Heraclitus of Ephesus (530-470 BCE) famously wrote about the ephemeral nature of knowledge, let alone existence:

“It is impossible to step into the same river twice.”

“We both step and do not step in the same rivers. We are and are not.”

“Those who step into the same rivers, different and different waters flow.”

His poetry is considered a powerful influence on philosophers for many centuries after.

Today DARPA is sewing these old philosophical threads into physical designs for their Fast Light Autonomy program (FLAP), as Kelsey Atherton writes in c4isrnet:

Every map is an outdated map. Buildings change, people relocate, and what was accurate a decade ago may mean nothing to someone on patrol today.

One quote in Kelsey’s article that stood out to me is from FLAP’s program manager, who says he sees cost deflation as the real driver for autonomy.

We don’t want to deploy a world-class FPV racer with every search and rescue team

This brings to mind a story from this past January, which only was recently published by the sensationalist tabloid Daily Star. They describe the high cost of an assassination plan led by the British. During a raid the targets retreated to a cave network, and a highly-trained SAS soldier engaged to finish the mission.

“It was a brutal fight to the death. The SAS sergeant emerged from the tunnel half an hour later covered in blood, both his own and those of the men he had killed.”

The soldier was unable to speak for at least an hour because he was so traumatised.

He later said the air was so thin it was almost impossible to breathe.

The SAS man, an Iraq veteran, later said that the 30 minutes he spent in the tunnels was the hardest of his entire military career.

Deploying world-class talent has prohibitive cost, which is exactly why targets retreat into tunnels that force world-class talent to be deployed. Drones that inexpensively can map high-risk topography clearly changes the equations more in favor of those in pursuit of targets, whether it be rescue or the opposite.

There are two big wrinkles, however, in the development of any sort of Heraclitus drone to keep humans abreast of the latest changes in the environments being stepped into.

First, communications are imperfect in availability. A recent TeamWerx “challenge” to develop amplifier repeater for RF highlights the opportunities to improve ad hoc networks for drones to operate through difficult and closed terrain.

SOF operators have a need for rapidly deployable, interconnected repeaters that can transmit and receive a 1775-2250 MHz range of RF energy that may include near-real time video, audio, and modulated digital data messages. The system of interconnected repeaters should be easily extendable by inserting additional repeaters.

I can imagine here is where the DARPA folks would say we don’t want to deploy a world-class radio technician with every search and rescue team.

Second, communications are imperfect in integrity. Attackers or even just natural interference degrades signal to levels that perhaps shouldn’t be trusted. Yet who knows when that point is crossed and will they know soon enough? Unlike availability, where signal is degraded in terms of loss, subtle quality changes are a more difficult metric to monitor.

A green beret recently related a story to me from his training in the 1960s, where two teams walked through nearly impenetrable jungle. They proceeded in separate columns, with extreme caution, one led by a “local” guide.

Despite all the training and signals, the column without a guide in front tripped a mock trigger for mines. They asked the guide why didn’t he warn the second column and apparently he replied “why should I?”

The green beret told me “from that point forward we had a different trust”. So here is where I add in the modern modifier, he had a different trust in the quality of information from commodity drones, which takes us back to the old concept of “we both step and do not step in the same rivers”.

Sometime in the late 1980s I managed to push a fake “bomb” screen to Macintosh users in networked computer labs. It looked something like this:

There wasn’t anything wrong with the system. I simply wanted the users in a remote room to restart because I had pushed an “extension” to their system that allowed me remote control of their speaker (and microphone). They always pushed the restart button. Why wouldn’t they?

Once they restarted I was able to speak to them from my microphone. In those days it was mostly burps and jokes, mischievous stuff, because it was fun to surprise users and listen to their reactions.

A few years later, as I was burrowing around in the dusty archives of the University of London (a room sadly which no longer exists because it was replaced by computer labs, but Duke University has a huge collection), I found vivid color leaflets that had been dropped by the RAF into occupied Ethiopia during WWII.

There in my hand was the actual leaflet credited with psychological operations “101”, and so a color copy soon became a page in my graduate degree thesis. In my mind these two experiences were never far apart.

For years afterwards when I would receive a greeting card with a tiny speaker and silly voice or song, of course I would take it apart and look for ways to re-purpose or modify its message. Eventually I had a drawer full of these tiny “talking paper” devices, ready to deploy, and sometimes they would end up in a friend’s book or bag as a surprise.

One of my favorite “talking” devices had a tiny plastic box that upon sensing light would yodel “YAHOOOOOO!” I tended to leave it near my bed so I could be awakened by yodeling, to set the tone of the new day. Of course when anyone else walked into the room and turned on the light their eyes would grow wide and I’d hear the invariable “WTF WAS THAT?”

Fast forward to today and I’m pleased to hear that “talking paper” has become a real security market and getting thinner, lighter and more durable. In areas of the world where Facebook doesn’t reach, military researchers still believe psychological manipulation requires deploying their own small remote platforms. Thus talking paper is as much a thing as it was in the 1940s or before and we’re seeing cool mergers of physical and digital formats, which I tried to suggest in my presentation slides from recent years:

While some tell us the market shift from printed leaflets to devices that speak is a matter of literacy, we all can see clearly in this DefenseOne story how sounds can be worth a thousand words.

Over time, the operation had the desired effect, culminating in the defection of Michael Omono, Kony’s radio telephone operator and a key intelligence source. Army Col. Bethany C. Aragon described the operation from the perspective of Omono.

“You are working for a leader who is clearly unhinged and not inspired by the original motivations that people join the Lord’s Resistance Army for. [Omono] is susceptible. Then, as he’s walking through the jungle, he hears [a recording of] his mother’s voice and her message begging him to come home. He sees leaflets with his daughter’s picture begging him to come home, from his uncle that raised him and was a father to him.”

Is anyone else wondering if Omono had been a typewriter operator instead of radio telephone whether the US Army could have convinced him via print alone?

Much of the story about the “new” talking paper technology is speculative about the market, like allowing recipients to be targeted by biometrics. Of course if you want a message to spread widely and quickly via sound (as he’s walking through the jungle), using biometric authenticators to prevent it from spreading at all makes basically no sense.

On the other hand (pun not intended) if a written page will speak only when a targeted person touches it, that sounds like a great way to evolve the envelope/letter boundary concepts. On the paper is the address of the recipient, which everyone and anyone can see, much like how an email address or phone number sits exposed on encrypted messaging. Only when the recipient touches it or looks at it, and their biometrics are verified, does it let out the secret “YAHOOOO!”

Interesting write-up on Vox about the political science of Facebook, and how it has been designed to avoid governance and accountability:

…Zuckerberg claims that precisely because he’s not responsible to shareholders, he is able instead to answer his higher responsibility to “the community.”

And he’s very clear, as he says in interview after interview and hearing after hearing, that he takes this responsibility very seriously and is very sorry for having violated it. Just as he’s been sorry ever since he was a first-year college student. But he’s never actually been held responsible.

I touched on this in my RSA presentation about driverless cars several years ago. My take was the Facebook management is a regression of many centuries (pre-Magna Carta). Their primitive risk control concepts, and executive team opposition to modern governance, puts us all on a path of global catastrophe from automation systems, akin to the Cuban Missile Crisis.

I called it “Dar-Win or Lose: The Anthropology of Security Evolution”

It is not one of my most watched videos, that’s for certain.

It seems like talks over the years where I frame code as poetry, with AI security failures like an ugly performance, I garner far more attention. If the language all programmers know best is profanity, who will teach their machines manners?

Meanwhile, my references to human behavior science to describe machine learning security, such as this one about anthropology, fly below radar (pun intended).

Amazon never seemed very happy about building a dedicated physical space, kind of the opposite of cloud, to achieve compliance with security requirements of the US federal government.

AWS provides customers with the option to store their data in AWS GovCloud (US) managed solely by US Persons on US soil. AWS GovCloud (US) is Amazon’s isolated cloud region where accounts are only granted to US Persons working for US organizations.

That’s a very matter-of-fact statement, suggesting it was doing what it had been told was necessary as opposed to what it wanted (destroy national security requirements as antiquated while it augers towards a post-national corporate-led system of control).

While that might have seemed speculative before now, Amazon management just released a whitepaper showing its true hand.

The other two “realities” are “Most Threats are Exploited Remotely” and “Manual Processes Present Risk of Human Error”…

I want you all to sit down, take a deep breath, and think about the logic of someone arguing physical location has no bearing on threats being exploited remotely.

First, vulnerabilities are exploited. Threats exploit those vulnerabilities. Threats aren’t usually the ones being exploited via connectivity to the Internet (as much as we talk about hack back), vulnerabilities are. Minor thing, I know, yet it speaks to the familiarity of the author with the subject.

Second, if physical location truly had no bearing, the author of this paper would have not bothered with any “remotely” modifier. They would say vulnerabilities are being exploited. Full stop. To say exploits are something coming from remote locations is them admitting there is a significance of physical location. Walls being vulnerable to cannon-balls does not mean cannons fired from 1,000 miles away are the same as from 1 mile.

Third, and this is where it truly gets stupid, “Insider Threats Prevail as a Significant Risk” again uses a physical metaphor of “insider”. What does insider mean if not someone inside a space delimited by controls? That validates physical location having bearing on risk, again.

Fourth, this nonsense continues throughout the document. Page six advises, without any sense of irony “systems should be designed to limit the ‘blast radius’ of any intrusion so that one compromised node has minimal impact on any other node in the enterprise”. You read that right, a paper arguing that physical location has no bearing…just told you that blast RADIUS is a critical component to safety from harm.

Come on.

This paper seems like it is full of amateur security mistakes made by someone who has a distinctly political argument to make against government-based controls. In other words, Amazon’s anti-government paper is an extremist free-market missive targeting US-based ITAR and undermining national security, although it probably thought it was trying to knock down laws written in another physical location.

Something tells me the blast radius of this paper was seriously miscalculated before it was dropped. Little surprise, given how weak their grasp of safety control is and how strong their desire to destroy barriers to Amazon’s entry.