RIP Simcha Rotem

Simcha Rotem has passed at 94. He was only 15 when Germany invaded Poland. He and his mother were wounded by German bombing raids that killed his brothers and grandparents. By the time he was 19, he served under Marek Edelman to resist Nazi incursions, leading to the outbreak of combat.

The insurgents preferred to die fighting instead of in a gas chamber at the Treblinka death camp where the Nazis had already sent more than 300,000 Warsaw Jews.

Speaking at a 2013 ceremony in Poland to mark the 70th anniversary of the uprising, Rotem recalled that by April 1943 most of the ghetto’s Jews had died and the 50,000 who remained expected the same fate.

Rotem said he and his comrades launched the uprising to “choose the kind of death” they wanted.

[…]

As the Germans pounded the Ghetto and the uprising faltered, Rotem was instrumental in helping fighters flee to safety through the Warsaw’s sewer system to forests outside the city.

He continued to fight alongside Polish partisans and in 1944 participated in the Warsaw Uprising. After the war he joined avengers group Nakam, which was dedicated to exacting vengeance on Nazi war criminals.

RIP

Why the US South Needs You to Send More $50 Grant Bills

The Washington Post has a well researched and written story about why the US Republican party is defined by their racism. Oh, maybe I should say spoiler alert:

…slavery’s enduring legacy is evident not only in statistics on black poverty and education. The institution continues to influence how white Southerners think and feel about race — and how they vote. Slavery still divides the American people

That’s right, the GOP uses racism to win, according to scientists who look at the data and patterns of voting. What they key in on is evidence that white children in racist families of the US south aren’t being educated away from their racism, and cling instead, which means racist sentiment will last many generations.

It is no coincidence that Jefferson Beauregard Sessions III, with his ties to the Klan in Georgia, was named Attorney General of the US in 2016 by the son of a Klansman.

In case it isn’t clear what that name represents…three generations of traitor-ship founded on racism:

The question is who today would vote white supremacists into office to represent all people, given hateful statements and overt support from Klansmen. And the answer is clearly Republicans, using a signaling method called “personal responsibility” that denies slavery was a hardship, let alone requires restoration.

GOP doctrine on the importance of personal responsibility, together with elevated rates of black poverty and unemployment, help some Republicans rationalize their belief that people of color are inferior — beliefs they probably developed in childhood.

Today this is much easier to discuss than just eight years ago. Back then people were still trying to say Republicans had things to say that weren’t necessarily racist in foundation. Take for example this story from 2010:

Shame on the 14 Republican congressmen who last week proposed substituting Ronald Reagan for Ulysses S. Grant on the $50 bill. Their action suggests they need a history lesson about the Northern general who won the Civil War and went on to lead the country.

That’s a great piece by a historian that doesn’t mention Republicans being racist.

To put this into context, a black president is elected in 2008. White Republicans then set about trying to remove President Grant from the $50 (despite being famous for being the greatest General in American history, one of the top three presidents in American history, and globally respected as a champion for human rights) and replace him with President Reagan, a man notorious for ties to white supremacists, campaigning on white supremacy, denigrating civil rights leaders like MLK (until he was forced to concede), and that’s not to mention supporting genocidal dictators. Here’s your Republican icon history right here:

Reagan chose [theme of violent white resistance to integration] to kick off his Deep South presidential campaign in 1980

Let’s look a little closer at the people trying to push Grant off the $50.

Rep. Patrick McHenry, R-N.C…introduced the legislation last month. He says it’s not about Grant but about honoring Reagan in the same fashion as Democratic presidents…

You have to marvel at the fact that McHenry doesn’t know that Grant was a Republican. Then you have to marvel at the fact McHenry is saying that pushing Grant off the bill isn’t about Grant. Do you think he meant that? Check out his own words, when he tried to explain:

…it has very little to do with Grant and so my response is very simple. I believe that Ronald Reagan, as most historians do, was the better president…

That means it absolutely is about Grant. McHenry is touting a white-supremacist line that Grant wasn’t a better president than Reagan. Grant won the civil war, introduced civil rights, created the DoJ, created the national parks, wrote an amazing autobiography in a race to finish before death from cancer…I mean his long list of accomplishments and massive popularity at his death should speak for themselves.

Reagan (perhaps most infamous for being absent minded, a figure-head and aloof while in office) has nothing on Grant, which we’re only talking about here because McHenry tried to argue Grant wasn’t better than Reagan, while saying it’s not about Grant. Reagan literally was almost removed by his own aides for being inept at his job, as they had to give him competency tests:

Most high-level White House aides believed that President Reagan was so depressed, inept and inattentive early last year in the wake of disclosures in November 1986 about the Iran-contra scandal that the possibility of invoking the 25th Amendment to remove him from office was raised in a memo to Howard H. Baker Jr., who was just taking office as Reagan’s chief of staff.

Former Baker aide James Cannon, confirming facts reported in a newly published book, said in an interview yesterday that he wrote a March 1, 1987, memorandum based on the aides’ concern and raising the possibility of applying the amendment.

Baker took the recommendation seriously and, with Cannon and two of his own aides, spent part of a day observing Reagan’s behavior before concluding that the president was sufficiently competent to perform his duties, according to the book.

Reagan is not a man who has any business threatening the amazing legacy of Grant, the warrior and patriot who reluctantly became president to continue to help save the nation and fight for freedom for all by destroying the KKK.

I combine the Washington Post story above with this one about their attempts to erase Grant from their own party to replace him with a barely competent Reagan who feted dictators and funded genocides… and it seems what the maps of the poor south really need is an infusion of Grant bills.

Send Grant back into the areas that are to this day being oppressed by the present-day Republicans who are perpetuating America’s racist legacy among their children and who refuse to end their family battle against civil rights.

Also let’s get Jackson off the $20 already…sheesh, talk about an awful legacy that should be deprecated ASAP.

“United States history is not Andrew Jackson vs. Harriet Tubman,” the Tennessee Republican said.

This week’s announcement that Jackson, a white slave owner from Tennessee, will be booted to the back of the $20 bill to make room for Tubman, a black anti-slavery activist, has left many in Jackson’s home state feeling that the change [will] diminish Jackson’s legacy [and] celebrate Tubman’s accomplishments.

That’s right. A Republican actually said US history is not about a white supremacist president who actively perpetuated slavery to expressly deny rights to black Americans, versus a black American who wanted rights.

That is so patently wrong. US history literally is about Jackson perpetuating slavery 30 years longer than the rest of the world. It is about all the moves he made from a white supremacist power position to block Tubman, and anyone else like her in the underdog reformer and freedom advocate seat, from being successful.

Time to send some Grant, send some Tubman, and tell the children in the US south all the real history of America that will help people be realists about how and why the Republican party is so racist.

Personality May Determine Employee Engagement

Interesting insights from the HBR, like emphasizing positive personalities in the workforce can harm leadership feedback loops:

If leaders turn employee optimism and resilience into a key hiring criterion, then it becomes much harder to spot and fix leadership or cultural issues using employee feedback signals.

And then they double-down on this assessment of overly positive personality and engagement, suggesting unhappy people may be the ones you should prize the most in your hiring practices:

…the most creative people in your organization are probably more cynical, skeptical, and harder to please than the rest. Many innovators also have problems with authority and a predisposition to challenge the status quo. This makes them more likely to complain about bad management and inefficiency issues, and makes them potentially more likely to disengage. Marginalizing or screening out these people might seem like a quick win for engagement, but in most organizations these people are a significant source of creative energy and entrepreneurship, which is more difficult to get from people who are naturally happy with how things are. To some extent, all innovation is the result of people who are unhappy with the status quo — who seek ways to change it.

Innovation is the result of people who are unhappy, and seek ways to change?

That makes perfect sense, although I feel happiness in making a change is underrepresented in this context. Startups are notoriously more creative, yet also happy, places because they’ve shifted past the unhappy part about the status quo. So it seems more like a cycle is happening, engaged and happy after being unhappy and disengaging, instead of a linear line to be measured.

Question: “Why is Russia so good at getting women into technology?” Answer: Communist Propaganda

It is great to see someone is trying to drill into Russia’s technical hiring practices as some sort of example for study or exception, rather than the other way around (why does America suck at allowing women equal treatment).

She believes there are several reasons for that: girls are expected to take up computer science from an early age and perform well, and there’s no stigma associated with studying technology.

But there’s something more: “Culturally, women in Eastern Europe are characterized as having a forthright nature and this means they’re more inclined to speak up for themselves, and be hardy to rejection, which is typically needed in a male-dominated environment,” Frankland says.

“Characterized” is the operative word here. Let’s take a step back into the history of the region and from where the caricatures emanate.

Many hoped the Bolshevik Revolution one hundred years ago would usher in a new era of gender and class equality. Following the revolution, Soviet Russia declared “International Women’s Day” an official holiday, and “Marxist feminists” romanticize communism to this day. Women of the Gulag, both a remarkable book and a documentary film, highlights the disparity between the Soviet Union’s alleged gender equality and the reality of life for women under communism.

It is now popular to claim — in the New York Times no less — that Soviet women “enjoyed many rights and privileges unknown in liberal democracies at the time,” so it is worth noting some of the ways that communism tyrannized women in particular. Those who claim the Soviet Union liberated women would do well to learn the stories of the women of the Gulag.

Now, to be fair, the above opinion piece is from the Cato institute, an unabashedly extreme right-wing propaganda outlet. Cato is hoping to bash Communism for attempting gender equality and failing miserably. So let’s take a moment to acknowledge that under Communism women were characterized as equals, alleged to be equal.

That’s notable because under the Cato manifesto women aren’t even alleged to be equals and aren’t allowed to try, which objectively seems worse than trying and failing. Exceptions are made for women who use “masculinity” (I believe that’s how Marx referred to it) to adapt themselves to the capitalist machines.

After the fall of Communism we actually have seen a reversion of women’s rights and abject oppression. While we see characterization of women as equally skilled for technical roles has lasted, keep in mind Russia has been busy decriminalizing physical abuse of women.

Why Russia is about to decriminalise wife-beating. It fits with traditional values, lawmakers say

Communism had a method of setting a characterization apart from these nonsensical “traditional values”, if you will. There was a time of messaging women as equals. Propaganda or not, such messaging under Communism had a lasting impact.

Anyway, without reading two much into either the Communist or the Libertarian messaging about the role of women in society, I always try to remind people that 60% of code-breakers in Bletchley Park during WWII were women, and we see a similar percentage today in countries like Israel where merit is measured instead of masculinity for technology jobs.

Improved Ghillie Suits (IGS)

Personally I wish someone had pushed for the phrase “future update ghillie suits” (FUGS) when they were thinking about “future warfare”. Instead the US Army is talking about Improved Ghillie Suits (IGS) to address the shortcomings of past designs.

Notable issues:

  • If you dress like a tree, you may be as flammable as one (several snipers have burned to death)
  • If you dress like a woolly mammoth, you may be as heavy and hot as one (ok, that’s really two issues)
  • If your suit is singular instead of modular, the above two properties are greater

Innovation is happening in the field, by snipers working to stay alive, blend better and also function more efficiently/safely, so the textile department of the Army decided to incorporate some of these ideas.

Maj. WaiWah Ellison, assistant product manager, Durable Goods, Soldier Clothing and Individual Equipment with Program Executive Office Soldier, explained the need for the update: “The current kit is thick and heavy and comes with a lot of pieces that aren’t used.

“Soldiers are creating ghillie suits with their own materials to match their personal preference. We want to make the IGS simpler and modular so the snipers will use what is issued to them instead of relying on outside resources,” Ellison said.

While this all makes sense from a product manager view in terms of updating the suits, relying on outside resources does kinda sound more like what camouflage is all about. And you have to marvel at the fact that nobody thought forward enough to realize that a Scottish concept of a heavy and fluffy suit originating in a rainy cold climate would be hot and flammable elsewhere.

Yes, I said Scottish. Just in case you’re wondering what a Ghillie is…Scotland Magazine breaks the meaning down over the centuries:

Since the Victorians discovered their passion for stalking, the life of the ghillie has had less to do with carrying Highland chiefs across raging torrents and more to do with the management of the landscape and looking after stalkers on the hill.

Fast forward to today:

“Do I look flammable to you?” Urban warfare researchers find the Ghillie suit heavy, hot, prone to combustion and….hard to blend in

It’s nice if you don’t have to take time to gather local capabilities to blend in, but that does presume accurate and fast feedback loops reaching the top of a very large organization.

A recent IDF investigation into a failed operation gives insight into how local knowledge — required for blending into the most dangerous environments — can be very dangerous to underestimate or get wrong.

…based on interviews with Hamas officials, a picture is emerging of a carefully planned Israeli intelligence operation in which agents posing as Palestinian aid workers may have gone undetected for up to two weeks before it went awry.

Nterini – Fatoumata Diawara

In a story that I’m almost certain nobody has read (based on everyone I have asked about it)…hundreds of thousands of letters that were seized by British warships centuries ago, now are getting digitized for analysis by the Union of the German Academies of Sciences and Humanities.

Somewhere in the U.K. National Archives in London, there are 4,000 boxes containing more than 160,000 undelivered letters from ships captured by the British during the naval wars of the 17th, 18th and 19th centuries.

Now those letters — some of which are bundled in old mail bags and affixed with wax seals that have never been broken — are about to go online.

[…]

The mail, sent mostly between 1652 and 1815, is written in 19 different languages and contains songs, notebooks, packages and personal correspondence.

[…]

Many of the letters are made inherently tragic by having never reached their destination.

A series of four letters from a Madam Dupont in Quebec between 1702 and 1703 show a woman frantically trying to reach her husband, who is away on business in France, and growing increasingly despondent by his lack of response.

“These letters are full of the hazards of the flu epidemic and chicken pox in Quebec and her tone gets more and more desperate, because she doesn’t get any sign of life from her husband,” Freist said.

“She feels utterly neglected and resented and finally decides not to write anymore. In the letter she says: ‘You can’t love me anymore if you don’t answer. I will now stop writing. I give up.’ But then she writes again and she implores her husband once again to come back.”

No word yet on why the German Prize Papers Project is leading the effort for a British archive.

I almost feel like this is the German way of trying to prove again how terrible the British Empire was for global humanity.

Speaking of letters of humanity, and of messages sent but never received…the Fatoumata Diawara video Interini about migration is a must watch/listen:

Lyrics:

Cette chanson parle de la souffrance que la distance inflige aux amoureux. Mon amour et mon confident est parti loin et ne me donne pas signe de vie. Je l’aime malgré tout et il me manque nuit et jour. J’aimerai avoir des nouvelles de mon chéri, sinon je n’arrive pas à dormir.

Mon amour est parti loin
Et ne va peut-être plus revenir
Mon chéri est parti loin de la famille
Et ne reviendra peut-être plus
Il était mon ami, mon confident, comment va t-il?
Je veux juste savoir si tu vas bien?
Il est parti dans une contrée lointaine
Il me manque beaucoup
Toi qui as toujours été mon guide
Je t’aime de tout mon cœur

Mon amour a pris son envol
Qui sait quand est-ce qu’il va revenir?
Dites-moi, mon chéri est parti loin
Et ne va peut-être plus revenir

Il est parti s’installer dans un pays lointain
Et ne m’a rien dit
Ce n’était pas le temps du matin qui m’empêchait de le voir
Ni la chaleur de la journée

This song speaks of the suffering that distance inflicts on lovers. My love and my confidant have gone away and do not give me any sign of life. I love him despite everything and he misses me night and day. I would like to hear from my darling, otherwise I can not sleep.

My love is gone away
And maybe not coming back
My darling left the family
And may not come back again
He was my friend, my confidant, how is he?
I just want to know if you’re fine?
He left for a distant country
I miss him a lot
You who have always been my guide
I love you with all my heart

My love took flight
Who knows when will he come back?
Tell me, my darling is gone away
And maybe not going back

He moved to a distant country
And did not tell me
It was not the morning time that prevented me from seeing him
Neither the heat of the day

Insurance Companies Say NotPetya Means War (And Therefore No Coverage)

Add cyberwar to the long list of reasons for why insurance companies will deny claims

Essentially, Zurich’s position is that NotPetya was a “hostile or warlike action” by a “government or sovereign power.” In fact, NotPetya is widely viewed as a state-sponsored Russian cyber attack masquerading as ransomware that was designed to target Ukraine but inadvertently spread globally. Russia denies these allegations.

According to Mondelez, even Zurich had doubts about denying coverage and at one point, rescinded its denial and committed to advancing $10,000,000 partial payment towards Mondelez’s insurance claim. But, for some reason, Zurich changed its tune and reasserted the declination of coverage.

For me this story is less about what is cyberwar, and more about why insurance companies are so good about self-declaring reasons to refuse coverage.

I recently had an insurance company executive tell me they were in the healthcare industry. So I asked if they provide care, to which they replied “no, we know more than anyone, even doctors, about health and we want to encourage people to make smaller and fewer claims.”

That’s not healthcare. That’s finance. Fewer claims (of care) means more margin.

The NotPetya-based denial of claim means the insurance company has assigned themselves the fun burden of proving that a “government or sovereign power” has committed a “hostile or warlike action”. Presumably they think the cost of that proof is less than $10,000,000

Google Lights $1M on Fire to Protest Separation of Test and Production

Advertising news sources are saying that it was an accident.

On Tuesday at about 7 p.m. ET, many publishers both in the U.S. and Australia saw many–if not all–of their ad slots filled with display ads featuring nothing but the color yellow. They were up for 45 minutes.

The costly mistake occurred during a Google training program when an employee accidentally purchased the 300×250 ad units, the sources said. Publishers who checked their logs saw the advertisements came from theiconic.au.com, an Australian retailer.

Estimates are upwards of $1m burned in just hours. Google made an official statement, confirming both payments and that the protest didn’t encounter any resistance.

We will honor payments to publishers for any ads purchased and are working hard to put safeguards in place to ensure this doesn’t happen again

“Top 10 Security Disasters in ML: How Laurel and Yanny Replaced Alice and Bob”: 2019 RSAC SF Presentation

I’ll be presenting again (10th year in a row) at the RSA Conference in SF, discussing how the information security industry shifted fundamentally after 2014 from ongoing confidentiality to growing integrity concerns.

SESSION ID: MASH-F02

TITLE: Top 10 Security Disasters in ML: How Laurel and Yanny Replaced Alice and Bob

SCHEDULED SESSION DAY AND TIME: Friday, Mar 08, 9:50 AM

ROOM: Moscone West 2007

LENGTH: 50 minutes

ABSTRACT: A seismic shift is upon us. Integrity flaws stand looming and untamed despite the security industry making great progress in availability and confidentiality awareness and control. Now a crisis of trust is developing as developers rush into “machine learning” with integrity a paramount risk. This talk will expose keys of past breaches of integrity to help attendees prepare to control ones just ahead.

QUICK ABSTRACT: If you thought confidentiality breaches were a crisis, are you ready to detect and prevent integrity failures at machine speed?

Apple Alert: SSD Data Loss in 13-inch Macbook Pro

In an awkwardly worded statement, the laptop manufacturer has alerted owners of its 13-inch Macbook Pro that SSD firmware flaws are causing serious data corruption and even complete failure.

Apple has determined that a limited number of 128GB and 256GB solid-state drives (SSD) used in 13-inch MacBook Pro (non Touch Bar) units have an issue that may result in data loss and failure of the drive. 13-inch MacBook Pro units with affected drives were sold between June 2017 and June 2018.

Apple or an Apple Authorized Service Provider (AASP) will service affected drives, free of charge. Apple recommends having your drive serviced as soon as possible.

A few things stand out here:

  1. The firmware update means an Apple “technician will run a utility”
  2. The repair process is to backup your data, update the SSD firmware in a destructive manner, and then restore all your data from backup. And this begs the question why someone can’t do the update themselves if it means restoring a backup to a fresh OS install. Apple ought not be worried about data loss or failure in the process as that’s a guaranteed outcome. Are they concerned the firmware update would brick the laptop, or that the utility would grant too much authority to the end user?
  3. Data already destroyed by the faulty SSD can not be recovered
  4. Anyone who already paid for this service can get a refund. Although at the same time, it only “covers affected MacBook Pro models for 3 years after the first retail sale of the unit”. The repair will not be free if your SSD has faults beyond 3 years…

the poetry of information security