Category Archives: Food

How Fixing Howitzers in Ukraine is Like Baking a Cake

“From America with love” is written on a Ukrainian M777 “three axes” howitzer to be fired at Russians.

When I wrote my first book in 2012, I pitched the publisher on cooking recipes for cloud security.

My vision was that one page would describe how to make an historic meal (such as Royal Navy spotted dick) and then the rest of the chapter would be cloud technical steps (such as how to setup secure remote administration).

I even presented a test chapter for the RSA Conference in China on how to grill the perfect hamburger, as a recipe for cloud encryption and key management.

Things didn’t turn out quite like I had expected, as the publisher asked to change the title to virtualization, drop the food recipes, and insert a DVD. It felt like preparing a gourmet vegan dessert and being told to stick to the meat and potatoes.


Nonetheless in my mind cooking remains a powerful way to convey the relationship between technology and knowledge.

Everybody eats.

Food automation tends to be disgusting, even causing illness. Whereas technology augmentation in human cooking, using recipes for quality control and governance, will produce the best possible meal.

Perhaps the canonical example I hear all the time in AI ethics circles… if you brought a robot into your home and told it to prepare you a steak dinner, should you be surprised if later you can’t find the dog?

Hey, I didn’t say the robot was Chinese. Stop thinking so simply.

Microsoft management clearly didn’t understand such basic anthropological tenets of technology use. The big news, hopefully surprising nobody, is illness has forced them to cancel a massively funded VR program.

The personnel demoing the tech appear to be using a variant of Microsoft HoloLens. The government recently halted plans to buy more “AR combat goggles” from Microsoft, instead approving $40 million for the company to develop a new version. The reversal came after discovering that the current version caused issues like headaches, eyestrain and nausea.

Such a waste of time and money to find out what is easily predicted.

Soldiers “cited IVAS 1.0’s poor low-light performance, display quality, cumbersomeness, poor reliability, inability to distinguish friend from foe, difficulty shooting, physical impairments and limited peripheral vision as reasons for their dissatisfaction,” per the DOT&E assessment. The Army knows that IVAS 1.0 is something of a lemon [yet] still plans on fielding the 5,000 IVAS 1.0 units it’s currently procuring from Microsoft at $46,000 a pop to training units and Army Recruiting command for a total price tag of $230 million.

It’s like reading some people got sick and then discovered their taco MRE bag wasn’t really a taco, just sugar and cornmeal drenched in preservatives and artificial taco flavors.

VR from Microsoft sounds like the hardtack (dry “cracker”) of combat goggles. A real bargain at $230 million.

See-through augmentation measured on efficiency and minimal interference is a whole different story, as it avoids all the foundational problems of automation (e.g. where to get flavor, or actual useful nutrition from).

Google glass really blew it on this point. They could have developed an HUD for highly technical work like repairing machines with both hands.

Of course Google didn’t think like this because their engineers all went straight from elite schools to sitting in a gourmet cafeteria eating free lunches and talking mostly about their exotic vacations.

They’re in a virtual world, the opposite of what’s required for knowledge, let alone innovation. And that’s why their products depend on finding people who really live, who have daily struggles and needs in a real world, to tell them what to engineer.

That’s all background to the main point here that howitzers in Ukraine are proving today what everyone should have been working on for at least the last decade: cooking.

DARPA’s training demos use something more pedestrian: cooking. Dr. Bruce Draper, the program’s manager, describes it as the ideal proxy task. “[Cooking is] a good example of a complex physical task that can be done in many ways. There are lots of different objects, solids, liquids, things change state, so it’s visually quite complex. There is specialized terminology, there are specialized devices, and there’s a lot of different ways it can be accomplished. So it’s a really good practice domain.” The team views PTG as eventually finding uses in medical training, evaluating the competency of medics and other healthcare services.

First you bake a cake together as a team using augmented vision… then you destroy invading armies with it.

Using phones and tablets to communicate in encrypted chatrooms, a rapidly growing group of U.S. and allied troops and contractors is providing real-time maintenance advice — usually speaking through interpreters — to Ukrainian troops on the battlefield. In a quick response, the U.S. team member told the Ukrainian to remove the gun’s breech at the rear of the howitzer and manually prime the firing pin so the gun could fire. He did it and it worked.


I’m not going to claim credit for this obvious future of technology based on ancient wisdom, given there are so many children’s tales saying the same thing.

Ratatouille is probably my favorite, easily digested in movie format.

The real kicker to the howitzer example is the technical teams spell out very precisely in life and death context where augmentation works best and where it fails (hint: Blockchain is a disaster).

As the U.S. and other allies send more and increasingly complex and high-tech weapons to Ukraine, demands are spiking. And since no U.S. or other NATO nations will send troops into the country to provide hands-on assistance — due to worries about being drawn into a direct conflict with Russia — they’ve turned to virtual chatrooms.

I use virtual chatrooms so much I forgot for a minute that they’re virtual.

The Ukrainian troops are often reluctant to send the weapons back out of the country for repairs. They’d rather do it themselves, and in nearly all cases — U.S. officials estimated 99% of the time — the Ukrainians do the repair and continue on. …Ukrainians can now put the split weapon back together. “They couldn’t do titanium welding before, they can do it now,” said the U.S. soldier, adding that “something that was two days ago blown up is now back in play.”

I love this SO MUCH. Right to Repair in a nutshell. Technology dramatically enhances developing markets by sharing knowledge like how to restore that technology in the field.

It’s the awesome Dakar Malle model of efficiency and sustainability that all technology should be put through, instead of lionizing the biggest waste teams.

And now for the main point:

Sometimes video chats aren’t possible. “A lot of times if they’re on the front line, they won’t do a video because sometimes (cell service) is a little spotty,” said a U.S. maintainer. “They’ll take pictures and send it to us through the chats and we sit there and diagnose it.”

Visual diagnosis in real time to bake a highly complicated cake. Including translation for chefs representing 17 nations in a small kitchen.

As they look to the future, they are planning to get some commercial, off-the-shelf translation goggles. That way, when they talk to each other they can skip the interpreters and just see the translation as they speak, making conversations easier and faster.

And I warned you about bockchain.

The expanse of weapons and equipment they’re handling and questions they’re fielding were even too complicated for a digital spreadsheet — forcing the team to go low-tech. One wall in their maintenance office is lined with an array of old-fashioned, color-coded Post-it notes, to help them track the weapons and maintenance needs.

Hope that’s clear. Writing a big blog post about how to share knowledge in the future is hard. Not as hard as a book, obviously, but I definitely could use some augmentation right now

More than anything it’s clear to me without government funded research teams, many tech companies would be utterly and completely lost in expensive dead end navel gazing.

DARPA is asking for developing recipes that really were needed a decade ago, based on assessment of hunger they see right now. While it’s fashionable to call this future thinking to avoid blame, in reality it’s being less ignorant about the present troubles.

Let the Russians desperate for a Chinese MRE eat cake instead, a delicious one right out of the howitzer.

Or I believe Molotov in WWII would have called them “bread baskets“.

Vyacheslav Molotov claimed in 1939 the Soviet Union was not dropping bombs on Finland, just airlifting food. The Finns thereafter called RRAB-3 cluster bombs “Molotov’s bread basket” (Molotovin leipäkori) and named their improvised incendiary device (used to counter Soviet tanks) a Molotov cocktail — “a drink to go with the food.”

Tesla FSD Caused Crash of 8 Cars on Interstate

There’s yet again evidence of Tesla having expanding critical safety failures, by design.

If you read the already shocking number of complaints to the NHTSA by new Tesla owners, hundreds cite a terrifying sudden unexplained braking event.

Here’s typical language reported for years, as if causing crashes has just been Tesla’s way to learn the crimes they can get away with.

Twice today my model 3 came to a hault when using cruise control on the highway. The second time everything in my car was thrown into the front seat/windshield as i was going 80mph and I took over but was at 30mph by then as it happened so fast .. WTH is going on as I could have been killed and/or killed others.

Note the last sentence because Tesla’s official response has been that they aren’t listening.

In fact, “ghost brakes” have plagued Tesla for a long time. The NHTSA survey [based on reports of Tesla crashes and injuries] covers about 416,000 vehicles produced in 2021 and 2022. Tesla said there have been no reports of crashes or injuries resulting from the issue.

You might think what Tesla said in response sounds unbelievable. And you’d be right.

“No reports” is used as an intentional logical fallacy known as “no true Scotsman“. Even when you crash they might say but it wasn’t a really big crash. And if you have a big crash they might say but plaintiffs weren’t really harmed. And if someone dies they might say but really not many people were harmed.

How can this “plague” of life threatening engineering failures, potential for catastrophic widespread crashes, be ignored by Tesla for so long?!

Sadly the answer is simple, aside from the logical fallacy tactics.

The Tesla CEO is a science denier.

On March 19, 2020 the Tesla CEO used his Twitter account to announce America was headed toward “zero new cases” of COVID-19 by the end of April. At the end of April case counts spiked upwards of 20,000 proving him dangerously wrong. But did he accept science? No, he dug himself deeper into fantasy beliefs and mysticism.

The CEO used his bully pulpit to convince people to ignore warnings about COVID-19 and keep going to work, argued against vaccines and launched baseless attacks on public servants to diminish their ability to provide safety during the pandemic.

He pushed hard for disinformation to be allowed, denying harms while facilitating unnecessary suffering and death.

What a recently exposed report shows is that every Tesla on the road is indeed a result of intentional safety denial and thus a threat to anyone else around them.

A driver told authorities that their Tesla’s “full-self-driving” software braked unexpectedly and triggered an eight-car pileup in the San Francisco Bay Area last month that led to nine people being treated for minor injuries including one juvenile who was hospitalized, according to a California Highway Patrol traffic crash report. […] Tesla Model S was traveling at about 55 mph and shifted into the far left-hand lane, but then braked abruptly, slowing the car to about 20 mph. That led to a chain reaction that ultimately involved eight vehicles to crash, all of which had been traveling at typical highway speeds.

It takes a special kind of criminal to repeatedly raise prices for a product falsely marketed as a road safety feature, when year after year it makes everyone far less safe.

A video posted recently by a FSD user demonstrates the software as an embarrassingly less safe, more stressful ride.

Man, my heart rate is definitely higher during this drive than the average normal drive…

What should come to mind here is Tesla FSD has always been a “fraud” or “snake oil” and public roads should have been protected from it.

As the Center for Auto Safety puts it:

…what’s the threshold number of injuries and deaths and cars driving stupidly that we have to see before NHTSA finds that there’s some sort of defect in these cars?

Calling the bug riddled Tesla FSD a safety feature is like calling meal worm tacos a cure for COVID-19.

Given how bad Tesla engineering quality has been, if it was food… it would be mostly bugs.

Perhaps the regulators soon will be coming to the realization Tesla has always treated its customers like crash test dummies and investors like an ATM.

Why a Sandwich Could be the Perfect Workout Recovery Meal

There’s a neat food preparation detail in article called “How to recover after a workout: Natural methods are as beneficial as supplements

“The correct thing to do after training is to eat carbohydrates, to replenish glycogen reserves, along with protein, to repair the muscles,” says Ferrandis. “This should be in a 2:1 ratio: that is, for every two grams of carbohydrates, we should add one gram of protein.”

Do you know what has a 2:1 carb to protein ratio? Two slices of bread and a slather of good ol’ Jimmy Carter natural peanut butter.

The article goes on to call out “everyday foodstuffs”…

…rice with chicken or tuna, a plate of vegetables (or hummus), or a ham sandwich.

Ham? Really? Yuck.

That’s just 1930s disinformation talk from Edward Bernays.

He started out working in a WWI propaganda office of Woodrow “KKK” Wilson, shifted to taking in big money to “market” cigarettes as “freedom torches” and ham as “healthy”, but ended up regretting Nazi Germany studied his methods to commit genocide. (Bernays, Edward L.. Biography of an Idea: The Founding Principles of Public Relations. United States: Open Road Media, 2015.)

Goebbels, said Wiegand, was using my book Crystallizing Public Opinion as a basis for his destructive campaign against the Jews of Germany. This shocked me, but I knew any human activity can be used for social purposes or misused for antisocial ones. Obviously the attack on the Jews of Germany was no emotional outburst of the Nazis, but a deliberate, planned campaign.

No thanks, Ed. No ham.

Back to the point, scientists also say that the protein isn’t required around the same time as the carbs.

While replacing carbohydrates as soon as possible is advisable…[protein has a bigger window]. “Recent studies seem to indicate that protein can be taken several hours after or even before training. However, it is particularly beneficial to do so within the two hours before or after exercise to stimulate muscle recovery as soon as possible,” says nutritionist and dietician Ramón de Cangas.

Eat two slices of bread right after exercise but protein before or after?

That doesn’t point to a sandwich.

Still, two slices of carb and one protein in between seems the easiest way to hit the right ratio within an optimal recovery window.

Speaking of counteracting marketing with science, the article points to a fascinating education website “sinAzucar”, which paints very simple illustrations of sugar to show how awful products are about hiding the stuff.

Disgusting amounts of sugar hidden in a simple drink. Not a good workout recovery option, unless you experienced glucose failure (“bonk”).

And on that note, I’m reminded of Lakoff’s delicious “truth sandwich” recipe for your brain after a misinformation workout.

Stay healthy out there.

Ultra-processed foods harmful “much like an invading bacteria”

New studies are confirming that ultra-processed foods are harmful, which was expected, but in ways that may have no better solution than better transparency leading to bans.

…researchers have theorized that ultra-processed foods increase inflammation because they are recognized by the body as foreign – much like an invading bacteria. So the body mounts an inflammatory response, which has been dubbed ‘fast food fever’. This increases inflammation throughout the body as a result.

How do they classify a food as ultra-processed?

These foods are also not labelled as such on food packaging. The best way to identify them is by looking at their ingredients. Typically, things such as emulsifiers, thickeners, protein isolates and other industrial-sounding products are a sign it’s an ultra-processed food. But making meals from scratch using natural foods is the best way to avoid the harms of ultra-processed foods.

Processed means not raw or made from raw ingredients — many stages of complicated processing such as the industrial polysaccharide polymer “guar gum” often found in inexpensive dairy products to transform their viscosity (prevent proper crystallization and melt).

While it’s true labels on food packaging don’t say processed, when you see ingredients on food more than six things long… you’re typically getting into processing.

Ice-cream for example should be a short list such as this Strauss label:

That company is yelling at you for a reason. Their label is in fact revealing a huge difference from a list of ultra-processed ingredients like this:

Basically if you see guar gum in ice cream it’s a symptom for you to run, don’t walk, away from its ultra-processed “viscosity” not to mention all its other questionable additives.

That might sound like a new idea but it reminds me of a 1516 “purity law” from the Bavarian city of Ingolstadt, which said beer can only contain barley, hops and water (yeast was later added).

Initially this allow list was only within the Duchy of Bavaria and it gradually expanded across German states becoming a modern German law in 1906. Talk about precedent…

Albania Breaks Ties With Iran After 2022 Microsoft Investigation of CVE-2019-0604

The U.S. is very confidently accusing Iran of attacking Albania, based on yesterday’s report by Microsoft about Microsoft’s usual software vulnerabilities and mis-configurations.

Microsoft assessed with high confidence that on July 15, 2022, actors sponsored by the Iranian government conducted a destructive cyberattack against the Albanian government, disrupting government websites and public services. At the same time, and in addition to the destructive cyberattack, MSTIC assesses that a separate Iranian state-sponsored actor leaked sensitive information that had been exfiltrated months earlier. Various websites and social media outlets were used to leak this information. […] A group that we assess is affiliated with the Iranian government, DEV-0861, likely gained access to the network of an Albanian government victim in May 2021 by exploiting the CVE-2019-0604 vulnerability on an unpatched SharePoint Server, (Collab-Web2.*.*), and fortified access by July 2021 using a misconfigured service account that was a member of the local administrative group. Analysis of Exchange logs suggests that DEV-0861 later exfiltrated mail from the victim’s network between October 2021 and January 2022.

The report unfortunately is not titled “What are you even doing running Sharepoint in 2021” and instead uses this far more provocative line:

Microsoft investigates Iranian attacks against the Albanian government

Just a decade ago many experts in the security industry warned against investigations being so overtly bold or confident with their attribution statements. The fear was rooted in dubious logic that someone could make a mistake and therefore shouldn’t even try.

I mean if that was sound logic Sharepoint would have never been released to the public. Ok, maybe there’s some truth to that logic.

But seriously, anyone in any history 101 class knows you can’t let perfect be the enemy of good when writing reports about what happened in the past. Of course you can get attribution wrong, which is in fact why you should try hard and make sure you do it well.

It feels like a very long ago time ago (but really only 2014) that I gave a counter-argument to fears about uncertainty, in a presentation to incident response teams in Vienna, Austria basically saying it’s time for attribution.

Looking back at my slides, honestly I think I tried too hard to make data integrity funny. Attribution is less complicated by some unique thing about computers than it is by things about people like this: Americans are more likely to want to intervene in places they can’t find on a map (click to enlarge and have a sad laugh).

Here’s another one, where I poked fun at FireEye for making very crude and rube attribution mistakes and surviving (they’re still in business, right?).

Now look how far the world has come!

Microsoft shakes heavy doses of political science into its computer forensics reports like it’s powdered sugar on a Turkish delight.

  • The attackers were observed operating out of Iran
  • The attackers responsible for the intrusion and exfiltration of data used tools previously used by other known Iranian attackers
  • The attackers responsible for the intrusion and exfiltration of data targeted other sectors and countries that are consistent with Iranian interests
  • The wiper code was previously used by a known Iranian actor
  • The ransomware was signed by the same digital certificate used to sign other tools used by Iranian actors

[…] A group that we assess is affiliated with the Iranian government, DEV-0861…
[…] The geographic profile of these victims—Israel, Jordan, Kuwait, Saudi Arabia, Turkey, and the UAE—aligns with Iranian interests and have historically been targeted by Iranian state actors, particularly MOIS-linked actors.
[…] The cyberattack on the Albanian government used a common tactic of Iranian state sponsored actors…
[…] The wiper and ransomware both had forensic links to Iranian state and Iran-affiliated groups. The wiper that DEV-0842 deployed in this attack used the same license key and EldoS RawDisk driver as ZeroCleare, a wiper that Iranian state actors used in an attack on a Middle East energy company in mid-2019.
[…] Multiple other binaries with this same digital certificate were previously seen on files with links to Iran, including a known DEV-0861 victim in Saudi Arabia in June 2021
[…] The messaging, timing, and target selection of the cyberattacks bolstered our confidence that the attackers were acting on behalf of the Iranian government. The messaging and target selection indicate Tehran likely used the attacks as retaliation for cyberattacks Iran perceives were carried out by Israel and the Mujahedin-e Khalq (MEK), an Iranian dissident group largely based in Albania that seeks to overthrow the Islamic Republic of Iran.
[…] The messaging linked to the attack closely mirrored the messaging used in cyberattacks against Iran, a common tactic of Iranian foreign policy suggesting an intent to signal the attack as a form of retaliation. The level of detail mirrored in the messaging also reduces the likelihood that the attack was a false flag operation by a country other than Iran.

Done and dusted. Need I continue?

It is nice to see such definitive and detailed work about attribution as if it’s a normal investigation with regular analysis methods… but it’s even nicer to read Albania has announced they’re cutting ties with Iran. And then… to see the U.S. follow-up with announcements about sanctions, it’s like why didn’t Microsoft start doing this way back in 1986 instead of for decades completely ignoring security as a get-rich scheme?