Aside
Posted on in Aside

2019.1.21

One of the things I enjoy most about academia is the emphasis on intellectual freedom even when expressing such freedom might be seen as problematic for the University’s commercial interests. Case in point: I was quoted in an article raising concerns that some universities’ contractual agreements to automatically transfer certain 5G telecommunications patents to foreign companies (based on research funded by the same companies) could be disadvantageous to domestic national security. One of the universities that is caught up in the issue is the one employing me. Despite my statements potentially being disadvantageous to my own university’s interests there are no rebukes but, instead, praise for being involved with national issues. If only all employers could be so similarly open-minded!

Posted on in Links, Photography, Roundup

The Roundup for January 14-20, 2019 Edition

(Smile! by Christopher Parsons

Welcome to this edition of The Roundup! Enjoy the collection of interesting, informative, and entertaining links. Brew a fresh cup of coffee or grab yourself a drink, find a comfortable place, and relax.

I live a pretty minimalist lifestyle — I try to be super careful about new purchases and to not own more than I need — but it’s been a few months since I’ve done a purge. So over the past week I’ve gone through almost all of my clothing, cupboards, and drawers, and quickly and easily found four (small) bags of things to either recycle, donate, or sell. I still feel like I need to get rid of some additional things or, if not dispose of them, at least more tightly organize some of my spaces to dispense with any clutter in my closed storage spaces. I find that even organizing the ‘hidden’ spaces in my home — such as closed drawers that only I open — provides me with a sense of relief; it’s not sufficient that things outwardly appear organized and tidy, it’s important that even that which no one sees has the exact same properties. Sorta like how Steve Jobs demanded that his factories were organized by design principles and the insides of the early Apple IIs were meant as works of silicon-art…

Inspiring Quotation

“Either we all live in a decent world, or nobody does.”

― George Orwell

Great Photography Shots

As is increasingly common — in part because I keep spending time looking at just how much you can get out of smartphone cameras, and even those which are years old! — I was struck by these black and white mobiography images. It’s really impressive how well the small sensors on smartphones, even those as old as the iPhone 6 and 6s, work when placed in ideal lighting situations.

Shapes and Shadows‘ by @bigpeabella
Haunted‘ by @corvis_carrion
Untitled‘ by @db.cooper
Favorite building in Los Angeles‘ by @mjhmalibu
Long way home‘ by Dina Alfasi
Untitled‘ by @agkolatt

Music I’m Digging

  • Jrd. – Growth // I’ve been listening to this album some through the week and been really enjoying its downtempo beat; it’s been great for quietly reading or cooking. If I have one complaint, it’s that many of the tracks seem too short – just as they start to find their full on-grove, the track is over and it’s on to the next one.

Neat Podcast Episodes

  • 99% Invisible – Atomic Tattoos // I was struck by how during the Cold War, Americans were specifically taught to engage in resiliency preparation in the case of an Atomic attack. This podcast starts by examining why certain people had their blood type tattooed on their rib cage, but then proceeds with a broader assessment of resilience and questions whether Western nations are anywhere near as resilient, today, as they believed they were in the 1950s-1970s.
  • Hurry Slowly – Creativity vs Efficiency // I appreciated how, in this episode, the host explores how efficiency actually can act as a barrier to creativity. The manifold numbers of hinderances in life and creation can actually fuel the creative process itself and, as such, creatives needs to reflect on whether they really, truly, want to become ‘efficient’ and if so, why and for what specific benefits.

Good Reads

  • California’s Monarch Butterflies Hit ‘Potentially Catastrophic’ Record Low // It’s hard to imagine that in a few decades the only place we might see monarch butterflies is in butterfly conservatories and augmented reality representations.
  • The Rise and Demise of RSS // This is a tremendous summary of the history of the RSS protocol and the reasons behind why it was forked multiple times. I don’t know that I agree with the concluding assessment — that RSS is falling increasingly out of use — insofar as it still powers a lot of the backend of the Internet, unbeknownst to many Internet users. Moreover, as companies such as Feedly grow and attract subscribers I expect that people will use RSS more and more, even if they don’t know their reading is being powered by RSS feeds. Still, it has to be admitted that outside of a relatively tech-literate audience the protocol itself is largely unknown. Less evident, however, is whether knowing about the protocol matters so long as it remains in use.
  • If we stopped upgrading fossil-fuel-using tech, we’d hit our climate goals // While there isn’t any possibility that the world will generally swap its infrastructure to green technologies in the near future, this study (depressingly) shows how much of a difference would be made should we adopt green infrastructure now versus by 2030. Do it now, and we would likely limit limit global warming to 1.5°C above pre-industrial times; do it by 2030, and most of the simulations put us on the wrong side of 1.5°C but below 2.0°C.

Cool Things

  • The Homebrewery // This is a pretty cool latex installation that enables a dungeon master to robustly produce documents that looks and feel very similar to official Wizards of the Coast publications.
  • The Confessions Game // I’m a big fan of these kinds of ‘games’, which are really facilitated conversation starters that bypass trivial talking. This looks like it would encourage some pretty intense discussions amongst friends and partners.
Aside
Posted on in Aside

2019.1.17

Nothing quite like starting the day by refreshing a password that was apparently compromised, and then trying to determine where/how the operators might have obtained the login credentials in the first place. Still, props to Google’s AI systems for detecting the aberrant login attempt and blocking it, as well as for password managers which make having unique login credentials for every service so easy to manage/replace.

Posted on in Review

Review of the Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon

Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon

Rating: ⭐️⭐️⭐️⭐️⭐️

Zetter’s book engages in a heroic effort to summarize, describe, and explain the significance of the NSA’s and Israel’s first ‘cyber weapon’, named Stuxnet. This piece of malware was used to disrupt the production of nuclear material in Iran as part of broader covert efforts to delimit the country’s ability to construct a nuclear weapon. 

Multiple versions of Stuxnet were created, as were a series of complementary or derivative malware species with names such as Duqu and Flame. In all cases the malware was unusually sophisticated and relied on chains of exploits or novel techniques that advanced certain capabilities from academic theory to implementable practice. The reliance on zero-day vulnerabilities, or those for which no patches are available, combined with deliberate efforts to subvert the Windows Update system as well as use fraudulently signed digital certificates, bear the hallmarks of developers being willing to compromise global security for the sake of a specific American-Israeli malware campaign. In effect, the decision to leave the world’s computers vulnerable to the exploits used in the creation of Stuxnet demonstrate that offence was prioritized over defence by the respective governments and their signals intelligence agencies which authored the malware.

The book regales the reader with any number of politically sensitive tidbits of information: the CIA was responsible for providing some information on Iran’s nuclear ambitions to the IAEA, Russian antivirus researchers were monitored by Israeli (and perhaps other nations’) spies, historically the CIA and renown physicists planted false stories in Nature, the formal recognition as cyberspace as the fifth domain of battle in 2010 was merely formal recognition of work that had been ongoing for a decade prior, the shift to a wildly propagating version of Stuxnet likely followed after close access operations were no longer possible and the flagrancy of the propagation was likely an error, amongst many other bits of information.

Zetter spends a significant amount of time unpacking the ways in which the United States government determines if a vulnerability should be secretly retained for government use as part of a vulnerabilities equities process. Representatives from the Department of Homeland Security who were quoted in the book noted that they had never received information from the National Security Agency of a vulnerability and, moreover, that in cases where the Agency was already exploiting a reported vulnerability it was unlikely that disclosure would happen after entering the vulnerability into the equities process. As noted by any number of people in the course of the book, the failure by the United States (and other Western governments) to clearly explain their vulnerabilities disclosure processes, or the manners in which they would respond to a cyber attack, leaves unsettled the norms of digital security as well as leaves unanswered the norms and policies concerning when (and how) a state will respond to cyber attacks. To date these issues remain as murky as when the book was published in 2014.

The Countdown to Zero Day, in many respects, serves to collate a large volume of information that has otherwise existed in the public sphere. It draws in interviews, past technical and policy reports, and a vast quantity of news reports. But more than just collating materials it also explains the meanings of them, draws links between them that had not previously been made in such clear or straightforward fashions, and explains the broader implications of the United States’ and Israel’s actions. Further, the details of the book render (more) transparent how anti-virus companies and malware researchers conduct their work, as well as the threats to that work in an era when a piece of malware could be used by a criminal enterprise or a major nation-state actor with a habit of proactively working to silence researchers. The book remains an important landmark in the history of security journalism, cybersecurity, and the politics of cybersecurity. I would heartily recommend it to a layperson and expert alike.

Quote
Posted on in Quotations

Between 2002 and 2009, the [Industrial Control System Cyber Emergency Response Team] conducted more than 100 site assessments across multiple industries–oil and natural gas, chemical, and water–and found more than 38,000 vulnerabilities. These included critical systems that were accessible over the internet, default vendor passwords that operators had never bothered to change or hard-coded passwords that couldn’t be changed, outdated software patches, and a lack of standard protections such as firewalls and intrusion-detection systems.

But despite the best efforts of the test-bed and site-assessment researchers, they were battling decades of industry intertia–vendors took months and years to patch vulnerabilities that government researchers found in their systems, and owners of crucial infrastructure were only willing to make cosmetic changes to their systems and networks, resisting more extensive ones.

– Kim Zetter, Countdown to Zero-Day

Posted on in Links, Photography, Photos, Roundup

The Roundup for December 24, 2018 – January 13, 2018 Edition

(Rusty Heights by Christopher Parsons)

Welcome to this edition of The Roundup! It’s taken a bit longer to put this together given the holidays, but I’m hoping to get back to scheduling these every other week or so. Enjoy the collection of interesting, informative, and entertaining links. Brew a fresh cup of coffee or grab yourself a drink, find a comfortable place, and relax.

Over the past few weeks, I’ve had the opportunity to take my coffee-game to a whole new level: I was generously gifted a Hario Cold Brew Coffee Pot by my family in December, and a Vietnamese Coffee Filter by a friend earlier this month. It’s been a lot of fun trying to determine which brew methods I prefer more or less and, also, meant that my coffee intake has probably doubled in the past month or so! Expect some thoughts and discussions about using either tool sometime in the future!

Inspiring Quotation

Be louder about the successes of others than your own.

  • Birthday fortune I received

Great Photography Shots

In a bit of a detour from most Roundups, I’m including some of my own preferred shots that I’ve taken over the past few months.

(Ghosts and Galleries by Christopher Parsons)
(Electric Blue by Christopher Parsons)
(Safe Harbour by Christopher Parsons)
(The Deep by Christopher Parsons)
(Eat! by Christopher Parsons)
(Dive by Christopher Parsons)
(School’s In by Christopher Parsons)
(Aquatic Textures)

Music I’m Digging

  • Bird Box (Abridged) (Original Score) // This is Trent Reznor and Atticus Ross at their best. The score is haunting, dystopia, and persistently just a little creepy.
  • Neisha Neshae – Poppin on the Internet (feat. Rocky Badd) (Single) // The power and energy of Neshae’s voice comes through in this single as clearly as in her EP, Queenin’. She remains as fun to listen to, now, as with her earlier work. I’m hoping that whenever she publishes a full album it manages to retain the strength and consistency of all of her work to date!
  • Jean-Michel Blais – Eviction Sessions (EP) // Blais’ work remains evocative and minimalist. This EP came after he was literally evicted from his Montreal apartment, and the work he played was an effort to memorialize and commemorate the space where so much of his music had been produced.
  • Spider-Man: Into the Spider Verse (Soundtrack) // I was absolutely amazed with how good the movie turned out to be, but before I saw it I was captivated by the soundtrack. Sunflower, Familia, Invincible, Memories, and Home were the stars of the album for me, though the entirety of the album held together remarkably well. I was surprised to hear almost all of the songs when I watched the film: these aren’t just songs intended to touch on the mood of the film but, instead, are key audio-emotional components the film itself. That they stand alone as strongly as they do is a remarkable accomplishment to my ear.

Neat Podcast Episodes

  • The Sporkful – When Celery Was More Special Than Caviar // I learned so much about celery in this episode! There are different kinds! There are different tastes! There is red, as well as striped, as well as ‘blanched’ celery!
  • The Current – ‘Don’t do it’: Trump’s criticism of central bank could backfire, warns former vice-chair // I found it most useful to hear about the difficulties in linking politics and a central bank and how, even if Trump does want to effect change quickly, that central banks and economies move so ponderously that he’s absolutely unlikely to adjust rates or the economy in a rapid manner should the current chair be replaced or the Fed totally shift its approach to the economy. Of course, neither of those things are likely and, instead, Trump will just posture for the purposes of satisfying his base.
  • Relationship Advice – What’s Your Fantasy? // The non-stigmatizing approach to thinking through, and engaging with, sexual fantasy in romantic relationships struck me as outlining a useful way of having conversations on the topic. Equally important was how to engage with a partner when they outline a fantasy that would be challenging or uncomfortable to satisfy, and how to find alternate means of expressing it in a manner that is satisfying and comfortable for all partners involved in it.
  • The Documentary – India’s battle with online porn // I went into this episode assuming, by default, that I would oppose all the proposals to ban or censor access to pornography. And while I mostly retain this position, I admit that I was shocked to learn about how common rape videos are being shared and it left me wondering about what approach makes the most sense to inhibit the spread of such violent videos while preserving basic rights. Especially given that many of the videos are shared between peers over encrypted messaging applications I don’t have an immediate response on how to deal with the sharing but, nonetheless, concur that the transmission of such videos does represent a real social ill that needs to be addressed.

Good Reads

  • Managing Burnout // As someone who’s suffered burnout a few times I think it’s really positive that a prominent member of the security community is openly discussing this challenge. Richard’s suggestions — that you build a fund for just burnout — is pretty solid, though admittedly works better in a community with above-average wages. What is missing, however, is an assessment of how to fix the culture which leads to burnout; that has to come from management since employees will take their cues from above. And to my mind management has to focus on combating burnout or else risk losing high-value employees with little opportunity to get an equivalently talented and priced replacement employee in the contemporary job market.
  • The 12 Stages of Burnout, According to Psychologists // Ever wonder if you or a loved one are suffering through severe burnout? This helpful list will showcase the different things that suggest burnout is being experienced with pretty clear indicators that you can use for self-diagnostic purposes.
  • “They Say We’re White Supremacists”: Inside the Strange World of Conservative College Women // Nancy Jo Sales’ long form piece trying to understand and express why young women support Donald Trump is illuminating, insofar as it showcases how these women hold more complex positions on some issues (e.g. abortion, rape) than might be expected while also conforming to stereotypes in other ways. What is hardest to appreciate is perhaps that they genuinely do regard feminism as ‘over’ and no longer needed, at least as they have lived their experiences as young white women. That they do not have a longer set of life experiences, such as in long term employment, nor experiences of minority populations, combined with Fox and similar news sources filling their political news appetite, makes their positions largely unsurprising. However, what also stands out is the automatic dismissal of their values and thoughts by liberal minded persons on campus: while liberalism must be intolerant of deep intolerance — such as white supremacy — that cannot apply to people who are simply holding divergent political opinions or else liberalism will have internally rebuked it’s own reason for acting as an effective and inclusive political theory.
  • Pilot project demos credit cards with shifting CVV codes to stop fraud // The idea that the CVV will change to combat online fraud seems like an interesting idea, though the actual security is going to be based on how effectively protected and randomized the seed for the randomization algorithm happens to be. Since attackers will have access to the actual cards — at least if distributed widely to the public in the future — then we’ll have to assume that any failures that are readable on the chip will certainly be found and exploited, so the math and tamper resistance properties are going to have to be exceptionally well implemented. Perhaps the most notable element of the proposed cards arrives at the end of Megan Guess’ article: whereas a regular card costs $2-4, those with a lithium battery to update the CVV will run closer to $15. In other words, whomever is producing the cards will need to be assured that they will, in aggregate, reduce fraud costs enough to merit the heightened production costs. It’ll be very interesting to see if the cards are suitably effective to lead to mass production or whether economics, as opposed to security, result in the cards being just a short-term trial or experiment.
  • Kengo Kuma’s Architecture of the Future // Kuma-san’s efforts to make architecture disappear, and work in contravention to the fantastic metal and glass structures of modernism and post-modernism, strike me as a kind of attempt to envision wabi-sabi in structures. In effect, his focus on the natural and celebrating the traditional and honouring its (often imperfect) characteristics seem to align with a need to seek peace and simplicity absent overt efforts to establish egoist-driven artefacts devoted to humanity’s triumphs.
  • This is how Canada’s housing correction begins // Kirby does a good job in collecting data to suggest a serious market correction could be coming as the Bank if Canada increases rates, which has had the effect of squeezing a large portion of homeowners who have grown up — and relied upon — cheap credit to buy homes and other consumer goods. Key is that the assessment doesn’t just indicate a forthcoming housing correction but, also, potentially a serious recession. Moreover, just how widely will this ‘correction’ be felt: will it mostly be younger millennials or include aging boomers who have drawn against their homes to support their children’s education and home purchases?
  • Great Expectations // Reflecting on what are non-negotiable traits in relationships is something that I do with some regularity, and this Medium post does a good job of summarizing many of the basic expectations that should be realized in any loving relationship. I particularly liked how the author ends by asserting that it’s critical for partners to engage in kindness in communicating, or work to avoid brashness and hostility in communications and instead focus on communicating our feelings in an open, transparent, and loving manner.
  • The US Military Is Genetically Modifying Microbes to Detect Enemy Ships // That humanity is modifying bacteria to react in the presence of different types fo fuel exhaust and related exhausts from ships, for the purposes of surveillance of maritime environments, is the thing of science fiction. And it’s going to start happening, soon!
  • GE Powered the American Century—Then It Burned Out // In an exceptional long-form piece, Thomas Gryta and Ted Mann document the slow, though hastening, fall of the General Electric. It’s stunning to read just how hard it has been for the company, and its CEOs, to effectively reposition the company in the face of major economic and political hurdles, and without clear evidence that the company will manage to survive in its conglomerated form over the coming decade.
  • Apple Expands AirPlay 2 Video Streaming To TV Sets // Benjamin Mayo’s Assessment that Apple licensing AirPlay 2 is a good thing, because while it might cannibalize Apple TV sales it will increase the joy of using an iPhone and the overall value of Apple services, is dead on.
  • Why Cider Means Something Completely Different in America and Europe // It makes sense, but I hadn’t thought of how important alcoholic cider was for colonial Americans (and the British, more generally) for ensuring that there was a drinkable liquid available that didn’t include harmful contaminants. Nor had I thought of how the temperance and prohibition eras would have transformed the nature of cider production, and led to the destruction of orchards that contained high-tannin apples that were principally grown to make cider. If you’re interested in cider and the broad strokes of its history in the United States of America, this is a good article to read through!

Cool Things