US Citizens Helped Fund a 9/11

 General, Politics  No Responses »
Apr 142014
 

It’s a bit ridiculous to compare the two, but if you look at the number of casualties involved, the 9/11 terrorist incident which caused around 2,900 casualties is very roughly comparable in size to The Troubles (with some 3,500 casualties). Of course the troubles consisted of many small incidents over a period of 30-odd years.

During that time, one of the IRA‘s (the “Official IRA”, the “Provisional IRA” and the INLA) principle source of funds were the groups NORAID and Clan na Gael. Which were based in the USA, and raised funds from supporters in the USA.

Or in other words, some US citizens were helping to fund a 9/11.

What’s more anyone who reads the history of the IRA is made very aware that the IRA regarded the US as a safe haven for their “soldiers”.

It’s interesting to contemplate using some the war on terror’s weapons against some US citizens :-

  • Extra-ordinary rendition of US citizens to concentration camps excluded from the protection of the law – so they could be tortured.
  • Freezing of the assets of some US citizens suspected of helping to fund terrorism.

It is perhaps a useful tool to consider whether certain counter-terrorism tactics are a step too far.

 

The Heartbleed Vulnerability Panic?

 Computing, Security  No Responses »
Apr 092014
 

The interwebs are all a flutter over the latest vulnerability announcement – an OpenSSL vulnerability that has been termed the heartbleed vulnerability. But is it that serious? And what is it anyway?

What Is It?

OpenSSL is a very widely used software component that adds encryption – a web server will very likely use OpenSSL to allow it to encrypt communications between yourself and it. The vulnerable versions of OpenSSL come equipped with new functionality – a “heart beat” that is used to keep connections alive and open.

When this functionality is not disabled and you are using a vulnerable version of OpenSSL, an attacker can make a connection to your server and ready up to 64Kbytes of the process memory. For each and every request.

This is a classic information leakage issue, and the attacker can trawl through a collection of 64Kbyte “chunks” of binary data looking for interesting information. In theory, these chunks of information can contain anything the process (the web server, the mail server, etc) contains within itself. Some examples include :-

  1. A researcher has used this vulnerability to expose Yahoo Mail account passwords.
  2. It is believed to be possible to extract a server’s private key to allow an attacker to decrypt communications traffic and/or impersonate the server.

Whilst trawling through binary chunks of data looking for interesting data is the sort of activity that seems to normal people to be so difficult that it would be almost impossible for someone. However it is possible, and for something like passwords is even easy. And for private keys, there are hints out there on how to do it.

But How Does This Affect Me?

If you are not a server administrator, this will all seem a bit geeky and not have much meaning for you.

It is probably better to ask: What should I do about this? And the answer is to do nothing unless you are advised to do so by a trusted source. Whatever damage has taken place already and service providers will be busy fixing the vulnerability.

The only addition to that is to make sure you update your software on your computers – your laptop, phone, tablet, etc. Whilst the media is concentrating on the server side of the problem, OpenSSL is also used on client machines, and that means that your computers are vulnerable in some way – whilst no exploits are known to exist today, it is still worth being proactive in making sure you apply updates.

Because sooner or later, attackers will use this vulnerability to attack you directly rather than via servers.

But How Serious Is This?

Very.

But perhaps not as much as some of the more extreme possibilities might suggest.

There is a great deal of probability involved here. For example, was it possible that this vulnerability was known to the “bad people” before the announcement this week? The vulnerability has existed for a year or two so it is possible it was known about. But probably not widely known.

Was it exploited? Possibly, but it’s probable that it wasn’t widely exploited – the activities of “bad people” tends to leak. If it was exploited, it was quite possible that it was limited to the NSA and GCHQ.

As to over-reaction, there was a comment on a blog entry about this that claimed that his Yahoo Mail account password had been compromised three times in the last month by this method. Well, possibly but it seems far more likely that his password had been compromised via other methods – such as using a weak password. Using this method against Yahoo’s servers may reveal some account passwords, but it is likely to reveal random account passwords each time. Meaning that an attacker will find it quite hard to compromise the password for a single account more than once.

Going forwards, it is very likely that this vulnerability will be used by “bad people” – there are already indications that they may be starting to try this.

So it is important and urgent for server administrators to look at this problem and fix :-

  1. Update vulnerable OpenSSL versions.
  2. Revoke the old SSL certificates
  3. Issue new SSL certificates.
  4. If passwords are known to have been compromised, issue a notice to suggest people change their passwords.

It is also important that client machines are updated as and when fixes are released.

Morecambe Images

 Photography  No Responses »
Apr 022014
 

Not that many images but the idea is to go for quality and not quantity. Boring old black and white too. And no, there’s no colour versions of these.

#1: The Three Scarecrows of Morecambe

The Three Scarecrows of Morecambe

#2: Across The Bay

Across The Bay

#3: The Bird

The Bird

Yes there is a bird flying within this image.

#4: Disappearing Sea

The Disappearing Sea

#5: The Bare Family

The Bare Family

To “get” the pun in the title, it is worth pointing out that this statue was found in Bare … a sub-district of Morecambe.

#6: The Stone Thumb

The Stone Thumb

How To Totally Miss The Point (#nomakeupselfie & #manupandmakeup)

 General, Politics  No Responses »
Mar 222014
 

You would have thought that people would have reacted to the grass roots Cancer awareness campaigns known by their hash tags of #nomakeupselfie and #manupandmakeup either by joining in, or by thinking it’s a bit silly and ignoring it. But no, someone has to miss the point and run off at a tangent.

Now it’s possible that what she writes about women wearing makeup is true … I’m not qualified to judge, although it’s interesting to note that men and women have both been wearing makeup for thousands of years. There’s no signs that women or men started first.

Oh! And just for the record, if a woman pops down the shops early in the morning without wearing makeup and happens to look like a zombie that’s been that way for three weeks, men do not stop, gawk, and then run off down the street shouting “The zombie apocalypse is here”.

But what I do have to take exception to is the idea that the men behind (and in front) of #manupandmakeup are mocking femininity. I don’t think femininity was in their heads at the time, except when looking at a #nomakeupselfi picture and wondering “how can I get involved”.

Because it’s self evident that a campaign that involves taking off your makeup is somewhat tricky for most men to get involved with. Making the switch from taking makeup off to putting makeup on, is a simple and indeed brilliant way of changing that.

If there is any mocking involved, it’s self-mockery. Men are deliberately making themselves look ridiculous to make a point.

And just for the record, it’s noticeable just how many #nomakeupselfie pics come complete with a statement along the lines of “nothing you haven’t seen before”.

Are The Rich Too Rich ?

 General, Politics  No Responses »
Mar 132014
 

It is all too easy to fall into the politics of envy, or be thought of doing the same when thinking about whether the rich are just a little bit too rich. It could be thought of as “banker bashing”, but despite the huge bonuses that bankers earn, it isn’t that. It is not about any particular segment of the rich, or superrich, but the apparently increasing gap between the income that the rich have and the poor have.

It is not something that has suddenly come about either – it has nothing to do with the current (or recent) recession – it has been happening over a long period of time. And it is not just the radical left who are pointing out that there is a problem with increasing income inequality – even those who pray at the alter of capitalism are getting a little concerned about what is happening. As an example, read this.

The more paranoid believe that with an increasing gap between the rich and poor is the risk of increased violence as the poor decide to do a little wealth redistribution on an informal basis. There’s an element of truth to that, and perhaps that is sufficient to look at doing something about income inequality by itself.

But there is a reason for looking at income inequality that is less selfish – it is merely the right thing to do. To some extent we have lost sight of what an economy is for; we are familiar with the system that seems to have won out as the means of effectively running an economy – the mixed economy where entrepreneurs make as much money as possible and the government interferes to alleviate the excesses of the entrepreneur. Or at least some of them.

What is an economy for ? If we go back to the distant past and look at the origins of government we find that many people were organised into clans or tribes. The ties between members of a tribe were much the same as between members of a family. In the better tribes, people would often sacrifice some of their income to assist other members. This was not always those members of the tribe that were less fortunate, but would also include those who had tasks that kept them busy and away from direct food production – the soldiers that protected the farmers, the scientists who researched ways of making farming better (iron plows didn’t invent themselves), etc.

In simplistic terms an economy is there to provide food, drink, shelter, etc. to all of the people in a country. Perhaps that does not include ‘extras’ such as TVs, cars, fancy clothes, holidays in the sun, etc., but to a certain extent the wealth of a country should be shared amongst the population. Not necessarily equally mind – the hard worker deserves more ‘stuff’ than the lazy person, but too unequal is just as bad.

We choose to implement our economies using a slightly toned down version of the free market economy. It seems to be the most effective at creating wealth, but it does have a tendency to distribute that wealth very poorly. Left alone, such a system tends to concentrate wealth in the hands of the few. Which simplistically is roughly what we are seeing.

The traditional approach to this, is for the government to tax the rich to distribute to the poor. That still happens, but apparently not effectively enough. The argument from those who create wealth is that too much taxation destroys the incentive to create wealth. There is a certain amount of truth in that, although the more dedicated entrepreneurs are not so interested in the money they make as the “score” in the “game” of making wealth. There is no reason why they cannot include how many hospitals they fund as part of their “score”.

Notice that we label entrepreneurs as ‘creators of wealth’ above ? We need to get away from that as it’s wrong. Even in the primary economy where raw materials are produced ready for other industries to use, the entrepreneur does not create wealth. He or she organises the real wealth creators (the workers) and makes arrangements whereby their labour is made more effective at creating wealth – such as investing in automation in a coal mine so each miner is more productive. As the organiser of workers, the entrepreneur deserves a significant reward for his or her efforts, and so do the investors. But the workers also deserve a share of the spoils.

There are those who would argue that the workers take their reward in terms of a salary. Not much of a reward though is it ? Especially with all the entrepreneurs trying to keep their salary costs down. And besides, entrepreneurs also often take a salary (and usually not a small one either). If you look at the entrepreneur’s salary, it is essentially a means of keeping body and soul together in advance of the profits he or she expects to make later. Why shouldn’t workers also expect the same sort of reward ?

The traditional view is that the entrepreneur needs to be rewarded for the risks that he or she takes, but doesn’t the worker taking a risk when he or she works for a company ? He risks that he will be fairly treated by the management; she risks her future in the hope that the company will survive long enough to give her a job for as long as she wants. Not as much risk perhaps, but some risk deserves some of the profits.

The sad thing about all the fuss about banker’s bonuses is that we’re criticising them for doing the right thing – if the wrong way. They are sharing the profits of the company with the workers, but in a very unequal way. The “stars” of banking are being paid vast bonuses whereas the ordinary workers are getting little or no reward. This is in support of a common misconception – that the top people in any profession can accomplish what they do on their own.

There are very few professionals who manage that – or anywhere near it. Take for example an office cleaner. The cleaner cleans the office of the professional, so that he or she has more time to make money – after all very few people are prepared to work in an office that never gets cleaned, and will eventually clean it themselves taking time that could be better spent in other activities. The cleaner is employed to free the professional to specialise in the work they do.

Shouldn’t that professional share their wealth with the cleaner? The cleaner’s work has allowed that professional to make more money than they would otherwise make. And this argument goes further – nobody creates wealth without the help of others.

There aren’t any answers here – I don’t know of a solution to this problem, but it is a problem that needs to be solved.

 Older Entries  Newer Entries