Wednesday Morning: If It Ain’t Baseball, It’s Winter

/8 Comments/in , , /by

It may be sunny and 90F degrees where you are, but it’s still winter here. A winter storm warning was issued here based on a forecast 12 inches of snow and 35 mph winds out of the northeast off Lake Huron. For once, Marcy’s on the lee side of this storm and won’t be blessed with the worst of this system.

I’ll cozy up in front of the fireplace and catch up on reading today, provided we don’t have a power outage. Think I’ll nap and dream of baseball season starting in roughly five weeks.

Before the snow drifts cover the driveway, let’s take a look around.

Hey Asus: Don’t do as we do, just do as we say
Taiwanese computer and network equipment manufacturer Asus settled a suit brought by the Federal Trade Commission over Asus leaky routers. The devices’ insecurities were exposed when white hat hacker/s planted a text message routers informing their owners the devices were open to anyone who cared to look. Terms of the settlement included submitting to security auditing for 20 years.

What a ridiculous double standard: demand one manufacturer produce and sell secure products,while another government department demands another manufacturer build an insecurity.

Ads served to Android mobile devices leak like a sieve
Researchers with the School of Computer Science at the Georgia Institute of Technology presented their work yesterday at 2016 Network and Distributed System Security Symposium, showing that a majority of ads not only matched the mobile user but revealed personal details:

• gender with 75 percent accuracy,
• parental status with 66 percent accuracy,
• age group with 54 percent accuracy, and
• could also predict income, political affiliation, marital status, with higher accuracy than random guesses.

Still some interesting work to be presented today before NDSS16 wraps, especially on Android security and social media user identity authentication.

RICO – not-so-suave – Volkswagen
Automotive magazine Wards Auto straps on the kneepads for VW; just check this headline:

Diesel Reigns in Korea as Volkswagen Scandal Ebbs

“Ebbs”? Really? Au contraire, mon frère. This mess is just getting started. Note the latest class-action lawsuit filed in California, this time accusing VW and its subsidiaries Audi and Porsche as well as part supplier Bosch of racketeering. Bosch has denied its role in the emissions controls defeat mechanism:

…The company has denied any involvement in the alleged fraud, saying it sold an engine control unit to Volkswagen, but that Volkswagen was responsible for calibrating the unit.

The scandal’s only just getting going when we don’t know who did what and when.

Worth noting Wards’ breathless excitement about VW passenger diesel sales uptick in South Korea. But then Wards ignores South Korea’s completely different emissions standards as well as the specifics in promotions for that market. Details, details…

Splash and dash

Don’t miss Ed Walker’s latest in his series on totalitarianism and Marcy’s fresh exasperation with polling on FBI vs Apple. Wind’s brisk out of the north, bringing the first wave of flurries. I’m off to check the gasoline in the snowblower and wax my snow shovels.

Reuters Asks Even Stupider Questions about Apple-FBI Fight than Pew

/8 Comments/in /by

In my post on Pew’s polling on whether Apple should have to write a custom version of its operating system so FBI can brute force the third phone, I gave Pew credit for several aspects of its question, but suggested the result might be different if Pew had reminded the people the FBI has already solved the San Bernardino attack.

Imagine if Pew called 1000 people and asked, “would you support requiring Apple to make iPhones less secure so the FBI could get information on a crime the FBI has already solved?”

As I said, at least Pew’s question was fair.

Not so Reuters’ questions on the same topic. After asking a bunch of questions to which three-quarters said they would not be willing to give up their own privacy to ward against terrorism or hacking, Reuters than asked this question:

Apple is opposing a court order to unlock a smart phone that was used by one of the shooters in the San Bernardino attack. Apple is concerned that if it helps the FBI this time, it will be forced to help the government in future cases that may not be linked to national security, opening the door for hackers and potential future

Do you agree or disagree with Apple’s decision to oppose the court order?

While Reuters explains why Apple opposes the order — because it will be [in fact, already has been] asked to help break into more phones that have nothing to do with terrorism, creating vulnerabilities for hackers — the wording of the question could easily be understood to imply that Syed Rezwan Farook’s phone “was used [] in the San Bernardino attack.” It’s not clear Farook even used the phone after November, two days before his attack. And to the extent Farook and his wife used phones during the attack — as implied by the question — they are believed to be the phones they tried unsuccessfully to destroy.

Yet, even with his problematically framed question, 46% of respondents (on an online poll, which likely skews towards tech facility) supported Apple’s actions.

There’s a problem, too, with the only question for which a plurality supported the FBI’s snooping. a graph of which Reuters highlighted in its story.

The government should be able to look at data on Americans’ phones in order to protect against terror threats.

There are cases where investigators find information on a smart phone that helps prevent follow-on attacks (in happened in Paris with a phone that was not encrypted). Border searches(which I admittedly believe to be one of the real reasons FBI objects to default encryption), too, might prevent terror attacks. But more often, we’re talking about investigating crimes deemed to be terrorism after the fact (or, far, far more often, solving drug crimes).

Nothing the FBI could do with the data on Farook’s work phone will prevent the deaths of the 14 people he already killed. There are other kinds of surveillance far better suited to doing that.

Tuesday Morning: Changing the Tenor

/17 Comments/in , , , /by

Once in a while, I indulge in the musical equivalent of eating chocolate instead of a wholesome meal. I’ll listen to my favorite tenors on a continuous loop for an afternoon. I have a weakspot for Luciano Pavarotti and Franco Correlli, though the latter isn’t one of the Three Tenors.

Speaking of which, this video features a really bizarre event: the Three Tenors performing at Los Angeles’ Dodgers Stadium in 1994. Poppy and Barbara Bush are there in the audience, too. What a supremely odd venue! And yet these guys did a bang up job in such a huge, open space. Pavarotti’s Nessun Dorma at ~1:05 is my favorite cut, but it’s all fun.

Now let’s change the tenor…

Former Microsoft CEO Bill Gates sides with FBI against Apple
Gates isn’t the best salesman for this job, promoting compelled software. Given Gates’ role as technology adviser to Microsoft’s current CEO Satya Nadella, how persistently invasive Windows 10 is, and Microsoft software’s leaky history, Gates comes off as a soldato for USDOJ. Do read the article; it’s as if Gates was so intent on touting USDOJ’s line that he didn’t bother to read any details about USDOJ’s demands on Apple.

UPDATE — 10:25 AM EST — Poor Bill, so misunderstood, now backpedaling on his position about Apple’s compliance. This, from a Fortune 100 technology adviser…~shaking my head~

Gates talks out of the other side of his face on climate change
Unsurprisingly, Bill Gates also looks less than credible when he pleads with students for an ‘energy miracle’ to tackle climate change. This is shameless: first, guilt-tripping minors in high school, second for the blatant hypocrisy. The Bill and Melinda Gates Foundation continues to hold investments in ExxonMobil, BP, and Shell because of their yields. Not exactly a commitment to alternative energy there. How’s that investment strategy working for you now, Gates?

Fossil fuel-based industries: wall-to-wall bad news
Speaking of crappy investments in dirty hydrocarbons, conditions are just plain ugly.

Office of Personnel Management’s CIO steps down
Donna K. Seymour stepped down from her role, the second OPM management team member to leave after the massive hack of U.S. government personnel records. She was scheduled to appear before Congress this week; that hearing has now been canceled by House Oversight and Government Reform Committee chair Jason Chaffetz. Huh. That’s convenient. Wonder if she would have said something that reflected badly on a previous GOP administration? This bit from the linked article is just…well…

FBI Director James Comey called the hacks an “enormous breach,” saying his own data were stolen. U.S. authorities blamed China, which strongly denied the accusation before it said in December that it had arrested several “criminal” Chinese hackers connected to the breach.

Wow, I wonder what China could do if they had access to every U.S. government employees’ iPhone? Anybody asked Comey what kind of phone he carries?

That’s a wrap. I’m off to listen to something sung in a sweet tenor voice.

This Apple Fight Is (Partly) about Solving Car Accidents

/14 Comments/in /by

I am going to spend my day laying out what a cynical man FBI Director Jim Comey is — from setting up a victims’ brief against Apple even before the government served Apple here, to this transparently bogus garbage post at Lawfare.

But first I wanted to reemphasize a detail I’ve noted before. On February 9, at a time when FBI already knew how it was going to go after Apple, Jim Comey said this in a hearing to the Senate Intelligence Committee:

I’d say this problem we call going dark, which as Director Clapper mentioned, is the growing use of encryption, both to lock devices when they sit there and to cover communications as they move over fiber optic cables is actually overwhelmingly affecting law enforcement. Because it affects cops and prosecutors and sheriffs and detectives trying to make murder cases, car accident cases, kidnapping cases, drug cases. It has an impact on our national security work, but overwhelmingly this is a problem that local law enforcement sees.

Even before he served Apple here, Comey made it clear this was about law enforcement, not terrorism cases, his cynical invocation of the San Bernardino victims notwithstanding.

And not just law enforcement: “car accidents.”

Since it got its All Writs Act, FBI has said this Apple request is a one-off request, just for this terrorism case they already know the perpetrators of. But at a time when it already knew it was going to get an AWA order, Jim Comey was more frank. This is about car accidents. Car accidents, murder, kidnapping, and drugs (the last All Writs Act request was about drugs, in a case where they had enough evidence to get the guy to plead guilty anyway, if there are any doubts they would demand an AWA going forward).

Car accidents.

Monday Morning: Let’s Mambo

/9 Comments/in , /by

When your Monday begins to drag — and you know it will at some point — put on a little mambo.

Especially Perez Prado‘s Mambo Number 5 and Mambo Number 8. They’ll spice up your day, get it back on track. There are some more recent covers and mashups of Prado’s mambos, but they just aren’t the same as the originals.

Be careful where you play this stuff; it’ll make your mother or grandmother move in ways you may not want to watch.

Let’s cha-cha-cha…

“Damn it Jim, what the hell is the matter with you?”*
FBI-Comey_TakeADeepBreath_21FEB2016
FBI was still trying to dig itself out of a hole on Saturday evening, resorting to damage control mode yesterday. Note, though, Director James Comey’s statement at Lawfare and subsequent coverage at the Los Angeles Times don’t mention at all the screwed up handling of San Bernardino shooter Syed Farook’s iPhone. Take that deep breath, then save it to cool your soup, eh?

So I’m following the map that leads to you
Nope, not Maroon 5, but Facebook’s Connectivity Lab, building a map of the network it claims will help it understand how best to reach populations with poor to no internet. A map, to people not on the map? Creepy, like a stalker ex-boyfriend with global reach. Can’t wait for the conditions by which the U.S. government claims it needs access to that.

Radioactive materials gone walkabout in Iraq now found
This is a strange story. Not the part about a testing device containing radioactive Ir-192 used by a Turkish oil pipeline inspection services company that went missing in November but not reported by media until last week, or the part where the device turned up this weekend, dumped by a gas station. Nor even the odd description of the discovery:

“A passer-by found the radioactive device dumped in Zubair and immediately informed security forces,” the chief of security panel in Basra provincial council, Jabbar al-Saidi, said.
“After initial checking I can confirm the device is intact 100 per cent and there is absolutely no concern of radiation.”

What’s strange is the coverage of this story: picked up by mostly conservative outlets, not widely covered in large news outlets. Huh. Weird. Pick out some key words from the story and do a search yourself, compare to coverage on other stories. Heck, it doesn’t even show up on Reuter’s Middle East and Africa site this morning, though they first broke the story.

Not-so-happy anniversary, Q-1 Predator drone
15 years now this death-from-the-sky has been in use. Sadly, it’s become embedded in our culture now.

All right, time to set this aside and put on my dancing shoes. ¡Vamonos! ¡Baile!

* gratuitous Star Trek quote, Dr. Leonard “Bones” McCoy to Captain James T. Kirk.

To Clarify the Debate, Tim Cook Should Start Shopping for Land in Cork, Ireland

/15 Comments/in , /by

There’s so much blathering from National Security and plain old pundits about FBI’s demand that Apple’s programmers write it a custom operating system that I think, to facilitate reasonable debate, Tim Cook should travel to Cork, Ireland (where Apple already has a presence) and start shopping for land for a new headquarters.

I say this not because my spouse and I are Irish (though the Irish spouse insists that Cork is the Irish equivalent of Texas), and not because I want Apple to take all its Silicon Valley jobs and move them to Ireland, and not because Apple has already been using Ireland as a tax haven, but because it would be the best way to get people who otherwise seem to misunderstand the current state of the world on encryption to better think it through.

FBI’s problem with Apple is that the company tries to offer its users around the globe the strongest possible security as a default option. Plenty of other companies (like Android) offer less perfect security.  Plenty of other apps offer security. Some (like Signal) may even offer better security, but relying on devices (Android phones and desktops) that themselves may be insecure. But the problem with Apple is that all its more recent phones are going to be harder (though not impossible, unless law enforcement fucks up when they first seize the phone, as they did here) to access by default.

Thus far, however, Apple still serves as a valuable law enforcement partner — something lots of the pundits have ignored. Before the All Writs Act order on February 16, Apple had turned over metadata covering the entire period Farook used the phone (he apparently was using the phone into November), as well as the content that was backed up into iCloud until October 19. Presumably, Apple turned over all the same things on the victims Farook killed, up to 14 iPhones full of communications, including with Farook, set to auto-backup as Farook’s phone originally had been. Apple can and surely does turn over all the same things when an iPhone user in Paris or Beijing or Beirut sparks the interest of NSA.

If Apple were to move its headquarters and servers to Cork (perhaps with some redundant servers in Brazil, for example), that would be far less accessible to both US law enforcement and intelligence. And contrary to what you might think from those attacking Apple’s alleged non-compliance here, that would result in significantly less intelligence (or evidence) than both are getting now.

That’s because by offering the best encryption product in the world that relies on US-based servers, Apple ensures that at least the metadata — not to mention any content backed up to iCloud (which in Farook’s case, included content through October plus that from his colleagues) — is readily available. If Apple were to move to Cork, any backed up content would be far harder to get and NSA would have to steal Internet packets to get iMessage metadata (admittedly, that’s probably pretty easy to do from Ireland, given its proximity to GCHQ’s gaping maw, but it does require some work).

The counterexample is the way the terrorists behind the Paris attack used Telegram. Because that’s a non-US messaging system, data including metadata from it was not easily available (though as I understand it its encryption would be fairly trivial for NSA to overcome). Thus, terrorists were able to use an inferior product and obtain more obscurity (until Telegram, under pressure, shut down a bunch of ISIS channels) than they would have if they had used the superior iPhone because Apple’s servers are in the US. If US national security officials force multinational companies to choose between quality of product and US location, one or two may choose to offshore. Alternately, eventually the foreign products may come to rival what Apple is currently offering.

Right now, US officials are guaranteed that if intelligence and criminal targets use the best product in the world, they’ll have evidence readily available. Even ignoring all the economic reasons to want Apple to stay in the US (or better yet to actually pay its fair share of taxes in the US!) that could change if Apple were to decide it could not longer legally offer a secure product while remaining in the US.

USDOJ: Make Apple Fix Their ‘Brand Marketing Strategy’ for Our Needs

/42 Comments/in /by

(Note: I drafted the following piece Friday after the USDOJ filed its latest motion, but before the latest revelation of law enforcement’s handling of the iPhone at the heart of the case. I’ve added an additional remark set off with emphasis after the disclosure. And now this afternoon’s new development? I can’t with this stuff. ~smh~)

You may imagine me agog after reading the Department of Justice’s motion filed today in the case of San Bernardino shooter Syed Farook’s iPhone. USDOJ believes Apple’s repudiation of its demands to write code in order to allow USDOJ to access the phone’s content by brute forcing the pin “to be based on its concern for its business model and public brand marketing strategy …”

Does the USDOJ understand what a smartphone is, and how it differs from a plain old telephone or even a vanilla cellphone? Are they just screwing with us, or do they simply not understand that smartphones aren’t just communications tools?

Wallet_EW-blog<<– For example, this device is designed to contain materials that are important and valuable to its user, including identity documentation, money and other means of payment, keys to access other devices and locations, possibly papers with important notes.

Imagine the USDOJ insisting the wallet’s designer must allocate personnel and resources to redesign and apply a new closure on a single device so that content caught in it will not be destroyed when the closure is opened by USDOJ.

Ridiculous.

.

.

Wallet-2_EW-blog

<<– Compare now to this device, designed to contain materials that are important and valuable to its user, including identity documentation, money and other means of payment, keys to access other devices and locations, possibly papers with important notes. Only this device may contain entire libraries and businesses.

Imagine the USDOJ insisting the device’s designer must allocate personnel and resources to redesign and apply a new closure on a single device so that content caught in it will not be destroyed when the closure is opened by USDOJ.

Users rely on this device’s inherent closure integrity to secure its contents. This is not merely a “public brand strategy” — it is the essence of the device’s utility, its fundamental nature. The only thing different between these devices is communications capability in the latter, not the former. But users rely on the content of messages to be treated like the content of notes one might put in their wallet or purse — private and secure. Users seeking wallets and smartphones don’t buy them because they are insecure. Smartphone buyers aren’t shelling out $20 for a wallet, and they’re not buying just a communications device. They’re spending hundreds of dollars buying a digital portmanteau to replace their wallet/purse containing their laptop/books/files/photo album/audio player/more. It must be secure for that reason. The investment of time and money reflects this.

Which is why it seems to me — and I am not a lawyer — the government’s demands on Apple to allocate business resources to create an insecurity in a device designed to be secure is unreasonable, even if the insecurity demanded will be used one time as the USDOJ claims.

Worse, this demand by USDOJ is an attempt to remedy a case of bad device management. The specific iPhone in question, used by Syed Farook, was issued by his employer — San Bernardino County. Why didn’t the county issue devices with an administrative override? It’s like issuing a company car but not retaining a spare set of keys if the employee was suddenly terminated. Why should Apple undermine the inherent integrity of its product to resolve a poor case of asset management?

EDIT: And why should Apple invest private resources into compelled speech as software to rectify a screw-up on the part of San Bernardino County and the USDOJ in their inept handling of the single iPhone in question once the device had been retrieved from the suspect?

It doesn’t matter if, as USDOJ swears, this compelled reverse engineering is written and applied only once. That it would have been done at all establishes a precedent, allowing the U.S. government (and others!) a foothold to demand companies allocate resources to service the government, while undermining the inherent integrity of their products.

What might this do over the long run to Apple’s investment in Apple Pay — literally a wallet-alternative payment technology based on iPhone?

A wallet that retains its contents isn’t just “brand marketing strategy.” It’s the innate purpose of a wallet — and the same with devices we now use as digital wallets.

There is another larger conversation we must have about the evolution of technology and the inability of our laws to keep apace.
Consider Maryland Attorney General Brian E. Frosh’s recent brief in which he maintained persons carrying a cellphone into a store had no expectation of privacy, “because [the suspect Andrews] chose to keep his cell phone on, he was voluntarily sharing the location of his cell phone with third parties.” But cellphones — more specifically, smartphones — are the convergence of our entire desks. We do not expect by keeping them turned on that we have given third parties entrée to our desks unless we have pointedly been asked and given permission. People don’t just walk around holding their wallets and backpacks open for inspection by anyone who chooses to snoop.

But smartphones are the convergence of our entire desks. We do not expect by keeping them turned on that we have given third parties entrée to our desks unless we have pointedly been asked and given permission. People don’t just walk around holding their wallets and backpacks open for inspection by anyone who chooses to snoop.

Unfortunately, we the people have not negotiated our expectations by way of legislation. Law enforcement and the military both are operating in the gap we’ve left in our social contract, a hole where our expectations have not been established. Are we suffering from future shock about the technology we expect and use? More than likely, and our legal system is slower than we are, suffering even more so. But because no law clearly tells them, “This is a personal desk with access to remote files — both node ends and the transmission between are private,” law enforcement and the military will simply assume they can ask anything they want.

This includes demanding a smartphone manufacture to create an insecurity in digital wallet technology.
__________
Here are a few articles related to the USDOJ’s demand on Apple I find particularly interesting:

(Disclosure: I own shares of AAPL. Adder: IMO, the embedded video is already anachronistic, behind technological evolution. Many of us, including myself, do most of their work on smartphones/phablets/tablets.)

Friday Morning: All That Jazz

/38 Comments/in , , , /by

If you have to ask what jazz is, you’ll never know. — Louis Armstrong

It’s Friday. Don’t ask, just play.

If you thought FBI vs Apple was part of a plan to break Silicon Valley on encryption, it was
This will be the big buzz today: a secret “decision memo” reveals the government set out to access encrypted user data while putting on a good front about its relations with software companies. No information available about the source (or timing) of the memo; wouldn’t it be ironic if this secret memo had been hacked from a smartphone user’s data?

The Atlantic looks at the government’s attempt to force Apple to write code for their purposes as conscription. The secret memo bolsters this argument.

Looks like Apple may also claim the government is compelling speech. They’ve pulled out the big guns by hiring lawyers Ted Olson and Theodore Boutrous to work on this case.

Whiny telcos upset with Facebook eating their lunch with WhatsApp messaging
Like they couldn’t have seen this coming? Telcos in parts of the world like Central America and Europe have long charged uncompetitive rates for poor messaging service. Enter Facebook, which snapped up WhatsApp and integrated the messaging app in its social media platform. Facebook members now have a free messaging platform that works almost globally. The telcos are now upset that Facebook has eaten their text messaging profits. ¡Qué lástima! Though I admit I wonder if part if this grousing is really a front for governments who don’t like WhatsApp’s threat to intelligence access via telcos’ messaging services.

Citigroup’s Corbat gets a 27% pay increase
Too Big to Fail pays very well, for a very few. For Citigroup’s CEO Michael Corbat, it pays roughly $16.5 million this past year, up from $13 million the previous year. Corbat’s raise rewards him for Citibank’s improved fortunes, based in part on cutting less profitable businesses — like exiting retail banking in Argentina and Brazil.

Mercedes sued for not-so-clean diesel emissions
In a slightly different situation than with automaker VW, Daimler’s Mercedes is accused of selling diesel powered vehicles that do not meet emissions standards at low temperatures. The lawsuit was filed yesterday in New Jersey by a vehicle owner in Illinois, based on information published in Der Spiegel and the results of a study conducted by independent testing agency TNO for the Dutch Ministry of Infrastructure and the Environment. The problem at the heart of the suit:

“…the device in Mercedes’s diesel models turns off pollution controls at temperatures below 50 degrees Fahrenheit (10 Celsius), allowing the autos to violate emissions standards, according to the complaint.”

Mercedes did not disclose to buyers that its BlueTec technology, a system relying on use of urea-based NOX reduction, emitted NOX levels well above emissions standards at low temperatures. I would not be surprised to see more cases soon against Daimler and its Mercedes brand as BlueTec technology has been used in both passenger vehicles and commercial trucks for most of the last ten years.

On our mind: SKYNET
We haven’t forgotten the issue of U.S. military killing innocents *Oops!* from the sky based on metadata. Worth reading:

A “machine learning algorithm”? Imagine this in self-driving cars, hijacked via backdoors by hackers and governments. The ethics behind this technology must be widely debated in public now, before it moves beyond its already-abused role in drone-based warfare.

Should be an entertaining Friday; watch for government spokespersons to indulge in a lot of fancy-footwork jazz today.

Thursday Morning: Number 49

/38 Comments/in , , /by

Name day of Saint Simon (Simeon), and Greek name day for Leon and Agapitos, it’s also the 49th day of the year, only 317 more to go. Make the best of it, especially if your name is Simon, Leon, or Agapitos.

Hollywood hospital paid ransom — $17K in bitcoin, not millions
See the official statement linked in this updated report. Speed and efficiency drove the payment. Given the difference between the original amount reported and the amount paid in ransom, one might wonder if there was a chaining of devices, or if many less important devices will be bricked.

Laser pointed at Pope Francis’ plane over Mexico
Someone pointed a laser at the Pope’s flight just before it landed in Mexico City yesterday, one of the highest profile incidences of “lasering” to date. The incident follows an international flight forced back to Heathrow on Monday after one of its pilots suffered eye injury from a laser. Thousands of laserings happen every year; it’s illegal in the U.S. and the U.K. both, but the U.S. issues much stiffer penalties including fines of $10,000 and prison time. If Mexico doesn’t already treat lasering firmly, it should after this embarrassing and threatening incident.

Air strike on Doctors Without Borders/Médecins Sans Frontières’ Syrian hospital spurs call for investigation
It’s absolutely ridiculous how many MSF medical facilities have been hit air strikes over the last year, the latest west of Aleppo in Syria. MSF has now called for an independent investigation into this latest attack which killed nine medical personnel and more than a dozen patients. This particular strike is blamed on the Syrian government-led coalition, but Russia and the U.S. have also been blamed for attacks on MSF facilities this year, including the hospital in Kunduz, Afghanistan last October. You’d think somebody had it out for MSF specifically.

Is China rousing over Korean peninsula escalation?
Tension spawned by North Korea’s recent nuclear test, missile and satellite launches, as well as South Korea’s pull back from Kaesong industrial complex and U.S. F-22 flyovers have increased rhetoric in media.

Just as it is in the U.S., it’s important to note the origin and politics of media outlets covering China. GBtimes, for example, covers Chinese stories, but from Finland. ~head scratching~

All Apple, all the time
A huge number of stories published over the last 24 hours about Judge Sym’s order to Apple regarding unlocking capability on San Bernardino shooter Syed Farook’s iPhone.

I wonder if this is really a Third Amendment case, given the lack of daylight between the FBI and the U.S. military by way of Joint Terrorism Task Force involvement, and the case at hand in which a non-U.S. citizen’s illegal activities (Farook’s wife Tashfeen Malik) may have triggered related military counterterrorism response. Has the U.S. government, by demanding Apple create code to permit unlocking the shooter’s iPhone, insisted on taking private resources for government use? But I’m not a lawyer. What do I know?

That’s it for now. Thursday, February 18th is also “Teen Missed the Bus Day”; ‘Agapitos’ he is not at the moment. Kid’s going to owe me some time helping with the next morning post.

Wednesday Morning: Quelle couleur est-ce?

/20 Comments/in , /by

I think vestigially there’s a synesthete in me, but not like a real one who immediately knows what colour Wednesday is. — A. S. Byatt

A lot of people will ask what day it is today, but few will ask what color.

Ed Walker put up a great post late last evening, one that deserves more oxygen. Do check it out.

Hospital held hostage for millions by ransomware
Hey Hollywood! A hospital in your backyard has been “infected” with ransomware, their enterprise system tied up until administration coughs up $3.6 million.* Didn’t see that coming, huh? Law enforcement is involved, though if they haven’t managed to resolve other smaller ransomware attacks, they won’t solve this before it critically affects patients’ care.

This is a pretty good (if unfortunate) example of business continuity crisis. Remember Y2K and all the hullaballoo about drills and testing for enterprise failure? We still need that kind of effort on a regular basis; how do you run your biz if all electronics go dark, for any reason?

(* US articles say $3.6M; CAN article linked says $5M. Currency difference, or an increase in the demand?)

Google found critical vulnerability in GNU C Library
CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow” Huh? What? If you read Google’s blog post about this yesterday, you were probably scratching your head. Some Googlers struggle with writing in plain English. Here’s what tech news outlets interpreted from that google-degook:

Ars Technica: “Extremely severe bug leaves dizzying number of software and devices vulnerable
BBC: “Glibc: Mega bug may hit thousands of devices
Threatpost: “Critical glibc Vulnerability Puts All Linux Machines at Risk

In a nutshell, if you’re running Linux, patch your systems, stat.

Petroleum’s still a problem

  • Iran’s not going along with Saudi-Russia-OPEC agreement on oil production limits. Iran wants to return to pre-sanction production levels before it makes any concessions.
  • Oil glut and tanked prices creates secondary challenges. Saudi’s youth now have entirely different prospects for employment now that oil cannot guarantee national wealth or careers with good pay. Will this cause political volatility in RSA? Wonder what will happen in smaller oil-producing countries like Venezuela and Ecuador?
  • Weird outliers buck trend: Indian oil producer Chennai had a strong Q3, and First American Bank more than doubled its stake in oil development firm Anadarko. Neither of these stories make sense when oil prices have and are plummeting and show no solid sign of improvement in the next year-plus.

TBTF is still too TBTF
Neel Kashkari, Minneapolis Fed Reserve president, called for the breakup of Too-Big-to-Fail banks yesterday, as they are still a risk to the economy. Didn’t see that coming from a fed president, especially Kashkari.

Biggest tech story today: Judge ordered Apple to help hack San Bernadino gunman’s phone
Apple’s been fighting government pressure on backdoors to its products. The fight intensified after federal judge Sheri Pym ordered Apple to cooperate with the FBI to unlock encryption on a county-owned phone used by San Bernadino gunman Syed Farook. Begs the question why any government agency — local, state, or federal — would ever issue a phone with encryption the government could not crack in the first place. Seems like one answer is a government- and/or business-specific encryption patch to iOS: [IF phone = government-issued, THEN unlock with government-issued key]. Same for business-issued phones. Your own personal phone, not issued by a government agency or business? No key, period.

Phew. That’s enough for a Wednesday. Hope we can coast downhill from here.