Category Archives: History

Energy, History, Security

Quebec Converts Crosswalks to Pop-up Car Barriers

Leave a comment

Based on the new Quebec initiative, and old Dutch campaign against murder with cars, this is my draft image for the kind of mechanical pop-up drivers need to see when they approach any pedestrian crossing area

Here’s a shocking revelation: crosswalks don’t protect pedestrians.

As you maybe read here before when I joked about the fantasy crime called “jaywalking”, or wrote about cultural disparities in road safety, crosswalks are an unfair conspiracy by American car manufacturers that removed non-motorized forms of transportation (including pedestrians and especially women on bicycles) from the road.

Creating crosswalks and enforcing them has been by their nature extremely political acts.

They transfer a huge amount of power to car manufacturers, their car owners, and away from everyone else. The following paragraph from a 2019 paper that suggests the “street view” of your house predicts your chance of dying should surprise nobody:

It turns out that the car you drive is a surprisingly reliable proxy for your income level, your education, your occupation, and even the way you vote in elections.

Using cars as a proxy for power (enabling privilege and holding down the poor) is an inversion of what was supposed to happen with “freedom” of movement in America.

If you read the history of stop-lights in 1860s London, for example, a red light and an arm lowered to inform cars to stop being a threat. That’s right, stop-lights were initially designed (just thirty years after the concept of police were invented by Robert Peel) to allow pedestrians to move about freely. Somehow that concept was completely flipped to where pedestrians were pushed into a box (and harassed by police).

Consider how a lack of crosswalk, “ridiculously missing” as some would say, even has been linked to intentional unequal treatment of city residents.

Police detaining and questioning people for not using crosswalks (see points above) repeatedly has proven to be racist, to top it all off.

In brief, if you see a lot of cars on roads and few bicycles, check your value system for being anti-American, let alone anti-humanitarian.

Car manufacturers conspired through crosswalk lobbying to shift all rights away from residents in order to force expensive cars to be purchased for “freedom” to move about safely.

This devious plot runs so thick, Uber allegedly emphasized to its drivers that it would be better to sit in crosswalks to pick up passengers. The logic is they don’t care about blocking pedestrians, but do care about blocking other cars (note some US states also have laws encouraging this anti-pedestrian move).

Also worth noting is the flagship propaganda from Tesla this year has been bulletproof oversized trucks better suited for war zones where freedoms are missing than the public spaces of streets originally encouraging freedom of human movement and play.

Given the American context of turning streets into corporate-controlled death zones, the problem has been bleeding into Canada’s famous culture of “niceness”.

Thus Quebec has posted a video of crosswalks attempting to physically stop cars by telling them to be more polite to others:

It begs the question what damage or fine would be for running over the pop-ups, as they don’t seem to be designed (aside from the surprise) in a way that cars incur cost for disobeying them.

It also reminds me of the Ukrainian art experiment in 2011 (regularly featured in my talks as an example test for driverless car engineering) that popped up human-shaped balloons in crosswalks to stop speeding cars (triggered by a radar gun).

What if these pop-ups in Quebec were shaped like humans instead of just rectangles? That would be an even greater surprise with more psychological deterrence.

I like that the pop-ups are a throw back to the original concept for 1866 traffic stop lights of London, England.

However it seems the Quebec design is more of an art experiment for shock/suggestion and education than a real safety control, and on that note the pop-ups could be a lot more creative and shocking.

I mean if you’re going to pop-up a bunch of columns, how about make the columns rise and to a scale that represents the increasing death rate of pedestrians year-over-year from cars? Then stick a “stop killing our kids” message on that barrier…as Small Wars Journal has illustrated:

Small Wars journal graph of eight basic effects at play in the information environment
History, Sailing, Security

Facebook Failed to Encrypt Data, Failed to Notice Breach, Didn’t Notify Victims for a Month

Leave a comment

Facebook management has recklessly steered into obvious privacy icebergs causing hundreds of millions of users to suffer during its brief history, and yet the company never seems to hit bottom
A series of timeline delays in another Facebook breach story seem rather strange for 2019.

This breach started with a physical break-in November 17th and those affected didn’t hear about it for nearly a month, until December 13th.

The break-in happened on Nov. 17, and Facebook realized the hard drives were missing on Nov. 20, according to the internal email. On Nov. 29, a “forensic investigation” confirmed that those hard drives included employee payroll information. Facebook started alerting affected employees on Friday Dec. 13.

The company didn’t notice hard drives with unencrypted data missing for half a week, which itself is unusual. The robbery was on a Sunday, and they reported it only three days later on a Wednesday.

Then it was another long two weeks after the breach, on a Friday, when someone finally came forward to say that these missing drives stored unencrypted sensitive personal identity information.

This is like reading news from ten years ago, when large organizations still didn’t quite understand or practice the importance of encryption, removable media safety and quick response. Did it really happen in 2019?

It sounds like someone working at Facebook either had no idea unencrypted data on portable hard drives is a terrible idea, or they were selling the data.

The employee who was robbed is a member of Facebook’s payroll department, and wasn’t supposed to have taken the hard drives outside the office.

“Wasn’t supposed to have taken…” is some of the weakest security language I’ve heard from a breached company in a long time. What protection and detection controls were in place? None?

Years ago there was a story about a quiet investigation at Facebook that allegedly discovered staff were pulling hard-drives out of datacenters, flying them to far away airports and exchanging them for bags of money.

It was similar to the very recent story of journalists uncovering that Facebook staff were taking $3K/month in bribes to help external attackers bypass internal security.

Of course many other breaches have proven how internal staff who observe weak security leadership may attempt to monetize data they can access, whether users or staff.

The man accused of stealing customer data from home mortgage lender Countrywide Financial Corp. was probably able to download and save the data to an external drive because of an oversight by the company’s IT department.

The insider threat is real and happens far too often.

I also think we shouldn’t wave this Facebook story off as just involving 30,000 staff data instead of the more usual customer data.

First, staff often are customers too. Second, when you’re talking tens of thousands of people impacted, that’s a significant breach and designating them as staff versus user is shady. Breach of personal data is a breach.

And there’s plenty of evidence that stolen data when found on unencrypted drives, regardless of whose data it is, can be sold on an illegal market.

This new incident however reads less like that kind of sophisticated insider threat and more like the generic sloppy security that used to be in the news ten years ago.

Kaiser Permanente officials said the theft occurred in early December after an employee left the drive inside the car at her home in Sacramento. A week after the break-in, the unidentified employee notified hospital officials of the potential data breach.

Regardless of whether a insider threat, a targeted physical attack, or just disappointing sloppy management practices and thoughtless staff…Facebook’s December 13 notice of a November 17 breach seems incredibly slow for 2019 given GDPR, and the simple fact everyone should know that notifications are meant to be within three days.

I’m reminded of the Titanic reacting slowly and mostly ignoring four days of ice notifications.

1:45 P.M. “Amerika” passed two large icebergs in 41.27 N., 50.8 W.

9:40 P.M. From “Mesaba” to “Titanic” and all east-bound ships: Ice report in latitude 42º N. to 41º 25’ N., longitude 49º W to longitude 50º 30’ W. Saw much heavy pack ice and great number large icebergs. Also field ice. Weather good, clear.

11:00 P.M. Titanic begins to receive a sixth message about ice in the area, and radio operator Jack Phillips cuts it off, telling the operator from the other ship to “shut up.”

History, Poetry, Security

When Jesters Were Messengers of War

Leave a comment

This New Yorker cartoon perhaps says it best, although a problem with this simple cartoon is it may go a bit far by implying like Batman the jester has enforcers, rather than the other way around — enforcers have a jester:
The “official website for BBC History Magazine, BBC History Revealed and BBC World Histories Magazine” presents some graphic details for Medieval messaging protocols:

…jesters were often required to go to the battlefield with their masters to carry messages between the leaders of warring armies, demanding that a city surrender to a besieging army or delivering terms for the release of hostages. Unfortunately for the jesters, the enemy did sometimes ‘kill the messenger’ as an act of defiance (especially if they regarded the terms being offered as an insult) and some used a catapult or trebuchet to hurl the unfortunate messenger (or his severed head) back into his own camp as a graphic illustration of what they thought of the message.

The story ends with this “grave warning” from a certain jester’s final resting place:

If chance has brought thee here, or curious eyes
To see the spot where this poor jester lies
A thoughtless jester even in his death
Uttering his jibes beyond his latest breath.

History, Security

Detecting Different: How the CIA Caught a Spy

Leave a comment
Aldrich Ames became famous for being a “slob” American spy, easily caught and convicted once suspected. (Source: FBI)

Spoiler alert, WBUR News ran a story called “Can A Computer Catch A Spy” that centers on this false premise:

Grimes suspected [Aldrich Ames] for a reason no algorithm would have divined: He just seemed different.

I call BS on the idea that humans in the CIA caught a spy by seeing something algorithms could not. Not only are algorithms incredibly able to divine different, they’re fast becoming a threat and we want them to overlook differences more often than find them.

Algorithms typically can see differences more often than we can, or want to, see them.

The story later admits this point itself by claiming computers are much faster than humans at making connections from random piles of data, forcing us to address some uncomfortable findings.

And then the story goes on to reverse itself again, claiming that algorithms can’t make meaningful connections without human assistance.

Bottom line is it’s a mess of a story, flip-flopping its way around the question of how to find a spy when he’s staring you in the face.

The lesson of Aldrich Ames was to question why humans had refused to “see” things that later seemed such obvious warning signs. So the next question in this context should be whether humans will detune computer algorithms in the same way humans are prone to ignore signals.

Fast forward to today and there’s a competition ending December 15 on new thinking in how to find insider threats:

The Office of the Under Secretary of Defense for Intelligence (OUSDI), in cooperation with WAR ROOM, is pleased to announce an essay contest to generate new ideas and elevate thinking about insider threats and how we respond to and counter the threat.

See also: Insider Threat as a Service (IaaS)