There’s a neat food preparation detail in article called “How to recover after a workout: Natural methods are as beneficial as supplements”

“The correct thing to do after training is to eat carbohydrates, to replenish glycogen reserves, along with protein, to repair the muscles,” says Ferrandis. “This should be in a 2:1 ratio: that is, for every two grams of carbohydrates, we should add one gram of protein.”

Do you know what has a 2:1 carb to protein ratio? Two slices of bread and a slather of good ol’ Jimmy Carter natural peanut butter.

The article goes on to call out “everyday foodstuffs”…

…rice with chicken or tuna, a plate of vegetables (or hummus), or a ham sandwich.

Ham? Really? Yuck.

That’s just 1930s disinformation talk from Edward Bernays.

He started out working in a WWI propaganda office of Woodrow “KKK” Wilson, shifted to taking in big money to “market” cigarettes as “freedom torches” and ham as “healthy”, but ended up regretting Nazi Germany studied his methods to commit genocide. (Bernays, Edward L.. Biography of an Idea: The Founding Principles of Public Relations. United States: Open Road Media, 2015.)

Goebbels, said Wiegand, was using my book Crystallizing Public Opinion as a basis for his destructive campaign against the Jews of Germany. This shocked me, but I knew any human activity can be used for social purposes or misused for antisocial ones. Obviously the attack on the Jews of Germany was no emotional outburst of the Nazis, but a deliberate, planned campaign.

No thanks, Ed. No ham.

Back to the point, scientists also say that the protein isn’t required around the same time as the carbs.

While replacing carbohydrates as soon as possible is advisable…[protein has a bigger window]. “Recent studies seem to indicate that protein can be taken several hours after or even before training. However, it is particularly beneficial to do so within the two hours before or after exercise to stimulate muscle recovery as soon as possible,” says nutritionist and dietician Ramón de Cangas.

Eat two slices of bread right after exercise but protein before or after?

That doesn’t point to a sandwich.

Still, two slices of carb and one protein in between seems the easiest way to hit the right ratio within an optimal recovery window.

Speaking of counteracting marketing with science, the article points to a fascinating education website “sinAzucar”, which paints very simple illustrations of sugar to show how awful products are about hiding the stuff.

And on that note, I’m reminded of Lakoff’s delicious “truth sandwich” recipe for your brain after a misinformation workout.

Stay healthy out there.

New studies are confirming that ultra-processed foods are harmful, which was expected, but in ways that may have no better solution than better transparency leading to bans.

…researchers have theorized that ultra-processed foods increase inflammation because they are recognized by the body as foreign – much like an invading bacteria. So the body mounts an inflammatory response, which has been dubbed ‘fast food fever’. This increases inflammation throughout the body as a result.

How do they classify a food as ultra-processed?

These foods are also not labelled as such on food packaging. The best way to identify them is by looking at their ingredients. Typically, things such as emulsifiers, thickeners, protein isolates and other industrial-sounding products are a sign it’s an ultra-processed food. But making meals from scratch using natural foods is the best way to avoid the harms of ultra-processed foods.

Processed means not raw or made from raw ingredients — many stages of complicated processing such as the industrial polysaccharide polymer “guar gum” often found in inexpensive dairy products to transform their viscosity (prevent proper crystallization and melt).

While it’s true labels on food packaging don’t say processed, when you see ingredients on food more than six things long… you’re typically getting into processing.

Ice-cream for example should be a short list such as this Strauss label:

That company is yelling at you for a reason. Their label is in fact revealing a huge difference from a list of ultra-processed ingredients like this:

Basically if you see guar gum in ice cream it’s a symptom for you to run, don’t walk, away from its ultra-processed “viscosity” not to mention all its other questionable additives.

That might sound like a new idea but it reminds me of a 1516 “purity law” from the Bavarian city of Ingolstadt, which said beer can only contain barley, hops and water (yeast was later added).

Initially this allow list was only within the Duchy of Bavaria and it gradually expanded across German states becoming a modern German law in 1906. Talk about precedent…

The U.S. is very confidently accusing Iran of attacking Albania, based on yesterday’s report by Microsoft about Microsoft’s usual software vulnerabilities and mis-configurations.

Microsoft assessed with high confidence that on July 15, 2022, actors sponsored by the Iranian government conducted a destructive cyberattack against the Albanian government, disrupting government websites and public services. At the same time, and in addition to the destructive cyberattack, MSTIC assesses that a separate Iranian state-sponsored actor leaked sensitive information that had been exfiltrated months earlier. Various websites and social media outlets were used to leak this information. […] A group that we assess is affiliated with the Iranian government, DEV-0861, likely gained access to the network of an Albanian government victim in May 2021 by exploiting the CVE-2019-0604 vulnerability on an unpatched SharePoint Server, administrata.al (Collab-Web2.*.*), and fortified access by July 2021 using a misconfigured service account that was a member of the local administrative group. Analysis of Exchange logs suggests that DEV-0861 later exfiltrated mail from the victim’s network between October 2021 and January 2022.

The report unfortunately is not titled “What are you even doing running Sharepoint in 2021” and instead uses this far more provocative line:

Microsoft investigates Iranian attacks against the Albanian government

Just a decade ago many experts in the security industry warned against investigations being so overtly bold or confident with their attribution statements. The fear was rooted in dubious logic that someone could make a mistake and therefore shouldn’t even try.

I mean if that was sound logic Sharepoint would have never been released to the public. Ok, maybe there’s some truth to that logic.

But seriously, anyone in any history 101 class knows you can’t let perfect be the enemy of good when writing reports about what happened in the past. Of course you can get attribution wrong, which is in fact why you should try hard and make sure you do it well.

It feels like a very long ago time ago (but really only 2014) that I gave a counter-argument to fears about uncertainty, in a presentation to incident response teams in Vienna, Austria basically saying it’s time for attribution.

Looking back at my slides, honestly I think I tried too hard to make data integrity funny. Attribution is less complicated by some unique thing about computers than it is by things about people like this: Americans are more likely to want to intervene in places they can’t find on a map (click to enlarge and have a sad laugh).

Here’s another one, where I poked fun at FireEye for making very crude and rube attribution mistakes and surviving (they’re still in business, right?).

Now look how far the world has come!

Microsoft shakes heavy doses of political science into its computer forensics reports like it’s powdered sugar on a Turkish delight.

• The attackers were observed operating out of Iran
• The attackers responsible for the intrusion and exfiltration of data used tools previously used by other known Iranian attackers
• The attackers responsible for the intrusion and exfiltration of data targeted other sectors and countries that are consistent with Iranian interests
• The wiper code was previously used by a known Iranian actor
• The ransomware was signed by the same digital certificate used to sign other tools used by Iranian actors

[…] A group that we assess is affiliated with the Iranian government, DEV-0861…
[…] The geographic profile of these victims—Israel, Jordan, Kuwait, Saudi Arabia, Turkey, and the UAE—aligns with Iranian interests and have historically been targeted by Iranian state actors, particularly MOIS-linked actors.
[…] The cyberattack on the Albanian government used a common tactic of Iranian state sponsored actors…
[…] The wiper and ransomware both had forensic links to Iranian state and Iran-affiliated groups. The wiper that DEV-0842 deployed in this attack used the same license key and EldoS RawDisk driver as ZeroCleare, a wiper that Iranian state actors used in an attack on a Middle East energy company in mid-2019.
[…] Multiple other binaries with this same digital certificate were previously seen on files with links to Iran, including a known DEV-0861 victim in Saudi Arabia in June 2021
[…] The messaging, timing, and target selection of the cyberattacks bolstered our confidence that the attackers were acting on behalf of the Iranian government. The messaging and target selection indicate Tehran likely used the attacks as retaliation for cyberattacks Iran perceives were carried out by Israel and the Mujahedin-e Khalq (MEK), an Iranian dissident group largely based in Albania that seeks to overthrow the Islamic Republic of Iran.
[…] The messaging linked to the attack closely mirrored the messaging used in cyberattacks against Iran, a common tactic of Iranian foreign policy suggesting an intent to signal the attack as a form of retaliation. The level of detail mirrored in the messaging also reduces the likelihood that the attack was a false flag operation by a country other than Iran.

Done and dusted. Need I continue?

It is nice to see such definitive and detailed work about attribution as if it’s a normal investigation with regular analysis methods… but it’s even nicer to read Albania has announced they’re cutting ties with Iran. And then… to see the U.S. follow-up with announcements about sanctions, it’s like why didn’t Microsoft start doing this way back in 1986 instead of for decades completely ignoring security as a get-rich scheme?