Month: September 2016

More Insanity of our IP Regime

Cryptographic expert Matt Green has filed suit in federal court to prevent his arrest if he publishes a text book on encryption:

Assistant Professor Matthew Green has asked US courts for protection so that he can write a textbook explaining cryptography without getting sued under the Digital Millennium Copyright Act.

Green, who teaches at Johns Hopkins University in Maryland, is penning a tome called Practical Cryptographic Engineering that examines the cryptographic mechanisms behind the devices we use every day, such as ATM machines, smart cars, and medical devices. But this could lead to a jail sentence if the manufacturers file a court case using Section 1201 of the DMCA.

Section 1201 prohibits the circumvention of copyright protection systems installed by manufacturers, and comes with penalties including heavy fines and possible jail time. As such, the Electronic Frontier Foundation (EFF) has taken up Green’s case, and that of another researcher, to try to get the provision ruled illegal by the courts.

“If we want our communications and devices to be secure, we need to protect independent security researchers like Dr Green,” said EFF staff attorney Kit Walsh.

The history of prosecutions under section 1201 have been an exercise in the copyright holders studiously avoiding taking cases that they might lose in order to maximize the chilling effect against researchers and consumer advocates, “The US Department of Justice has asked the courts to dismiss the case on the grounds that it is highly unlikely that Green would be prosecuted.”

This chilling effect is why civil rights cases are allowed to proceed even though no one has has been prosecuted, so I find the Justice Department’s argument specious.

We have a clear demonstration of a chilling effect, both for Green and Andrew Huang, who is trying to author an open source operating system.

Of course, the DoJ, and the White House, and most of the US Congress are in the pocket of IP rights holders, it is no surprise that they are opposing the application of common sense to these restrictions.

No

A contract for the serial production of the fifth-generation T-50 PAK FA fighter jet at the Komsomolsk-on-Amur Aircraft Plant is planned to be signed before the end of 2017, Governor of Russia’s Khabarovsk Territory Vyacheslav Shport said.

………

Russian Aerospace Force Commander-in-Chief Viktor Bondarev said earlier that the serial production of the T-50 fighter jet would begin in 2017.

According to the commander, the PAK FA fighter jet will be made operational with the Aerospace Force in 2017 as well.

This is pixie dust.

They are still not flying the aircraft with its intended power plant, and they are suggesting that it will enter service in a year.

Additionally, the current prototypes are still hand built.

Stepping up to mass production from this is a monumental task, particularly given the large portion of the skin and airframe made of composites, and the need to maintain tight tolerances to reduce radar signature.

This would be the first for a mass produced Russian aircraft.

It can be done, but it cannot be done in just 1 year.

This is the Wisest Thing I’ve Read in Some Time

Academician Dianne Pfundstein Chamberlain makes what should be an obvious point, that that military adventures for the purpose of promulgating the illusion of our national “credibility” is a complete clusterf%$#:

One of the most common criticisms of President Obama is that he has damaged American credibility. Obama’s foreign policy decisions have been thoroughly denounced by Republicans, some members of his own party, and even former members of his administration. When the United States opted not to respond with military action to the 2013 chemical weapons attacks in Syria, many people argued that failing to punish the Syrian regime would diminish U.S. credibility. Similar critiques were leveled when Russia annexed the Crimea and the United States responded with economic sanctions instead of force. “How can we expect other states to take us seriously if we fail to act in these cases?” these critics asked. In other words, tomorrow’s threats will fail if the United States does not follow through on today’s commitments.

In fact, the record of American coercion is entirely inconsistent with this simplistic view of the role of credibility and reputation in international politics. To examine this issue, I studied every international crisis between 1945 and 2007 in which the United States was involved. I found that the real world does not operate in the way that these critics of U.S. inaction seem to think it does. It is foolish for the United States to undertake military action for the primary purpose of reinforcing its reputation. Refraining from acting when U.S. interests are not directly engaged will not diminish America’s “credibility” or its ability to wield power effectively.

………

Threats and promises have credibility, and states and leaders have reputations. When people argue that the United States must act against Syria today to preserve its “credibility” with Russia tomorrow, they are actually making an argument about how the U.S. reputation for action influences the behavior of other states. The logic of this reputation theory is that following through on a commitment today is necessary to make tomorrow’s threat effective. In other words, this theory holds that bombing Libya today will make Putin think twice about invading Estonia tomorrow.

If this reputation theory accurately explains state behavior, then we should be able to observe two basic patterns in the record of U.S. coercion. First, we would expect American threats to become more effective over time if the United States follows through on these threats. That is, if the United States consistently demonstrates that it upholds its commitments, then targets of U.S. threats should be increasingly likely to concede to U.S. demands everywhere (or at the very least targets should not become less likely to concede over time). Second, we would expect threats to be more effective against a target after the United States has already followed through on at least one threat in the past against that same target. Once the United States has demonstrated to a particular state that its threats are credible, then subsequent threats against that same state should be highly likely to succeed.

When we look at the record of U.S. compellence, however, we find that the opposite is true: America’s compellent threats have been both more frequent and less effective on average since 1990 than they were during the Cold War. The target conceded to U.S. demands in 55 percent of Cold War crises in which the United States issued a compellent threat and in only 25 percent of crises in the post-Cold War period. In other words, despite the fact that the United States has demonstrated that it always follows through on its compellent threats, these threats have become less effective over time. This is the exact opposite of what we would expect given the logic of those who argue that U.S. inaction in Ukraine emboldened Putin to intervene in Syria and that inaction in Syria will similarly embolden him to invade the Baltics.

………

These are relatively easy tests, and the reputation theory has failed at both. We have looked for and failed to find two obvious patterns in the evidence from actual cases in which the United States tried to use threats to convince a target state to change its behavior. Even when we set the bar low, the reputation theory cannot clear it.

This is not a surprise, and I agree, but I think that Pfundstein Chamberlain misses part of the dynamic.

Many of the people who invoke “Credibility” to justify military adventures actually profit from these ill conceived actions.

“Credibility” justifies our bloated military establishment.  Defense contractors, retired generals, and their ilk profit from the maintenance of this edifice.

QED.

I’m Not Sure If This Is the Beginning of a Trend

But Sweden is reintroducing military conscription:

Sweden said Wednesday it would reintroduce compulsory military service from 2018, eight years after it was abolished.

The Scandinavian nation, which has not seen armed conflict on its territory in two centuries, ended conscription in 2010 after it was deemed an unsatisfactory way of meeting the needs of a modern army.

………

Around 4,000 young Swedes, 18-year-olds of both sexes, are expected to be called up each year.

This is preferable to the US system of ensuring sufficient “volunteers” for its military:

  • A lack of economic opportunity.
  • Ruinously expensive expensive college tuition.
  • Lack of affordable healthcare.

Poverty and desperation in the civilian population are central to the operation of our military machine.

Pardon Him Now

It appears that one of the effects of the Snowden disclosures was to make the US State Security Apparatus significantly less likely to abuse the provisions of the Patriot Act:

Edward Snowden’s disclosures were partially responsible for reversing a massive growth in the use of a controversial provision of the Patriot Act for acquiring email and other so-called “business records”, the US justice department’s internal watchdog has found.

The Patriot Act provision, known as Section 215, permits intelligence and law enforcement agencies to acquire from a service provider records of someone’s communications – such as phone calls or email records – that are relevant to a terrorism or espionage investigation.

In June 2013, the Guardian, based on Snowden’s leaks, revealed that the Bush and Obama administrations had secretly been using Section 215 to acquire Americans’ phone data in bulk. The revelation led Congress to significantly curtail domestic bulk phone records collection in 2015.

The new report from the justice department inspector general reveals that around 2009, the FBI began encountering resistance from email providers and others to a highly controversial nonjudicial subpoena for records, known as a National Security Letter. In the wake of this, the FBI began acquiring the information it sought through warrant requests to the Fisa court, a secret surveillance panel, using Section 215 of the Patriot Act, which the inspector general notes is a slower process.

………

But Snowden’s revelations, beginning in mid-2013, helped shift the FBI away from using Section 215 to acquire email and other metadata. The Fisa court approved warrants to collect non-bulk business records 179 times in 2013, a number falling to 142 times in 2015 – though this was still a vast increase on the 21 approved in 2009.

A senior national security official with the justice department told the inspector general that a “stigma” had been created around the Patriot Act provision, even outside of the bulk collection that privacy advocates rallied to stop.

Edward Snowden is an American hero and a patriot.

What I Did at My Former Job

My contract just finished up at Noxilizer, so I can end my self-imposed embargo, and write about what I did there.

Noxilizer uses a proprietary (and patent protected) NO2 based sterilization system.

NO2 is a powerful oxidising agent, and it has some advantages over other sterilization technologies: It operates at room temperature, and it leaves no residue.

A company called Eniware partnered with Noxilizer to create a sterilization unit that can operate in undeveloped ares.

It runs on batteries and used a gas generator (Copper and Nitric Acid), and after 8 hours the instruments in the chamber are sterilized

Below is a video of Eniware’s founder extolling the virtues:

This Sort of Thing Keeps Me Up at Night

India has just sent combat troops into Pakistani areas of Kashmir:

India announced on Thursday that it had carried out early morning “surgical strikes” on terrorist camps in Pakistani-controlled Kashmir, a step that risks escalating the conflict between the two nuclear powers.

However, Pakistan denied that a cross-border strike had taken place, saying that Indian troops had fired small arms across the Line of Control, killing two soldiers and injuring nine.

A senior Pakistani security official, speaking on the condition of anonymity because he was not authorized to speak publicly, said Pakistan would consider a cross-border strike by India an act of war.

The official warned that Pakistan could use tactical nuclear weapons in self-defense if India initiates a war.

The Indian operation, if it occurred as described in Delhi, would be precedent setting. Though India’s military has almost certainly carried out cross-border raids, the government has never publicly announced them, even during the brief conflict in Kargil in 1999.

Indian officials said that ground troops crossed the de facto border shortly after midnight and destroyed a handful of terrorist camps in Pakistani-controlled territory, inflicting “significant casualties” and returning across the Line of Control before dawn.

The operation was planned in retaliation for two attacks this month on Indian positions, including one that killed 19 Indian soldiers.

Remember: both India and Pakistan have significant nuclear arsenals.

The DPRK does not scare me. This does.

You have two military establishments that are fixated on a final cataclysmic conflict, and, particularly in Pakistan, these beliefs exhibit significant sway over the decision making process.

We are dealing with a bunch of generals who would make Curtis LeMay look like a wimp.

Linkage

Blackadder’s Nationality Based Insults:

The origins of the Brexit may be here.

Hell Yeah!

The House of Representatives and the US Senate just overrode Barack Obama’s veto of a bill allowing Saudi Arabia to be sued for its support of terrorism:

Barack Obama suffered a unique political blow on Wednesday, when the US Congress overturned his veto of a bill that would allow families of the victims of the September 11 terrorist attacks to sue Saudi Arabia.

The overwhelming bipartisan vote in both the Senate and House inflicted the first veto override of Obama’s presidency, less than four months before he leaves office. The White House issued an unusually scathing response.

“I would venture to say that this is the single most embarrassing thing that the United States Senate has done, possibly, since 1983,” press secretary Josh Earnest told reporters. “Ultimately these senators are going to have to answer their own conscience and their constituents as they account for their actions today.”

Not even close to the worst thing that the Senate has done since 1983.

Not contesting the 2000 election, the invasion or Iraq, NAFTA, the bankruptcy bill, etc. were all way worse.

It wasn’t even close:

The Senate voted 97-1, with the Democratic minority leader, Harry Reid of Nevada, alone in supporting the veto. The House followed suit a short time later, voting 348-77 to override and putting Congress directly at odds with the White House and national security establishment.

BTW, I would note that one of the arguments:

In a letter sent to [Senate Minority Leader Harry] Reid this week, Obama warned the bill would erode sovereign immunity principles that prevent foreign litigants “from second-guessing our counter-terrorism operations and other actions that we take every day”.

Obama is now aggressively pushing the TPP and TTIP, which include an Investor State Dispute Settlement (ISDS) apparatus allow for just this sort of second guessing on environmental protections, regulation of speculation, labor protections, etc.

I really hope that Saudi Arabia retaliates over this, because any estrangement between the United States and the House of Saud is an unalloyed good.

Obama got a well deserved black eye over this.

Oh Snap!

Notwithstanding an investigation of Chris Christie’s involvement in “Bridgegate” (conducted by Christie’s lawyer at public expense), the fact that David Wildstein has now testified that the New Jersey governor was specifically kept in the loop about their traffic snarling tactics by aides:

The prosecution’s star witness in the Bridgegate scandal claimed Gov. Chris Christie was told of the traffic jams at the George Washington Bridge in the midst of the gridlock in Fort Lee in September 2013, and laughed when he heard about it.

At the same time, David Wildstein, who pleaded guilty to federal crimes associated with the scandal and is now cooperating with the government, testified that not only was Christie aware of the lane shutdowns as they were occurring —so was David Samson, the chairman of the Port Authority of New York and New Jersey, as were other members of Christie’s closest inner circle.

Wildstein, testifying for the third day in federal court, said the governor’s campaign manager Bill Stepien was in the loop before the lanes were actually shut down, that he not only made Samson aware of the lane closures before he told Christie, he specifically told him they were an act of political retaliation against the Fort Lee mayor.

………

According to Wildstein, he and Baroni “boasted” to the governor about the heavy traffic they had created when they saw him in person at a Sept. 11 memorial event in New York in 2013.

Wildstein said he and Baroni approached the governor and told him there had been a “tremendous amount of traffic” in Fort Lee that morning. “Major traffic jams. You’ll be pleased to know Mayor Sokolich is very frustrated,” Baroni told the governor, Wildstein told the jury.

A former political blogger who wrote anonymously under the name of “Wally Edge” before he was hired by the Port Authority to a $150,000-a-year position that never before existed, Wildstein said the governor took on a sarcastic tone as he was told about what was happening in Fort Lee.

“Well, I’m sure Mr. Edge would not be involved in anything that’s political,” he said Christie told them.

“Were you and Mr. Baroni bragging?” asked assistant U.S. attorney Lee Cortes.

“Yes, very much so,” Wildstein replied. “We discussed how pleased we were the boss was happy.”

I really hope that they turn enough of Christie’s former aides that his ass ends up in jail.

Quote of the Day

Frankly, I’m lucky to be alive. On Saturday, in the ballroom of a conference center here, I was in dangerous proximity to a bullsh%$ singularity, which, as you know, is the physical phenomenon of a one-dimensional point that contains a huge mass of bullsh%$ in an infinitely small space. I could have been converted into pure bullsh%$ energy and fired off through space and time, never to return. The one-dimensional point that contained a huge mass of bullsh%$ in an infinitely small space had a name. It was Kenneth Starr.

Charlie Pierce

Starr was at a talk suggesting that the rapes by Baylor football players was not a big deal.

If it weren’t for this opening paragraph, I would have used the line, “Let us pause here for a moment and note that, for sheer indefensible moral sanctimony, Ken Starr makes Jim Bakker look like Axl Rose.”

Read the rest.

On the Horns of a Dilemma

Part of me thinks that I should listen to the Presidential Debate, so that I can see how the candidates address the issues off the day.

Another part of me thinks that the debates will just be shallow reality television, as they she been since I was old enough to vote.

And finally, there is my spleen, which finds listening to either candidate skin to nails on a chalk board.

I know that my spleen is correct, but just because watching the debates will be as much fun as a home root canal kit, but that doesn’t mean l shouldn’t watch.

Posted via mobile.

Pass the Popcorn

Pass the Popcorn

The corruption investigations have now swept up some former senior advisors to Governor Andrew Cuomo:

Federal and state prosecutors on Thursday announced charges against 10 men, including two onetime senior advisers to New York Governor Andrew Cuomo, in corruption and fraud cases involving state contracts worth hundreds of millions of dollars.

The charges followed a federal investigation into Buffalo Billion, a signature $1 billion economic development project of Cuomo aimed at revitalizing the area around the city of Buffalo, once an upstate industrial powerhouse.

Joseph Percoco, a former executive deputy secretary to the governor; Alain Kaloyeros, president of the State University of New York’s Polytechnic Institute; and six others were charged in a criminal complaint filed in federal court in Manhattan.

Todd Howe, a lobbyist and an ex-adviser to Cuomo when he led the U.S. Department of Housing and Urban Development, pleaded guilty to federal charges and is cooperating. Richard Morvillo, his lawyer, said Howe “will testify truthfully if called upon.”

Prosecutors said in one scheme, Percoco, whom they called Cuomo’s “right-hand-man,” sought $315,000 in bribes in exchange for offering help to two of Howe’s corporate clients, an energy company and a Syracuse real estate developer.

In an overlapping scheme, they said, Kaloyeros, who oversaw a grant application process for Buffalo Billion and similar programs, and Howe, whom he hired to help develop projects, conspired to rig bids for contracts favoring two developers.

There is still nothing tying hizzonner to any of this, but it is increasingly clear that Cuomo was knowingly swimming in a sea of corruption, so some wetness is a logical conclusion.

I’m inclined to think that Cuomo’s aspirations of national office have become significantly less likely over the past few years.

Our Foreign Policy is Going Swimmingly

Despite US sanctions, Russia is now top wheat exporter, proving sanctions won’t work – MarketWatch:

Wheat, the world-feeding crop whose shortage was Pharaoh’s nightmare, is now at such a global surplus that last month its price was less than two-thirds its level in 2008.

………

Wheat prices have plummeted not for a circumstantial reason, like weather-driven bumper crops, nor for a cyclical reason like a major buyer’s recession. Though some such factors have been at play in this market, they were marginal compared with the structural fact that Russia, once an agricultural laggard, has joined the industry’s leaders — big time.

The first meaning of this far-reaching development is not about Russia’s place in the world, but about the commodity markets’ beauty.

………

Blessed with endless expanses of exceptionally fertile land known as “black earth,” Russia is doing to the grain markets what shale did to oil.

Russia’s annual wheat output, which 20 years ago was just under 35 million metric tons, is expected to cross the 70 million metric ton barrier this year. Nearly half that volume will be exported, making Russian media celebrate Russia’s emergence as the world’s largest wheat exporter.

This is the same Russia that, back when it was under Soviet management, depended on Western grain imports because it failed to use its rich soil to feed its people, a glaring embarrassment that mocked Moscow’s imperial ambitions and inspired its younger leaders’ economic heresy.

………

Now, the markets attest that Russia’s agrarian reform has been a smashing success, so much so that U.S. government charts show that Russia has just surpassed Uncle Sam in wheat production.

………

Russia’s new agricultural prowess has just made its farm exports surpass its arms sales for the first time ever. Earning $20 billion abroad last year, 15% more than the previous year, agriculture’s evolving centrality in the Russian economy is evidently part of a governmental design.

Modern Agriculture, like pretty much everything else, runs on credit, and theoretically, the international credit markets have been inaccessible to Russia, but they are now the largest exporter of wheat in the world.

Our sanctions were supposed to prevent this, but they don’t because we’ve worn out the proverbial batteries.

This Program is Going so Swimmingly

Another F-35 had an engine fire on the ground, after the problem was supposed to be fixed:

An F-35A caught fire during an exercise at Mountain Home Air Force Base, Idaho, the Air Force confirmed to Defense News.

The incident took place at around noon and involved an F-35A aircraft from the 61st Fighter Squadron located at Luke Air Force Base, the service said in a statement. No serious injuries seem to have been sustained by the pilot or nearby crew.

“The pilot had to egress the aircraft during engine start due to a fire from the aft section of the aircraft,” Air Force spokesman Capt. Mark Graff said in an email. “The fire was extinguished quickly. As a precautionary measure, four 61st Aircraft Maintenance Unit Airmen, three Airmen from the 366th Maintenance Group and the 61st Fighter Squadron pilot were transported to the base medical center for standard evaluation.”

Seven F-35As from Luke AFB, which is one of the bases responsible for joint strike fighter pilot instruction, had deployed to Mountain Home to conduct surface-to-air training from Sept. 10 to 24.

The root cause of the event is under investigation, Graff stated.

To describe this program ill-starred is an understatement.

Krebs on Security is Back Online

The security blogger’s highly regarded site was taken down by a massive DDOS attack, which forced Akamai to drop him from their protection system:

………

However, events of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach.

More than 20 years after Gilmore first coined that turn of phrase, his most notable quotable has effectively been inverted — “Censorship can in fact route around the Internet.” The Internet can’t route around censorship when the censorship is all-pervasive and armed with, for all practical purposes, near-infinite reach and capacity. I call this rather unwelcome and hostile development the “The Democratization of Censorship.”

Allow me to explain how I arrived at this unsettling conclusion. As many of you know, my site was taken offline for the better part of this week. The outage came in the wake of a historically large distributed denial-of-service (DDoS) attack which hurled so much junk traffic at Krebsonsecurity.com that my DDoS protection provider Akamai chose to unmoor my site from its protective harbor.

Let me be clear: I do not fault Akamai for their decision. I was a pro bono customer from the start, and Akamai and its sister company Prolexic have stood by me through countless attacks over the past four years. It just so happened that this last siege was nearly twice the size of the next-largest attack they had ever seen before. Once it became evident that the assault was beginning to cause problems for the company’s paying customers, they explained that the choice to let my site go was a business decision, pure and simple.

………

Today, I am happy to report that the site is back up — this time under Project Shield, a free program run by Google to help protect journalists from online censorship. And make no mistake, DDoS attacks — particularly those the size of the assault that hit my site this week — are uniquely effective weapons for stomping on free speech, for reasons I’ll explore in this post.

Why do I speak of DDoS attacks as a form of censorship? Quite simply because the economics of mitigating large-scale DDoS attacks do not bode well for protecting the individual user, to say nothing of independent journalists.

In an interview with The Boston Globe, Akamai executives said the attack — if sustained — likely would have cost the company millions of dollars. In the hours and days following my site going offline, I spoke with multiple DDoS mitigation firms. One offered to host KrebsOnSecurity for two weeks at no charge, but after that they said the same kind of protection I had under Akamai would cost between $150,000 and $200,000 per year.

………

What exactly was it that generated the record-smashing DDoS of 620 Gbps against my site this week? Was it a space-based weapon of mass disruption built and tested by a rogue nation-state, or an arch villain like SPECTRE from the James Bond series of novels and films? If only the enemy here was that black-and-white.

No, as I reported in the last blog post before my site was unplugged, the enemy in this case was far less sexy. There is every indication that this attack was launched with the help of a botnet that has enslaved a large number of hacked so-called “Internet of Things,” (IoT) devices — mainly routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords. Most of these devices are available for sale on retail store shelves for less than $100, or — in the case of routers — are shipped by ISPs to their customers.

Some readers on Twitter have asked why the attackers would have “burned” so many compromised systems with such an overwhelming force against my little site. After all, they reasoned, the attackers showed their hand in this assault, exposing the Internet addresses of a huge number of compromised devices that might otherwise be used for actual money-making cybercriminal activities, such as hosting malware or relaying spam. Surely, network providers would take that list of hacked devices and begin blocking them from launching attacks going forward, the thinking goes.

The sheer disproportionality of the attack made one of his Krebs readers notes that this is odd, it’s like the Death Star being tested out on the Millennium Falcon, rather than Alderran, but Krebs notes that with connectivity providers ignoring a very basic 12 year old protocol, (BCP38) it’s more like there are an infinite supply of cloned warriors.  (Mostly, I prefer not to use Star Wars analogies myself.)

My thought is that this was a test. Krebs on Security was a well protected target, but taking it off line for a few days is not a huge deal in the scheme of things.

I think that it was a dress rehearsal, and so the question is what is going to be the main event.