Posts

Monday: Fierce Dog

/22 Comments/in , , /by

Hunger and fear are the only realities in dog life: an empty stomach makes a fierce dog.

— excerpt, personal journal of Capt. Robert Falcon Scott

This short film by Aaron Dunleavy was inspired by his childhood in Blackburn, Lancashire UK. The script was improvised and cast using locals.

All districts in Lancashire voted Leave during last week’s Brexit referendum, with 65% of Blackburn voters supporting Leave.

Worth noting an article in Lancashire Telegraph about an Aldi’s store under construction. Aldi’s is a German-owned grocery store chain; have to wonder if construction will be completed.

Brexit botch bits

  • @shockproofbeats on Brexit’s impact on Northern Ireland (Storify) — It’s messy now and promises to be even uglier.
  • Downside for China (and other foreign investors): Real estate purchases may be put on hold (SCMP) — Some deals in the works may be halted until the pound is more stable. On the other hand, Britain may step in and put the brakes on sales; too easy for overseas entities with big money to buy up property while pound is depressed.
  • Upside for China (and other banking centers): Business could pick up in Hong Kong (SCMP) — London is the second largest trading center of yuan next to Hong Kong; some of the business could shift back to Hong Kong, especially if HSBC bank choose to relocate its headquarters to HK from London.
  • No change in position on Brexit referendum since last Friday according to PM David Cameron (Independent-UK) — Though Cameron is now going to leave in September. He continued to push triggering of the Article 50 to his successor while taking pot shots at Labor Party over its purge this weekend. Not certain most Americans will notice just how Cameron has managed to shift the blame to both MPs and the people for a referendum he proposed, or how he has turned execution of Article 50 into a poisoned chalice. Lord Chancellor Secretary of State for Justice Michael Gove, Leave campaign proponent, was present at today’s session in Parliament but said nothing before disappearing. Boris Johnson, MP for Uxbridge and South Ruislip and Leave campaign proponent, was noticably absent. Wankers all three.

SCOTUS Week
Waiting around watching the court for good or ill until this morning is kind of like waiting for Shark Week — hey, it IS Shark Week! What a coincidence!

Miscellaneous trouble

Promises to be a busy week ahead. Stay tuned!

Friday: How It Begins

/12 Comments/in , , /by

I was half way through a post yesterday when a friend in the UK told me a member of Parliament had been killed by a fascist.

An assassination, I thought at that moment, unable to write another word for my post. How many times has an assassination kicked off a horrible chain of events?

I hoped and prayed as best a lapsed Catholic can that the murder of MP Jo Cox by a man shouting, “Britain First!” was not the beginning of something dreadful. Research says it’s less likely than if an autocratic figure had been killed, but who can really say with certainty?

We won’t know for some time if this was a trigger event for something else, though it did set off a cascade of stomach-turning crap. So many media outlets referred to politician Cox’s death by a political fanatic as something other than an assassination. Really? Would Cox have been targeted had she not been a pro-EU unity supporter? Would the assassin — characterized by so many euphemisms as mentally ill — have killed her had he not been rabidly anti-EU and racist, impelled by ramped-up anti-EU rhetoric in advance of the EU-Brexit referendum?

And the disparity in coverage between [lone white gunman suspected of mental illness] and [armed terrorist—labeled so because they’re not white]? Beyond disgusting. The racism is all the more obvious. The public is conditioned by media’s implicit bias to expect and accept the lone white gunman, but never the dark-skinned person bearing a weapon. The accused must have sympathized with white nationalism, irrespective of country, having bought his firearm components from U.S. neo-Nazis more than a decade ago. The description of his attack on Cox is chilling — it was a cold political execution, not just some wildly insane flailing without care for the outcome.

The world lost someone very special when Jo Cox died yesterday. Someone who lived progressive values out in the open, modeling a better way for us. Don’t kid yourself this was just a crazed man acting alone when white nationalist politicians like Nigel Farage believe “violence is the next step” if angry constituents feel they’ve lost control.

And don’t fool yourself into believing this was an isolated event occurring in a vacuum.

Today’s Friday jazz is a performance of She’s Crying for Me by the Yorkshire Jazz Band, in honor of Jo Cox’s home county.

A note on hacking stories
The breach of the DNC’s computers is one of a number of stories over the last several years following a pattern: the breach is attributed to one entity and then yet another entity, while the story itself has a rather interesting point of origin. Initial reports may say the hackers were affiliated with [nation/state X] and later reports attribute the hacking to [unaligned third party Y] — or a variation on this order — a key characteristic is the story’s immaculate birth.

Try looking for yourself for the earliest story reporting the hacking of the DNC. Who reported it and when? Who were the original sources? Did the story arise from a call to law enforcement or a police report, and a local beat reporter who gathered named eyewitnesses for quotes? Or did the story just pop out of thin air, perhaps simultaneously across multiple outlets all regurgitating the same thing at the same time?

My point: Be more skeptical. There’s an adage in reporting, drummed into journalism students’ heads: If your mother says she loves you, check it out.

Three examples of manipulated opinion
Speaking of being more skeptical, bias manifests itself in all manner of ways and can be easily used for good or ill.

  • U.S. government and military orgs tricked into running ‘imposter code’ (Ars Technica) — Suckers didn’t perform due diligence on packages of code hosted at developer communities before running them. Gee, I wonder if any political parties’ personnel might have done the same thing…
  • GOP-led House waffles on HR 5293 surveillance bill because Orlando (HuffPo) — Ugh. Would this vote have been different this time if a lone crazed white gunman had shot up a bar? Sadly, we can’t tell based on the bill’s approval last year because the vote took place one day before Dylan Roof’s mass shooting in a Charleston church. Nor can we tell from the bill’s 2014 approval by the House because the mass shootings the week of the vote were just plain old run-of-the-mill apolitical/non-racist with too few fatalities.
  • Send manuscripts out under a man’s name = agents and publishers notice (Jezebel) — If you’re a woman you can be a great writer and you won’t get any nibbles on your manuscript — unless you submit it under a male name. Hello, implicit bias, much? This isn’t the only example, either.

Worthwhile long read
This commentary at Tor.com looks at the movie V for Vendetta, saying it’s “more important than ever,” in spite of the adaptation’s rejection by Alan Moore, author of the graphic novel on which this film was based. The essay was published this past Tuesday; read it now in light of Jo Cox’s assassination Thursday. A single event can change perception. This line alone now means something very different to me:

It seems strange that my life should end in such a terrible place. But for three years I had roses, and apologized to no one.

If time permits, I may slap up a post this weekend to make up for yesterday’s writer’s block. Otherwise I’ll catch you on Monday.

Tuesday: Going Alone

/28 Comments/in , , /by

I’ve been so damned angry I’ve had difficulty wrapping words around what I want to say. It’s still Tuesday somewhere, so I’ll grit this out.

Assault weapons should be banned for sale to civilians.

Spare me the crap about hunters and taking their guns. My freezer contains 25 to 100 pounds of venison at any time. This household lives off the results of hunting and respects the power of firearms. None of this meat required an assault weapon.

If an assault weapon had been used, it would have been a waste of a deer tag. There’d be no meat left.

The embedded video above shows the damage hunting ammo does at close range — approximately 15-20 feet — on meat. The next video shows the damage #4 and #8 birdshot can do at short range, even through multiple layers of denim and drywall. Imagine what an assault weapon would do to flesh at similar range.

Better yet, listen to what a combat vet says about assault weapons.

There’s nothing in the Second Amendment to suggest a prohibition on certain weapons is wrong; if anything, the framing of a ‘well regulated militia’ suggests limitations are in order.

There’s also nothing in the Second Amendment to suggest that gun manufacturers have an absolute right to an unrestrained business model, or to profits at the expense of the public’s general welfare.

Nor does the Second Amendment say a damned thing about catering to ‘gun enthusiasts’ who want guns for ‘pleasure’. A ‘well regulated militia’ doesn’t possess guns but as necessary for the ‘security of a free state’, not personal enjoyment.

And both embedded videos embedded make a bloody good case that arguments about assault weapons being necessary to stop a home invasion are trash. Birdshot at close range can do one hell of a lot of damage, as do 00 buckshot and a 1-oz slug.

Congress — more specifically, the GOP — needs to strap on its spine and draw the line on assault weapons. How many more dead Americans is it going to take before Congress clues in the terrorist threat is already here? It’s domestic, and it’s better armed than the police because GOP-led Congress is as weak as the GOP is against Trump.

Spare the empty moments of silence and prayers which might as well be to Moloch after another human sacrifice. Such fail at protecting the American public.

Speaking of which…

Information Security Fail

  • USAF database with records on ~100,000 investigations ‘lost’ (Defense One) — This is such bullshit, I can’t even…why is a CONTRACTOR, which may be the subject of any one of the 100K investigations, hosting and managing a database like this? What a massive conflict of interest. The database included constituent and congressional inquiries. Don’t even get me started on the fact this system relied on Microsoft Internet Explorer. Where have we seen this kind of massive loss of data including failed backups before? Hardly a surprise the data covers the period including most of the Iraq and Afghanistan wars as well as the construction of the F-35. Somebody better lose their job for this crap, and there’d better be a respectable investigation instead of the usual fluffery hiding billions of lost dollars.
  • DNC database infiltrated by the Russians (WaPo) — DNC Chair Debbie Wasserman-Schultz needs to be walked out the door for this bullshit, along with responsible IT management. As if anyone able to sit up and take nourishment couldn’t see the DNC computer systems would be a target for cybercrime and cyberwarfare. No excuses for this during the run-up to a general election season, especially when her favorite candidate is already floundering because of information security failures during her tenure as Secretary of State. This bit:

    The depth of the penetration reflects the skill and determination of the United States’ top cyber adversary as Russia goes after strategic targets, from the White House and State Department to political campaign organizations.

    Total blowjob for access. If the hackers got in by spearphishing as suggested in the article, there’s no finesse required. Just poorly trained/educated users and no firewall between email and database. The only thing that surprises me about this is that ransomware wasn’t deployed. Imagine it: a major U.S. political party ground to a halt by spearphish-delivered ransomware.

  • University of Calgary paid CDN$20K after ransomware attack (Calgary Herald) — First heard about this attack the end of May. Looks like the school had no choice but to offer the bitcoin equivalent of $20K to release their systems, which says a lot about backup systems and rebuild cost. Considering the broad range of users at universities and widely different levels of experience and training, I’m surprised we haven’t seen more ransomware attacks on schools. Though monetarily they’re less appetizing than other targets, and may have more resources to deal with the threat if they have a strong IS/IS program.
  • Chinese IBM employee arrested for trade secret theft (Reuters) — The indictment (pdf) says the now-former IBM employee stole proprietary software related to hyperscale storage clusters, or what most consumers would know as ‘cloud storage’. This is a technology segment in which the U.S. still has considerable clout in terms of marketshare, and in terms of global economic impact based on its use. Reporting on this indictment has been vague, referring to the technology at the heart of this case as ‘networking software’. It’s more complex than that; the proprietary software underpins storage and retrieval of data across networked large storage devices. (Hi blueba. Just checking to see if you missed me. Can’t let the Russians have all the fun.)

Basta. Enough. Let’s hope Wednesday is kinder than the last handful of days have been.

Monday Morning: Tarantela [UPDATE]

/15 Comments/in , , /by

I could listen to this piece on a loop. It’s Santiago de Murcia’s “Tarantela,” performed by noted lutist Rolf Lislevand. The instrument he is playing is as important as the music and his artistry; it’s an extremely rare Stradivarius guitar called the Sabionari. While tarantellas more commonly feature additional instruments and percussion like tambourines, this instrument is stunning by itself.

You can learn more about the Sabionari at Open Culture, a site I highly recommend for all manner of educational and exploratory content.

And now to dance the tarantella we call Monday.

Wheels

  • What’s the German word for ‘omertà’? Because Volkswagen has it (Forbes) — Besides the use of obfuscation by translation, VW’s culture obstructs the investigation into Dieselgate by way of a “code of silence.” And money. Hush money helps.
  • Growing percentage of VW investors want an independent investigation (WSJ) — An association 25,000 investors now demands an investigation; the problem continues to be Lower Saxony, the Qatar sovereign-wealth fund and the Porsche family, which combined own 92% of voting stock.
  • VW production workers get a 5% pay raise (IBT) — Is this “hush money,” too, for the employees who can’t afford to be retired like VW’s executives? The rationale for the increase seems sketchy since inflation is negligible and VW group subsidiary workers at Audi and Porsche won’t receive a similar raise.
  • Insanity? VW Group a buy opportunity next month (The Street) — Caveat: I am not a stockbroker. This information is not provided for investment purposes. Your mileage may vary. But I think this is absolute insanity, suggesting VW group stock may offer a buy opportunity next month when VW publishes a strategy for the next decade. If this strategy includes the same utterly opaque organization committing fraud to sell vehicles, is it smart to buy even at today’s depressed prices? The parallel made with Apple stock is bizarre, literally comparing oranges to Apples. Just, no.

Bad News (Media)

Cybersec

  • Organized criminals steal $13M in minutes from Japanese ATMs (The Guardian) — And then they fled the country. What?! The mass thefts were facilitated by bank account information acquired from an unnamed South African bank. Both Japan and SA use chip-and-pin cards — so much for additional security. Good thing this organized criminal entity seeks money versus terror. Interesting that the South African bank has yet to be named.(*)
  • Slovenian student receives 15-month suspended sentence for disclosing state-created security problems (Softpedia) — The student at Slovenia’s Faculty of Criminal Justice and Security in Maribor, Slovenia had been investigating Slovenia’s TETRA encrypted communications protocol over the last four years as part of a school project. He used responsible disclosure practices, but authorities did not respond; he then revealed the encrypted comms’ failure publicly to force action. And law enforcement went after him for exposing their lazy culpability hacking them.
  • Related? Slovenian bank intended target for Vietnamese bank’s SWIFT attempted hack funds (Reuters) — Huh. Imagine that. Same country with highly flawed state-owned encrypted communications protocol was the target for monies hackers attempted to steal via SWIFT from Vietnamese TPBank. Surely just a coincidence, right?

Just for the heck of it, consider a lunch read/watch on a recent theory: World War 0. Sounds plausible to me, but this theory seems pretty fluid.

Catch you here tomorrow morning!

* UPDATE — 1:20 P.M. EDT —
Standard Bank reported it had lost 300 million rand, or USD $19.1 million to the attack on Japanese ATMs. First reports in South African media and Reuters were roughly 11 hours ago or 9:00 a.m. Johannesburg local time. It’s odd the name of the affected bank did not get wider coverage in western media, but then South Africa has a problem with disclosing bank breaches. There were five breaches alleged last year, but little public information about them; they do not appear on Hackmageddon’s list of breaches. This offers a false sense of security to South African banking customers and to banks’ investors alike.

Japan Times report attribute the thefts to a Malaysian crime gang. Neither Japan Times nor Manichi mention Standard Bank’s name as the affected South African bank. Both report the thefts actually took place more than a week ago on May 15th — another odd feature about reporting on this rash of well-organized thefts.

Friday Morning: Mi Ritmo

/9 Comments/in , , , /by

Oye como va
Mi ritmo
Bueno pa gozar
Mulata

— excerpt, Oye Como Va by Tito Puente

This Latin jazz song was on the very first album I owned — Santana’s Abraxas. I have no idea what possessed my father to select this way back in 1971 because he’s not musically inclined. I prefer to think he was persuaded by the music store staff to buy it for me rather than think the cover art did it for him. To this day I don’t dare ask; I’d rather live with my illusion.

Perhaps he simply liked Oye Como Va by Tito Puente and decided I needed it. Maybe that’s what he wanted to listen to when I played the album over and over again, ad nauseam. The song is still easy to listen to even when played by a septuagenarian, isn’t it? Though Puente probably still felt the same way about this song in his last live performance as he did when he first recorded it in 1963.

The personal irony I’m certain my father never considered: the last line is a reference to a mixed race “mulatto” woman. That’s me.

Vamos, amigos!

Wheels

  • South Korea frustrated by Volkswagen’s response to Dieselgate (Yonhap) — Hard to tell how many VW passenger diesel cars with the emissions controls defeat tech have been sold in South Korea to date. Last year’s sales of 35,700 suggest VW needs to exert itself a little more than offer to recall a total 125,000 cars.

Technology Trends

  • Breakthrough in memory technology could change computing dramatically (IBM via YouTube) — I’m still trying to wrap my head around this; could be the simplicity of the underlying science seems so obvious I can’t understand why it wasn’t discovered sooner. Using polycrystalline rather than amorphous material, more data can be stored and in a manner which is stable and not prone to loss when electricity is cut. This technology could replace DRAM at flash memory prices. Imagine how quickly systems could begin processing if they could avoid seeking programs and data.
  • Google’s annual I/O event chary on enterprise computing (ComputerWorld) — Wonder if Google executives’ expressed intent to focus on the enterprise is a veiled threat directed at Oracle? The I/O annual conference didn’t have enough enterprise applications to satisfy the curious; is Google holding back? Or are there pending acquisitions to fill this stated intent, ones not yet ready for publication? I wouldn’t be surprised to see Google launch something on par with Salesforce or Zoho very soon. Google Drive components already compete with or are integrated with some of those Zoho offers in its small business offering.
  • Android’s coming to Chromebooks — finally! (Google Blog) — I’ve put off buying another laptop until this happened, guess I’ll look at the first three models on which developers will focus their development. The applications available for Android phones have been mind-boggling in number; it’d be nice to have the same diversity of selection for laptops. And then maybe desktops in the not-too-distant future? That would really make a dent in enterprise computing.

Cybersec

  • Security camera not password protected? Police may be able to tap it (Engadget) — Love the subhead: “Don’t worry, it’s supposed to be for a good cause.” Just add the invisible snark tag. Purdue University researchers found surveillance cameras could be tapped to allow law enforcement to monitor a crime scene. I don’t know about you but this sounds like a backdoor, not a convenient vulnerability. If the police can use it soon, who might already be using it?
  • Qualcomm mobile chip flaw leaves 60% of Android devices exposed (Threatpost) — Not good, especially since this boo-boo may affect both oldest and newest Android versions. But a malicious app is required to take advantage of this flaw, unlike the Stagefright exploit. Android has already issued a patch; the problem is getting it to all affected devices.
  • LinkedIn’s 2012 breach yielded info on more than 100 million accounts (Motherboard) — Only 6.5 million accounts were initially breached — but that’s only the first batch published online. The actual haul from 2012 was at least 117 million accounts, now for sale for a mere five bitcoins or $2200. Are you a LinkedIn user? Time to check Have I Been Pwned? to see if your account is among those in the breach.

Climate Crises

  • Record high temp of 51C (124F) recorded in India (The Register) — Drought continues as well; article notes, “Back in India, relief from the heat is expected when the annual monsoon hits. The cooling rains generally arrive in mid-June.” Except that with a monster El Nino underway, the amount of rain and cooling will depart from average.
  • Polymath Eleanor Saitta considers climate change and comes to some grim, mortal conclusions (Storify by @AnthonyBriggs) — If you’re a policymaker, you’d better worry about dealing effectively with climate refugees and deaths in the millions. Maybe billions. Refugees from Syria will look like a minuscule blip. If you’re not terrified, you should be.

Looks like it’s going to be a lovely late spring weekend here — hope you’re going to have a nice one, too. See you Monday!

Wednesday Morning: Wandering

/4 Comments/in , , , /by

This music video is the result of an insomniac walkabout. I went looking for something mellow I hadn’t heard before and tripped on this lovely little indie folk artistry. Not certain why I haven’t heard Radical Face before given how popular this piece is. I like it enough to look for more by the same artist.

Let’s go wandering…

Volkswagen: 3.0L fix in the offing, but too late for EU and the world?

  • New catalytic converter may be part of so-called fix for VW and Audi 3.0L vehicles (Bloomberg) — The financial hit affected dividend as reserve for fix/recall/litigation was raised from 6.7B to 16.2B euros. VW group will not have a full explanation about Dieselgate’s origins and costs to shareholders until the end of 2016.
  • But Netherland’s NO2 level exceeds the 40 microgram threshold in 11 locations, violating EU air pollution standards (DutchNews) — Locations are those with high automobile traffic.
  • UK government shoveled 105,000 pounds down legal fee rat hole fighting air pollution charges (Guardian-UK) — Look, we all know the air’s dirty. Stop fighting the charges and fix the mess.
  • UK’s MPs already said air pollution was a ‘public health emergency’ (Guardian-UK) — It’s killing 40-50,000 UK residents a year. One of the approaches discussed but not yet in motion is a scrapping plan for dirty diesel vehicles.
  • Unfortunately global CO2 level at 400 ppm tipping point, no thanks to VW’s diesel vehicles (Sydney Melbourne Herald) — Granted, VW’s passenger vehicles aren’t the only source, but cheating for nearly a decade across millions of cars played a substantive role.

Mixed government messages about hacking, encryption, and cybersecurity enforcement
Compare: FBI hires a “grey hat” to crack the San Bernardino shooter’s iPhone account, versus FCC and FTC desire for escalated security patching on wireless systems. So which is it? Hacking is good when it helps government, or no? Encryption is not good for government except when it is? How do these stories make any sense?

  • State of Florida prosecuting security researcher after he revealed FL state’s election website was vulnerable (Tampa Bay Times) — Unencrypted site wide-open to SQL “injection attack” allowed research to hack into the site. Florida arrests him instead of saying thanks and fixing their mess.
  • UK court rules hacker does not have to give up password (Guardian-UK) — Computer scientist and hacker activist Lauri Love fights extradition to U.S. after allegedly stealing ‘massive quantities’ of data from Fed Reserve and NASA computers; court ruled he does not have to give up password for his encrypted computers taken into custody last autumn.
  • SWIFT denies technicians left Bangladeshi bank vulnerable to hacking (Reuters) — Tit-for-tat back and forth between Bangladesh Bank and SWIFT as to which entity at fault for exposures to hacking. Funny how U.S. government is saying very little about this when the vulnerability could have been used by terrorists for financing.

Well, it’s not quite noon Pacific time, still morning somewhere. Schedule was off due to insomnia last night; hoping for a better night’s sleep tonight, and a better morning tomorrow. Catch you then!

Thursday Morning: Burning Bright

/13 Comments/in , /by

Tyger Tyger, burning bright,
In the forests of the night;
What immortal hand or eye,
Could frame thy fearful symmetry?

In what distant deeps or skies.
Burnt the fire of thine eyes?
On what wings dare he aspire?
What the hand, dare seize the fire?

— excerpt, The Tyger by William Blake

Props to Fort McMurray, Alberta, Canada, for evacuating a city under immediate threat of fire without any casualties directly attributable to the blaze. There was one death reported due to a vehicle accident, but it’s not clear the accident was caused by the fire or the evacuation process. I don’t know that an American city could have responded as quickly with the same results, but then Fort McMurray’s folks remember the Slave Lake wildfire five years ago in May 2011. Slave Lake, located roughly 250 miles southwest of Fort McMurray, was similarly forced to evacuate its 7,000 residents after 60 mph winds fanned a forest fire out of control and into the town.

In addition to expanded evacuation south of Fort McMurray, another wildfire in northern Alberta approximately 500 miles northwest of Fort McMurray forced evacuation of the town of High Level last evening. Fortunately, cooler weather will help battling this and Fort McMurray’s blaze; temperatures are expected to be 20 degrees cooler than the 88F degree high reached yesterday in Fort McMurray. There’s no rain in the forecast for nearly a week, though.

If you look at a satellite map of Alberta, you’ll note the areas surrounding these two municipalities actually had quite a bit of forest near them to their west (Fort McMurray is south of the Athabasca tar sands production site by a 30-minute drive). I’d like to know how much of this is boreal forest, which was once aggressively protected by Canada — before Alberta’s Stephen Harper became PM, that is. Despite the efforts of NGOs, expansion of the tar sands escalated dramatically from 2006 on. Now that oil prices have plummeted, production at Athabasca may drop, but too late to prevent damage to a wide swath of forest, not to mention the clearing done to support oil and gas development in northwestern Alberta. With the likelihood of wildfires throughout the rest of the summer running high, let’s hope the current Trudeau administration invests heavily in forest restoration efforts to replace growth lost to both fossil fuel production and to fire.

Reforestation is only a start, thought; additional protections going forward are needed as boreal forest is the largest carbon sink on earth, bigger than rain forests. We Americans don’t pay as much attention to Canadian deforestation because the country’s population is much smaller than Brazil. But Canada’s forests are critically important to reducing CO2, locking it up in trees and preserving it in bogs. We’re Canada’s largest trading partner and its largest consumer of wood products. We should be more aware and more responsible for our role in protecting Canada’s boreal forest.

Bits and pieces

  • Ford sinks cash into software company Pivotal (Detroit Free Press) — One of the many recent investment/partnerships with technology firms to augment vehicles’ features. Ford said it would have difficulty doing what Pivotal does. Let’s hope Pivotal is more conscious of cybersecurity than its automotive partners.
  • Former Apple employees to release new AI bot, VIV next week (Apple Insider) — Description sounds like Siri let out of the iPhone, or Amazon’s Alexa on Echo bot. Whatever it is, stay away from me with this stuff.
  • Nearly 300 million email account credentials floated in criminal underground (Reuters) — A massive collection including tens of millions of accounts on Yahoo, Microsoft, and Gmail email services was offered up in exchange for favorable comments in hacker forums. Something about this scenario sounds fishy, especially since the hacker first asked for 50 rubles (about one dollar) in exchange for all the compromised email accounts’ credentials. Some of the accounts belonged to banking, manufacturing, and retail personnel.
  • Has the revolution begun? Shareholders protest Reckitt Benckiser’s CEO compensation (Bloomberg) — Is this the beginning of a trend?

Your assignment today: check your area for wildfire or bushfire risk, and develop a personal evacuation strategy. Fortunately in my area we have standing water after nearly 24 hours of rain. Out of here, gang.

UPDATE — 2:00 P.M. EDT —
Fire’s still spreading across portions of Fort McMurray. Reporter vince McDermott believes he just lost his home this morning while he was at work. Must be just awful to cover a story affecting your community so dramatically and find yourself experiencing loss, too.

Monday Morning: Brittle

/17 Comments/in , /by

The Emperor’s Palace was the most splendid in the world, all made of priceless porcelain, but so brittle and delicate that you had to take great care how you touched it. …

— excerpt, The Nightingale from The Yellow Fair Book by Andrew Lang

Last week I’d observed that Apple’s stock value had fallen by ~7% after its financial report was released. The conventional wisdom is that the devaluation was driven by Apple’s first under-performing quarter of iPhone sales, indicating weaker demand for iPhones going forward. Commenter Ian remarked that Apple’s business model is “brittle.” This perspective ignores the meltdown across the entire stock global market caused by China’s currency devaluation, disproportionately impacting China’s consumption habits. It also ignores great untapped or under-served markets across other continents yet to be developed.

But more importantly, this “wisdom” misses a much bigger story, which chip and PC manufacturers have also reflected in their sales. The video above, now already two years old, explains very neatly that we have fully turned a corner on devices: our smartphones are and have been replacing our desktops.

Granted, most folks don’t go through the hassle of purchasing HDMI+USB connectors to attach larger displays along with keyboards. They continue to work on their phones as much as possible, passing content to and from cloud storage when they need to work from a keyboard attached to a PC. But as desktops and their attached monitors age, they are replaced in a way that supports smartphones as our main computing devices — flatscreen monitors, USB keyboards and mice, more powerful small-footprint external storage.

And ever increasing software-as-a-service (SaaS) combined with cloud storage.

Apple’s business model isn’t and hasn’t been just iPhones. Not since the debut of the iPod in October 2001 has Apple’s business model been solely focused on devices and the operating system required to drive them. Heck, not since the debut of iTunes in January 2001 has that been true.

Is there a finite limit to iPhones’ market? Yeah. Same for competing Android-driven devices. But is Apple’s business just iPhones? Not if iTunes — a SaaS application — is an indicator. As of 2014, there were ~66 million iPhones in the U.S., compared to ~800 million iTunes users. And Apple’s current SaaS offerings have exploded over time; the Apple store offers millions of apps created by more than nine million registered developers.

At least nine million registered developers. That number alone should tell you something about the real business model.

iPhones are a delivery mechanism, as are Android-based phones. The video embedded above shows just how powerful Android mobile devices can be, and the shift long underway is not based on Apple’s platform alone. If any business model is brittle right now, it’s desktop computing and any software businesses that rely solely on desktops. How does that change your worldview about the economy and cybersecurity? Did anyone even notice how little news was generated about the FBI accessing the San Bernardino shooter’s PCs? Was that simply because of the locked Apple iOS account, or was it in part because the case mirrored society’s shift to computing and communications on mobile devices?

File under ‘Stupid Michigan Legislators‘: Life sentences for automotive hackers?
Hey. Maybe you jackasses in Michigan’s state senate ought to deal with the permanent poisoning of nearly 8000 children in Flint before doing something really stupid like making one specific kind of hacking a felony worthy of a life sentence. And maybe you ought to do a little more homework on hacking — it’s incredibly stupid to charge a criminal with a life sentence for a crime as simple as entry permitted by wide-open unlocked doors. Are we going to allocate state money to chase hackers who may not even be in this country? Are we going to pony up funds for social media monitoring to catch hackers talking about breaching wide-open cars? Will this law deter citizen white hats who identify automakers’ vulnerabilities? File this mess, too, under ‘Idiotic Wastes of Taxpayers’ Money Along with Bathroom Legislation by Bigots‘. This kind of stuff makes me wonder why any smart people still live in this state.

File this, too, under ‘Stupid Michigan Legislators‘: Lansing Board of Water and Light hit by ransomware
Guess where the first ransomware attack on a U.S. utility happened? Do I need to spell it out how ridiculous it looks for the electric and water utility for the state’s capitol city to be attacked by ransomware while the state’s legislature is worrying about who’s using the right bathroom? Maybe you jackasses in Lansing ought to look at funding assessment and security improvements for ALL the state’s utilities, including both water safety and electricity continuity.

Venezuela changes clocks to reduce electricity consumption
Drought-stricken Venezuela already reduced its work week a month ago to reduce electricity demand. Now the country has bumped its clocks forward by 30 minutes to make more use of cooler early hour during daylight. The country has also instituted rolling blackouts to cutback on electricity. Cue the right-wing pundits claiming socialism has failed — except that socialism has absolutely nothing to do with a lack of rainfall to fill reservoirs.

Coca Cola suing for water as India’s drought deepens
This is a strong piece, worth a read: Whose Water Is It Anyway?

After a long battle, the UN declared in 2010 that clean water was a fundamental right of all citizens. Easier said than done. The essential, alarming question has become, ‘Who does the groundwater belong to?’ Coca Cola is still fighting a case in Kerala where the farmers rebelled against them for using groundwater for their bottling plants. The paddy fields for miles around dried up as water for Coke or the company’s branded bottled water was extracted and transported to richer urban consumers.

Who did that groundwater belong to? Who do our rivers belong to? To the rich and powerful who can afford the resources to draw water in huge quantities for their industries. Or pollute the rivers with effluent from their industries. Or transport water over huge distances at huge expense to turn it into profit in urban areas.

Justus Rosenberg: One of Hannah Arendt’s rescuers
Ed Walker brought this piece to my attention, a profile of 95-year-old Justus Rosenberg featured in this weekend’s New York Times. I love the last two grafs especially; Miriam Davenport characterized Rosenberg as “a nice, intelligent youngster with no family, no money, no influence, no hope, no fascinating past,” yet he was among those who “…were a symbol of sorts, to me, in those days […] Everyone was moving Heaven and earth to save famous men, anti-fascist intellectuals, etc.” Rosenberg was a superhero without a cape.

That’s our week started. See you tomorrow morning!

See you tomorrow morning!

Tuesday Morning: Monitor

/15 Comments/in , , /by

Y me lamento por no estar alla
Y hoy te miento para estar solos tu y yo
Y la distancia le gano al amor
Solo te veo en el monitor

— excerpt, Monitor by Volovan

Sweet little tune, easy to enjoy even if you don’t speak Spanish.

Speaking of monitor…

Flint Water Crisis: Michigan State Police monitoring social media
Creeptastic. MSP is following social media communications related to Flint water crisis, which means they’re watching this blog and contributors’ tweets for any remarks made about Flint. Whatever did they do in the day before social media when the public was unhappy about government malfeasance?

MDEQ personnel told Flint city water employee to omit tests with high lead readings
The charges filed last week against two Michigan Department of Environmental Quality and a Flint city employee were related to the manipulation and falsification of lead level tests. From out here it looks like Mike Glasgow did what the MDEQ told him to do; with the city under the control of the state, it’s not clear how Glasgow could have done anything else but do what the state ordered him to do. Which governmental body had higher authority under emergency management — the city’s water department, or the MDEQ? And what happens when personnel at the MDEQ aren’t on the same page about testing methodology?

MDHHS too worried about Ebola to note Legionnaire’s deaths in 2014-2015?
Michigan’s Department of Health and Human Services director Nick Lyons maintains a “breakdown in internal communication” kept information about the Legionnaire’s disease outbreak from reaching him. He also said MDHHS was focused on Ebola because of its high mortality rate overseas. There were a total of 11 cases of Ebola in the U.S. between 2014 and 2015, none of which were diagnosed or treated in Michigan. Meanwhile, 10 people died of Legionnaire’s due to exposure to contaminated Flint water in that same time frame. Not certain how MDHHS will respond to an imported biological crisis when it can’t respond appropriately to a local one created by the state.

Other miscellaneous monitoring

  • Charter Communications and Time Warner tie-up approved, with caveat (Reuters) — Charter can’t tell content providers like HBO they can’t sell their content over the internet – that’s one of a few exceptions FCC placed on the deal. I think this is just insane; the public isn’t seeing cheaper broadband or cable content in spite of allowing ISPs to optimize economies of scale. Between Charter/TWC and Comcast, they’ll have 70% of all broadband connections in the U.S.
  • Mitsubishi Motors fudged its fuel economy numbers for last 25 years (AP) — This investigation is exactly what should happen across EU, because EU-based manufacturers have done this for just as long or longer. And the EU knows this, turns a blind eye to the tricks automakers use to inflate fuel economy ratings.
  • Goldman Sachs has a brand new gig: internet-based banking (Fortune) — This is the fruit of GS’ acquisition of General Electric’s former financial arm. Hmm.
  • BAE Systems has a nice graphic outlining the SWIFT hack via Bangladesh’s central bank (BAE) — Makes it easy to explain to Grampa how somebody carted off nearly a billion dollars.

Toodledy-doo, Tuesday. See you tomorrow morning!

Wednesday Morning: A Whiter Shade

/5 Comments/in , /by

She said, ‘There is no reason
and the truth is plain to see.’
But I wandered through my playing cards
and would not let her be

— excerpt, Whiter Shade of Pale by Procol Harum
cover here by Annie Lennox

I’ve been on an Annie Lennox jag, sorry. I’m indulging myself here at the intersection of a favorite song which fit today’s theme and a favorite performer. Some of you will take me to task for not using the original version by Procol Harum, or another cover like Eric Clapton’s. Knock yourselves out; it’s Lennox for me.

Speaking of a whiter shade and truth…

FBI used a ‘gray hat’ to crack the San Bernardino shooter’s phone
Last evening after regular business hours WaPo published a story which made damned sure we knew:

1) The FBI waded into a fuzzy zone to hack the phone — oh, not hiring a ‘black hat’, mind you, but a whiter-shade ‘gray hat’ hacker;
2) Cellebrite wasn’t that ‘gray hat’;
3) The third-party resource was referred to as ‘professional hackers’ or ‘researchers who sell flaws’;
4) FBI paid a ‘one-time fee’ for this hack — which sounds like, “Honest, we only did it once! How could we be pregnant?!
5) A ‘previously unknown software flaw’ was employed after the third-party pointed to it.

This reporting only generated more questions:

• Why the careful wording, ‘previously unknown software flaw’ as opposed to zero-day vulnerability, which has become a term of art?
• How was the determination made that the party was not black or white but gray, and not just a ‘professional hacker who sold knowledges about a flaw they used’? Or was the explanation provided just stenography?
• However did Cellebrite end up named in the media anyhow if they weren’t the source of the resolution?
• What assurances were received in addition to the assist for that ‘one-time fee’?
• Why weren’t known security experts consulted?
• Why did the FBI say it had exhausted all resources to crack the San Bernardino shooter’s phone?
• Why did FBI director Jim Comey say “we just haven’t decided yet” to tell Apple about this unlocking method at all if ‘persons familiar with the matter’ were going to blab to WaPo about their sketchy not-black-or-white-hat approach instead?

That’s just for starters. Marcy’s gone over this latest story, too, be sure to read.

Volkswagen execs get a haircut
Panic among employees and state of Lower Saxony over VW’s losses and anticipated payouts as a result of Dieselgate impelled executives to share the pain and cut their bonuses. Germany’s Lower Saxony is the largest state/municipal shareholder in VW, but it’s doubly exposed to VW financial risks as nearly one in ten Germans are employed in the automotive industry, and VW is the largest single German automotive company. The cuts to bonuses will be retroactive, affecting payouts based on last year’s business performance.

Fuzzy dust bunnies

  • Verizon workers on strike (Boston Globe) — Until minimum wage is raised across the country and offshoring jobs stops, we’ll probably see more labor actions like this. Should be a warning to corporations with quarter-after-quarter profits and offshore tax shelters to watch themselves — they can afford to pay their workers.
  • Facebook deploys bots across its services (Computerworld) — But, but AI is years away, said Microsoft research…meanwhile, you just know Amazon’s Alexa is already looking to hookup with Facebook’s chatbot.
  • Google’s charitable arm ponied up $20M cash for disabled users’ technology improvements (Google.org) — IMO, this was a great move for an underserved population.
  • Judge’s rejects Obama administration blow-off of apex predator wolverines (HGN) — Wolverines, a necessary part of health northern and mountain ecosystems, need cold weather to survive. Montana’s U.S. District Court ruled the administration had not done enough to protect biodiversity including the wolverine. Crazy part of this entire situation is that the feds don’t believe the wolverine warrants Endangered Species Act (ESA) protection and that they can’t tell what effects climate change has on this species, but the species is seen rarely to know. Hello? A rarely-seen species means the numbers are so low they are at risk of extinction — isn’t that what the ESA is supposed to define and prevent?

UPDATE — 12:10 PM EDT —
From @cintagliata via Twitter:

Back in 1971, researchers observed Zika virus replicating in neurons and glia. (in mice) http://bit.ly/1XvsD4d

I’m done with the pesticides-as-causal theory. It may be a secondary exacerbating factor, but not likely primary. In short, we’ve had information about Zika’s destructive effects on the brain and nervous system for 45 years. It’s past time for adequate funding to address prevention, treatments, control of its spread.

It’s all down the hump from here, kids. See you tomorrow morning!