Stand Down

Quote:

“We will not tolerate actions that go against the fundamental principles of the oath we share, including actions associated with extremist or dissident ideologies,” the memo reads. “Service members, DoD civilian employees, and all those who support our mission, deserve an environment free of discrimination, hate, and harassment.”

Austin writes in the memo that the stand-down is the first step in “what I believe must be a concerted effort to better educate ourselves and our people about the scope of this problem and to develop sustainable ways to eliminate the corrosive effects that extremist ideology and conduct have on the workforce.”

Source: https://apple.news/AxF_1VpsBS7KUfu5d-KMVEw

Strength is important because it facilitates a free democratic republic. A country based not only on laws, but on precedent. It gives me hope to see these critical issues addressed seriously.

Solarwinds hack by Russia can’t be understated

While America has been reading news articles about tweets our adversaries have been busy.

Busy since March 2020.

Not my first rodeo, and given hackers are incredibly patient and typically play the “long game”, reported breaches in my experience are frequently off by two years or greater. So I’d guess 2018 ish for the initial entry point.

Regardless, SUNBURST, dug deep with APT into places that shouldn’t even be possible. Like the power grid.

https://theintercept.com/2020/12/24/solarwinds-hack-power-infrastructure/

“to gain access into the 15 electric, oil, gas, and manufacturing entities that were infected with the software. But Lee notes that it may not be possible to uncover such activity if the attackers did access them and burrow further into the industrial control networks, because critical infrastructure entities generally don’t do extensive logging and monitoring of their control system networks.“

and

“In these ICS networks, most organizations don’t have the data and visibility to actually look for the breach,” says Lee. “So they might determine if they are compromised, but … almost none of them have network logs to … determine if there is follow-on activity [in their network].”

In other words, we don’t know.

The Solarwinds hack is so bad… that in response … the United States will do nothing.

Why?

Because when you own department of homeland security, and the treasury, among 18,000 other organizations are compromised, You have been epically pwned.

it means your adversaries totally own you. They have surely added back doors and more back doors and more back doors into the systems as well as “sleepers” like some subcontractor’s laptop used once a year to service a particular piece of hardware.

Meanwhile we are using AI/ML bots to automate trading on the stock markets. They all have triggers, “if this / then that”, if bond yields hit x percent up or down, if company y changes their guidance up or down by y percent, sell all. Crash.

In other words, those of us in the devops and infosec world, hackers, know if an adversary has infiltrated even half this far, its game over. Yank and replace. “Game over dude.”

We have one option in the short term; capitulate. Concede. Because you can’t “rip and replace” everything simultaneously across an unknown number of compromised networks simultaneously when you can’t even identify them. And with APTs in place possibly down to the Silicon chip level, that are just lying in wait, even rip and replace will just get reinfected.

Stuxnet was the greatest malware/hack ever written. The US wrote it. We created Pandora’s box. We reimagined hell. Then left the lid open. The NSA got hacked and our own code has been “reflected” back on us. Since somewhere between 2012 and 2014 initially by my estimation.

All of the stuxnet code and more is now widely available to download for free on the dark web. You could do it today. Fire up VMWare fusion, kali linux, metasploit and an external wifi adapter and your are good to go. Or just use a raspi.

Officially I think notPETYA is still “the most expensive hack in history.” (get it? “think not”? but I digress….)

Unofficially? The Solarwinds hack is the Anvil dropped on the camel’s back that has broken it and brought it to its knees.

Solarwinds will shatter the geopolitical and monetary policy of the United States and the world.

Get your COVID vaccine. Get some popcorn. Watch your 401k and pension funds knowing that one or two edits and they go to zero. And try to wrap your brain around the fact that our military power is second only to financial power, and we are losing that. Any monetary power we have left is because they allow it.

Maybe buy some Bitcoin?

Take some anti anxiety meds. And pull out your Boy Scout handbook and practice setting up that old tent. (Just be careful where you put it in case the upstream dam and levees gates suddenly open up.

And if there is a “deep state”, maybe look externally instead of internally.

Happy 2020.

UPDATE: Further publicly released details available here:
https://us-cert.cisa.gov/ncas/alerts/aa20-352a

Hospitality Industry Jobs Killed by COVID

Hospitality industry jobs are f’d. Big time. You care. You need us/them/we. We take care of each other.

If you have never worked in the service industry, then you might not know that a Monday or Tuesday night (it varies by geography) are called “Industry Night.” And in every town there is/are one or two establishments that stay open a bit later and focus on catering to other professionals in the service field. If you are “industry”, special pricing and special consideration is given. And thus you ALWAYS tip your compatriots 20% or more. It’s an unwritten rule we all follow.

If you have never worked in the service industry, the people, like I was and still am, who behind the scenes make everything work smoothly, then their health, safety, economics and future, might not resonate with you.

But if you have always been served, and never the server, give it another 12 months and you will seriously care. Because you won’t have a pub or restaurant to go to.

From the article: https://www.npr.org/2020/09/29/917756656/pandemic-threatens-long-term-job-security-after-hospitality-industry-layoffs

“Nationally, hotel occupancy is hovering at around 50%, according to the American Hotel and Lodging Association. In urban areas, business may be even slower — in the 20% to 40% range.”

“Virtually all business travel has halted. … Conventions have canceled for the year, or postponed. Pretty much all we are seeing in hotels are the leisure travelers,” said Ed Grose, executive director of the Greater Philadelphia Hotel Association.”

I am not suggesting opening everything up and a return to the wishful and fictional recidivist memories of what makes America “great”. And I don’t have all of the answers. That’s the point; none of us do.

I am posting this as a former busboy, waiter, fill-in bartender-of-last-resort in my youth. It’s how you partially pay for college. Or at least it was for many of us.

I am proud to have kept the (your) cutlery and dishes sanitary and well rinsed, the industrial ovens and grills on giant wheels cleaned with just the right amount of industrial strength cleaners. The kind that eat into your skin if you don’t wear elbow length gloves. And again rinsed and washed so customers didn’t get sick.

You do your “industry” job “right” because it’s the right thing to do. And hey, don’t forget, we also eat and drink where we work. And we bring in our family and friends.

The food and beverage “industry” is honorable work. I’m proud to have done it for years. And I’m not too prideful to return to working in the industry of restaurants, bars, and hotels if I needed to. I bet the 6 AM prepper is still is terrified of paper cuts (tomato juice is a killer) and I bet they still slice the prosciutto last (it’s greasy so you do it last before cleaning the blade.)

In conclusion, as painful as it is to write this, we must *not* fully open the service economy back up until we solve COVID. All that will do is endanger, and sometimes, literally kill my friends in the industry.

And to achieve that, in a time of international crisis, the people in industry should not be forgotten.

For your own research: https://www.bea.gov/data/gdp/gdp-industry

Do Not Burn Our Flag

I do not care what the context is or was. I do not care if you were manipulated and weak minded enough to be influenced by “fake Facebook” or “the Manchurian candidate” or some conspiracy theory or anything else. This is tragically disappointing and a pathetic attempt at free speech.

IF that is what happened. First the image:

(Questionable photo origin, but AP ran it.)

Emotionally, and patriotically, I gotta say this image is horrific to view for me no matter how it came to be.

Just don’t. Do NOT burn our flag on American soil. Any cause you might think you are representing is immediately debased. And delegitimized. It’s so egregious, at least to me, I can’t possibly fathom someone thinking this would advance their cause.

I can’t help but notice the person holding the fire is carefully cropped out of the frame. So perhaps, like the media, I have been tricked by people seeking to divide our country.

But, just WOW, this is a real hot-button for a lot of us. It is painful to view.

As I’ve said before, the Presidency is an “office” – not a “person.” Disagree with the current office holder, as the majority of Americans do, does not justify this.

If it’s Russian propaganda by their new Emperor-for-Life seeking to further divide us – you got me. If it’s homegrown idiots, even if behind a cause you believe in, you have cemented your place in history as traitors.

Do NOT burn the flag my Father, my Uncles, my Mother, my Brother, my Greats, my friends, fought to defend. the flag is a representation of an ideal. That we are all equal. That together we are one. E

e pluribus unum

out of many, one

(the motto of the United States)

In closing, I am highly suspicious of the origin and veracity of the photo. The photographer at a protest can’t tell what is “theatre” and what is “spontaneous.”

I just know in my heart, despite everything going on in 2020, that we must stick together. Out of many, one.

#peace

Juneteenth – We Must Remember History to Not Repeat It.

We must remember our fellow American’s EARNED it. And by “it” I am not speaking of their “freedom”. The Constitution makes clear that Freedom is “God Given” and “Inalienable.”

Juneteenth was not the day that ended slavery. It was the day they learned that a wrong had been righted, and the truth had been withheld. Another lie to slowed the healing of America.

“My people have a country of their own to go to if they choose… Africa… but, this America belongs to them just as much as it does to any of the white race… in some ways even more so, because they gave the sweat of their brow and their blood in slavery so that many parts of America could become prosperous and recognized in the world. ”

Josephiner Baker

– Josephiner Baker, legendary entertainer and activist

Quote Source: https://www.becauseofthemwecan.com/blogs/culture/juneteenth-10-powerful-quotes-to-remember-on-freedom-day

I believe in the power of freedom, in the power of truth, and in standing in solidarity with black Americans who to this day do not enjoy freedoms and laws that protect all of us. But are still enforced and applied unjustly and unevenly.

The next equivalent of Juneteenth in America, I predict, will be the day when White people get the news. When white people understand the news. News of what is already written, news of what is already the law of the land. We just have to acknowledge our equality and acknowledge we are far stronger as one nation.

Image source: https://commons.m.wikimedia.org/wiki/File:JosephineBaker1964NL.jpg#mw-jump-to-license

Image description from wikimedia:

English: Josephine Baker and her 10 adopted children in a tour boat (President John F. Kennedy) in Amsterdam (the Netherlands), 4 October 1964Date4 October 1964SourceGaHetNa (Nationaal Archief NL)916-9642AuthorHugo van Gelderen (ANEFO)

Black Lives Matter – A Message from our CEO (Crosspost from Tendenci)

As a company we have a very clear vision.

To Connect and Organize the World’s People. Do Good.

With the turmoil tearing through our country as the realization of systemic racism and the physical danger black people are facing, as the CEO of Tendenci, I want to add to the dialogue. While these opinions are being typed by me, I do hope every member of the Tendenci team shares these values.

I believe in this:

Black Lives Matter

I’m a graduate of Texas A&M University, I have *not* served in the Military but I am an Army brat. Many in my family have served and I grew up on Army bases. So as we say at TAMU “Let me tell you a Story Ags!”

The Survey Questions from “Brats: Our Journey Home”.

Years ago I filled out a survey for a movie that was in Production/Screenwriting stages called “Brats: Our Journey Home“. The survey had tons of questions about my experience growing up as an Army Brat. One question was on racism in the Army.

I responded, in all seriousness, to the question that If I thought Racism was no longer a big problem in America. Literally, I said “no, I don’t think  it is.”

Truly I can’t make this up.

The next day, my phone rings. It’s either the producer or the director on the line. I’m like “what? huh?” Obviously I wasn’t expecting that. We exchange small talk and then he asks me “So Ed, you really don’t think Racism is that big of a deal in America?” 

I repeated my answer, perhaps a bit more timid, but still I replied with “no, not really. I just don’t see it.”  (stay with me and keep reading please….)

The producer asked me, and I am paraphrasing as it has been a while, the following:

Director: “Ed, can you name one place in the United States of America in 1958 where a black man could tell a white man what to do and they had to do it unconditionally?”
Me: “um… an Army base?” (Ding ding ding… the lights start to go on….)

Director: “Yes. That’s it Ed! One place! You grew up on bases all over the United States and overseas and YOU never saw how large a problem it was and still is. Because you are white, even though racism was still there on base to a lesser degree, it wasn’t visible to you. YOU grew up a white kid in a non-political environment and thought nothing of having a black family join y’all for dinner. That’s how you were raised.”

The director continued…

“Have you ever heard the saying that ‘you don’t care about the color of a man’s skin if he’s sitting in a foxhole with you?’ You have because your Father served in Vietnam.”
Me: “OK.. you make a damn good point. I learned to ride horses from Master Sergeant Willians (Ret), and played basketball, and worked out with the GIs at the gym, and I guess I just never really thought about it.”

I’ll stop there. I was wrong back then. And I promise you, if you think racism is not a big issue in America to this day, you are wrong. There ARE things we can do to change it. And we must. 

I have contributed, but more importantly, I need to recommit to ACTS of change. Not words or hashtags. 

I believe this image from twitter user x says it far better than I can, so I will let these words speak for themselves:

https://www.instagram.com/p/CA8FEIuF3a5/

From twitter user https://www.instagram.com/p/CA8FEIuF3a5/

#peace

Ed Schipul
CEO/Founder
Tendenci – The Open Source AMS

Originally posted at https://www.tendenci.com/news/black-lives-matter-a-message-from-our-ceo/ on June 4, 2020

COVID19 – Until We Expand Testing it Will Not Be Solved

When Roses Die Because They’re Already Cut

From the article by a Canadian in Florida returning to Canada by car. She left out of concern that Floridians were ignoring the Coronavirus Pandemic. (I will try to track down the link and update.)

Canadians are divided, politically and geographically, but compared with our neighbours, our divisions are trifling. … There are disagreements, as is proper in a democracy, about the best course to take, but the virus (in Canada) has not been turned into a political weapon, as it has in the United States, where attitudes about the illness sharply divergeon partisan lines.

With catastrophic leadership and a lack of social solidarity, the United States looks like it is going to get hit hard, which is tragic, because it has the resources to stop the virus in its tracks. What it doesn’t have is the leadership, the will, the social solidarity, to get equipment to health-care workers and convince everyone to stay home for a few weeks.

I am afraid that partisan division, fuelled by a narcissistic, attention-seeking president, is going to cost the Americans dearly.

It reminds me of this quote from President Bush:

“The difficulty of the task is no excuse for avoiding it,” George W. Bush

And right or wrong is for history to judge, usually. W did not hide from facts. I say this because as a society we need less of this imagery.

ReadyHarris.org

And more of this:

A Happy Squirrel
Beautiful Sunsets, Even if Taken From Quarantine

We need a lot more of positives images, but only those based on facts. If you, as a leader, give one iota about who genuflected to you for doing your job, then you may have picked the wrong job.

Facts: Sadly, since this last Thursday, (today being Sunday, March 29, 2020), deaths from COVID19 went from 1,000 to over 2,000 on Saturday – and a current count of 2,348.

The above image shows the current reality in the United States as of March 29, 2020 at approximately 1 PM EST.

https://www.theguardian.com/world/ng-interactive/2020/mar/29/coronavirus-map-of-the-us-latest-cases-state-by-state

A third of Coronavirus patients admitted to ICU – Lancet Medical Journal – Jan 2020

A familiar cluster of pneumonia associated with coronavirus
progression of the Coronavirus in a patient over time
This is the progression of the Coronavirus in a patient over time. This is why we quarantine.
https://www.thelancet.com/action/showPdf?pii=S0140-6736%2820%2930183-5

I’m stunned by this: “Lancet, the British medical journal, published an article in January, based on studying a small group of patients, which found that a third of people (infected with the coronavirus) had to be admitted to intensive care units.”

The reason that stuns me is it is from January and it is now March. We lost significant time in responding to an obvious issue of a lack of Ventilators and ICU beds are vastly insignificant for that level of infection.

That quote on Covid-19 is from today’s NEW York Times article March 20, 2020 titled “Behind the Virus Report That Jarred the U.S. and the U.K. to Action”

https://www.nytimes.com/2020/03/17/world/europe/coronavirus-imperial-college-johnson.html

Statistics from the Imperial College of London predicts what an uncontrolled spread would mean. This data is from the WSJ article (this will NOT happen, this shows what COULD have happened without non-medical intervention.)

  • 510,000 deaths in Britain
  • 2.2 million deaths in the United States

I repeat – the ABOVE predictions will NOT happen because of non-medical intervention. It does represent what could have happened. And the final numbers, while less than the above, will be greater than they needed to be.

Back to the WSJ article:

The (now debunked) theory (ignoring coronavirus) is that this would build up so-called “herd immunity,” so that the public would be more resistant in the face of a second wave of infections next winter.

Dr. Ferguson has been candid that the report reached new conclusions because of the latest data from Italy, which has seen a spiraling rate of infections, swamping hospitals and forcing doctors to make agonizing decisions about who to treat.

My opinion: Let me translate the phrase “build up ‘herd immunity’” – because I went to Texas A&M with a BS in POLS and my wife is an Agricultural Science major as well. “Herd Immunity” basically means building up immunity, in the absence of a vaccine, “culling of the herd” or “survival of the fittest” or “the weak or those predisposed to the virus will die.” – Ed

And….

“Based on our estimates and other teams’, there’s really no option but follow in China’s footsteps and suppress.”

My opinion: Let me interject here again. If the public had known that up to 1/3 of all patients with the coronavirus needed treatment in an ICU with ventilators, I’m going to guess we wouldn’t be where we are now. Back to the article. – Ed

…the burden on hospitals was clear as far back as the original outbreak in Wuhan, China. Lancet, the British medical journal, published an article in January, based on studying a small group of patients, which found that a third of people had to be admitted to intensive care units.

I can’t help but feel angry that it has taken almost two months for politicians and even ‘experts’ to understand the scale of the danger from SARS-CoV-2,” said Richard Horton, the editor-in-chief of Lancet, on Twitter. “Those dangers were clear from the very beginning.”

(PDF on Coronavirus from Lancet, search for more.)

My Opinion: My understanding from reading the above article, is that the Lancet feels their advice was ignored for two months and our leadership didn’t take it seriously, causing greater pain. I get that.

This is what your lungs look like with the Coronavirus (Covid-19)

COVID-19 Lung Scans Through the Treatment Process
https://www.thelancet.com/action/showPdf?pii=S0140-6736%2820%2930183-5

Like all Global Citizens, I believe we are in an unprecedented time. I hope and pray the miracle of humanity can solve this pandemic as soon as possible.

I’ll do my part as best I can. – Ed

Coronavirus DIY Facemask Test

diy protective mask for coronovirus

In Houston the Coronavirus (COVID-19) response has been quite aggressive. And as the third largest metro area in the US, it should be. I get it. Mostly we are quarantined in place except for grocery store runs and emergency needs. (And we can walk the dog, but that’s about it.)

The paper section in the Walgreens across the street looks like this

Walgreens paper goods in Houston

This led to research on what we could do and turned up two interesting pieces of knowledge about the coronavirus.

A) How long is the coronavirus contagious or viable by surface. As in how long can it be there and still infect you?

  1. plastic = 3 days
  2. Stainless Steel = 3 days
  3. Cardboard = 1 day
  4. Copper = 4 hours
  5. Airborne = 3 hours

They don’t mention wood, which maybe varies by paint, varnish, etc.

Copper is the winner. Cardboard three times better than stainless steel is bizarre as well.

Source: https://apple.news/ATWmOdE4STTmvJCBdURGDTQ

Next up, if you can’t get a mask for when you do go out, how do other materials compare to a medical mask?

Clean vacuum cleaner bags were a close second to surgical masks, but in the end they conclude you can barely breath through them so use two cotton “tea towels.”

Two Cotton Tea Towels are best after a real mask.

Thus began an insomnia driven test to try and create a coronavirus diy mask from a tea towel with no power tools. It started like this:

The real mask before photo

Then the build process using paper as my makeshift mold.

My materials.

The Ghirardelli chocolate and wine are a tip of the hat to my friends in San Francisco on complete lockdown. Those aren’t technically necessary to make the DIY coronavirus mask, although they do help.

Gave myself extra room
Rough initial stencil
Evolution of mask into 3D space with tale

In the above photo the template is overlapping and kind of mushed into the real mask so I could get an idea of the shape of the masks. They are not circular because your face isn’t a flat circle either.

Initial stencil with original mask on top for comparison
Applied to the fabric, then used the fabric to make the second layer via singer iron-on stick tape. You could use pins

Then a whole bunch of adjustments and cuts happened at the fabric level during hand sewing. The SINGER iron stick is a temporary way to hold fabric together, but definitely not strong enough to be a permanent join. But it’ll hold it together long enough for you to stitch it up.

Rough cut comparison of the diy coronavirus mask and the original.

The straps on my version are the edges of the towel because I didn’t have any elastic bands that long, and if people in countries with limited supplies available, the straps seemed more realistic.

A truly rustic looking diy coronavirus mask

It’s hard to tell in the photo above but between the two layers there is a small wire bent to the approximate shape of the bridge of my nose just like the more flexible one that comes on the real masks.

And the final result

My advice? Buy it if you can.

It looks amateurish, I look ridiculous, but it’s waaaaay better than taking the BARTT in SF and wondering if the person coughing is giving you an infection.

Update: I received some questions about what I used for the metal “nose bridge” so I’m adding further details.

For me (easier way below) I go by autozone at the end of a rainy day and pull the broken / discarded windshield wiper blades. If you rip them apart there are two thin, but very sturdy, pieces of metal attached to the rubber part. (they make great tension wrenches.) mine looks like this when sewn in place in between the two layers of the cotton kitchen towel.

DIY Coronavirus Face Mask Nose Bridge

Easier alternative: bend paperclips like this:

For Comparison, Paper Clips vs. Scraps from Wipers
Bend the paper lips twice. This is step 1, then twist.
Overlay the paperclip nose bridge to the length you want
Wrap paperclips in tape to avoid sharp edges.
Wrap them in tape and cut off excess tape
Bend to shape. Actually much easier than my original

Pro tip: when I do a DIY project like this I usually hand sew them using dental floss. Yes “Dental Floss” because it’s always around and stronger than most threads.

CoronaVirus – Markets Move on Emotion not Fundamentals

Now we see fears and the reality of coronavirus hitting the markets hard.

coronavirus

I’ve said it before, so this is repetition, but worth repeating. Stock markets move on emotion much more than the fundamentals. Companies are overvalued because there are more people with more money in pensions and the money has to go somewhere.

Stock Market Movement with Coronavirus Last two weeks

Source: https://www.msn.com/en-us/money/markets

I also highly recommend this informative thread on twitter regarding research on coronavirus so we can all hopefully keep it in perspective. It’s linked with more detail on my linkedin at https://www.linkedin.com/feed/update/urn:li:activity:6641792800314675200/

Don’t Start Now – Dua Lipa

American Exceptionalism is Inclusive, not Isolationist. Dua Lipa Speaks Strongly albeit on a different topic, but they apply.

Dua Lipa – Don’t Start Now. Strong leaders apologize when they make mistakes, because they are strong. I hope to see more strength in our leadership in the US soon.

Devon Spier – un-Praying post

Words from a wise poet, Devon Spier, that resonated with me today. From the post:

By ‘un-Praying’ – letting our bodies, minds and souls exist just as they are, we free all the stories we have long buried deep, dropping all pretense to make our entire existence the instrument of greatest hopes and our desires.

And when we move from unearthing what is communally unacknowledged to acting in ways that are spiritually life-giving, just and necessary, the progression of our spirituality will lead to the repair of humankind.

And so, our task is to become human piyyutim (liturgical prayers); to make our lives the liturgy that answers the call of a moral universe. For as much as the Torah reflects our ancestors, the Torah is bittersweetly and substantively, us.

– Devon Spier https://devon-spier.com/the-spiritual-practice-of-un-praying/

Why I stumbled onto her writings today, I don’t know. But this phrase from her post really resonates

“…. to make our lives the liturgy that answers the call of a moral universe.”

It is a powerful statement. It assumes a “moral universe.” Most of us assume moral means something akin to “kind, fair and just.” Yet our actions betray this definition.

Moral means to do what is “right.” If you are the CEO of Disney then “right” means increasing shareholder value. But “moral” and “right” stops when it comes to requiring fact checking its subsidiary Fox News.

These questions are beyond me, but I remain a student of life and they force me to think. I believe it is “right” to question. I believe it is “right” for poets to make us question what that means.

You can follow Devon at

https://devon-spier.com/

https://twitter.com/devon_spier

Microsoft Worm Exploit Danger and Huawei Unintended Consequences

NSA Advisory

From the article titled: Warnings of world-wide worm attacks are the real deal, new exploit shows

It was posted Tuesday by Sean Dillon, a senior security researcher and RiskSense. A play-by-play helps to underscore the significance of the feat.

https://twitter.com/zerosum0x0 and reinforced by the NSA:

Source: https://arstechnica.com/information-technology/2019/06/new-bluekeep-exploit-shows-the-wormable-danger-is-very-very-real/

“It’s these last six seconds (of the video) that underscore the danger posed by the vulnerability, which according to Internet scan results posted eight days ago remains unpatched on almost 1 million computers. The flaw, which is indexed as CVE-2019-0708 but is better known by the name BlueKeep, resides in earlier versions of the Remote Desktop Services, which help provide a graphical interface for connecting to Windows computers over the Internet. A much more detailed blow-by-blow is here.”

(It) Only takes one unpatched system to spread

Last Friday, members of the Microsoft Security Response Team practically begged organizations that hadn’t patched vulnerable machines to do so without delay, lest another WannaCry scenario play out. “It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread… officials with the National Security Agency on Tuesday echoed Microsoft’s warning. The video posted by Dillon, particularly in the last six seconds, demonstrates that the danger is in no way exaggerated.

If the intermingling of Mimikatz and a critical Windows vulnerability to devastating effect sounds familiar, it’s probably because that’s how another paralyzing worm, dubbed NotPetya, managed to wipe out entire networks. According to an analysis from Kaspersky, NotPetya, which is regarded as the most expensive malware attack in history, used the Eternal Blue exploit developed by and later stolen from the NSA to exploit one or more vulnerable machines. NotPetya,

and

In the NotPetya analysis, Kaspersky researchers wrote, “IMPORTANT: A single infected system on the network possessing administrative credentials is capable of spreading this infection to all the other computers through WMI or PSEXEC.”

Source: https://arstechnica.com/information-technology/2019/06/new-bluekeep-exploit-shows-the-wormable-danger-is-very-very-real/

My Thoughts on EternalBlue, BlueKeep and Why These Are Human Problems

Closing thoughts: NOT all countries can realistically afford the cost of the Windows Operating System in their schools. But without that experience they can’t compete, so they use hacked versions. If you lived in Indonesia or Mongolia, what would you do?

Those companies, with employees using hacked system in countries of different economic status, are possible subcontractors for international global leaders (like Maersk for example). They are the weak leak, because a hacked Windows system can’t be patched.

To be clear: I do *NOT* agree with software theft. But I also don’t agree with sloppy work on the part of our security agencies that have the resources to secure the nuclear weapons of the cyberwar that are being unleashed against not just the US, but the world.

We all need to stop and think about the overall situation. I believe the existential threat of EternalBlue, a gift that keeps on giving, is that it was an American agency funded by the US tax payers that did not report the vulnerabilities to an American software company. For years.

Unintended Consequences of Huawei and Google Android Patch Ban (possible)

Bonus Round: What if nobody can patch their Android phones, or at least half of them? That would be awesome. Or not. And that looks like a definite possibility in the near future if Google cuts Huawei off from Android patches per US restrictions.

When the dollar’s primacy dwindles the US hegemony ends

From the article, (and I believe we are already there):

“A major blunder would be pushing too hard with financial punishments, and incentivizing Moscow and Beijing to bypass the U.S. trade and monetary order.

When the dollar’s primacy materially dwindles, that will be game over in the balance of power with the East.”

Source: https://www.axios.com/russia-china-security-threat-69567dd1-b618-4ef4-8852-4f09bb432327.html

If people don’t realize cryptocurrency “payment channels” (basically like a purchase order between merchants – settled up later but pre-approved) is a threat to the petrodollar, they are mistaken. The USD is nothing more than what we would call “proof of stake” in the crypto world. The Fed is the issuer, the stake.

Energy traded based on a proof of stake crypto currency pinned to the future value of a fiat currency in, say 30 days, via a smart contract could replace the influence of the US at a global level – I believe you are mistaken.

Grigory Marshalko, worked for the F.S.B. (Blockchain focus)

From the article: https://www.nytimes.com/2018/04/29/technology/blockchain-iso-russian-spies.html

SAN FRANCISCO — Last year, representatives of 25 countries met in Tokyo to work on setting international standards for the blockchain, the technology that was introduced by the virtual currency Bitcoin and has ignited intense interest in corporate and government circles.

Some of the technologists at the meeting of the International Standards Organization were surprised when they learned that the head of the Russian delegation, Grigory Marshalko, worked for the F.S.B., the intelligence agency that is the successor to the K.G.B.

They were even more surprised when they asked the F.S.B. agent why the Russians were devoting such resources to the blockchain standards.

“Look, the internet belongs to the Americans — but blockchain will belong to us,” he said, according to one delegate who was there. The Russian added that two other members of his country’s four-person delegation to the conference also worked for the F.S.B.

some bi-partisan good news – uptick in crime is a bump in overall decline

We get plenty of bad news so let’s talk about crime trends again. From the article:

Using the FBI numbers, the (crime) rate fell 50% between 1993 and 2015, the most recent full year available. Using the BJS data, the rate fell by 77% during that span.

Click the image below for actual facts about crime in America (And here’s something to listen to while reading to make it more dramatic.)

Pew Research on Crime Decline in US

http://www.pewresearch.org/fact-tank/2017/02/21/5-facts-about-crime-in-the-u-s/ 

More from the article:

Property crime has declined significantly over the long term. Like the violent crime rate, the U.S. property crime rate today is far below its peak level. FBI data show that the rate fell 48% between 1993 and 2015, while BJS reports a decline of 69% during that span.

and then there is the disparity created by the advertising supported media that influences our brains. We are gullible.

Public perceptions about crime in the U.S. often don’t align with the data. Opinion surveys regularly find that Americans believe crime is up, even when the data show it is down.

Although it’s not all good.

Many crimes are not reported to police. In its annual survey, BJS asks victims of crime whether or not they reported that crime to police. In 2015, the most recent year available, only about half of the violent crime tracked by BJS (47%) was reported to police.

Bottom line? Stay thirsty for the facts my friends. We can’t always drink the kool aid. Or the same thing. Stay thirsty for knowledge because knowledge is power.

There is no media really, only advertisers selling scary stories in the media. People Tweet alt-official-news, fake news or real news alike. So I think it’s healthy to point out (again) a few positive overall societal trends we are experiencing.

#peace

Prince was a Trickster

Prince was a trickster, the best kind of god for social scientists and apparently the verge agrees as well. There are numerous books on this, the last I read was called Trickster Makes This World: Mischief, Myth and Art.

Tricksters have always been with us

Are they tricksters or merely pranksters? That is up to you to discern, but that is the point, right? They stole the sun and the moon while we “took the time to watch the flowers in the garden” while doing yoga.

As one review of the book Trickster by Lleu Christophe points out

Hyde gives equal time to the Native American Coyote, the Chinese Monkey King and India’s Krishna. At first glance, these characters are merely pranksters; humorous, sometimes annoying and occasionally dangerous ne’er do wells who disrupt the normal flow of things. As the title of this book suggests, Hyde believes tricksters are much more than this. He makes a convincing case that tricksters are essential in both preserving and transforming societies. Without their disruptions, cultural stagnation would result. He points out that tricksters can either help to maintain the status quo or bring about radical transformation.

To quote two of my favorite tricksters, Pablo Picasso and DuChamp,

Everything you can imagine is real. – Pablo Picasso

Now to quote DuChamp, an artist who “refused to repeat himself”, now that is a challenge. Every quote is subjectively abrogated by another quote from the past or the future like the a religious text – was it situationally appropriate? DuChamp stated this himself.

I have forced myself to contradict myself in order to avoid conforming to my own taste. – Marcel Duchamp

To ponder that, if a trickster’s response is situationally appropriate is in and of itself a huge trick. Did in fact the Raven steal the sun and the moon, one, or both? Perhaps more importantly, we all know that Pablo Picasso was never called an asshole.

As for DuChamp, you can reinvent, but it takes energy to constantly come up with a unique identity. DuChamp still needed a vehicle to wrap the thread around, a thread to follow back out of the woods if he got lost.

To begin to understand Duchamp takes someone way smarter than me. I choose to view his work like the bobbin of time.  We are just the blameless victim of observation. Maybe the thread broke, or maybe thread did not break. At least a cat didn’t die in the discovery process. right? Regardless like the genius before his time that he was, Duchamp gave us Rrose Sélavy to at least provide one example guide, like the math equations with odd numbers solved in the back of our calculus books, so that we might oddly enough, solve the evens.

marcel-duchamp-rose

These threads are strings. The strings are wrapped around bobbins of tricks and truth. And these bobbins are not the tiny bobbins that went in your parents’ sewing machines. These strings are the messy bobbins of someone working a weave. The bobbins are large with varied widths and inconsistencies from the vagaries of human behavior and therefore our resulting inconsistent craftsmanship.

bobbins for weaving
weaving bobbins

Damn the Industrial Revolution! Of course ManRay was there for DuChamp to accommodate the birth of the DuChamp’s trickster alter ego – Rrose Sélavy:

Rrose Sélavy, the feminine alter ego created by Marcel Duchamp, is one of the most complex and pervasive pieces in the enigmatic puzzle of the artist’s oeuvre. She first emerged in portraits made by the photographer Man Ray in New York in the early 1920s, when Duchamp and Man Ray were collaborating on a number of conceptual photographic works. Rrose Sélavy lived on as the person to whom Duchamp attributed specific works of art, Readymades, puns, and writings throughout his career.

Is the Trickster dead? Well one of the greatest tricksters of all time, we just lost in Prince.  I must point out the brilliance: Die Antwood, the collaboration between  “rappers Ninja and Yolandi Visser (often stylized as Vi$$er) and DJ Hi-Tek” (source)

To get a straight stand alone “test-of-time quote” from DuChamp I imagine would be like  trying to get a straight answer from Die Antwood, some of the most brilliant tricksters to emerge in years.. Their collaboration makes no sense, until you realize they’re fucking with you.

They. Are. Fucking. With. You.

 

And the most guilty of all, of fucking with us, is Prince. So let’s go crazy because he already predicted it. Partying like it’s 1999 was stolen from us by a bunch of computer nerds warning about the two-digit date big. We have NEVER partied like it was 1999.

You know what we can do? We can and should go crazy. If you aren’t already there yet, join us, because we look the same as you, act the same, obey the law and act ethically, but I am told there is an ethos that emerges when you “go crazy”. I don’t know, I’m not there yet, but it is a worthy topic of discussion.

Lyrics to Prince’s Let’s Go Crazy from

 

fecundity

smiley-face-against-the-badIt is easy to observe, notice, and complain about a problem. It is much much harder to find solutions.

Yet, if a solution is well researched and historically validated, only a fool would not work to solve it. Right? Hence my repost of a quote from a brilliant writer, a problem solver, a man who I also consider a friend.

In this complex clash of civilizations, evolutionary biology offers a multi-million-year-old lesson on how to stop death by social media: fecundity. The good guys must simply and decisively overwhelm the bad guys with good information. The good information must be programmed better than the bad information, and it must be propagated in overwhelming amounts. We can select the social media world we want to live in and social-engineer our way back to safety.

WARNING: A warning to the two or three people who read this blog –  the quote above is a positive quote. An excerpt. But the link to Shelly’s blog on death by social media is a link to a brutally frank post. I am quoting the solution Shelly is telling us because I agree with him. He is correct. Just be aware if you click over to his post it does contain some rather disturbing observations.

What is Mr. Palmer’s point?  Briefly, that you and I are doing it wrong, And we have the power fix it..

We must overwhelm the world with positivity. Forget the world of “if it bleeds it leads” which is so prevalent. Those media channels advertising shows won’t change, but we can and should overwhelm them with the positive.

Thus, even though it is disturbing post on the brutal reality of social media and it’s sometimes deadly outcomes, hopefully you will click over. Because we need to do this. Because it is real. Because the current reality must stop. Because the positive must prevail.

Passion, openness and naïvete are superior to

“Passion, openness and naïvete are superior to hypocrisy, cunning and a contrived decency that conceals crimes. The state’s leaders stand with saintly expressions in church but, in their deceit, their sins are far greater than ours.“

– Nadezhda Tolokonnikova, Pussy Riot