Aug 082015
 

It is approximately 70 years since the first nuclear fission bomb to be dropped was delivered to Hiroshima.

Which is obviously a terrible thing to have occurred. The death toll (approximately 80,000) from a single weapon was astronomical, but when you compare it with other incidents where civilians were killed in war (such as the Nanjing Massacre when between 40,000-300,000 Chinese were killed) it becomes a little less "special".

Yet those other massacres seem to be less well remembered despite many having a death toll comparable to Hiroshima (or Nagasaki). There is a series of conventions on the conduct of war (the Geneva Conventions) that includes provisions for prohibiting attacks on civilians.

However these provisions seem to be optional and widely ignored by military leaders and their political masters whenever it becomes inconvenient.

Radiation poisoning is one aspect that would seem to make Hiroshima "special" but there are other incidents where civilians continued to die after the initial attack :-

  • Civilian victims of gas attacks during WWI which continued well after the war (in the region of 200,000).
  • Victims of delayed action munitions such as minefields and cluster bombs. 

Even the notion that the attacks on Hiroshima and Nagasaki were so terrible that it should never be repeated does not make these incidents unique – gas attacks during WWI inspired the complete prohbition of chemical warfare (which worked out so well).

But Hiroshima is special; it is special to the victims, the victims' families, and the survivors. But that sort of special also applies to all of the other massacres of civilians; they are all special to those personally involved in them. And to be frank they should be special to everyone who believes that civilians should not be targets in warfare.

It is special in another way – it is probably unique in the effect on the Japanese governments past, present, and hopefully future in the sense that the government is opposed to warfare.  

May 182013
 

The strange thing about being involved in information security is the phenomena of cyber warfare.

After all, what does tinkering with computers have to do with real war? Well it depends what all that tinkering leads to, and we simply do not know what would happen in a real war. We are in the beginning of the era when aggressive hacking supports war.

But probably the overwhelming majority of activities labelled as cyber warfare are in fact espionage, or a grey area in between. Any kind of hacking that leads to information disclosure, is espionage rather than warfare. More aggressive hacking – such as writing malware to spin centrifuges into destruction – falls into the grey area between espionage and warfare; it’s too aggressive to be labelled espionage, but isn’t part of a legal war (and yes there is such a thing). In terms of legality, it could well be that such acts are illegal acts of war, but morally justified.

And why is China always the bad actor here? Practically every hacking conference video dealing with cyber warfare drops big hints about the activities of China with little in the way of evidence. There is some evidence that China may be involved in cyber espionage, but as for cyber warfare itself, there is far more evidence for the involvement of the US, Israel, and even the UK; although the rumoured replacement of an Al-Qaeda recipe for a pipe bomb with one for cupcakes doesn’t seem like an act of war, but perhaps an exhibit of the English sense of humour.

Part of the problem is that anyone who reads their firewall logs will find a huge number of attacks coming from Chinese address space. As an example, a quick inspection of the addresses blocked on one of my servers for attempted ssh brute force attacks gives the following table :-

Count Country Code Country
255 CN China
51 US United States …
29 KR Korea (South)
19 BR Brazil
17 DE Germany
15 IN India
13 RU Russia
13 GB Great Britain
13 FR France
11 ID Indonesia

This is not intended to be an accurate reflection of anything other than the number of infected machines trying to brute force accounts on my server.

The high presence of China is an indication of the number of malware infections within China, and the large population of the Chinese. It doesn’t actually say anything about where those attacks originate. Every hacker with enough sense to tie up their shoe laces will be pivoting through privacy proxies, and using armies of infected hosts to send out their attacks. These infected hosts are the ones whose addresses show up in your logs.

Assuming that because these addresses are Chinese means that the Chinese state is behind attacks is faulty logic. There is no reason why the Chinese state hackers (if they exist … although it is almost certain they do) would use Chinese addresses to attack from; they are more likely to be using addresses from the US, Europe, South America, etc. If anything, attacks coming from Chinese addresses indicate :-

  1. Private sector hacking (which is the majority)
  2. Attacks from state groups other than China.

It may well be that China is engaged in industrial scale cyber espionage; it may also be that what people assume are Chinese attacks are in fact other states. After all cyber espionage is probably one of the cheapest ways to get involved; within the means of even the smallest and poorest states.

Nov 062009
 

If I were close to someone who had been killed in action in Afghanistan, which would I rather receive ? A handwritten letter in poor handwriting and numerous misspellings ? Or a carefully worded letter, computer printed with a signature at the bottom.

Obviously I would rather receive neither – I would rather than someone close to me were still alive. But given the choice between the two letters, I would rather receive the handwritten one with misspellings and poor handwriting. A properly crafted letter that is computer printed is far less personal, and the wording is likely to be very bland. It would also feel like it was a form letter sent to everyone.

As for the poor handwriting and misspellings, a sensible person would not draw attention to that. There are often reasons why someone has poor spelling – for instance dyslexia. And someone with poor eyesight who probably relatively rarely writes by hand is likely to have poor handwriting.

Jul 252009
 

Sometimes I really do not understand some comments that crop up from time to time in the media. Apparently there are many people who do not understand why we are fighting a war in Afghanistan.

Well I guess some people are so dumb they need reminding to keep breathing.

Or are so uninterested in what is going on that they never listen to media discussions on the war.

It is not as if the reasons have not been discussed many times. And it is not as if the aims are particularly difficult to understand – we’re there to establish a stable government that is not going to let Afghanistan be used as a solid base for terrorism. Sure, things start to get a little more detailed and confused when you dig down into more precisely how that will be done especially when combating the opium/heroin trade gets mixed in.

The terrorists in Afghanistan use the heroin trade to raise funds for their activities, so it is perfectly reasonable to try to stop the funds, but it needs to be done in such a way that it does not irritate the opium farmers whose livelihood depends on the trade. As I have suggested before, the simplest way of dealing with this, is to simply buy the opium for a fair price ourselves.

So the next time someone complains that they do not know why we are fighting in Afghanistan, remember that whilst it is perfectly reasonable to object to the war for all sorts of reasons, objecting because you do not understand the aims is just indefensible.