Category Archives: Uncategorized

Review: Spirits of Place

I’ve just finished reading Spirits of Place, edited by John Reppion, the Daily Grail-published collection of writings on place, narrative, history and spirit. I was not disappointed.

Reppion opened by – among other things – describing an event of the same name he organized earlier in 2016 hosted on the same site as a degraded Neolithic tomb. The event itself raised sacred space in spectacular fashion and is, perhaps, a lesson and charge for the coming year without the participants having known just how stark it feels. As Reppion states, “To create a space that is emphatically ‘anti-racist, anti-fascist, anti-sexist’ on the grounds of so malevolent an enterprise and to fill it with events for young people does seem redemptive. Yet to perform in such a space can never be lighthearted.”

There’s a bit too much to unpack in a proper review – the collection is part essay grouping, part philosophical studies journal, part occult newsletter – but the essays in each case stand proudly for themselves with each raising their own space. Whether it’s Gazelle Amber Valentine talking idenity, Warren Ellis writing on radio signal as bomb blast radius, Maria J. Perez Cuervo illustrating the process of secret, dangerous and necessary libraries growing seemingly of their own magnetism or Vajra Chandrasekera on fascism, nationalism and grief, the contents are topical and fascinating and juggle between dreamily speculative and heartbreakingly eloquent. Chandrasekera’s contribution in particular felt crucial and grounding, setting the tone almost as clearly as Reppion’s introduction:

In our periodic riots, Sinhala mobs in search of Tamil or Muslim people to assault but still unable to identify them on sight (because we all pretty much look the same) would demand that potential targets perform their Sinhala-ness or Buddhist-ness with shibboleths: pronouncing particular words to test for accents, or reciting Buddhist prayers that people of other religions were unlikely to know. For example, the ඉතිපිසෝ, which in a great irony is a recitation of the virtues of the Buddha, probably including suitably incongruous things like kindness and compassion. I say probably even though I know it by heart (I suspect my not-particularly-pious parents insisted on me learning these prayers by memory in anticipation of future riots) because the prayer is in Pali, not Sinhala, and I’ve long since forgotten what the words mean: to me, it’s just a string of sounds that represent thuggish fanaticism.

With my breath fully taken away by lines like:

Grief is a nation, like the dead are a nation. These are the nationalisms I can get behind.

I name only a few here not to suggest they held themselves over the rest, but precisely because I could go on and on about the other writers included and so bore you to death and draw my review out to outlandish and unhelpful proportions.

I do want to single out the piece by Damien Patrick Williams, one of the primary reasons I picked up this book (along with the topic itself and work by luminaries like Ellis and Alan Moore). In addition to being a friend, Williams has been quoted in WIRED magazine and interviewed on the Flashforward and Mindful Cyborg podcasts on the intersection between magic and technology, one of my primary interests. His contribution to this book excelled my expectations as it seamlessly covered biographical explanation, philosophical exploration, virtual space and place, mythology and psychology. He covers two more of my favorite topics, ravens and synchronicities, and pulls apart the phenomenons of my experience masterfully:

But the concept structure of ritual space can be applied to any time or place which, for reasons of mentality and mood, must be set apart. In sociological and trauma studies, we discuss this idea in terms of “safe spaces”; in martial arts, we have the dojo; in magic, the drawing of the circle. In all of these instances, we use words, or a knife, or chalk, or a song, and we carve out something sacred from within the profane, and the 1990s Internet was pretty much a perfect expression of this. The complex protocols to log-in, the aforementioned terminology and conceptual framing, all of it conjured an intentional Otherness of place and mind.

The ever-magical Alan Moore closes out the collection with a fantastic and thoroughly electrifying piece that serves, as Reppion laments not doing with the actual event in April, as a closing ritual for the book. And as many of the other pieces do, spiraling ever outward from Reppion’s convocation, Moore’s entry exists in a sort of trifold space; it covers the past, it applies to the present, and reaches out to the future with a mystical, speculative beckoning:

Everywhere the grind and rumble of epochal gears, the flat stones of Satanic mills as they commence to turn. A creaking at the limits, at the edge of our condition, a raw frontier of our lust and fear and capability.

The topics truly covered across the book are legion; if your interests cover anything around philosophy, place, folklore, magic, immediate urban experience, history and future of politics, this book will absolutely have something for you. My suggestion: seek the book out, raise your own space, read it and proceed from there. It’s easily one of my favorite books of 2016.

Thinking Machines Thinking Of Machining Us

(This is the featured meat of this week’s newsletter, which just went out. If you want to subscribe you can find it here.)

 

Thinking about artificial intelligences a lot lately. Our thinking about machine thinking feels like it’s matured significantly over the past six months or year, entered a new phase. Most of the conversation seemed stuck for a while on fears like Bostrom’s paperclip maximizer – the idea that an AI programmed even to a trivial task could be dangerous because it thinks machinistically. That, programmed to create paperclips, an AI would consider humans detrimental to its programming because they might unplug it, and also humans are made up of a lot of atoms that could be better served assembled into more paperclips. The logical issues with overblown fears like the paperclip maximizer are astounding – first and foremost, it pretends we can think non-biologically about how an AI will approach biology, or really any task. The argument invalidates itself by wrapping around the idea that we can in no way conceive of how AI will “think.” But, apparently, we can know enough to be afraid of it. In fact, we can guess enough about its possible thought processes to consider it an existential threat, according to Bostrom!

The idea that non-biological intelligences will “think” in ways totally alien to us is not new, but I’ve seen it explored a lot more lately, and with a lot more depth. It’s entering more conversations about AI in general and our interactions with it in particular. Take AlphaGo, for instance – Google’s deep learning program devoted to playing the board game Go. AlphaGo’s faced four matches with the second best Go player in the world, winning the first three (the fifth has yet to be played). The ability to watch and analyze in detail human-AI interaction can produce some astounding insights, and in this case seems to point to an entirely new way to approach Go gameplay.


Delving into the idea of nonbiological artificial intelligence in a different way is Injection, a comic written by Warren Ellis with stunningly beautiful art by Declan Shalvey and Jordie Bellaire. Injection’s relatively new – issue 8 comes out this week – but quickly becoming a favorite comic of mine thanks both to the art and the wonderful ways in which Ellis intertwines things like technology, philosophy and folklore. It involves a crossdiscipline team of varied experts including Brigid Roth, a hacker and programming phenomenon who, well, had a bit of fun with the Turing Test…


Injection goes much, much deeper into the issue of machine intelligence, in fascinating ways. And I’m excited to see where Ellis takes it, especially given the richer environment. We might be ready for this conversation. We might. Injection approaches it in a great way, though – through a lens not necessarily but not unlike horror. And as Eugene Thacker (who I talked about in the last issue of this newsletter) states, horror is a way to think about the unthinkable, a way to process past what might be the limit of human thought. Using horror to approach nonbiological intelligence – a form and function of “thought” that we cannot comprehend – is nothing short of perfect, a sort of speculative machine intelligence metacognition.

Encryption is Math, not Politics

Just sent out issue 2 of the Neurovagrant Newsletter, containing this and more.

 

Last week security researcher Chris Vickery uncovered a massively insecure database belonging to the Hello Kitty line of products – which include a number of online components. Vickery found that the details of some 3.3 million accounts could be accessed including real name, gender, country of origin, password and birthday. Even more troubling is the fact that most of these accounts likely belong to children – and coming so quickly in the wake of the VTech toymaker hack in which four million parent accounts and six million child profiles were compromised, it should cause each parent about to buy an internet-connected toy some pause.

Vickery wasn’t done there. That week he “was on a rampage, reporting data breaches for companies and services like MacKeeper, security vendor for Macs (13 million accounts); OkHello, video chat app (2.6 million accounts); Slingo, online gaming site (2.5 million accounts); iFit, fitness app (576,000 accounts); Vixlet, social network (377,000 accounts); California Virtual Academies, online school network (74,000 accounts); and Hzone, dating app for HIV patients (5,027 accounts).”

On Thursday Juniper Networks announced that its Virtual Private Network operating system ScreenOS had been compromised for at least the last four years. Juniper is a giant in the VPN business, which allow you to do things like access work networks from outside the office or protect your internet traffic from those seeking to intercept it. It appears two separate backdoors were installed into ScreenOS including one that utilized a cryptographic algorithm known to have been weakened at the direction of the National Security Agency – dual_ec_drbg. Attackers took advantage of engineered weaknesses to intercept the traffic of Juniper clients. To what extent is not yet known, but again: the backdoor had been present for the past four years.

Enter most of the 2016 presidential candidates. The entirety of the GOP candidates appear to be “against encryption” – a laughably simple argument considering encryption powers just about every bit of commerce and civic life we’re involved in. Encryption safeguards your card information when you purchase something on the internet but also when you use a card in-store; the point-of-sale machine connects to a payment processor, and when the encryption and/or segmentation there fails we see retail store POS breaches like Target or the processor-side TJX/Heartland breach. A strong economy relies on strong encryption. So does a strong healthcare system – healthcare breaches constitute the lion’s share of breaches in the past several years. Strong government itself relies on strong encryption. The OPM hackof this year shows us that. Not only did attackers gain an incredible data trove on law enforcement, intelligence and military members but having extended access to the database raises the specter of information being added, allowing deep infiltration of important institutions.

The encryption debate – often termed The Crypto Wars by those involved – popped up repeatedly since we became an information-heavy society. The latest round of Crypto Wars all but ended earlier this year in a resounding defeat for those seeking weaker encryption thanks to a strong, universal agreement among security experts that installing system backdoors cannot be done without weakening the system to other attackers. We cannot produce a golden key that only allows authorized access. Backdoors are by definition security vulnerabilities. Encryption in the sense we talk about it whether we’re talking about credit card payment systems or messaging apps is a form of mathematics. When we talk about algorithms we’re not talking about some kind of arcane code but rather mathematical formulas. A formula is a relationship. The right relationships between variables can do things like create nearly-unguessable random number sequences. Tweak that relationship even a little bit – as was done with dual_ec_drbg mentioned above – and you instantly change the formula in huge ways, sometimes drastically reducing the amount of computer power/time needed to work out what numbers the formula is going to produce.

This is a vast simplification of the math involved – but it is math. No amount of magical thinking or politicking will change the fact that encryption is, at is core, a mathematical problem. And unlike statistics shenanigans politicians are used to playing when it comes to polling these numbers don’t bend.

The Crypto-Wars reignited after the Paris attacks. Oddly so, since there’s not one iota of evidence that attackers used encryption. FBI Director Comey continues to make statements in his interest about terrorists using encryption and those statements continue to be disproven as investigations move forward and we learn more details. Statements like “their phones included encryption” are disingenuous at best – all modern cellphones include encryption of various sorts. The authorities depend on vague and unprovable statements and emotion to sway public opinion while information security experts have issued a resounding opinion: you cannot build a backdoor that no one else can exploit.

Hillary Clinton has called for a “Manhattan Project” in order to help law enforcement break into encrypted communications while leaving them secure and this is as doomed a project as that of any Republican. The comparison to the original Manhattan Project is an immediate failure: they were working with the physics, Hillary wants experts to work against the math. Mathematics is not an issue you can legislate or threaten your way out of, something the Catholic Church learned the hard way ages ago. Tweak the smallest parameter in an algorithmic relationship and you put at risk anything in that system – financial access, health data, intelligence agent backgrounds and their biometrics.

In crypto even more than in politics, we ignore the numbers at our peril.

Errata: Linux 0day, Blockchain stock sales, Diffie-Hellman hardening, Schoolgirls, OPM, Pixel-C

Hector Marco: Back to 28: Grub2 Authentication 0-DayBunch of Linux distros apparently launch into rescue shell when you hit backspace 28 times at Grub (bypassing authentication). Are you kidding me with this?

Engadget via pi8you: Bitcoin tech approved as a way to issue shares – “[Overstock] built its own crypto-currency tech via a subsidiary called T0 (T-Zero), and uses open-source Colored Coins to issue stock in the form of “blockchains,” a type of electronic ledger.” – Rumor is that Overstock lost a boatload of money integrating bitcoin into their sales platform. Wonder if this is doubling down on a bad bet.

Farsight Security: Hardening Encrypted Communications Against Diffie-Helman Precomputation AttacksGreat primer on strengths and weaknesses of current encryption schemes and applying that knowledge to your own servers.

Motherboard: What the Hell Is Up with This Homicidal Japanese Schoolgirl Simulator? – “I still got busted though. I guess I forgot to get rid of the bloody clothes. One day, I’ll figure out how to get off clean, and then it will be just me and the boy I like. Senpai will be mine.”

Milton Security: New report shows extent of OPM failure in breach – “The OPM inspector general has found that in OPM’s haste to set up protection services, the agreement with CSID violated federal contracting regulations. OPM did not provide a full scope of work, they failed to do enough market research, they had an incomplete acquisition plan, and exceeded dollar limits on blanket agreements.” – Definition of omnishambles.

TNW: Google’s AMA for the Pixel C went sideways as Redditors exposed its flaws – “When Redditors weren’t taking the Googlers to task for the Pixel C’s lack of stylus, not packaging the keyboard with the device or Android’s lack of split-screen functionality, they were going hard about SD Card support and its price point.” – Kind of disappointed in the Pixel C in the sense that Google seems to have fallen to thinking “If we build the hardware, they will come” and little else.

Books Finished So Far This Year

Keeping a running list in Evernote, figured I might as well share it here. Have been pleasantly surprised by the quality of the reads so far. Heavier than usual on fiction – usually I read more nonfiction but had started the year out vowing to change that balance a bit. No idea what’ll end up finished next on the list, as I tend to read about six books at once.

1 1/12/15 Great World Religions: Hinduism, Mark Muesse (lectures)

2 1/14/15 Brave New Now, ed by Liam Young

3 1/18/15 The Making of the Atomic Bomb, Richard Rhodes

4 2/14/15 The Decline and Fall of Rome, Thomas Madden (lectures)

5 3/4/15 Atomic Accidents, James Mahaffey

6 3/25/15 A User’s Guide to the Millennium, JG Ballard

7 4/9/15 Night Shift Stephen King (re-read)

8 4/18/15 Cyber War Will Not Take Place, Thomas Rid

9 4/24/15 The Atrocity Archives, Charles Stross

10 4/27/15 Point Omega, Don Delillo

11 5/4/15 The Crystal World, JG Ballard

12 5/15/15 Chaos, James Gleick (reread)

13 6/23/15 CUNNING PLANS, Warren Ellis

14 6/30/15 The Whiskey Rebellion, William Hogeland

15 7/29/15 Countdown to Zero Day, Kim Zetter

16 8/3/15 Nexus, Ramez Naam

A Few Recommended News Sources

Have had a few people recently ask me where I get my news online – specifically, general news/current events rather than just tech and security stuff. Despite my thoroughly biased viewpoint on things, I try to cast a pretty wide net when it comes to reading news and analysis so that I don’t go into things half-cocked. This does not include Fox News Channel – though I do go to some of their analysts outside of the network for less melodramatic, more professional viewpoints.

Truth be told, one of my biggest sources is twitter – where I can very consciously curate what my feed shows in order to get a broad but high-quality news stream. However, that’s a beast for a different time.

I use Feedly to read most of my web-based news; just pop the RSS feed into feedly and it collects new posts for me. And this is by no means an all-inclusive list – I average between 50 and 120 subscriptions in my RSS reader depending on how overworked I’m feeling. Take these as highlights/important nodes. Also keep in mind I rely heavily on podcasts, which you can find here: Current Podcast Subscriptions.

News in general:

The Guardian – UK-based newspaper that does excellent journalism. Originally broke the Snowden leaks, among other stories.

Wall Street Journal – Heresy for a liberal to favor the Wall Street Journal over the New York Times, but I do – I prefer their reporting, as long as I stay away from the editorial page.

Washington Post – More and more lately I’ve found myself at the Washington Post lately reading great articles.

The Daily Beast – can get a little click-baity but it’s had some good natsec/foreign policy work lately, especially from Shane Harris and Noah Shachtman.

The Intercept – The Intercept is a new media project fronted by Glenn Greenwald (who broke the Snowden story) and Jeremy Scahill among other journalists, and largely paid for by Ebay magnate Pierre Omidyar. Very, very biased – delights in reporting on NSA leaks, anything embarrassing to the US. Gets tiring after a while but they can have good stuff.

Five Thirty-Eight – Data geeks doing amazing work on sports, politics and other top stories.

Vice – They like to be a little too edgy just for the purpose of being edgy, but they’ve also put reporters in places no one else would – like smack in the middle of IS territory in Syria.

National Security: Lawfare – an INCREDIBLE source for good, deep thinking on natsec issues on both sides of the aisle.

20 Committee – Former NSA analyst and naval war college professor of national security affairs John Schindler. Very right-of-center. I disagree with him on so very many topics, but he’s a good, intelligent, important read.

Information Security: Schneier on Security – Crypto expert Bruce Schneier on hacks, attacks and security – lots of analysis of NSA leaks, critical of mass surveillance from a technical perspective, very smart.

Legal: The Volokh Conspiracy – Volokh is one of the oldest, best-loved law blogs on the web. Really intricate legal thinking from many perspectives, and often multiple perspectives on the same issue – authors regularly disagree with each other in subsequent posts and fight it out.

Technology: Motherboard – a Vice subset does great work with tech.

Emergent Futures – well-curated tumblr with really good, next-level future-tech info

Security and Technology Briefs: Augmentation Sec, OPM, Hospitals, Kaspersky

Author Ramez Naam delivers a great talk at Google on technological augmentations coming very quickly down the pipe, including some thoughts on the security of those augmentations and some worst-case scenarios. (YouTube)

Analyst John Schindler on the scary scope of the federal human resources hack at the Office of Personnel Management. (article)

Security Ledger on how devices like x-rays make hospital networks more insecure. (article)

Eugene Kaspersky in Forbes on being compromised and then catching it. (article)

A great episode of the Loopcast podcast regarding online jihadi activity in forums and social networks, “A History of Jihobbyism.” (audio at link)

Lifehacker shows how to hide the stupid “Get Windows 10” icon that won’t leave my taskbar. (article)