Category Archives: Security

How Ayn Rand’s Philosophy Inspired Assassination of JFK

Here’s how I’d paraphrase a comment in the new documentary film on Americans who refused to believe in morality, and struck out violently to prove they only can be self-judged:

…reading Ayn Rand meant we were extremely anti-JFK, saw him as our arch-villain. US Marine Lee Harvey Oswald was going to be the hero of my novel when he became ‘disenchanted’ with the US, defected to the USSR, then jumped up and shot the President. It was very weird…

What’s missing is the actual connection from this guy looking for notoriety, in his admittedly otherwise empty search for meaning of life, to an event that meant a lot to everyone.

We know Thornley was stationed with Oswald in Japan, but not whether a connection to Rand was established by Oswald or projected upon him by Thornley.

1980 Datsun Electric Car (Lektrikar II) For Sale

Would you buy a 1980 Datsun electric car?

Let me explain why such a car would exist in America, by telling you an obscure and old story that nobody really remembers anymore, and as far as I can tell has never been told in full before (given so many records/pieces are missing).

The New York Times in February 1981 boldly claimed the electric car was returning to America.

THE internal-combustion engine may have been king of the road for the last 70 years, but as a result of the gasoline hysteria that has struck the United States twice in the last decade, its chief competitor – the electric car – is again being seriously considered as an alternative.

Now here’s the big clue about where Datsun comes into play: GM and Gulf and Western are mentioned in the same sentence as “making commitments”.

“A whole new stage is being set for the electric car,” said John Makulowich, executive director of the Electric Vehicle Council, a trade association. “Major corporations like General Motors and Gulf and Western are making commitments to electric-vehicle engineering.” He attributed this in part to legislation giving financial aid and other incentives to research and development in this area.

Dozens of large and small companies are investing time and money in battery and electric-vehicle development, while hundreds, perhaps thousands, of individuals are tinkering in garages and laboratories to find an answer to America’s energy needs in a world of shrinking gasoline supplies. The answer, some think, could lie in the past.

Ah, well if the answer to electric cars lies in the past… will 1981 prove to be the answer for electric cars in 2021? Probably, but NYT wants us to go back even further in time since 1981 was current (pun not intended) for them back then.

By around 1910, one out of every three cars or trucks on American roads was there under electric power. But by 1920, Ford had sold nearly 10 million assembly-line-built gasoline-powered cars.

10 million gasoline-powered cars sounds like a lot of output until you look at the number of anti-Semitic hate propaganda and disinformation rags that Ford published.

I mean talk about “selling” a lot… Hitler even gave Ford a medal after taking millions of dollars to deliver products to American military, disappearing with it and instead showing up as ally of Nazi Germany!

I’m not kidding. That’s real, Ford’s abject failure to deliver as promised is even recorded in US Congressional debates.

Anyway, setting all that dark and serious history aside, here’s my absolute favorite part of this NYT article. I have to screenshot it so you’ll believe me:

Source: NYT

1796?! Wat.

Given the Department of Energy (DoE) was created in 1977 by President Carter (August 4 Department of Energy Organization Act abolishing the Federal Energy Administration and Energy Research and Development Administration) it seems very unlikely that the year 1796 is anything but a typo that still hasn’t been corrected.

I mean if America had electric vehicle commitments all the way back to 1796… hooo boy talk about this country being late to deliver on promises of freedom!

Speaking of promises, GM was literally saying in this 1981 article that they soon would be leading the world in electric cars. No, really they were saying how electric was going to be like a whopping 10 percent of their fleet 40 years into the future.

G.M. is planning to put a mass-produced electric car on the road by the mid-1980’s. Alex Mair, vice president in charge of technical staffs, said that by 2020, 10 to 15 percent of G.M.’s total production will be electric vehicles. “We think we’re leading the world this time around,” Mr. Mair said.

Someone could have stopped Mr. Mair right there and replied “10% is the opposite of leading the world, and a 40 year timeline is pathetic…just say never.”

Yeah, that didn’t turn out anything like what GM said. GM and electric car still are like saying oil and water.

But here is where the story gets really interesting, in two parts.

First, news of a breakthrough vehicle being developed by “Gulf and Western Industries” and second, calling out a Datsun employee driving an electric car around Los Angeles.

Earlier in 1980, Gulf and Western Industries announced a zincchloride battery system that David N. Judelson, the company’s president, called “a major achievement in the world of high technology – perhaps one of the most meaningful developments since the turn of the century.” The company said that vehicles powered with its battery had traveled 55 miles per hour for more than 150 miles on a single charge and that the battery system had a life cycle of more than 1,400 recharging cycles, or 200,000 miles.

[…]

Art Spinella, who works in public relations for Datsun in Los Angeles, has driven a converted Renault electric car since “the scare of ’73.” He said he just got tired of waiting in long gas lines. Powered by lead-acid batteries, the four-speed, late-60’s-model conversion cost just $600, and will run over 70 miles per hour and travel just over 60 miles before he has to recharge it. “People follow me off the expressway to ask what it is,” Mr. Spinella said, “They sometimes don’t believe what they just saw when I tell them it’s electric.” “Yes,” he added. “They work.”

Did the Datsun guy really plug a Renault (pun not intended)?

And now back to the point of this blog post, the 1980 Datsun electric car for sale.

A campaign called “Yes, they work” isn’t the best one I’ve ever seen. Yet such a definitive statement by Datsun PR in 1981 should have gotten a LOT more attention.

Apparently 1,200s Nissan vehicles without combustion engines were purchased by the US government under the 1970 Clear Air Act (with the 1976 Electric and Hybrid Vehicle Research, Development, and Demonstration Act) to make electric cars for power companies and municipality workers; eventually these vehicles ended up in the hands of “Lectra Motors” of Las Vegas.

Let me just stop here to point out right now that the Department of Energy official history of this period is provably false and misleading.

…vehicles developed and produced in the 1970s still suffered from drawbacks compared to gasoline-powered cars. Electric vehicles during this time had limited performance — usually topping at speeds of 45 miles per hour — and their typical range was limited to 40 miles before needing to be recharged.

That is just not true. “Typical range” and “usually topping” are weasel words because they’re talking averages, hiding the fact that cutting-edge advances of that day proved far, far better performance.

Here’s a late 1970s Lectra 400 brochure blowing away those deflated numbers (top speed over 65 mph, and 70 mile range, both far more than necessary in urban environments).

Let me explain with some more history.

The relationship between all these parties in the late 1970s might sound strange to the modern ear until you roll way back to the end of WWII and consider one of Nissan’s first products under occupation by Allied forces was an electric car.

In 1947, the company succeeded in creating a prototype 2-seater truck (500-kg load capacity) with a 4.5-horsepower motor and a new body design. It was named “Tama” after the area where the company was based. Its top speed was 34 km/h (21 mph). Next, the company created its first passenger car. With two doors and seating for four, it boasted a top speed of 35 km/h (22 mph) and a cruising range of 65 km (40 miles) on a single charge.

In other words, what the Department of Energy was claiming to be 1970s limitations were really from the 1940s! By the 1970s the new electric cars were capable of 70 mph and 70 mile range, far exceeding electric car requirements of that time.

To put it another way, context matters. Tokyo in 1945 had been burned to the ground (over 50% destroyed by months of firebomb raids) and industrial production let alone gasoline was non-existent.

Engineers from a Japanese Aircraft company in Tokyo were hired into Nissan and set about designing an electric car that would restart their country’s infrastructure and commerce.

They immediately put into production a car that could run off hydro-electricity from the mountains outside devastated Tokyo. Electricity infrastructure repairs meant production jumped nearly 55% right after war ended and here you can see hydro’s stability:

Source: Foreign Commerce Weekly, Volumes 46-47, 1952

Even manufacturing of the car itself was supposedly designed to run on excess electricity in the immediate after-war years. Sure, the car was limited, but it was aircraft engineers redeployed to civilian needs and delivering something where there had been nothing.

There are a lot of “airplane-engineers must have built this” innovation moments when looking at a Tama, especially when you see a battery refuel concept of 1947 giving drivers a fast swap on both sides like reloading wings for bombing runs:

Source: Nissan

Military engineers designing electric cars after WWII…hold that thought.

Now back to all the fancy sounding language from GM about leading the world in electric vehicles. Remember that? Instead GM used its giant budget to buy a majority stake of small but very plausible emerging electric car companies in Las Vegas to shut them down completely, allegedly even destroying records (if you know of any Lectra files, please let me know).

Any guesses why the Nissan electric car development with the US evaporated in 1981? Ronald Reagan.

It doesn’t get mentioned much, but in 1981 the Reagan Administration asked Japanese automakers to impose a “voluntary export restraint” (VER), which capped at 1.68 million the number of cars Japan could send to the United States each year. Reportedly, this was under threat of an outright tariff, but the VER accomplished just about the same thing.

Thus GM and Reagan ruined an early emerging success story involving Nissan and US government from 1979-1981 — thousands of cars were very briefly released for Gulf and Western (WRI), which were transitioned into LectraMotors run by Albert Joseph Sawyer (per his obituary from 2012).

After moving to Las Vegas in 1960, [the Navy veteran] worked for [Edgerton, Germeshausen, and Grier defense contractor] as an electrical engineer. In 1974, he made his first electric car. After retiring from EG&G in 1978, he formed LectraMotors to mass produce electric cars. He was a true visionary and pioneer in the electric car industry. Some cars are on the road to this very day.

Here’s how a US government report put it in 1979, with only a brief mention of testing the Lektrikar II, which at that time was still WRI:

Source: Electric & Hybrid Vehicle Program Quarterly Report, United States Department of Energy, Office of Transportation Programs 1979

And here’s a promotional video for the “advanced Zinc Chloride energy storage system” that boasted of $27 million in US government funding:

Did I say military engineers designing electric cars after WWII? Responding to a Japanese energy crisis in 1946 had quite a lot in common with responding to an American energy crisis in 1976, although I don’t see anyone make the obvious connection here from Nissan’s aeronautical engineers to EG&G’s…

EG&G jobs near Las Vegas meant something rather special. I didn’t find Albert Sawyer’s name on a 1967 drawing from EG&G “Special Projects” team, yet the imagery depicts a certain sentiment about the world for top engineering teams when the CIA terminated their Operation OXCART (SR-71 Blackbird).

Source: Nevada Aerospace Hall of Fame

Think about the Japanese engineers who built planes, shifting after defeat in WWII to making electric cars, giving those to engineers in America who were shifting from a company making the SR-71 to a new company to mass produce and represent cutting-edge electric cars.

Instead of “Yes, it works” perhaps the PR guy from Datsun could have said something like “If engineers working on our new 310 model can build a real-life R2-D2 astral navigation system for a top-secret long-range, high-altitude, Mach 3+ strategic reconnaissance aircraft, just wait until you see what they can do for the electric car”.

And so we come to the conclusion of this post.

One of these rarest of rare American cars sold by an ex-EG&G engineer’s company Lectra still exists today in Santa Cruz, California because… of course.

The car originally was badged as Datsun (US brand-name for Nissan) 310 Lektrikar II.

Nobody knows how many existed. Again, it is believed GM intentionally destroyed records during the Reagan Administration to cheat history of these emerging electric car projects.

This Lektrikar II has been “modified” over the years but fundamentally it’s always been a fine vehicle by even today’s standards.

Weirdly you will find no mention of any of this real history on Wikipedia’s retelling of electric car history, let alone any other “authoritative” versions of electric car company history in America. It’s almost impossible to find any mention of one at all anywhere.

The surviving Lektrikar II started with eighteen 6V golf-cart batteries (US Battery US-145 Lead-Acid Flooded with 7 front, 11 rear), and replaced them with a simpler array of nine 82-pound Trojan 1275MV automobile 12V Lead-Acid Flooded with 4 front, 5 rear.

The motor is a Prestolite 7.2 inch Series Wound DC 22 HP, with a 4-speed drivetrain and clutch.

And the controller is said to be a Curtis 1221C MOSFET transistor Technology, 15,000 cycles per second, 400 Amps.

It’s for sale… but really the story is that in 1981 the Datsun PR guy was telling people that converting his daily driver car to electric (for 60 mile range capable of 70 mph) cost around $600 and GM was telling the world they would be the leaders in this market while working behind the scene to shut it all down.

More photos:

Is “Cash Strapped” The Right Analysis of American Critical Infrastructure?

If you’ve been a long-time reader of this blog you may recall seeing here before that in the early-2000s the US government left security of critical infrastructure up to the market investors in infrastructure (mainly banks) to figure out.

It was like a “trickle-down” theory of investment bankers showering the littlest critical infrastructure projects with the kind of money they would need to make things safe — at a market-designated level.

I have done critical infrastructure security audits, as well as security strategy consulting, before and after this time. What one might imagine on the outside is very different than what I found on the inside. That is to say, I expect most people (even myself before I started going inside) expect management to be laser focused on safety of service delivery, and willing to invest even a little extra to protect people from harm (capacity and disaster planning).

Yet that hasn’t been my experience.

For example on one engagement I had a bank ask if they should put their investments towards building adjacent bitcoin mining operations in power stations to shove “excess” power into assets they would sell off to an unregulated market.

On another engagement, as I was on my way to hack into the generation and distribution networks (they were weak), management stopped me and said “wait a minute, we care not much if those go down and people are without service, as that’s routine for us; instead please focus attacks on our trading systems and financial operations around billing and pricing” (they were weak too).

To be fair they were saying they could handle dangerous life-threatening accidents because that’s what they have been planning for all along… yet when I probed deeper it was more like they knew that those accidents wouldn’t have an effect on their P&L. Really.

And these were giant even “bulk” organizations, not “small systems” that have less of a fighting chance to argue with banks that may make final decisions on risk management models:

There are over 145,000 active public water systems in the United States (including territories). Of these, 97% are considered small systems under the Safe Drinking Water Act, meaning they serve 10,000 or fewer people.

Alas, from an economics standpoint it’s easy to say “poor” American banks do not have the money to spend on public utilities. Yet a wider macro view is probably that American investors with loads of cash to invest made it a conscious market decision since at least 1998 (when I pwned 1,000s of infrastructure routers across five states using clear-text passwords) to not invest in service safety. They’re not cash strapped as much as they’re not regulated in a way that a whole history of relevant accidents and basic common sense would force a cash infusion into the areas we might expect.

Also sometimes I wonder things like why Microsoft’s billionaires even charged utilities to license software for water utilities in the first place… or why the utilities didn’t all shift to software that came without a license, avoiding built-in end-of-life (EOL) and support models wildly inconsistent with their operation plans.

Anyway, here’s the TL;DR on the most recent “news” in America that uses the headline of “cash strapped” Americans (who have been violating basically every basic principle of safe operations even as laid out by the US government for years):

  • All computers used by plant personnel had remote control
  • All computers connected to plant’s control system
  • All computers connected directly to Internet
  • Out of date OS (Win7 – EOL Jan 2020)
  • All users share the same password
  • No network protection (firewall)

Shocking. It doesn’t take much money to fix all of that, especially if you had done it a year ago.

And here’s a post I wrote about many of the prior warnings: Was Stuxnet the First?

And here’s a post I wrote (in 2011!) about this exact issue: Chicken LittleStux is Falling

Let me now suggest a different narrative. “Cash strapped” is a military negotiation and planning phrase despite having an enormous amount of money in its budget.

Cash-strapped US military to cut Persian Gulf fleet: USS Harry S Truman will not return to Middle East, leaving only one American carrier group near the strategic Strait of Hormuz

And now for something completely different, look at hard lessons of 1991 when a missile downed an AC-130 gunship and how the US military responded.

America decided not one more AC-130 would be lost to attack. And 30 years later it’s still true. Was it cash infusion? No.

All 14 airmen aboard were killed, but one Air Force general wrote that their sacrifice helped usher in a new era of the AC-130, one where new technology and tactics helped ensure that no gunship has been lost in combat since.

“We owe much to those who sacrificed everything aboard Spirit 03, not only because ‘they gave the last full measure of devotion’ for us, but also because they bequeathed to us, at a critical point in history, the decisive motivation to reinvent the AC-130 for a new challenge and a new century,” wrote now-retired Maj. Gen. Mark Hicks, a career gunship pilot, in the summer 2014 issue of Air Commando Journal.

The lesson from the US military success with the AC-130, however, was not an expensive reinvention of technology and newly dedicated staff as much as what Deming called the statistical control process to improve existing practices — commitment to delivering quality and identifying exposure or risks earlier.

For what it’s worth, in 1980s when “cash strapped” Ford hired Deming he improved safety, quality and changed management practices in those areas. They called it Total Quality Management and focus on lack of cash; he turned risk around so much they soon outperformed GM and became the most profitable car company.

Had Ford stuck with Total Quality Management, it might have avoided many of the problems that have plagued it recently. Instead, as the years rolled by, the concept faded into the background at Ford as its champions retired and were replaced by executives who had other priorities. “U.S. automakers had so much confidence, they felt they had achieved quality and didn’t need to focus on it anymore”…

Perhaps read that insight as Ford was no longer was “cash strapped” so their focus deteriorated and safety declined.

Cash infusions could have actually led to the wrong outcome. Again, it was focus on the wrong things that led to the AC-130 being shot down, and like Deming’s work at Ford maintaining focus on quality is what made a huge difference in safety. Spend as little as possible and no less.

Here’s the money quote from the story of how an AC-130 program now has run three decades without any attacker forcing one down.

…improved fire control and better sensors really helped, but it was a commitment to be tactically sound that really made the difference,” Hicks wrote. Walter expressed a similar view. “The fundamental lesson learned is to always expect to be fired upon when firing.”

They don’t say the fundamental lesson is a cash infusion (in fact they brush that away as “really helped, but”). They certainly spent some money and also had some accidents — but it was focus on quality that mattered most.

Although losing a brand new, low density-high demand asset like an AC-130J is bad news, this is what testing is for. Better have a permanently grounded plane than one laying on the ground burning in the enemy’s backyard.

And I wonder if we should apply the same lessons domestically. Stop making safety in critical infrastructure about cash moving hands and instead make it about being tactically sound. I don’t mean NERC’s Critical Infrastructure Protection (CIP) either as some of you may remember it was a very cynical game by utilities to avoid NIST 800-53 and pretend they needed their own set of rules so they could ignore them.

We’ve known what happened in a water system in 2021 is what we talked about in 2000 after a water system was compromised, as I said above in my links to blog posts from a decade ago. There have been many, many studies in between then and now.

However, unlike the US military resolve to care deeply about stop loss, the market-driven critical infrastructure seems to have long taken the opposite approach and push the question how many more catastrophes are allowed before they really, really have to care.

I say don’t make it about cash, because it’s always been that way. Take a look at America’s healthcare system for reference. Anyone who says government run health care would be more inefficient is willfully ignoring that the United States pays more per capita on health costs than any advanced country, yet is the only one without universal health care. Cutting out health insurance companies whose sole goal is to manage “cash strapped” issues by pushing huge amounts of money around using a market-based solution could save billions and still improve safety.

In fact, you might say the inflationary cost of security has made safety even less likely to happen because it gives bankers and easy out by claiming the risks are worth not spending on controls. So the less cash-strapped the less secure… could be a logical outcome.

Make it about quality, about tactical soundness, not about opening coffers or another form of congressional-military-industrial-complexity.


See also 2020: “What We’ve Learned from the December 1st Attack on an Israeli Water Reservoir?

The reservoir’s HMI system was connected directly to the internet, without any security appliance defending it or limiting access to it. Furthermore, at the time of the publication, the system did not use any authentication method upon access. This gave the attackers easy access to the system and the ability to modify any value in the system, allowing them, for example, to tamper with the water pressure, change the temperature and more. All the adversaries needed was a connection to the world-wide-web, and a web browser.

Harvard’s Mandatory Course on Race and Racism in America

Is it unethical and irresponsible to train public leaders without requiring a course on how race and power work?

Yes.

Is the Stanford University able to overcome their racist and genocidal namesake by just starting a mandatory course on race, power, and business.

No.

Harvard Kennedy School, however, is in a better place today with a new mandatory course “Race and Racism in the Making of the United States as a Global Power

Students learn the central role race and racism play in business and wealth creation, social institutions, and public policy, drawing from Indigenous history from the legacy of slavery to contemporary systemic inequalities in justice and economic opportunity.

[It was wrong] to hand over Master of Public Policy degrees to people who were no smarter in many cases in understanding how the real world works with racism and power … the day they leave the School than the day they arrived.

I’ll always go back to asking questions about Harvard graduates like the infamous modern politician Kobach, whose degree was based on a repugnant and obviously false thesis that apartheid is good for business. So this is a very welcome step from Harvard that may help avoid graduating another Kobach.

When Futurists Get History Wrong, Can They Predict Right?

What if I told you there is ample evidence to say projectiles with lethal effects beyond arm’s reach are as old as weapons themselves?

…researchers found that 14 of the 25 point fragments bore evidence of impact-related damage, animal residues, and wear features that strongly indicated that these points may have been used for hunting. Examination of the impact-related fractures and the distribution of the points indicated that these points may have been attached to handles to form projectile weapons and that these weapons were projected from a distance, most likely with a flexible spear-thrower or a bow. …the new Sibudu Cave site data may push back the evidence for the use of pressure flaking during the MSA to 77,000 years ago…

There’s even a dart-firing Atlatl product design discussion from the Stone Age:

Darts were not only easier to transport but they penetrated hides with greater force, which likely killed animals quicker. In Alberta, darts were used to hunt bison, sheep, elk, deer, antelope, and smaller animals. Each species likely involved a different strategy and context of atlatl use.

If you really want to get more technical about it, archaeologists say things like the blowgun comes from the Stone Age… yet recent digs in Africa also found primitive Middle Stone Age tools used just 11,000 years ago (20,000 years later than previously thought to have been obsolete and deprecated).

Groups of ancient humans were shifting to newer tools at relative speed, not linearly. It’s actually very important to notice how groups were somewhat isolated and developing projectiles based on locality leading to domain shifts and imbalance in conflict.

I mean it’s kind of like a chicken and egg riddle to ask did the rock wall or throwing a rock come first?

All of that is just preamble to introduce a futurist who has written a prediction of future war based on a curious understanding of the past:

Up until now, the history of military innovation has been about moving lethal effects to an intended victim with greater efficiency. In the Stone Age, a club was an inert object wielded by a human hand to create lethal injury. With the advent of metal, a sword became a more maneuverable and sharper instrument to create the same effect. Gunpowder and the advent of projectiles allowed for lethal effects beyond arm’s reach. Artillery increased the range and impact of lethality. Navies became ways of moving artillery over the oceans to bring lethal effects to other ships and to the shore through fire support missions. Aircraft carriers were invented to support aircraft that in turn delivered munitions with lethal effects. And so on.

That phrase “gunpowder and the advent of projectiles allowed for lethal effects beyond arm’s reach” is just so strange as to be unbelievable. It reminds me of how wrong early theories about Easter Islanders holding weapons were, given they were in fact more like hoes or shovels.

Everyone studies the 1415 Agincourt projectile battle, right? And the whole debate about the ethics of crossbows because too automated any peasant could use one versus a highly trained archer… all long predates this “advent of projectiles” sentence that starts with gunpowder.

It doesn’t look like a typo because it is a linear progression by the futurist. Club then sword then boom you have a bullet and a gun with powder? No. Instead imagine a line from the Stone Age to today for projectiles, a line from the Stone Age to today for hand-held weapons… and even parallel lines for artillery and navies instead of a serial one.

From there this futurist, based on what feels like a very weak presentation of history (falsely linear, and falsely handheld first then projectile 10,000s of years later), presents what he calls the next chapter:

Now comes the discontinuity. In 1999, a book called Unrestricted Warfare was published by two Chinese colonels from the People’s Liberation Army. Its take-home message was that all elements of an advanced society could now be considered as means of waging war. We see this visible now in the war of the meme, disinformation, kompromat, lawfare and cyber threats to key infrastructure, to name but a few.

Use of all means of waging war is by no means a new concept. WWI is probably the best foundational reading for “all means of waging war” in our modern context, particularly Woodrow Wilson’s use of propaganda and nationalizing communications as well as German military spy infiltration of British colonies to force fractures and revolution.

It’s just so strange to see this already dated concept labeled “modern” or “future” war, stranger to see it attributed to 1999 Chinese authors, let alone see that earlier false linear history in the windup.

Node Package Squatter Squats on 35 Organizations

An extremely primitive supply-chain attack is being carried out for profit by a “researcher” on Node Package Manager (npm) in three languages. After finding a public reference to a package name, a squat is attempted:

During the second half of 2020… we were able to automatically scan millions of domains belonging to the targeted companies and extract hundreds of additional javascript package names which had not yet been claimed on the npm registry. I then uploaded my code to package hosting services under all the found names and waited for callbacks.

They rate success in terms of the easy money paid to them by targets offering a “bounty”, as well as quantity for potential squats:

…logging the username, hostname, and current path of each unique installation. Along with the external IPs… [squatted] more than 35 organizations to date, across all three tested programming languages. The vast majority of the affected companies fall into the 1000+ employees category, which most likely reflects the higher prevalence of internal library usage within larger organizations. Due to javascript dependency names being easier to find, almost 75% of all the logged callbacks came from npm packages…

They repeatedly pat themselves on the back for getting money out of people for this and they exhibit a lot of “social entry” interest in their “shout-out” section, which thanks “bounty programs, making it possible for us to spend time chasing ideas”…

We Wear the Mask

by Paul Laurence Dunbar

…born in Dayton, Ohio, on June 27, 1872. His parents, Joshua Dunbar and Matilda Murphy Dunbar, were married six months earlier, on December 24, 1871. Both slaves prior to the Civil War, Joshua Dunbar escaped and served in both the 55th Massachusetts Infantry Regiment and the 5th Massachusetts Colored Cavalry Regiment before coming to Dayton…. Many of their experiences of slave and plantation life influenced Dunbar’s later writings.

A poem about authenticity and power in America:

We wear the mask that grins and lies,
It hides our cheeks and shades our eyes,—
This debt we pay to human guile;
With torn and bleeding hearts we smile,
And mouth with myriad subtleties.

Why should the world be over-wise,
In counting all our tears and sighs?
Nay, let them only see us, while
We wear the mask.

We smile, but, O great Christ, our cries
To thee from tortured souls arise.
We sing, but oh the clay is vile
Beneath our feet, and long the mile;
But let the world dream otherwise,
We wear the mask!

Hackers Attempted to Remove Regulation of Poison Content in Florida

Someone needs to say “damn Florida, water you even doing right now” (puns intended) given the latest news.

And I don’t say this lightly, despite the puns, given Florida’s awful history of “killing zones” in water.

This blog post title could be talking about Facebook’s “business” relationship with Cambridge Analytica being so obviously toxic to humanity, or it could be talking about Flint Michigan being a foreshadowing.

The reader would be forgiven for assuming either of those stories are linked here to a metaphor of poisoned content, misuse of controls, and the need for better regulation.

However, this is a non-metaphorical story. A hacker literally attempted to bypass regulations, change control of levels of known harmful contents, to flow in a massive content delivery system — water.

“The hacker changed the sodium hydroxide from about one hundred parts per million, to 11,100 parts per million,” Gualtieri said, adding that these were “dangerous” levels. When asked if this should be considered an attempt at bioterrorism, Gualtieri said, “What it is is someone hacked into the system not just once but twice … opened the program and changed the levels from 100 to 11,100 parts per million with a caustic substance. So, you label it however you want, those are the facts.”

So now when clubhouse, or Uber or some other anti-regulatory tech darling says they want to be the next water, be sure to ask them to explain this story and how they’d handle it.

There are a couple obvious integrity questions being floated (pun not intended) here.

First, why could the amount go up more than a small percentage, for example? Adding a bunch of zeros to 100 (or 1s, from 100 to 11100) sounds like this was a lazy attack to overflow (pun not intended) the input field in more ways than one.

Second, what’s this remote access direct into changing levels all about? I can maybe understand remote access to something with limited capabilities (see point one) but total control with no multi-factor authentication (MFA)? Everyone knows that is just wrong, mismanagement of basic plant safety. Update: TeamViewer has a history of this, where users report losing control even with MFA.

Third, multiple entry? Coming back a second time means the platform admins allowed a hacker to lye in wait (ok, pun intended because sodium hydroxide is lye, get it?). I just wanted to say lye in wait. But seriously, what else did they change and can the admins even tell or should the whole infrastructure be treated (pun not intended) as contaminated?

White History Month

Brilliant history/comedy by The Amber Ruffin Show explaining why Americans desperately need a White History Month:

I do feel the need to point out her citation of Lincoln, while true, evades the important context of his speech.

First, after being repeatedly fraudulently bashed by his political opponents as someone who would dare to marry blacks to whites (narratives about protecting white women from black men is a long-time propaganda method), Lincoln said he was racist enough to not do the things he was being accused. It wasn’t his best moment to be sure and there’s no excusing it, but you have to understand he was saying in his experience he didn’t see whites and blacks as equals. He still was an abolitionist, just a racist one.

Second, this attitude changed dramatically after he became President. Like President Grant, who often reflected on where he had made mistakes and who worked to overcome and amend them, Lincoln came to regard blacks as equals. So the context is really a terrible defense he used in the heat of contest to prove he was worthy of votes even by racist Americans, which reverses completely into a story of him emancipating slaves and (through new experiences) finally describing blacks as equal to whites.

The Movie “Jaws” Foreshadowed America’s Disinformation Crisis

If you want to talk about disinformation in America, “Jaws” is one of the best examples of how a simple story based on a false fear can do exceptional long lasting harm.

It is very difficult to get sharks back to what they are, correctly seen as loving and affectionate.

An example of shark reality is from 1959 to 2010 the TOTAL number of fatalities was 26 in America (0.5/year average). Only 1 in a 3.7 million chance.

For an obvious comparison in risk homeostasis, lightning data shows a 37.9/year average. That average means 1 in 180,746 Americans will be killed by lightning. And that actually is less likely even than being killed by a dog, which is 1 in 118,776!

Ok, to be fair American citizens killed by anything means we take the population total and divide by recorded deaths. The resulting number really shouldn’t be substituted for a probability because factors creep in.

Do you swim every day with sharks? Things like that make better factoring for probability.

Speaking of swimming with sharks then, here is another example of shark reality, as written by Sune Nightingale:

On a dive one day Cristina Zenato noticed a hook inside a shark’s mouth. In the end she just stuck her hand in and pulled it out. From that moment on the shark changed her behaviour and would show up on the dive and allow Cristina to stroke her, and would give Cristina a little nudge on the hip as if to say “hey I’m here”

Then other sharks started showing up wanting hooks removed…..Cristina now has a box of over 300 removed hooks.

“This is a wild animal and she’s giving me full trust…….It is something to be absolutely in awe of no matter how many times it happens …..what I developed is an appreciation for their vulnerability.”

Really changes your perception of sharks doesn’t it to see one being so cuddly and kind?

Again the odds of an American being killed by shark are about 1 in 3.7 million for everyone in the general population. It’s super remote on a generic predictive scale prone to error.

Yet here we see the odds of being killed by a shark actually even MORE remote, reaching towards zero for someone swimming with them constantly. They seem to love her and trust her.

The author of Jaws expressed his deep regrets for writing such a dangerous fiction, but obviously it did little to change the disinformation effect of his book and the movie.

“Spielberg certainly made the most superb movie; Peter was very pleased,” Wendy Benchley told Associated Press. “But Peter kept telling people the book was fiction, it was a novel, and that he took no more responsibility for the fear of sharks than Mario Puzo took responsibility for the Mafia,” she said, referring to Puzo’s screenplay and novel “The Godfather.”

“Jaws” was “entirely fiction,” Peter Benchley repeated in a London Daily Express article that appeared last week.

“Knowing what I know now, I could never write that book today,” said Benchley, who also co-wrote the screenplay for “Jaws.” “Sharks don’t target human beings, and they certainly don’t hold grudges.”

Americans target sharks and hold grudges against them. Not the other way around.