Skip to content


Meat is Murder on the Environment

After decades of seeing activists lay out the obvious economics of meat, and reading research by economists confirming the obvious, it looks as if the market finally is shifting. Eating meat is by far the number one impact to climate change and executives are starting to execute on the meatless menu.

It always has seemed weird to me that if you wanted to remove meat from your work meals, or airplanes for that matter, you had to check a special box. Really it should be the other way around. If someone wants to add meat, let them be the “special” case.

please check box if you want a major global catastrophic impact from your meal

Makes little to no sense to have meat as a default, and people should have to choose to accelerate global destruction, rather than set it as the mindless default. Not saying I would never check the box, or there would never be need for meat, just that I would always want the default to be meatless. When I say make it rare I mean it both ways. The economics of why are obvious, as I will probably say continuously and forever.

For example, years ago I was running the “Global Calculator” created for economic modeling, and reducing meat consumption undeniably had more impact than any other factors.

The Global Calculator is a model of the world’s energy, land and food systems to 2050. It allows you to explore the world’s options for tackling climate change and see how they all add up. With the Calculator, you can find out whether everyone can have a good lifestyle while also tackling climate change.

A sad and ironic side note here is the fact that meat consumption is the top factor in the “extinction crisis“, as 3/4 of earth’s animal population is disappearing at an alarming rate.

  1. climate change
  2. agriculture
  3. poaching
  4. pollution
  5. disease

I think it still may be counter-intuitive for a lot of folks that they should stop eating meat to reduce climate change to prevent extinction of animals. So if you really like meat you should stop eating it. Get it?

Thus a logical approach to solving many of the expensive problems people face today and into the future is to limit meat consumption within commercial space, because that’s where some expansive top-down decisions easily are made.

Imagine Google removing meat from its school-lunch-like program for its school-campus-like facilities for its school-children-like staff running its school-peer-review-like search engine. Alas, that probably means executive leadership (less like kids trying to stay in school forever) where someone issues a simple order to take a stand.

The first step on this path really should be Mar-a-Lago converts to vegan-only menus and becomes a research center for climate change, but I digress…

Instead it looks like Wework has apparently woke, and removed meat from its menus.

…told its 6,000 global staff that they will no longer be able to expense meals including meat, and that it won’t pay for any red meat, poultry or pork at WeWork events. In an email to employees this week outlining the new policy, co-founder Miguel McKelvey said the firm’s upcoming internal “Summer Camp” retreat would offer no meat options for attendees.

“New research indicates that avoiding meat is one of the biggest things an individual can do to reduce their personal environmental impact,” said McKelvey in the memo, “even more than switching to a hybrid car.”

It’s crazy to me that someone is calling out new research here when there is so much legacy work, but I guess that covers the question why they waited so long to do the right thing.

And just in case any of the typical extremist right-wing tech professionals (Shout out to the 303!) read this blog post, I offer this tasty morsel on vaccinating the mind against climate change falsehoods:

To find the most compelling climate change falsehood currently influencing public opinion, van der Linden and colleagues tested popular statements from corners of the internet on a nationally representative sample of US citizens, with each one rated for familiarity and persuasiveness.

The winner: the assertion that there is no consensus among scientists, apparently supported by the Oregon Global Warming Petition Project. This website claims to hold a petition signed by “over 31,000 American scientists” stating there is no evidence that human CO2 release will cause climate change.

The study also used the accurate statement that “97% of scientists agree on manmade climate change”. Prior work by van der Linden has shown this fact about scientific consensus is an effective ‘gateway’ for public acceptance of climate change.

Bring out the facts! Security professionals often ignore climate change harm and need facts as a gateway to accept climate change risks. Maybe a good time to impact self-proclaimed security elites could be when they head to Las Vegas this summer…observe them carelessly gorging themselves on meat while claiming to care about data and risk, and hand them an invite them to an exclusive WeWork party.

Posted in Energy, Food, History, Security.


Cars Are Just Primitive Exoskeletons

The “carriage” form-factor is ancient.

So even though today we say “car” instead of carriage, we should know that to augment a single person’s travel with a giant opulent box is primitive thinking, and obviously doesn’t scale well to meet modern transit needs. Study after study by design experts have shown us how illogical it is to continue to build and use cars:

Fortunately, modern exoskeletons are more suited (no pun intended) to the flexibility of both the traveler and those around. Rex is a good example of why some data scientists are spending their entire career trying to unravel “gait” in order analyse and improve the “signature” of human movement. They discuss here how they are improving mobility for augmentation of a particular target audience:

This is an early-stage and yet it still shows us how wrong it is to use a car. When I expand such technology use to everyone I imagine people putting on a pair of auto-trousers to jog 10 miles at 20 mph to “commute” while exercising, or to lift rubble off people for 12 hours without breaks after an earthquake, or both.

We already see this class of power-assist augmented travel in tiny form-factors in the latest generation of electric bicycles, like the Shimano e8000 motor. It adds power as a cyclist pedals, creating a mixed-drive model:

For what it’s worth, the “gait” (wobble) of bicycles also is super complicated and a rich area of data science research. Robots fail miserably (nice try Yamaha) to emulate the nuance of controlling/driving two-wheels. Anyone saying driverless cars will reduce deaths isn’t looking at why driverless cars are more likely than human drivers to crash into pedestrians and cyclists. Any human can ride a bicycle, but to a driverless car this prediction tree is an impenetrable puzzle:

Unlike sitting in a cage, the possibilities of micro-engines form-fitted to the human body are seemingly endless, just like the branches in that tree. So it makes less and less sense for anyone to want cages for personal transit, unless they’re trying to make a forceful statement by taking up shared space to deny freedom to others.

What is missing in the above sequence of photos? One where cars are completely gone, like bell-bottom trousers, because they waste so much for so little gain, lowering quality of life for everyone involved.

Floating around in a giant private box really is a status thing, when you think about it. It’s a poorly thought out exoskeleton, like a massive blow-up suit or fluffy dress that everyone has to clean up after (and avoid being hit by). Here’s some excellent perspective on the stupidity of carrying forward the carriage design into modern transit:

Rapstatus tells us cars still get a lot of lip service so I suspect we’re a long way from carriages being relegated to ancient history, where they belong.

Nontheless I’m told new generations have less patience for carriages, and so I hope already they visualize something like this when people ask them if they would get in a car to get around…

Posted in Energy, History, Security.


This Day in History: Gettysburg Shoes

July 1st marks the beginning of a Civil War battle that many historians say is one of the most pivotal. And, as many historians also like to note, a love of pillaging Americans for their shoes supposedly is what drew pro-slavery forces arrogantly into Gettysburg on this date.

This topic of shaking-down hardworking Americans for their shoes is tied to General A. P. Hill. The man was a wealthy elitist who expected things for free (see also: slavery) and eagerly had abandoned his appointment in the U.S. Army to fight against freedom. To put it simply, Hill was committed to the violent expansion of slavery long after the practice had been abolished around the world.

Two decades before Hill was born, in 1807 the English already had abolished its slave trade. The idea of slavery became so unjustifiable in English society that by “1824 there were more than 200 branches of the Anti-Slavery Society in Britain“. No surprise then the agrarian state of New York abolished slavery 1827, England emancipated slaves in 1833, English Colonies 1838…but I’m getting ahead of myself here.

Mary Wollstonecraft, credited with helping found modern British feminist ethics, famously wrote against slavery in 1792,:

Is sugar always to be produced by vital blood? Is one half of the human species, like the poor African slaves, to be subject to prejudices that brutalise them, when principles would be a surer guard, only to sweeten the cup of man? Is not this indirectly to deny woman reason?

Wollstonecraft’s sentiment was shared in the colonies, believe it or not, and thus we see examples like the agrarian colony of New York debating how to expedite emancipation, two decades earlier than Wollstonecraft’s call for a boycott on slave-made goods:

Most of the Revolutionary leaders who came to power in New York in 1777 had anti-slavery sentiments, yet, as elsewhere in the North, the urgency of the war with Britain made them delay, and they restricted their activity to a policy statement and an appeal to future legislatures “to take the most effective measures consistent with public safety for abolishing domestic slavery.” This resolution passed in the state Constitutional Convention by a vote of 29 to 5.

Note the five dissenters. Obviously some in the 1700s were not quite convinced. And so by 1861 we have a treasonous General A. P. Hill taking up arms against his own country. In a nutshell, many white elitist men in America did not want to do hard work and believed their easy/lazy lives and financial inheritances (see also: people treated as property to be bought and sold) were threatened unless they could continue to enslave Americans and steal their goods.

Today you may be surprised to see the U.S. Army has named a fort after an infamously treasonous and foolish man like A. P. Hill. Given that he dedicated his life to killing American soldiers for personal profit, who thought this made any sense?

The installation was named in honor of Lt. Gen. Ambrose Powell Hill, a Virginia native who distinguished himself…

Please take special note of the fact that the U.S. Army doesn’t call the person they are honoring an American, because his treason to preserve slavery by killing Americans, killed his citizenship.

Also nice try U.S. Army with your Virginia reference. Obviously Hill was far from being a true native of Virginia.

That being said I must agree with the second part of the sentence, this treasonous man hateful of his own country certainly distinguished himself. The U.S. Army doesn’t mention it but his impatience, as well as lust for plundering Americans and putting people in chains, may have led to one of the greatest tactical blunders in U.S. military history. So distinguishable.

Also he contracted gonorrhea while a cadet at West Point, screwed around so much he graduated late, and became known for taking “sick leave” right in the heat of any major battle.

Now, to be fair to Hill being so distinguished, I must admit he shared poor decision-making with his pro-slavery General Heth on June 30th, 1863. Heth had ordered his pro-slavery General Pettigrew to enter Gettysburg and ransack it. Pettigrew had followed these orders at first but turned tail after he observed American cavalry and infantry already near the town.

In “The Civil War: A Narrative” there’s a scene where Hill approaches Heth and hears of Pettigrew’s reluctance. Hill, our man of the hour, then insists to Heth there can be no significant American forces present.

OOPS.

The narrative tells us Heth obediently then sends his Pettigrew back once again to plunder Gettysburg and “get those shoes!”

Narratives aside, by 5AM on July 1st, as Heth himself approached Gettysburg to damage it, he realized Pettigrew had been right, Hill was stupidly wrong, and significant numbers of American forces were present. Yet even that didn’t dissuade Heth, who continued ordering Pettigrew to march on.

Hill’s insistence that he conferred with Lee and there would be no resistance to plunder seems to be the real story here, shoes or not. There was an inherent desperation of Lee and his pro-slavery men to plunder America (see also: slavery), which on this particular day began the largest land battle in the western hemisphere, lasting 3 days and killing nearly 50,000 people, to the disadvantage of pro-slavery forces.

One of the stranger footnotes (no pun intended) to this story is that while Gettysburg had a lot of American forces defending freedom, it didn’t have any shoes.

These pro-slavery Generals, all of them, not only chose to be blind to the evils of slavery, they also were blind on two more levels. A particularly inhumane General with the ironic name of Early (infamous for helping to invent the “Lost Cause” view) had tried to pillage Gettysburg days before Heth had set his sights on it.

This means Americans living in Gettysburg already had been subjected to pro-slavery militia demanding ransom in 1,000 shoes and attacking the town.

No shoes were found, as you can plainly read here:

Had there been any shoes, they might have been the standard issue “Jefferson Boots”, named after Thomas Jefferson who is thought to have created an American fad for French ankle-high laced shoes by wearing them instead of previously common English ones with large buckles.

However, again I must say, NO SHOES IN GETTYSBURG.

So for those historians arguing pro-slavery forces really centered their offensive on shoes, maybe put a sock in it.

Is there any evidence that pro-slavery General Early told others that the town couldn’t cough up any Jefferson boots despite his violent demands? Lee and Hill both supposedly had scouts relaying information but perhaps it wouldn’t have made any difference what Early said, given how Pettigrew was rebuffed when he tried to explain the dangers of trying to plunder Americans on this day.

To put this in perspective, it’s not like in the days leading up to the Gettysburg battle someone could tell Lee or Hill that slavery is unjustified and they would listen; if these men wanted stealing to be in their plans, they were going to threaten and kill Americans until some damn things to steal were found or everyone was dead for refusing to see things the pro-slavery way.

Again, Hill quit the U.S. Army to plunder America in the most unjustified way to retain elite status. In that sense Gettysburg was simply another day of plunder to Hill and his men, whether stealing goods, separating babies from mothers, or perpetuating slavery to improve his own status at the expense of others.

Within three days pro-slavery forces had been destroyed at Gettysburg, which helped signal an end to their plans to use violence against fellow citizens to expand slavery practices into western territories (what the war was really about); 60 years after England had abolished slavery, and 30 years after slaves in America (if still colonies) would have been emancipated, the self-proclaimed “elite” white supremacists fighting to perpetuate obviously tyrannical practices of their former King were defeated (pun not intended).

Also, just as one final footnote, I think it is time for the U.S. Army to officially remove honors to Hill. I say that not only because Hill was a murderous traitor and terror to Americans, but also because we could say he finally got the boot he so desired.

Posted in History, Security.


Book Review: The Mission, the Men and Me

Pete Blaber’s book “The Mission, the Men, and Me: Lessons from a Former Delta Force Commander” gets a lot of rave reviews about business practices and management tips.

It’s hard not to agree with some of his principles, such as “Don’t Get Treed by a Chihuahua”. This phrase is a cute way of saying know your adversary before taking extreme self-limiting action. Who would disagree with that?

But I’m getting ahead of myself. The book begins with a story of childhood, where Pete reflects on how he topographically mastered his neighborhood and could escape authorities. That gives way to a story of his trials and tribulations in the Army, where during training he was tested by unfamiliar topography and uncertain threats. It is from this training scenario that Pete formulates his principle to not jump off a cliff when a pig grunted at him (sorry, spoiler alert).

Maybe a less cute and more common way of saying this would be that managers should avoid rushing into conclusions when a little reflection on the situation is possible to help choose the most effective path. Abraham Lincoln probably said it best:

Give me six hours to chop down a tree and I will spend the first four sharpening the axe.

How should someone identify whether they are facing a Chihuahua, given their other option is to blindly climb a tree? Pete leaves this quandary up to the reader, making it less than ideal advice. I mean if in an attempt to identify whether you are facing a Chihuahua, wild pig or a bear you get mauled to death, could you sue Pete for bad advice? No, because it was a bear and instead of being up a tree you are dead.


Given the lessons learned in joining the Army, Pete transitions to even more topographical study. He masters mountain climbing with a team in harsh weather. It’s a very enjoyable read. I especially like the part where money is no object and the absolute best climbing technology is available. There’s no escaping the fact that the military pushes boundaries in gear research and keeps an open mind/wallet to technology innovations.

From there I can easily make the connection to the climax of the book, where he leads a team on a topographically challenging mission and minimizes their risk of detection. It really comes full circle to his childhood stories.

However, there are a few parts of the book that I found strangely inconsistent, which marred an otherwise quick and interesting read.

For example, Pete makes a comment about religion and culture that seems uninformed or just lazy. He refers to Cat Stevens as the “most renowned celebrity convert to Islam”:

I’m not claiming to be an expert in celebrity status or Islam, just saying it should be kind of obvious to everyone in the world that Muhammad Ali (nee Cassius Clay) is far more renowned as a celebrity convert to Islam. I don’t think Cat Stevens even breaks into top ten territory.

Afer winning the Olympics in 1960, the hugely popular Clay not only went on to convert he also refused serving US armed forces in Vietnam because a “minister in the religion of Islam”. As the FBI puts it in their release of surveillance files:

…famed Olympian, professional boxer and noted public figure. This release consists of materials from FBI files that show Ali’s relationship with the Nation of Islam in 1966.

Pete’s comment about Cat Stevens suggests that despite the no-holds-barred approach to piles of rock, he may lack knowledge in human topics essential to conflicts he was training to win. A quick look at discussion of Islamic celebrities backs up this point:

Pete was wandering on that flat line at the bottom while giant mountains of culture stood right above him, unexplored, despite his access to the best tools.

There are at least two more examples of this class of error in the book. I may update the post with them as I have time.

Posted in History, Security.


The Psychology of “Talking Paper”

Sometime in the late 1980s I managed to push a fake “bomb” screen to Macintosh users in networked computer labs. It looked something like this:

There wasn’t anything wrong with the system. I simply wanted the users in a remote room to restart because I had pushed an “extension” to their system that allowed me remote control of their speaker (and microphone). They always pushed the restart button. Why wouldn’t they?

Once they restarted I was able to speak to them from my microphone. In those days it was mostly burps and jokes, mischievous stuff, because it was fun to surprise users and listen to their reactions.

A few years later, as I was burrowing around in the dusty archives of the University of London (a room sadly which no longer exists because it was replaced by computer labs, but Duke University has a huge collection), I found vivid color leaflets that had been dropped by the RAF into occupied Ethiopia during WWII.

There in my hand was the actual leaflet credited with psychological operations “101”, and so a color copy soon became a page in my graduate degree thesis. In my mind these two experiences were never far apart.

For years afterwards when I would receive a greeting card with a tiny speaker and silly voice or song, of course I would take it apart and look for ways to re-purpose or modify its message. Eventually I had a drawer full of these tiny “talking paper” devices, ready to deploy, and sometimes they would end up in a friend’s book or bag as a surprise.

One of my favorite “talking” devices had a tiny plastic box that upon sensing light would yodel “YAHOOOOOO!” I tended to leave it near my bed so I could be awakened by yodeling, to set the tone of the new day. Of course when anyone else walked into the room and turned on the light their eyes would grow wide and I’d hear the invariable “WTF WAS THAT?”

Fast forward to today and I’m pleased to hear that “talking paper” has become a real security market and getting thinner, lighter and more durable. In areas of the world where Facebook doesn’t reach, military researchers still believe psychological manipulation requires deploying their own small remote platforms. Thus talking paper is as much a thing as it was in the 1940s or before and we’re seeing cool mergers of physical and digital formats, which I tried to suggest in my presentation slides from recent years:

While some tell us the market shift from printed leaflets to devices that speak is a matter of literacy, we all can see clearly in this DefenseOne story how sounds can be worth a thousand words.

Over time, the operation had the desired effect, culminating in the defection of Michael Omono, Kony’s radio telephone operator and a key intelligence source. Army Col. Bethany C. Aragon described the operation from the perspective of Omono.

“You are working for a leader who is clearly unhinged and not inspired by the original motivations that people join the Lord’s Resistance Army for. [Omono] is susceptible. Then, as he’s walking through the jungle, he hears [a recording of] his mother’s voice and her message begging him to come home. He sees leaflets with his daughter’s picture begging him to come home, from his uncle that raised him and was a father to him.”

Is anyone else wondering if Omono had been a typewriter operator instead of radio telephone whether the US Army could have convinced him via print alone?

Much of the story about the “new” talking paper technology is speculative about the market, like allowing recipients to be targeted by biometrics. Of course if you want a message to spread widely and quickly via sound (as he’s walking through the jungle), using biometric authenticators to prevent it from spreading at all makes basically no sense.

On the other hand (pun not intended) if a written page will speak only when a targeted person touches it, that sounds like a great way to evolve the envelope/letter boundary concepts. On the paper is the address of the recipient, which everyone and anyone can see, much like how an email address or phone number sits exposed on encrypted messaging. Only when the recipient touches it or looks at it, and their biometrics are verified, does it let out the secret “YAHOOOO!”

Posted in History, Poetry, Security.


To Cyber or Not to Cyber…That is the RSAC Talk Analysis

I don’t know where you are, but the data analysis of the RSA Conference by the prestigious Cyentia Institute is amazing. They wrote algorithms to tell us what the “most important” talks are each year from 25 years of security conference data, and illustrate our industry’s trend over time. Who can forget “A top 10 topic in 2009 was PDAs”?

This is the slide that made everyone laugh, of course:

Trends going up? GDPR, Ransomware, Financial Gain and Extortion. Big Data exploded up and then trends down over the last five years.

Trends going down? BYOD, SOX, GRC, Hacktivism, Targeted Attack, Endpoint, Mobile Device, Audit, PCI-DSS, APT, Spam…

Endpoint going down is fascinating, given how a current ex-McAfee Marketing Executive war is going full-bore. RSAC 2018 Expo Protip: people working inside Crowdstrike and Cylance are hinting on the show floor how unhappy they are with noise made about a high-bar of attribution to threat actors given their actual product low-bar performance and value.

That’s just a pro doing qualitative sampling, though. Who knows how reliable sources are, so consider as well the implication of qualitative analysis.

Some cyber companies talk threat actor in the way that Lockheed-martin talks when they want to sell you their latest bomb technology. Is that bomb effective? Depends how and what we measure. Ask me about 1968 OP IGLOO WHITE spending $1B/year on technology based on threat actor discussions almost exactly like those we see in the ex-McAfee Marketing Executive company booths…

Posted in History, Security.


RSA Conference 2018: Fun Telco History in SF

Welcome to SF everyone! As the RSA Conference week begins, which really is a cluster of hundreds of security conferences running simultaneously for over 40,000 people converging from around the world, I sometimes get asked for local curiosities.

As a historian I feel the pull towards the past, and this year is no exception. Here are three fine examples from hundreds of interesting security landmarks in SF.

Chinese Telephone Exchange

During a period of rampant xenophobia in America, as European immigrants were committing acts of mass murder (e.g. Deep Creek, Rock Springs) against Asian immigrants, a Chinese switchboard in 1887 came to life in SF (just before the Scott Act). By 1901 it moved into a 3-tier building at 743 Washington Street. Here’s a little context for how and why the Chinese Telephone Exchange was separated from other telephone services:

Today when you visit Chinatown in SF you may notice free tea tastings are all around. This is a distant reminder of life 100 years ago, even for visitors to the Chinese Telephone Exchange, as a San Francisco Examiner report describes in 1901:

Tea and tobacco are always served to visitors, a compliment of hospitality which no Chinese business transaction is complete

At it’s peak of operation about 40 women memorized the names and switching algorithms for 1,500 lines in five dialects of Chinese, as well as English of course. Rather than use numbers, callers would ask to be connected to a person by name.

The service switched over 13,000 connections per day until it closed in 1949. Initially only men were hired, although after the 1906 earthquake only women were. Any guesses as to why? An Examiner reporter in 1901 again gives context, explaining that men used anti-competitive practices to make women too expensive to hire:

The Chinese telephone company was to put in girl operators when the exchange was refitted, and doubtless it will be done eventually. The company prefers women operators for many reasons, chiefly on account of good temper.

But when the company found that girls would be unobtainable unless they were purchased outright, and that it would be necessary to keep a platoon of armed men to guard them, to say nothing of an official chaperon to look after the proprieties, the idea of girl operators was abandoned.

“They come too high,” remarks the facetious general manager, “but in the next century we’ll be able to afford them, for girls will be cheaper then.”

Pacific Telephone Building

One of the first really tall developments in SF, which towered above the skyline (so tall it was used to fly weather warning flags and lights) for the next 40 years, were the Pacific Telephone offices. At 140 Montgomery Street, PacTel poured $4 million into their flagship office building for 2,000 women to handle the explosive growth of telephone switching services (a far cry from the 40 mentioned above at 743 Washington Street).

By 1928, the year after 140 New Montgomery was completed, the San Francisco Examiner declared “with clay from a hole in the ground in Lincoln, California, the modern city of San Francisco has come.”

It was modeled after a Gottlieb Eliel Saarinen design that lost a Chicago competition, and came to life because of the infamous local architect Timothy Pflueger. Pflueger never went to college yet left us a number of iconic buildings such as Olympic Club, Castro Theater, Alhambra Theater, and perhaps most notably for locals, a series of beautiful cocktail lounges created in the prohibition years.

AT&T Wiretap

Fast-forward to today and there are several windowless tall buildings scattered about the city, filled with automated switched connecting the city’s copper and fiber. One of particular note is 611 Folsom Street, near the latest boom in startups.

Unlike the many years of American history where telco staff would regularly moonlight by working for the police, this building gained attention for a retired member of staff who disclosed his surprise and disgust that President Bush had setup surreptitious multi-gigabit taps on telco peering links.

“What the heck is the NSA doing here?” Mark Klein, a former AT&T technician, said he asked himself.

A year or so later, he stumbled upon documents that, he said, nearly caused him to fall out of his chair. The documents, he said, show that the NSA gained access to massive amounts of e-mail and search and other Internet records of more than a dozen global and regional telecommunications providers. AT&T allowed the agency to hook into its network at a facility in San Francisco and, according to Klein, many of the other telecom companies probably knew nothing about it.

[…]

The job entailed building a “secret room” in an AT&T office 10 blocks away, he said. By coincidence, in October 2003, Klein was transferred to that office and assigned to the Internet room. He asked a technician there about the secret room on the 6th floor, and the technician told him it was connected to the Internet room a floor above. The technician, who was about to retire, handed him some wiring diagrams.

“That was my ‘aha!’ moment,” Klein said. “They’re sending the entire Internet to the secret room.”

[…]

Klein was last in Washington in 1969, to take part in an antiwar protest. Now, he said with a chuckle, he’s here in a gray suit as a lobbyist.

In some sense we’ve come a long way since 1887, tempting us to look at how different things are from technological change, and yet in other ways things haven’t moved very far at all.

Posted in History, Security.


US discusses authorizing cyber attacks outside “war zone”

In a nutshell, traditional definitions of war linked to kinetic action and physical space are being framed as overly restrictive given a desire by some to engage in offensive attacks online. The head of NSA is asking whether reducing that link and authorizing cyber attack within a new definition of “war” would affect the “comfort” of those holding responsibility.

“[On offense] the area where I think we still need to get a little more speed and agility — and as Mr. Rapuano indicated it is an area that is currently under review right now — what is the level of comfort in applying those capabilities outside designated areas of hostility,” Rogers asked out loud.

“I don’t believe anyone should grant Cyber Command or Adm. Rogers a blank ticket to do whatever you want, that is not appropriate. The part I am trying to figure out is what is the appropriate balance to ensure the broader set of stakeholders have a voice.”

Rapuano also referenced challenges associated with defining “war” in the context of cyber, which can be borderless due to the interconnected nature of the internet.

“In a domain that is so novel in many respects, and for which we do not have the empirical data and experience associated with military operations per say particularly outside areas of conflict, there are some relatively ambiguous areas around ‘well what constitutes traditional military activities,'” said Rapuano. “This is something that we are looking at within the administration and we’ve had a number of discussions with members and your staffs; so that’s an area we’re looking at to understand the trades and implications of changing the current definition.”

While I enjoy people characterizing the cyber domain as novel and border-less, let’s not kid ourselves too much. The Internet has far more borders and controls established, let alone a capability to deploy more at speed, given they are primarily software based. I can deploy over 40,000 new domains with high walls in 24 hours and there’s simply no way to leverage borders as effectively in a physical world.

Even more to the point I can distribute keys to access in such a way that it spans authorities and bureaucratically slows any attempts to break in, thus raising a far stronger multi-jurisdictional border to entry than any physical crossing.

We do ourselves no favors pretending technology is always weaker, disallowing for the prospect of a shift to stronger boundaries of less cost, and forgetting that Internet engineering is not so much truly novel as a revision of prior attempts in history (e.g. evolution of transit systems).

My recent talk at AppSecCali for example points out how barbed wire combined with repeating rifles established borders faster and more effectively than the far more “physical” barriers that came before. Now imagine someone in the 1800s calling a giant field with barbed wire border-less because it was harder for them to see in the same context as a river or mountain…

Posted in History, Security.


Lessons in Secrets Management from a Navy SEAL

Good insights from these two paragraphs about the retired Rear Admiral Losey saga:

Speaking under oath inside the Naval Base San Diego courtroom, Little said that Losey was so scared of being recorded or followed that when the session wrapped up, the SEAL told the Navy investigator to leave first, so he couldn’t identify the car he drove or trace a path back to his home.

[…]

…he retaliated against subordinates during a crusade to find the person who turned him in for minor travel expense violations.

Posted in Sailing, Security.


Holding Facebook Executives Responsible for Crimes

Interesting write-up on Vox about the political science of Facebook, and how it has been designed to avoid governance and accountability:

…Zuckerberg claims that precisely because he’s not responsible to shareholders, he is able instead to answer his higher responsibility to “the community.”

And he’s very clear, as he says in interview after interview and hearing after hearing, that he takes this responsibility very seriously and is very sorry for having violated it. Just as he’s been sorry ever since he was a first-year college student. But he’s never actually been held responsible.

I touched on this in my RSA presentation about driverless cars several years ago. My take was the Facebook management is a regression of many centuries (pre-Magna Carta). Their primitive risk control concepts, and executive team opposition to modern governance, puts us all on a path of global catastrophe from automation systems, akin to the Cuban Missile Crisis.

I called it “Dar-Win or Lose: The Anthropology of Security Evolution

It is not one of my most watched videos, that’s for certain.

It seems like talks over the years where I frame code as poetry, with AI security failures like an ugly performance, I garner far more attention. If the language all programmers know best is profanity, who will teach their machines manners?

Meanwhile, my references to human behavior science to describe machine learning security, such as this one about anthropology, fly below radar (pun intended).

Posted in History, Poetry, Security.