Category Archives: Security

History, Security

“Pearl Harbor Was a Bolt Out of the Blue” Unlike Cyber Attacks

Leave a comment

In this new podcast (around the 11 minute mark), former NSA Director and Cyber Command chief Admiral Mike Rogers says cyber Pearl Harbor is wrong as a framework today because we’ve been watching cyber attacks continuously for 20 years and nothing anymore seems new, whereas…

Pearl Harbor was a bolt out of the blue that totally surprised us…

It only sounds weird to me because we’ve been watching cyber attacks for 40 years, not 20.

Rogers admits 2000 was when he and Navy came into it, yet he should know Air Force history goes back much earlier.

Speaking of Air Force history, I’ve written here before about the radar station that detected Pearl Harbor attacks but was ignored.

Rogers also says we are not an authoritarian state and don’t want to become one.

That follows an earlier awkward moment (just before the 4 minute mark) when Jeff Stein says Russia is a police-state and America is not.

These are fine projections of what America should be going forward but it’s a hard position to hold historically given how America has been effectively a white police state suppressing blacks since at least the 1830s if not earlier (Nixon even labeled his white police state platform of mass incarceration his “war on drugs”).

That being said, my favorite part of this is when Rogers points out the ransomware is both proof of failure in security while also that nation-state threats are not necessarily the most pressing issue. Organized crime and non-state gangs (e.g. white nationalists) seem to get a pass from big tech despite causing outsized harms.

And my actual least favorite part is when the second half of the podcast reveals CIA attempts to eradicate chemical weapons in Syria ended instead in widespread use. That’s not exactly how they tell the story (it comes with a lot of positive spin, believe it or not) yet that’s what comes through.

On top of that the podcast ends by describing encrypted communications as a crap-shoot of recent technology nobody really trusts. I suppose we can thank Facebook for that decline.

Food, History, Security

Edible Wrappers Are Centuries Old. Why Are They Now Disruptive?

Leave a comment

In 1846 a chef in Paris created a disruptive edible paper portrait of a visiting Egyptian dignitary, perched on top of a pyramid of pulled sugar steps:

On the top of the [sugar] pyramid was a portrait painted in food dyes on sugar paste, of the Pasha’s venerated father Ibrahim. As the Pasha picked it up to examine it more closely he saw that embedded in the filigree icing frame of the portrait was a tiny, but perfect, portrait of himself.

Pretty innovative, considering edible wafer paper already had been around for hundreds of years before that.

In another disruptive example about 50 years later, a London chef started a “fad” of edible paper, including a dinner menu.

It appears an ingenious chef conceived the idea of making an edible menu card, and, after many experiments, he produced one composed of the sugar tissue paper which is used on the bottom of macaroons, and which is, of course, edible.

Edible wrappers have been so common, so easy to make and use, we might take them for granted and forget they even exist.

Here’s a sentence I found on a site that sells very large boxes of edible wrappers at super low cost, right next to their DIY recipe:

Wafer paper is a single most affordable product in edible printing industry, everyone uses it, from big box bakeries to stay at home moms.

Surely that was supposed to say stay at home parents. Or are they trying to imply stay at home dads can’t afford or use edible wrappers?

Anyway here is some “big disruption” news, in stark contrast to all this ancient history of edible wrappers:

‘A disruptive solution to pollution’: introducing edible packaging.

Indeed. Someone has just introduced something very familiar.

We’re told an inexpensive and common thing, centuries old, is about to start disrupting.

Combining her engineering background with her passion for a ‘cradle to cradle’ lifecycle, Lamp has launched a new company, Traceless, to commercialise the idea.

Lamp? She didn’t want to name her new company something like Illuminated? Also “cradle to cradle” sounds like it’s going exactly nowhere. Like saying from point A to point A. Are we there yet?

And I would be more impressed if she was marketing her idea as a way to deliver one-time written passwords (OTWP), or send ephemeral messages, which obviously you eat after reading.

One can only imagine if she had an history background. Would she still have gone commercial? I suspect no historian would be framing something centuries old as her new idea.

Traditional nougat wrapped in traditional traceless edible packaging anyone?

Security

How Facebook Avoids Consequences for Crimes

Leave a comment

Yet ANOTHER bone-head security screw-up at Facebook.

Source: BuzzFeedNews

And in that article you will find this sentence:

‘The authors never intended to publish this as a final document to the whole company, a Facebook spokesperson said in a statement.

NEVER INTENDED.

Intended to publish? Does it matter what they intended to publish?

After this internal report went public (exposing how white nationalist violence was being facilitated) the Facebook decision to deny their internal staff access to the report is giant head-in-sand move.

Imagine the U.S. government responding to Watergate by saying they never intended to have evidence of crimes seen by the whole country.

And it also reminded me of a very old story.

That faulty “never intended” excuse is literally out of the origin story of Facebook when Zuckerberg was rightfully accused of gross privacy violations (exposing how white male abuse of minority women was being facilitated).

Comments on the e-mail lists of both Fuerza Latina and the Association of Harvard Black Women blasted the site.

“I heard from a friend and I was kind of outraged. I thought people should be aware,” said Fuerza Latina President Leyla R. Bravo ’05, who forwarded the link over her group’s list-serve.

Zuckerberg said that he was aware of the shortcomings of his site, and that he had not intended it to be seen by such a large number of students.

HAD NOT INTENDED.

Intended to be seen? Does it matter what he intended to be seen?

Zuckerberg was aware of the problems and did it anyway because… didn’t intend for his crimes to be seen by people who would hold him accountable.

The Stanford athlete didn’t intend to be seen raping a girl, although he was aware of the shortcomings of his actions. The Nazis didn’t intend for their communications to be seen by such a large number of people, although they were aware of the shortcomings of genocide.

It’s like a full admission that he does crimes because he doesn’t expect to get caught, and when he’s caught he just says he didn’t expect to get caught, and then moves on.

With that in mind, the Facebook internal report reveals that “Stop the Steal” was generating speech that was 30% hate and 40% violent insurrection, yet allegedly staff couldn’t decide if that meant they should do something about it. Look at the percentages on the left versus the norms on the right.

The platform graded their own response to imminent danger to democracy as lazy and piecemeal.

…very difficult to know whether what we were seeing was a coordinated effort to delegitimize the election, or whether it was protected free expression by users who were afraid and confused and deserved our empathy…

Coordinated or uncoordinated, afraid and confused or not, violent hate speech doesn’t often get framed as needing… empathy.

I mean 40% violent speech laced with hate for America flows through their system and Facebook is like oh, look dangerous white nationalism, maybe this time the usual “afraid and confused” Nazis will win and Facebook can take credit for “helping” Nazis during their time of need?

Security

Will France be Worse Off Using AI for Anti-Terrorism?

Leave a comment

News from France sounds exactly backwards to me:

French intelligence officials to use older intelligence data, including data the government isn’t currently allowed to retain, to train AI systems.

Such an approach should be called out for what it is, repeating the worst mistakes in history at faster speed with less oversight.

Think of it this way, if you predicted any future police action in France from learning their past tragic history of colonialism you would repeat it instead of shifting towards what should happen instead.

I just recorded a new presentation for the 2021 RSA Conference about this exact problem. AI can’t be implemented as a detection system for terrorism without the heavy hand of human philosophy and control over what is defined as future terrorism.