October 08, 2018
Regarding that Bloomberg Story about the hardware hacking that is alleged to have affected 30 companies and the U.S. military.. Here's a video of Jordan Robertson, one of the story's authors, being interviewed by...Bloomberg.
Interestingly, one of the Bloomberg anchors asks Robertson some very pointed questions regarding various details in the first two minutes or so.
Robertson keeps referencing Snowden.
Note that the DHS is saying that there is no reason to doubt the denials of the companies implicated as being hacked in the report. Which is a way of saying "No!" that allows all sorts of deniability down the road.
For a story as potentially explosive as this is, it hasn't been getting a lot of coverage over here past the initial flurry of interest, but it is reportedly making some waves in Asia. Note, that to the best of my Googling however, as of 4 days later, no one has produced a single rice grain sized spy chip.
However, there IS an interview in NY Mag with a guy who wrote a techno thriller based on the concept.
"Sourcing may be thin."
October 07, 2018
While We Weren't Looking...
This is a weird one. The head of INTERPOL was Meng Hongwei, a Chinese citizen. He recently just up and disappeared. According to his wife, right before he went missing, he sent her a cryptic but ominous text. Now the Chinese have stepped forward and are saying that he was arrested as part of their ongoing political purge "corruption investigation"...oh and that he resigns so there's nothing to see here.
Also, while the FBI was conducting an investigation into the meaning of the word "boof"...
A US Navy Destroyer conducting a freedom of navigation mission and a Chinese Destroyer conducting a border enforcement mission somehow ended up in the same time and space in the South China Sea.
"Better hide all the archdukes."
War Between India and Pakistan is Imminent (reads article)..oh.. CONCEIVABLE War Between India and Pakistan is Conceivable seeing as how they share a border and have had wars in the past, but they don't appear to be shooting at each other at the moment (stupid headline).
Remember kids...it's not all doom and gloom, sometimes it's just poor word choice and hysteria.
October 06, 2018
Going South My parents are running against the clock to salvage tools and other things from the mud and the city is demanding that the debris get removed, so I'm heading back down there to give them a hand.
Here, via Dustbury, is something rather related...
October 05, 2018
On That Other Thing That Happened Regarding the recent unpleasantness in Washington there is erudite and comprehensive discussion of the matter from David French and Susan Collins. There is also commentary in a more partisan vein at American Thinker and Powerline as well as by Neo that I'm in broad agreement on. There's a short post at Instapundit that gets into the possible strategies of the white house in this matter. I must confess that I tend to be quite skeptical of the 3D-Chess explanations for Trump's more unconventional behavior, but this affair has me reasessing my premises.
I fear though, that the most relevant and insightful piece on the matter is this terse and pithy post over at Books Bikes and Boomsticks. It's possibly the most troubling as well.
It's Doing it AGAIN?
In the U.S., They Say That Only Nixon Could Go to China
In the U.K. well...
October 04, 2018
Trigger Warning: Cooties
Despite the warning, this is really kind of brilliant.
Ha! Ahahahahahahahahah! The whole site went down.
When I hit "publish" everything went wonky, but this time....THIS TIME when I got that sinking feeling that comes from a post taking too long to publish....THIS TIME I block selected the whole post and copied. And I did so the instant before I got the 504 code.
And then I pasted it into word.
And now...the blog is back up and the post is below and doesn't have to be rewritten.
Are we Surprised? No. (UPDATED) Are we terrified concerned?
It appears that there has been a hack involving at least 30 companies, as well as the D.O.D and C.I.A.
Worse, it's a hardware issue.
Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.
One can assume that this is NOT an isolated incident. This is probably one of many, and one can infer that very little is now beyond the reach of the CCP. On a global level, it is very likely that all those Chinese funded infrastructure projects in Oceana, Latin America, Africa and South Asia are riddled with similar, and perhaps more hard to detect bugs, possibly embedded into the very structures of the facillities.
Pretty much every technical advancement made by compromised companies as well as state and military secrets can now be assumed to be in China's possession.
This doesn't mean they know them all yet. The sheer quantity of data that China must now have to sift through is daunting, and to be useful needs to be looked at by people who have enough knowledge in the given subject matter and sufficient imagination to be able to recognize something's merits. Encryption is a further obstacle. However, they probably have at least as big an edge on our Military as we had over the Japanese and German's after breaking or acquiring their respective codes in WW2.
This turn of events should not be the least bit surprising given that our self anointed aristocracy has off-shored much of our electronics manufacture to China (because slave labor is so cheap). Well, as we learned from Google & Facebook, if one finds something exceedingly cheap, one might well be the product.
Of course, knowing is the first step to fixing, so it should be pretty straightforward to correct this right?
Fixing this is beyond daunting. The expense of pulling out all the old circuit boards is going to be phenomenal and replacing them is subject to the same issue. The complexities of the global supply chain means that tracking down not just the manufacturers, but subcontractors, will be next to impossible.
Going forward, we may need to have some blockchain certification for all our electronic components, certainly for D.O.D. related applications. This is a sufficient breach of trust with sufficiently troubling ramifications that it ought to remove some of the opposition to restrictions on imports from the Middle Kingdom.
If oughts were dollars though we would have no debt.
This is outside my ballywick, so I eagerly look forward to the perspectives of commenters on this mess.
UPDATE: In the comments section, Pixy Misa is expressing considerable skepticism. Pixy is the owner and administrator of the Mee.Nu domain (Praise the lathe of the maker!) and an IT professional himself. He has an extensive disquisition on this topic over at his place that you should read in full.
Now. Answer the following question. Did you read Pixy's post?
No: Go back and read it.
I found the story credible because I already have concerns about China and spying. That something like this could be done seems completely plausible.
However, all other sources I've looked at since posting this have been either rewritten versions of, or link back to, the Bloomberg article with no additional info. The Bloomberg article is anonymously sourced.
One thing I had not fully grokked, but Pixy mentions extensively, is how LONG this story has been in development.
The Gell-Mann Amnesia Effect is a very real thing.
To Wit: The following excerpt from the article on the nuts and bolts of the alleged hack sounds plausible to me, partly because it comports with my limited understanding of how these systems work, but mainly because the words, Dilithium, turbo-encabulator, and Midichloreans do not appear anywhere in it.
Officials familiar with the investigation say the primary role of implants such as these is to open doors that other attackers can go through. "Hardware attacks are about access,” as one former senior official puts it. In simplified terms, the implants on Supermicro hardware manipulated the core operating instructions that tell the server what to do as data move across a motherboard, two people familiar with the chips’ operation say. This happened at a crucial moment, as small bits of the operating system were being stored in the board’s temporary memory en route to the server’s central processor, the CPU. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. Deviously small changes could create disastrous effects.Since the implants were small, the amount of code they contained was small as well. But they were capable of doing two very important things: telling the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code; and preparing the device’s operating system to accept this new code. The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off.This system could let the attackers alter how the device functioned, line by line, however they wanted, leaving no one the wiser.
In the comments, Pixy (who, again, does IT for a living) seemed spectacularly unimpressed with the plausibility of this scenario.
Over at Medium, one of those linked to in Pixy's piece on the subject has objections , but they are mostly about how on earth this would have been detected, as it would have been an insanely comprehensive audit to detect this. However, he closes with this...
For me, Bloomberg’s article could go either way. The logic of backdooring the BMC makes a lot of sense. Whether it happened in this case — given all the categorical denials — I have no idea.
I will go so far as to say that I think something along these lines is likely to happen at some point, however, if this story does turn out to be bunk then Bloomberg will, via the cry wolf effect will have facilitated the very thing they pretended to report on.
This story is looking sketchy, but for now, we await more info....
October 03, 2018
Houston Shuts Down Robot Brothel
So...someone was opening a brothel in Houston, cleverly cutting down on payroll and getting around local vice laws by replacing their...er...customer service professionals with animatronic Tengas.
The city of Houston, belatedly realizing that there was no law on the books against robo-ho's, sprung into action and passed some updates to their zoning and vice laws.
Houston is now safe from the shame of being at the forefront of the newest manifestation of the oldest profession.
As someone with a functional amygdala who understands that sex doll time shares are as close to objectively disgusting as something as subjective as disgusting can be...
...and perhaps problematic in other ways...
...let me say that this is why we need smaller, less intrusive government. I'm not completely opposed to zoning laws, but this is not a hog farm or an antimatter containment facillity in a downtown, it wasn't going to be oppressing anyone or depriving them of their rights. It was going to be a business making somebody money, making somebody happy and contributing to the tax base of the city to pay for things Houston might need like...flood control. But now, because someone couldn't stand that something they didn't like would be happening behind closed doors, well, a small business never got off the ground.
I further note that Houston's regulatory dragnet seems to have applied to magical maids with glasses as well...at least at the time of writing.
Ubu are you OK?
Oh. Wow. This Looks...GOOD!?
I think Miles Morales is going to work out just fine.
This is very promising...right up until that point that the trailer becomes sublime.
It looks really fun, and as a special bonus it seems to be completely respectful of Marvel canon.
ALL OF THE CANON.
Oh my stars and garters, this is on my watch list!
October 01, 2018
"...I Repeat: Bravo Oscar Oscar Foxtrot.
All Blue Blaze Irregulars set condition at Defcon π."
September 30, 2018
Further Illustrating Our Policy of Compensating For Writer's Block By Posting You-Tube Links One of In Range TV's Q&A sessions, this time without Mr. McCollum who is doing research abroad. I'm not knowledgeable enough to comment on any of the answers, but I'm particularly curious as to the opinions of any lurking IT professionals regarding the advice and disquisitions regarding i-Phones and Cloud services at 32:10 and 33:45 respectively.
September 29, 2018
Well. That Was Fast.
Also: The world has gone mad.
September 28, 2018
The Storm Came Back. It Wouldn't Stay Away.The Storm Came Back, Yes We Thought It Was a Goner But the Storm Came Back. It Wouldn't Stay Away.
September 27, 2018
I seem to have missed something.
So...Bowser's a Girl Now?
September 23, 2018
Medieval Meltdown (UPDATED)
UPDATE: This is a more recent article that is less comprehensive, but potentially less triggering than, the one linked at the end of this post. END UPDATE:
Dr. Rachel Fulton Brown is a medieval studies professor at the University of Chicago. Some years ago she wrote a post on her blog entitled Three Cheers for White Men which is only 228 words long so you should go read it now...
There. Was that so bad?
Well, that post got noticed by the professionally outraged in 2016 and caused, shall we say, a scene, which has been building ever since.
Fast forward to last month, and it appears that this is coming top a head and the National Association of Scholars has asked the University of Chicago to confirm that she is a scholar in good standing, because things are just that insane now.
There's now a very comprehensive and interesting article on the broader details and implications of this written by...umm...well...
There's no way to sugar coat this.
The article is by Milo Yiannopoulos.
It's 16,201 words and despite the author's well earned reputation, is calm, fair, measured, reasonably balanced, informative and completely devoid of profanity except for a few instances necessitated by directly quoting college professors.
It really is a top notch article, but you'll probably want to run to the loo first and perhaps get some snacks.
September 20, 2018
Take Heart! Be not dismayed by the last post. Face today's challenges with optimism and a smile!
Dispatches From the Department of Disquieting Developments Pixy linked to this the other day and I think it really deserves rather wider distribution.
On the surface, it's a very dry, inside baseball discussion by a Paul M. Jones discussing a proposed Code of Conduct for open source code and IT work. This sounds both benign and banal until you realize that where benign and banal cross is their...intersection
The Contributor Covenant version on which the RFC is based is authored and maintained by intersectional technologist and transgender feminist Coraline Ada Ehmke.
"Well, I'm sure THAT won't
immediately go pear shaped."
And yeah...It's about as much a dumpster fire as one might expect, but, like so much else today has some really creepy undertones.
I strongly urge you to read the whole thing, which is replete with links to various other takes on the issue including Ehmke's. I further urge you to bring it to the attention of people with larger readerships.
The apparent importance of one proposed COC may seem deceptively limited in scope, but the implications are quite troubling and reflect what is already happening. Several examples from the tech world over the last few years are been brought up in the notes at the end.
This far beyond coders, pretty much everybody can be burned by this.
Very related is this recent piece from The Phantom Soapbox which, while Twitter related takes a look at similar impulses...
They are watching other people be drummed out for the sin of "not a team player" because their hobby is shooting, or hunting, or even fishing. (Fish have feelings too, you murderer!!!) Or somebody found a pic on-line of them at a Pro-Life rally, or somebody saw them walking into a church on Sunday morning.
Speaking of the Stassi, this video that keeps popping up on Instapundit every few months is also relevant and shows where we are going to end up if we as a society don't get off the PC train.
100kb generated in CPU 0.25, elapsed 0.6589 seconds.
77 queries taking 0.4862 seconds, 365 records returned.
Powered by Minx 1.1.6c-pink.
77 queries taking 0.4862 seconds, 365 records returned.
Powered by Minx 1.1.6c-pink.