can’t turn it into poison in any serious way. You can only try to turn it off.
Details matter, not potential bluff by one hacker, published in hundreds of stories — truth being determined by the number of people convinced to reprint exactly the same thing — that “[said] hacker posted pictures of [a water] facility’s internal controls.”
This matter, being more of a personal publicity stunt executed through PasteBin by a hacker personally indignant at the Department of Homeland Security at what he saw to be it’s dilatory attitude toward the dangers posed to the nation’s water system.
Indeed, using one minor news story, never really followed up to make a case that the entire nation’s water is threatened, is an obvious kind of propaganda.
Further, how could cyber-soldiers or hackers make doctors stop dealing with the sick in hospitals? They’ll turn off the power and corrupt all the patient data, never mind the senselessness of doing both.
Just go with me for a minute.
They’ll take away Internet connectivity and e-mail, and put ridiculous and dangerous results in digital logs of patient records, like prescribing insulin shots for everyone except the diabetics or Viagra for people with really bad tickers. Then the staff will roll out the needles, pills and drips and put everyone into a coma.
Ahem. Do you really think that the practice of medicine hasn’t had years of experience dealing with bad or screwed up e-mail, malware, and criminal pests who get into networks?
Anyway, it is exceptionally bad to try and stampede people into believing stupid things through the use of fear, no matter how well meaning you are.
In his essay the President is working from the script that the United States can be turned off with select manipulation of a few switches. This is an absurd construct, but an old one, and something that can also be dubbed a zombie lie.
Finally, readers can take note of the placement of this in the Wall Street Journal, the newspaper of the financial system.
Attack on the financial system has become a regular part of the mythology used to influence policy makers, even though it’s to laugh. Consider the state of the economy and the predicament of the 99 percent. The financial sector might be attacked! Really?!
What, exactly, would that do to the 99 percent? Not a trick question.
From last week, mirrored at GlobalSecurity.Org (excerpted):
Cybersecurity is a serious national issue. But the implication that it is the issue or that your future is disappearing in front you due to the lack of it should put a bug up your a–…
[If] you conduct a meaningful public poll on how much average Americans really care about “the financial sector” being protected against cyberattacks, you might get an earful on how they’d like to be protected from the financial sector. Bank of America and Wall Street aren’t going to be popular again for a good long time. This is called ignoring the big picture, or historical context, and it has always had meaning for issues in national security. You cannot defend something or win the war when the little people, the locals, have little or no interest or incentive in rallying to your side.
Put another way, it’s impossible to ultimately secure an infrastructure of businesses the majority believes to be corrupt.
For the sake of a discussion that emphasizes the gravity of dealing with cybersecurity it’s just easier to quote someone higher up, like Leon Panetta: “Technologically, the capability to paralyze this country is there now.”
It works in a talks even though the people who’ve been around since the beginning quietly hoot and roll their eyes.
I didn’t care much for your decision to use computer viruses as weapons either, Mr. President.
The argument that careless connection of remote systems to the Internet has been with us for a very long time. People have been saying this for years. Exercise caution when connecting stuff that you believe to be critical.
Some people do. Some don’t. Some do it and add security or presume they have. Others just put it on-line so they don’t have to be on-site all the time. This is the way of things and it probably always will be.
So, yes, there are going to be security problems but where are they in the entirety of the big nation and is there a master map?
These are unquantifiable questions no one can really answer except to say managing the security of such things and the risk imposed is a day to day battle.
The problem arises when it is all spun, as the President has done for effect, into a message of fear, delivered from the notion that it is trivial to collapse the nation from remote access, all for the motivation toward a policy.
There are arguments and debates to be made on this to persuade people, but sincere efforts take time and aren’t served by stuff like this. Yet it has always proven convenient to go with the pungent essay seasoned with fearful examples.
Permalink Comments off
Dance and mime the mess and futility away
Eric Raum, who works for the United Service Organization, helped produce the video. On his blog, Raum explains how it all came about:
“A few weeks ago, a friend of mine here in Afghanistan, Randy Moresi, approached me about the song ‘Call Me Maybe’. I had just returned to Kandahar from the U.S. and had been taken back by how big of a hit it was, as we often miss out on the latest and greatest while in the ‘Stan and I hadn’t heard it before. She said that people were creating covers of the song, and that it would be a lot of fun for the guys and gals out here if we could create a military version. With a day off looming, we got to work trying to get things organized.”
Create a military version. Well, only a couple pages full of soldiers doing exactly the same thing, with varying degrees of production value.
So how do you pick who’s going to get the good video cameras, the dance move coaching, the hi-fi recording and the Final Cut Pro editing job? Rhetorical.
Meanwhile (you knew this was coming):
KABUL, Afghanistan—The Taliban said they detonated a bomb on a fuel tanker Wednesday and then opened fire on other NATO supply trucks in a morning attack that destroyed 22 vehicles loaded with fuel and other goods for U.S.-led coalition forces in Afghanistan.
Elsewhere in the country, a suicide bomber killed three Afghan soldiers at a checkpoint in the east, while militants killed nine more government troops in an ambush in the south. Three NATO service members were also killed in insurgent attacks.
The violence comes as Afghan forces are taking charge of security in more areas across the country ahead of the planned withdrawal of the U.S.-led coalition’s combat forces by the end of 2014. To show they remain a resilient force, insurgents are conducting targeted attacks, even in relatively peaceful parts of the country.
Such gay music. Good for morale. But it’s a shame to waste it so mindlessly on delusions.
Permalink Comments off
Google, music piracy and freetardism
The BBC delivered a piece today which discussed Google as an enabler of piracy, a giant company with no “moral viewpoint” on the activity although it loudly professes the support of copyright.
Some quotes (with my comments in italic):
I suspect that many of you reading this will come down on Google’s side. After all the music industry is hugely powerful, and has been ripping off consumers for years, right? Who are [UK the record industry] to take the moral high ground?
In the US and the UK the major labels are not nearly what they once were. They are not all powerful and their ability to develop and break artists has been irrevocably crippled by the destruction of much of the revenue they used to be able to make on the sale CDs, vinyl and tapes. This is partially reflected in that there is very little actual artist development. It’s one album, and if it doesn’t spawn a hit, the career is over.
But don’t forget that Google now earns about three times as much in the UK as the entire music industry. And if you think the call for action against the firm comes exclusively from bloated record industry executives who deserve no sympathy, listen to Alastair Nicholson.
He has been running the UK hip-hop label Son Records for more than a decade, battling to keep afloat. Visit his office, and you’ll find no flunkies delivering flowers or a boardroom decorated with rock memorabilia – just one man in an attic flat.
Exactly.
I put it to him that it wasn’t Google’s fault if the web was awash with free music and that was what people were searching out.
“You’re right,” he said. “There’s any number of people distributing music for free, I’m not trying to lay that at Google’s door.” So how would he describe Google’s stance, I asked. He thought for a bit, and then said: “There’s a lack of a moral viewpoint.”
The article goes on to point out what’s obvious to many who make, or try to make, popular music. The idea of all music being free, and that one must never pay for it because you are supporting the Man (down with the record labels!), has become the refuge of idiots. What the attitude has done is sweep away all opportunity for small labels to make any kind of money selling music. The only agencies to retain it are the old record companies which can still mount advertising budgets and promotional spends to lift acts above the noise and protect some potential for earnings.
“But the result of their actions is that the only future for a small music label is to cozy up to a corporate giant,” reads the BBC piece.
We now have a generation of young people who, just like me at their age, love music. But they’ve come into a world where the expectation is that it must be free. And it has made a cosmic difference. It is now not hard to find artists in their mid-to-late thirties who will routinely say that they would have never make it in the business, or last long enough to get a lucky break, if they had to do it all again today.
All thanks to the creative destruction process and mercilessly enforced freetardism.
In the Google-mediated world of winner-takes-all search and recommendation the above video was momentarily shoved into the “suggestions” that one got after viewing “Mean Future.”
It has 19 million views and is by f(x) a South Korean dance pop act wildly popular in Japan, China and its native country. It’s also the epitome of mega-corporate factory-manufactured no-expense-spared pretty-puppets-on-strings focus-group-vetted trash.
Why was it shoe-horned into my space? Who knows precisely. But it is part of the Culture of Lickspittle and has something to do with a kind of graft-by-algorithm Google properties impose on users. With Google, the door never swings both ways.
You get to piggyback the mega-popular even though your contribution — in terms of an audience would be infinitesimal. And that’s because when you add all the infinitesimals worldwide they eventually turn into a significant number.
However, the mega-popular, somehow, through the magic of Google recommendation, never never get chosen to piggyback you.
You get your own digital slum with high walls, so nobody else can see in.
Permalink Comments off
Chronicles of Annoying Pests
Proof of a thousand words in a picture.
Soiled himself upon being thrown out causing cyborg elements to short circuit and malfunction — it says here. iPhone still not working.
Permalink Comments off
« Previous Page — « Previous entries « Previous Page · Next Page » Next entries » — Next Page »