US Judge Rules Online Hate Speech is Physical Harassment

A black woman sued and defeated American Nazi groups that had been attacking her online.

The Judge awarded this brave woman over $700K and ruled that American Nazis, even if residing in Lebanon or Russia, are not allowed to “publish any public statements about her that are harassing, intimidating, or defamatory”:

“[2:56] The judgment equated online harassment with physical harassment…”

This echoes other recent rulings by Judges in America that indicate “online campaigns of hate, threats and intimidation have no place in a civil society and enjoy no protection under our Constitution”.

Other recent decisions have cited even higher damages

…a federal judge in Montana decided that Anglin owes real estate agent Tanya Gersh more than $14 million after rallying other white supremacists on his site to inundate her and her family with a barrage of threats and vitriol.

In June, a judge in Ohio awarded $4.1 million to Muslim-American radio host Dean Obeidallah after Anglin posted stories falsely accusing him of spearheading a terrorist attack.

These figures should be placed in context of how a CTO boasted about “executive titles and venture backing”, as well as powerful legal groups, enabling the hate campaigns:

Auernheimer took on the role of chief technology officer for the Daily Stormer, which had launched the year before in 2013. “Well, you know, it’s not – we’re not exactly like a normal company, you know? It’s not like we all have executive titles and venture backing,” he explained in a 2017 interview with NPR, regarding his role at the Daily Stormer.

[…]

Auernheimer went to prison in 2013 and was released the next year after the judgment was vacated on a technicality.

Auernheimer’s case had been extensively covered by mainstream and tech media, and he’d been supported by digital freedom advocates like the Electronic Frontier Foundation.

1985 TWA Hijacker Wasn’t Arrested on Greek Island

Update September 22:

“Man arrested in Greece had nothing to do with 1985 hijacking and murder, victim’s brother tells Military Times


The FBI most wanted list since 2006 has included Mohammed Ali Hammadi, a Lebanese member of the Iranian-backed terror group Hezbollah. A $5m bounty was posted in 2007.

A TWA Boeing 727 flight in 1985 was hijacked by him and his associates, who assaulted passengers and crew members for 17 days. They also murdered a US citizen, Navy Diver Robert Dean Stethem.

[Pilot] Testrake’s urgent message to the Beirut control tower was broadcast around the world: “We must, I repeat, we must land, repeat, at Beirut. . . . Ground, TWA 847, they are threatening to kill the passengers, they are threatening to kill the passengers. We must have fuel, we must get fuel. . . . They are beating the passengers, they are beating the passengers.”

ABC News Nightline: Hijacking of TWA 847 14 June 1985

These hijackers demanded release of all Arab prisoners, particularly the over 700 Lebanese and Palestinians that were held by Israel in southern Lebanon (related to Reagan’s 1983 “aggressive self-defense” policy and the suicide bombing of US Embassy in Beirut).

Today Greek police announced on the island of Mykonos they had taken action two days ago on September 19th based on a warrant issued by German authorities:

…several Greek media outlets identified the detainee as Mohammed Ali Hammadi, who was arrested in Frankfurt in 1987 and convicted in Germany for the plane hijacking and Stethem’s slaying. Hammadi, an alleged Hezbollah member, was sentenced to life in prison but was paroled in 2005 and returned to Lebanon.

Germany had resisted pressure to extradite him to the United States after Hezbollah abducted two German citizens in Beirut and threatened to kill them.

He disembarked from a Turkish cruise ship and was held at island passport control. It appears to have been the result of a routine database check on tourists, during the peak cruise ship month for Mykonos (handling over 700,000 cruise passengers in 2019).

How could he be free and vacationing freely in Greece? Ronald Reagan, as mentioned earlier, failed in 1987 to convince Germany to extradite Hammadi. Germany instead by 1989 tried and convicted the terrorist of murder among other crimes (he had been caught walking liquid explosives through the Frankfurt airport) and put him away with a life sentence.

Then the sentence ended early in 2005 and Hammadi was escorted by Germany back to Beirut aged 41 (President Bush failed to extradite him). This prompted his placement on the FBI list for a decades-long hunt as he apparently enjoyed his freedom.

Conservative pundits in 2010 promoted a “Pakistani source” that the CIA killed Hammadi with a drone strike. So there’s still a chance reports today are wrong. Greek police news, for example, described the arrested man as aged 65. Hammadi would be 55 now (41 in 2005).

Apple Concedes in Right-to-Repair Fight

There are a lot of ways to tell this story about Apple allowing people to repair devices at a shop not owned and operated by Apple. It’s a wise move and here’s a personal anecdote why I would say so.

Nearly 25 years ago I worked as an authorized Apple repair engineer. I’d pore over videos sent to the independent repair shop I worked in. High-quality productions on CD from the manufacturer gave me x-ray vision, to see every step of decomposing and assembling Apple hardware.

In one hilarious day at work I was tossed a broken Apple product at noon by my manager and told to have it sorted out over lunch. Soon I had every screw and nut carefully removed down to the last one, parts laid out across the giant work space.

That means I did not just pull a part and replace using the “consumer-friendly” method of preset tabs and levers, common in today’s world. Instead I took apart, tested and rebuilt that device to be like new, given a carefully orchestrated training model from Apple themselves.

I said hilarious because when my manager returned from lunch he said “Damnit Davi, just pull a bad part and swap it. Do you have to understand everything? You could have joined us for lunch.”

Feed belly or mind? The choice for me was clear. He didn’t much care for the fact that I had just finished academic studies under Virgil’s Georgics (29 BCE) phrase “Rerum cognoscere causas” (verse 490 of Book 2 “to Know the Causes of Things”)

Sometimes I even put a personal touch on these repairs. One Apple laptop sent by the DoD was used in GPS development for strike fighters, so I made its icon for the system drive look like a tiny F-16 Falcon.

The generic Apple MacOS environment as it shipped

An appreciation for that extra effort meant a nice note from the US gov on formal stationary. Apple wanted computing to be “personal” and that is exactly what repair shops like ours were doing for customers.

Three years later I was managing a team of engineers who would desolder boards and update individual chips. As good and efficient as we were, however, everyone knew there was an impending slide into planned obsolescence economic models. Accountants might have asked us how many Zenith TV repair technicians exist, given Zenith itself disappeared. Remember these?

Zenith TV were meant to be kept for generations and repaired by local electronics experts, if not yourself

Profit models on the wall seemed to rotate towards shipping any malfunctioning products back to manufacturers, who would forward them to Chinese landfills for indefinite futures, instead of to engineers like me or my team who would gladly turn them around in a week.

Anyway it was 2010 when I owned an Apple iPhone. It died abruptly. Locked out of repairing it myself by the company policy, I took it to a desk in their billboard-like sensory-overload retail/fashion store.

An Apple employee looked at the phone and told me a secret sensor showed red, so no warranty would be honored. There had been no moisture I was aware of, yet Apple was telling me I couldn’t return my dead device because they believed that faulty device more than me?

Disgusted with this seemingly illegal approach to warranty issues, I quickly and easily disassembled that iPhone, replaced their faulty red sensor with a new one, and returned again. Apple confirmed (as a stupid formality) the new sensor wasn’t showing red, and gladly swapped the phone with a brand new one instead of repairing mine.

I wasn’t wrong, their inability to engineer honestly was…as they were forced to admit three years later:

…owners that were denied warranty repairs over internal moisture sensors that falsely registered water damage are a step closer to collecting their share…

Immediately after they swapped my defective phone I sold the new one and stopped using any Apple products, as I announced in my HOPE talk that year.

Good news, therefore, that today Apple finally has gone back to a mode of operating that honors the important consumer right-to-repair, as Vice reports:

After years of fighting independent repair, Apple is rolling out a program that will allow some independent companies to buy official parts, repair tools, and diagnostic services outside of the company’s limited “authorized” program. It’s a big win for the right to repair movement…

I’ve written about this on my blog for nearly 15 years already, so it’s encouraging to see progress even if it does come late.

RIP Senator Wellstone.

Database Authentication Setting Leads to Arrest

Cloud-hosted data sadly has been turning out to be more prone to breach than those run in a traditional private architecture, and now people are facing arrest for using database products without authentication enabled.

It’s a bitter pill for some vendors to swallow as they push for cloud adoption and subscriptions to replace licensing. Yet we published a book in 2012 about why and how this could end up being the case and what needed to be done to avoid it.

Despite our best warnings we have watched ransomware emerge as a lucrative crime model. Software vendors have been leaving authentication disabled by default, hedging on even the most basic security tenets as “questioned” or delayed. Unfortunately this meant since at least 2015 private data ended up being widely exposed all over the Internet with little to no accountability.

Cloud made this problem even worse, as we wrote in the book, because by definition it puts a database of private information onto a public and shared network, introducing the additional danger of “back doors” for remote centralized management over everything.

Take for example today on the Elasticsearch website you see an obvious lack of security awareness in their service offering self-description:

Known for its simple REST APIs, distributed nature, speed, and scalability, Elasticsearch is the central component of the Elastic Stack, a set of open source tools for data ingestion, enrichment, storage, analysis, and visualization.

They want you to focus on: Simple. Distributed. Fast. Scalable.

Safe? The most important word of all is missing entirely.

Normal operations must include safety, otherwise the products should fail any “simple” test. Is a steam engine still allowed to be defined as “simple” if use means a good chance of burning the entire neighborhood down?

Hint: The answer is no. If you have high risk by default, you don’t have simple. And “distributed, fast, scalable” become liabilities like how a dangerous fire spreads, not benefits.

Should vendors be allowed to sell anything called “simple” or easy to use unless it specifically means it is safe from being misconfigured in a harmful manner? For databases that deploy to cloud that means authentication must be on by default, no?

Ecuador quickly has leaped into global leadership on this issue by raiding the offices of an Elasticsearch customer and arresting an executive who used a big data product simply configured to be unsafe.

Ecuadorian authorities have arrested the executive of a data analytics firm after his company left the personal records of most of Ecuador’s population exposed online on an internet server.

[…]

According to our reporting, a local data analytics company named Novaestrat left an Elasticsearch server exposed online without a password, allowing anyone to access its data.

The data stored on the server included personal information for 20.8 million Ecuadorians (including the details of 6.7 million children), 7.5 million financial and banking records, and 2.5 million car ownership records.

The primary question raised in the article is how such a firm ended up with the data, as it wasn’t even authorized.

Yet that question may have a deeper one lurking behind it, because database vendors failed to enforce authentication it undermines any discussion of authorization. Could Ecuador move to ban database vendors that make authentication hard or disabled by default?

A hot topic to explore here is what vendors did over the past seven years to prevent firms like the one in this story from ending up with data in the first place, as well as preventing further unauthorized access to the data they accumulated (whether with or without authorization).

A broad investigation of database defaults could net real answers for how Ecuador, and even the whole world, can clarify when to hold vendors accountable for ongoing security baseline errors that are now impacting national security, highlighting the true economics of database privacy/profit.


Update October 2019: An unprotected Elasticsearch cluster contained personally identifiable information on 20 million Russian citizens from 2009 to 2016.

Margaret Mead and Me

When I was a child, visiting an anthropology conference, Margaret Mead had me sit on her lap. My recollection is vague yet always is flavored by my mother telling me Mead asked me questions and wanted to know how I would evolve with two anthropologists as parents.

If Mead were alive today I’d maybe disappoint her to admit I strayed from anthropology into being a student of history instead. And I might defend my choice by telling her it helped me better understand stories she told such as this one:

Anthropological Intelligence, David Price, page 287

It surely sounds good for anthropologists to say they were engaged in a form of historic exceptionalism by serving to defeat fascism in the 1940s. However, historians probably could disagree with that framing and say an eternally valid moral choice was being made more than an historic one.

To be fair, she earlier had famously said:

Children must be taught how to think, not what to think. They must be taught that many ways are open to them.

The question then seems to be whether we can or would want to restrict “ways” for people (even anthropologists, or sons of anthropologists) by teaching how to think.

Who reasonably would predict (based on history) where a child will lead in the future? And I guess that was the point of Mead having me sit on her lap for questioning.

2019 CWE Top 25 Most Dangerous Software Errors

MITRE has released their new prioritized list for software development teams to help ensure product safety:

The Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Errors (CWE Top 25) is a demonstrative list of the most widespread and critical weaknesses that can lead to serious vulnerabilities in software. These weaknesses are often easy to find and exploit.

The top error “score” of 76 for “Improper Restriction of Operations within the Bounds of a Memory Buffer” stands far above the total distribution, and about half are above a score of 10:

Mozilla’s $100M Nudge Towards User Control

In a nod to behavioral economics the Mozilla Foundation has announced it’s offering funds to anyone working to combat ongoing “surveillance capitalism”:

Special consideration will be given to creators who promote a vibrant commons; increase users’ autonomy, privacy, and control over their own data; promote diversity and inclusion on the internet; and increase access to the full capacity of the internet, both for content consumption and content creation, and for communities and individuals that have historically been marginalized, disadvantaged, or without access

It will be interesting to see whether such a large nudge can reverse the information “targeting” models that thirsty Facebook and Google executives notoriously have banked upon.

Take Your Bike Helmet Off and Hold Cars Accountable

There’s a new first-person account in the New Yorker of some cultural differences between cycling in Holland and America:

Angela van der Kloof, a cycling expert and project leader with the Delft mobility consultancy Mobycon, told me, “From a young age in the Netherlands, we’re trained to take note of others. Not by a teacher but by the way we do things. I think we are very much used to physical negotiation.” Dutch people live in small houses, ride on crowded trains, and generally jostle against one another—the Netherlands has the sixteenth-highest population density in the world. Navigating complicated traffic situations, calmly and systematically, came naturally to our neighbors.

The key to this story is actually how Dutch women had the power to organize and campaign for protecting children from being murdered by people operating cars:

With cars came carnage. In 1971 alone, thirty-three hundred people—including more than four hundred children—were killed on Dutch roads. A number of organizations, including a group named Stop de Kindermoord, or Stop the Child Murder, began agitating to take the streets back from automobiles.

Contrast this story with America, where cars are treated like guns and operators are allowed to commit indiscriminate murder as an expression of an individual’s power over society, which Next City has explained in qualitative examples:

Morgan stayed in the intensive care unit for another month. For the first two weeks, the doctors weren’t positive she would survive. By the end of it all, medical expenses totaled more than $500,000.

“I was scared to death,” says her husband, David Morgan.

His fear would soon turn to anger when he realized that local police had no interest in pursuing charges against the woman who nearly killed his wife. After the State Highway Patrol’s investigation concluded that there were no grounds for felony charges, the district attorney also demurred from pressing charges.

“As far as the state of Mississippi goes, you could be an armadillo hit on the road, and the state treats you just the same as a… cyclist,” Morgan says.

What the New Yorker article about cycling in Holland misses entirely, ironically, is that the density of crowds cited by those living in Holland is not a sufficient ingredient on its own. Next City explains this using NYC quantitative data. Clearly NYC is an American city where people also are used to physical negotiation:

Consider crash data from New York City, which has installed more than 350 miles of bike lanes. There were 14,327 pedestrian and cyclist injuries in 2012 as a result of vehicle crashes, but police cited only 101 motorists with careless driving, a rate of less than 1 percent.

The actual difference is thus not growing up in density, but rather the levels of political engagement by women.

Cycling historically has been described as an independence movement for women, which should put male-dominated legislative action impeding people cycling in its proper perspective. Also women cyclists in America tend to be more at risk from cars and thus more likely to design safety infrastructure, as drivers put them more at risk:

“What we found was that female cyclists had a significantly different experience riding than the male riders did. … Female riders tend to have more aggressive interactions with drivers than male riders did.” …researchers found — no surprise — that protected bike lanes offered the best protection. Cars stayed an average 7.5 feet from cyclists cruising along a bike lane separated from traffic by bollards. No bike lanes, more close calls.

A campaign like “Stop de Kindermoord, or Stop the Child Murder” emphasizes the rights of children to live free from harm by adults in cars. America is about as likely to see a campaign like that succeed as elect a woman President instead of a man repeatedly accused of harming children for his self-benefit.

Don’t forget, America remains the only country in the world that has failed to sign the Convention on the Rights of the Child.

Holding cars accountable for killing cyclists and pedestrians would be like Epstein going to jail decades ago for harming children, yet instead he was seen free and partying freely with the White House Occupant.

The bottom line is that the safety of roads is about political power. That is why putting on helmets is the wrong answer. When cycling below 12 mph, which is the vast majority of commuter cyclists, the right answer is to place responsibility of safety upon those operating heavily armored machinery.

In a world where others may be harmed by their actions, machine operators must be accountable. If you think this is foreshadowing the problem of holding drone owners responsible for killing people, you are right.

Bay Area Bicycle Law points out that from 2013 to 2017 3,958 Cyclists have died across the U.S. for an average of 792 each year. 98% (777 of the 792) were in accidents with motor vehicles and 83% of cyclists had helmets on when they were murdered.

Let me say that again, 98% were in accidents with motor vehicles and a whopping 83% died with helmets on. Do you see the problem?

California, with far less density than NYC or Holland, repeatedly has opposed helmet laws and for the right reasons (same as in Holland).

Peter Jacobsen, a Sacramento-based public health consultant, believes helmet laws may make streets less safe for cyclists. Australia and New Zealand recently introduced compulsory helmet laws, and bike use fell by 33 percent, he said. Numerous reports have found that cycling conditions improve with more riders on streets. By reducing the number of cyclists through helmet laws, conditions actually get more dangerous.

He also said studies have shown that motorists drive closer to cyclists with helmets on, and that helmets only reduce minor injuries, not fatalities. “Bike helmets are padding; they’re not armor,” he said.

Cars are armor. If cyclists put on armor, they’d be a car.

Not only do helmet laws decrease cycling by a significant amount, they do not show any real decrease in the death rate. In other words, data repeatedly shows how helmets impede cycling and thus make it less safe for the vast majority of cyclists.

Exceptions do exist and are important: habitually unsteady high-risk riders such as children and racers. These exceptions are easily handled, however, such as requiring helmets to compete in a race where contestants will gladly abide for the chance of winning.

The right formula is encourage more cyclists operating at speeds averaging below 12 mph in physically separated lanes, with NO adult requirement for helmets, and strict accountability for those who operate heavy (i.e. dangerous) machinery in the midst. Protecting the vulnerable shouldn’t be that difficult to figure out for our streets.

The fact that Holland has effectively already done it (as well as Denmark, Sweden, etc.) means America is running out of excuses to justify murderous drivers, as “A view from the cycle path” has illustrated quite simply:

“The absolute number of child fatalities dropped by 98% over a period of time when the population size and the proportion of trips made by bicycle both rose significantly.”

The answer to the problem of cars killing cyclists is directly related to how the American political system allows care and consideration for vulnerable populations at risk of being harmed due to a weapon authorization for individuals.

We need to be intelligent enough to start the move away from these American headlines:

Which means sites like Twitter need to recognize the harm from its role in peddling active calls to use cars to murder non-whites, and how this propaganda relates to “Republicans want to legalize running over pedestrians“:

…state Rep. Keith Kempenich, perversely suggested that shielding drivers who kill protesters was a necessary anti-terrorism measure.

All that being said, there recently have been at least two notable exceptions to the sad state of weaponized roadways in America:

  1. White supremacist use of car as weapon. Found guilty of first-degree murder
  2. Driver charged with intent to kill. 5 cyclists dead

Scientists Use HDT to Stop Common Cold

Host-directed therapy (HDT) suggests that a change to the human body can inhibit the spread of disease. A new study found viral infections may require SETD3 access, such that blocking a link or reducing availability means the virus is stopped.

The strategy behind HDT is to interfere with host-cell proteins required for viral infection. Respiratory enteroviruses (EVs) are an attractive target for the development of HDT.

…our data provide rationale for the development of peptides or small molecule inhibitors that specifically block the SETD3–2A association, and for the development of small molecules inducing SETD3 protein degradation using proteolysis-targeting chimaeras.

In computer terms this would mean blocking the protocol or disabling the service, which security professionals should immediately recognize as common practices.

What the Bird Said Early in the Year

Recently I was fortunate to have a gate unlocked that led onto grounds of Magdalen College, Oxford, England for a stroll along the “Addison Walk” around a small island in the River Cherwell.

A paragraph in the 1820 topographical guide to Oxford gives some perspective on the walk’s namesake (page 85):

On the north side of the grounds is a long walk, still termed Addison’s walk, once the chosen retreat of that writer, when intent on solitary reflection. In its original state no spot could be better adapted to meditation, or more genial lo his temper.

Shield of C.S. Lewis’ 1938 poem
No monuments to Addison were found along this walk, although apparently the Spanish oaks famously lining both sides were planted by Addison himself.

As I exited the secluded leafy path and crossed a bridge I couldn’t help but notice an engraved shield of C. S. Lewis placed upon on an old stone wall.

Lewis seemingly wrote this poem to contrast his faith in eternity with his disappointments in a series of ephemeral life events. Despite the age and environment of the poetry, I believe it provides excellent food for thought in our modern era of cloud computing.

I heard in Addison’s Walk a bird sing clear:
This year the summer will come true. This year. This year.

Winds will not strip the blossom from the apple trees
This year nor want of rain destroy the peas.

This year time’s nature will no more defeat you.
Nor all the promised moments in their passing cheat you.

This time they will not lead you round and back
To Autumn, one year older, by the well worn track.

This year, this year, as all these flowers foretell,
We shall escape the circle and undo the spell.

Often deceived, yet open once again your heart,
Quick, quick, quick, quick! – the gates are drawn apart.

It is said that in this poem Lewis was describing his feelings from taking walks along this same Oxford path I was on, where he engaged in deep philosophical/theological conversations with his “inklings” colleagues J.R.R. Tolkein and Hugo Dyson.

While some try to limit the poem’s relevance to Lewis’ own religious struggles (raised a Christian, after the death of his mother and in his teens he left the faith disappointed and rebellious, then returned later to his roots) his words seem much more broadly insightful.

If nothing else, we can recognize Lewis experienced many trust failures as he grew up, which tested his faith. This poem emphasizes how repeated failures need not be seen as terminal when belief matures to account for greater good. He found permanence by believing operations run on something beyond each instance itself.

Perhaps I should re-frame his poem in terms of a certain “open-source container-orchestration system for automating deployment, scaling and management”…and then we’ll talk about what the container said early in the deployment.