Category Archives: Security

Was Haiti Assassination Inspired by American History of Domestic Coups?

A Florida man in bankruptcy, promoting instant wealth from oil exploration as a cure, is alleged to have “masterminded” torture and assassination of Haitian president.

National Police Chief Leon Charles told a news conference on Sunday that the arrested man, 63-year-old Christian Emmanuel Sanon, flew to Haiti accompanied by hired security guards on a private jet in early June, and wanted to take over as president.

If the scheme sounds familiar, it’s because “Moscow’s geopolitical moves are driving murderous private actors.”

Whoops, sorry, I meant to say it sounds a lot like the failed January 6th insurrection (which follows a long line of domestic coups in America, not to mention the 1919 assassination of the Haitian leader by US Marines).

To put it another way, we know from historical documentation that mass political violence in Indonesia was credited by the perpetrators themselves to consuming fraudulent “strong man” narratives in America.

History seems to be repeating.

Does Twitter Management Bias Mean Violation of Law?

Source: Judas Priest “Breaking the Law

In April of 2021 the FTC published a blog post saying bias in algorithms is against the law:

Section 5 of the FTC Act. The FTC Act prohibits unfair or deceptive practices. That would include the sale or use of – for example – racially biased algorithms.

A month later, Twitter deleted an undeniably biased algorithm that had been exposed by outsiders (discovered while researching Zoom integrity failures).

Twitter then tried to push a PR campaign that their colossal failures of ethics were some kind of success.

In October 2020, we heard feedback from people on Twitter that our image cropping algorithm didn’t serve all people equitably. […] One of our conclusions is that not everything on Twitter is a good candidate for an algorithm… thank you for sharing your open feedback and criticism of this algorithm with us.

In other words, in a formal internal investigation the product was deemed not only undeniably biased and causing harm…

It was unnecessary, on top of being illegal.

That’s a very different tone than Twitter’s 2018 promotion of the algorithm from a research team, which lacked any bias/risk analysis at all.

Twitter’s staff (Lucas Theis, Iryna Korshunova, Alykhan Tejani, Ferenc Huszár) had only this to say:

Speeding up single-image gaze prediction is important for many real-world applications…

Why was speeding up gaze prediction important?

On the face of it this is a tone-deaf thing to say, sort of like saying speeding up hate crimes is important.

Too harsh? What if I said speeding up cars instead? That brings up the issue of slowing cars down to prevent serious injury, right? Who says speeding up cars is inherently good?

Why didn’t a 2018 Twitter team discuss even the most basic risk of harms from their plans? Great question. Who wants to speed something known to cause injury?

To save time, let me just say these team portraits may have a clue.


Time and convenience are very dangerous to chase unless they come with deep analysis of context, not to mention compassion for the potential victims.

Let’s be honest here. Did any of these researchers care about harm? Did the team report to anyone in management responsible or accountable for failure?

The Twitter “fix” report thus reads to me all wrong.

It would be like a bank report that tells us they had been caught stealing money and they didn’t even need it. Are you kidding me? They no longer will steal in that one method, and we’re supposed to be satisfied?

In other words, did Lucas Theis say something like “I made you a land mine to speed things up, I didn’t tell you to bury it in the ground so don’t blame me”? It appears he ran from Twitter’s investigation to work instead at Google (which, very notably, fired its ethics team).

For comparison, here’s a sentence from a bank that is completely lacking from the Twitter report:

…fined a combined total $185 million for fraudulent activity, and CEO John Stumpf resigned. Between 2011 and 2016, approximately 5,300 employees were fired.

Was Twitter fined? Who resigned? Who was fired?

Don’t pop your champagne just yet if nobody is being held responsible for what seems to rise to the level of illegal activity.

On that note, let’s talk about American history for a quick minute.

Twitter management may have just been caught out being yet another willful American white supremacist propaganda platform, such as “How the White Press Wrote Off Black America

The white press in the South dictated how anti-Black atrocities were viewed all over the country by portraying even the most grotesque exercises of violence as necessary to protect a besieged white community. White news organizations elsewhere rubber-stamped this lie. The editors of small, struggling Black publications often risked their lives to refute what they rightly saw as white supremacist propaganda masquerading as news.

Do you know what saves time? Rubber stamping lies. Indeed, fraud is a big time saver if you can ignore the harms.

Was the white press in America breaking the law by peddling fraud? And what if the “rubber-stamped lies” result in a report from management saying they found their own time-saving practices biased and unnecessary? Does this simple admission from management mean they are off the hook?

These questions are far less clear cut than 1830s phase of American “cancel culture” where anyone daring to publish the truths about systemic racism instead would be hunted and killed by angry white nationalist mobs.

I guess we could say at least today we don’t see Twitter murdering anyone criticizing their alleged systemic racism, but that’s an extremely low bar.

The “white-washing” tone of Twitter management in their report makes me wonder if it’s like their HQ is really in a particular suburb of Chicago, if you know what I mean.

“Skokie was chosen as the hub for American Nazis in 1977 and 1978 because of the number of Holocaust survivors who called it home.” ABC News

I’ve been pointing out indicators of systemic racism in Twitter management for nearly a decade now… since there has been ample evidence of facilitating fascism and tyranny, even purposefully coddling white nationalism (e.g. enabling the mobs that would murder their critics).

Don’t take my expert opinion about it however, It has gotten so bad that the SPLC now officially reports it too:

Twitter gave far-right extremists the platform they needed to plan an attack… many Twitter employees are ‘well-meaning,’ and do not necessarily subscribe to the same … ideology as the company’s leadership…

Read that carefully. Well-meaning staff are being described as the powerless exception to documented evil leaders at Twitter facilitating harms.

In conclusion, if someone like the FTC isn’t holding leaders more accountable — making it illegal to be so evil — than who will? Internal Twitter investigations that acknowledge alleged criminal behavior and stop a single instance of it… appear to cover up a much deeper problem and delay real accountability.

ConvNets Patent by AT&T Bell Labs

Kosta Derpanis posed this question on Twitter:

Did you know ConvNets were initially patented by AT&T Bell Labs? Source.

Then Yann LeCun, following up a 2019 podcast, replies in an awkward nine part Twitter thread about intentionally violating IP restrictions. Since this thread could disappear any minute, and in the spirit of LeCun’s own violation mindset, I’ve posted it here for analysis/archival sake):

There were two patents on ConvNets: one for ConvNets with strided convolution, and one for ConvNets with separate pooling layers. They were filed in 1989 and 1990 and allowed in 1990 and 1991.

We started working with a development group that built OCR systems from it. Shortly thereafter, AT&T acquired NCR, which was building check imagers/sorters for banks. Images were sent to humans for transcription of the amount. Obviously, they wanted to automate that.

A complete check reading system was eventually built that was reliable enough to be deployed. Commercial deployment in banks started in 1995. The system could read about half the checks (machine printed or handwritten) and sent the other half to human operators.

The first deployment actually took place a year before that in ATM machines for amount verification (first deployed by the Crédit Mutuel de Bretagne in France). Then in 1996, catastrophe strikes: AT&T split itself up into AT&T (services), Lucent (telecom equipment), and NCR.

Our research group stayed with AT&T (wih AT&T Labs-Research), the engineering group went with Lucent, and the product group went with NCR. The lawyers, in their infinite wisdom, assigned the ConvNet patents to NCR, since they were selling products based on them

But no one at NCR had any idea what a ConvNet was! I became a bit depressed: it was essentially forbidden for me to work on my own intellectual production (Loudly crying face). I was promoted to Dept Head had to decide what to do next. This was 1996, when the Internet was taking off.

So I stopped working on ML. Neural nets were becoming unpopular anyways. I started a project on image compression for the Web called DjVu with Léon Bottou. And we wrote papers on all the stuff we did in the early 1990s.

It wasn’t until I left AT&T in early 2002 that I restarted work on ConvNets. I was hoping that no one at NCR would realize they owned the patent on what I was doing. No one did. I popped the champagne when the patents expired in 2007! (Bottle with popping cork Clinking glasses)

Moral of the story: the patent system can be very counterproductive when patents are separated from the people best positioned to build on them.

Patents make sense for certain things, mostly physical things. But almost never make sense for “software”, broadly speaking.

Something sounds very wrong. When AT&T in 1996 spun out NCR as its computer division (and Lucent as its equipment and systems), patents on computer technology were separated from the people best positioned to build on them? Product sounds like exactly the right place for product. And then popping champagne for not being caught when illegally taking IP from a former employer?

Is it 1944 Again? Police Capture Anti-American Militia Stranded on Road

In November of 1944, two Nazi German soldiers were detected while… standing on the side of a road in Maine.

The two men, German Erich Gimpel and American defector William Colepaugh, had slipped ashore from a German U-boat that had entered Maine waters. “They just weren’t like normal Mainers in November,” Forni said in 2001. “You just never saw anybody walking without boots when it was snowy like that. It’s a wonder I didn’t stop and offer them a ride.”

That’s the story that comes to mind when I read the news today of anti-American soldiers standing conspicuously on the side of a road in Massachusetts.

The standoff began around 2 a.m. when police noticed two cars pulled over on I-95 with hazard lights on after they had apparently run out of fuel, authorities said at a Saturday press briefing. A group of men were clad in military-style gear with long guns and pistols, Mass State Police Col. Christopher Mason said. He added that they were headed to Maine from Rhode Island for “training.” The men refused to put down their weapons or comply with authorities’ orders, claiming to be from a group “that does not recognize our laws” before taking off into a wooded area, police said. Police said they used negotiators to interact with the other suspects. Mason said the “self-professed leader” of the group wanted it to be known that they are not antigovernment.

Ok, first. How stupid is someone to stand on the side of the Interstate with their long guns out?

I mean obviously stupider than running out of fuel, but how can they not know that will draw attention like walking without boots in the Maine snow?

These men whine that they don’t “recognize our laws”, which reads to me like an “American defector” in November 1944 saying he doesn’t recognize frostbite.

And then they go on to say while they reject American laws (passed by the government), they are not “anti” the American government? All that’s missing from this new story is a U-Boat.

No wonder they ran out of gas.

It’s Time to Stop Saying Zero Trust

This new article is spot on in the analysis of why Zero Trust has gone too far and needs to be stopped.

Digital trust and human trust are two separate things. Zero trust only applies to digital systems. People are not necessarily untrustworthy, but at the same time they are not packets. Zero trust only applies to the zeros and ones that traverse our various digital systems.

I would go even further and say Zero Trust also needs to apply in limited fashion to zeros and ones because they are being used for “intelligent” systems now that approximate human behavior. Trust me, you don’t want to live in a world of all Zero Trust machines.

Zero trust was a fair thought exercise to challenge overly trusted perimeter thinking (e.g. Maginot’s reaction after WWI that led to his “build a wall” campaign).

However, it has succumbed to the hyper-political extremist notion of rugged individualism. These people talking about Zero Trust being in all aspects of life sound like a kind of Ayn Rand parrot — being unrealistic, selfish and cruel while squawking out “zero trust” at every interaction.

Reality is that we gain efficiencies from building containment and perimeters. It’s the very definition of depth, which has great value, and has been proven viable for many thousands of years. security is nothing if it can’t achieve efficiency, although vendors obviously make less money the more efficient the controls become.

It’s a lot like saying the bazaar model of security is better than the castle. while true to a very large extent (pun not intended) because the castle wall is so slow and expensive to build, nobody at the bazaar really wants to go to sleep in the middle of one.

Killer Drone Swarms Are Here

Two important stories in the news:

First, Israel has confirmed using drone swarms in combat.

…in mid-May, the Israel Defense Forces (IDF) used a swarm of small drones to locate, identify and attack Hamas militants. This is thought to be the first time a drone swarm has been used in combat.

Second, a June 14th drone swarm in Shanghai suddenly fell apart and dozens crashed, causing injury and damage.


Source: “Dozens of drones on the Bund in Shanghai accidentally fall and hurt people?”, Kanzhaji.com

And speaking of loitering munitions, a third news story confirms the US Marines are adopting Israeli technology.

Manufactured by the Israeli company UVision Air, the system has been selected after the completion of several successful demonstrations, tests, and evaluation processes. The system will provide the Marines Corps with ISR, highly accurate and precision indirect fire strike capabilities.

Why Driverless Cars Can’t Understand Sand

Sand is a fluid such that driving on it can be hard (pun not intended) even for humans.

It’s like driving on snow or mud, yet it seems to be far less well studied by car manufacturers because of how infrequent it may be for their customer base.

Source: Simulator Game Mods “Summer Forest”. Snow and mud computer driving virtual environments can easily be found, yet sand simulations are notably absent.

Traction control, for example, is a product designed for “slippery” conditions. That usually means winter conditions, or rain on pavement, where brakes are applied by an “intelligent” algorithm detecting wheel spin.

In sand there is always going to be some manner of wheel spin, causing a computer to go crazy and do the opposite of help. Applying brakes, let alone repeatedly, is about the worst thing you can do in sand.

On top of that the computer regulation of tire pressure sensors has no concept of “float” profile required for sand. When the usual algorithm equates around 40psi to safe driving, deflating to a necessary 18psi can turn a dashboard into a disco ball.

The problem is product manufacturers treat core safety competencies as nice to have features, instead of required. And by the time they get around to developing core competencies for safety, they over-specialize and market them into expensive festishized “Rubicon” and “Racing Design” options (let alone “WordPress“).

In other words core complex or dangerous scenarios must be learned for any primary path to be safe, yet they often get put onto a backlog for driverless. Such a low bar of competency means driverless technology is far, far below even basic human skill.

Imagine it like exception handling cases or negative testing being seen as unnecessary because driverless cars are expected only to operate in the most perfect world. In other words why even install brakes or suspension if traveling parallel to all other traffic at same rate of speed, like a giant herd? Or an even better example, why design brakes for a car if the vast majority of time people don’t have to deal with a stop sign?

Recently I put a new car with the latest driverless technology to the test with dry sand. I was not surprised when it became very easily confused and stuck, and it reminded me of the poem “Dans l’interminable” by Paul Verlaine (1844 – 1896).

Dans l’interminable
Ennui de la plaine,
La neige incertaine
Luit comme du sable.

Le ciel est de cuivre
Sans lueur aucune.
On croirait voir vivre
Et mourir la lune.

Comme des nuées
Flottent gris les chênes
Des forêts prochaines
Parmi les buées.

Le ciel est de cuivre
Sans lueur aucune.
On croirait vivre
Et mourir la lune.

Corneilles poussives,
Et vous, les loups maigres,
Par ces bises aigres
Quoi donc vous arrive?

Dans l’interminable
Ennui de la plaine
La neige incertaine
Luit comme du sable…

“The uncertain snow gleams like sand.”

Tesla Faces Massive Recall Due to Acceleration Risk

The Ford Pinto engineering design flaws are infamous, thus it has been the car most associated with preventable fire risks until… TESLA (updated July 2nd):

© Reuters/Geragos & Geragos. Handout photo of Tesla Inc’s new Model S Plaid electric car seen in flames in Pennsylvania

The driver, identified as an “executive entrepreneur”, was initially not able to get out of the car because its electronic door system failed, prompting the driver to “use force to push it open,” Mark Geragos, of Geragos & Geragos, said on Friday. The car continued to move for about 35 feet to 40 feet (11 to 12 meters) before turning into a “fireball” in a residential area near the owner’s Pennsylvania home. “It was a harrowing and horrifying experience,” Geragos said. “This is a brand new model… We are doing an investigation. We are calling for the S Plaid to be grounded, not to be on the road until we get to the bottom of this,” he said.

Hot off the desk of the un-professional PR department at Tesla is the related important story that their cars have a serious acceleration bug forcing a massive recall:

The remote online software ‘recall’ — a first for Tesla cars built in China — covers 249,855 China-made Model 3 and Model Y cars, and 35,665 imported Model 3 sedans.

The 300,000 cars being flagged for a critical safety failure are at risk of sudden acceleration due to problems with Tesla’s self-proclaimed “autopilot” software.

Yes, you read that right, the safety recall is because the very product feature that was supposed to make these cars safer is actually making them more dangerous.

An even deeper read to this story is that Tesla is pushing software updates to cars using an allegedly insecure supply chain. Given that the bug appeared in the first place, what is to prevent an even worse bug from being deployed to cars on the road at any time and in any place?

While some obviously want to celebrate the ability to remotely deploy update code, it may be wishful thinking to believe the update will not make things worse (Tesla’s 2.0 “autopilot” was infamously worse at safety than its 1.0 release).

Indeed, the “Plaid” model in flames above is using a “new version” of the battery for the S/X, which obviously is unsafe.

Tesla seems to regularly exhibit deploying bad code (the official insurance rating now has a “P” for poor safety in Tesla engineering) and pushing the cost of its own failure onto others.

Source: IIHS Ratings

Also worth mentioning is that Tesla’s PR system has been promoting acceleration as its top feature at the very same time that acceleration issues (coupled with handling and braking issues) are being cited in recent deaths of its customers.

This reads to me like Ford promoting the heating capabilities of its Pinto while its customers are dying in gasoline fires from preventable design defects.

  • Killed in a Ford Pinto: 23 (estimated to be much higher)
  • Killed in a Tesla: 86 so far…

Something is Fishy in the Tuna Supply-Chain

Should a company be responsible for integrity failures in its supply-chain?

That’s the question that comes to my mind when I read the latest news:

Seafood experts have suggested Subway may not be to blame if its tuna is in fact not tuna. “I don’t think a sandwich place would intentionally mislabel,” Dave Rudie, president of Catalina Offshore Products, told the Times. “They’re buying a can of tuna that says ‘tuna’. If there’s any fraud in this case, it happened at the cannery.”

Whether the vendor “says tuna” on a label is such an odd thing to pin this case on, given the vast majority of such claims have been proven fraudulent for a decade now.

…59% of tuna is not only mislabeled but is almost entirely compromised of a fish once banned by the FDA. Sushi restaurants were the worst offenders by far [75%].

In other words is it still a form of fraud to not know or validate integrity of a source but to sell it anyway, especially when sources are known to have very low integrity?

“It’s unconstitutional to extradite Russians”

Dmitri Alperovitch tweeted an oft-given and somewhat misleading statement that was picked up in a new article:

It’s unconstitutional to extradite Russians.

While technically (Article 61) might say it’s unconstitutional, it nonetheless has been done successfully multiple times:

  • 2014 Seleznev extradited from Maldives
  • 2017 Levashov extradited from Spain
  • 2018 Nikulin extradited from Czechia
  • 2019 Burkov extradited from Israel

There’s another wrinkle to the concept of constitutionality. When a Russian is nabbed in transit (via Red Notice, which currently publicly lists 2,979 Russians — nearly 60,000 notices are secret) …Russia rushes to file charges in order to “extradite” its own citizens.

A “pre-emptive” extradition request by Russia is intended prevent those charged elsewhere with crimes from being extradited for foreign prosecution, but it still proves the point that extradition happens.

Israel denied Russia’s extradition request for Burkov, for example, which is a single case that shows both Russia and the US recognized extradition as a viable negotiation platform.

A similar case was in 2005 when Yevgeny Adamov faced requests for extradition out of Switzerland by both Russia and the US. Unlike Burkov he was extradited by Russia, then tried and sentenced to five-and-a-half years in jail… released after two months with a suspended sentence.

Yes, you read that right. Russians extradite their own citizens into Russia for criminal prosecution, thus proving claims of “unconstitutional” misleading at best.

Perhaps “The Current Digest of the Post-Soviet Press” reported it best way back in 2007 (page 4):

Mr. Miliband does not consider valid the Russian argument that the extradition of Russian citizens is prohibited by Russia’s Constitution. “That is true, but there have been numerous instances in which, in similar situations, countries have amended their constitutions to allow the extradition of criminals to the countries where their crimes were committed,” he said.

Alperovitch thus seems to have tweeted out a shallow talking point, and a reporter ran it without question or thinking about the context for the source.

I’ve pointed out a problem with such unqualified hot-takes before. Here is one of the more cringe-worthy and untrue statements that Alperovitch pushed into the press:

North Korea is one of the few countries that doesn’t have a real animal as a national animal…Which, I think, tells you a lot about the country itself.

That’s just obviously false. Many countries have a fake national animal, including Russia. Everyone surely knows Wales has its red dragon, Scotland a unicorn, England another dragon and Russia flies a double-headed eagle crest pretty much everywhere… the list goes on and on.

It’s always been a puzzle to me why Alperovitch comes across sounding so confident on these cultural and political issues that obviously he has not thoroughly researched.

Perhaps I can say it is like when he announced his new company named after a famous gay strip bar in Portland: Silverado.

Not what I was expecting.