The site uses cookies that you may not want. Continued use means acceptance. For more information see our privacy policy.

Ukraine Shoved West

Vladimir Putin’s Russian Federation insists that Ukraine become a modern economy while the Russian Federation must continue to stagnate.

The Russian Federation is in the midst of a controversial annexation of the Crimean Peninsula from the Ukraine. And with that, Ukraine is being driven into the West. The Russian Federation’s de facto leader, President Vladimir Putin, instigated the annexation following the ouster of former Ukrainian president Viktor Yanukovych.

Are we in store for a new ice age, of the political kind? The facts on the ground in the Russian Federation made this sort of move inevitable. Lack of economic modernization both in Russian Federation and in the Eastern Ukraine, particularly Crimea, have long had the Ukraine treated as a modern-day, softer-split Germany. Like a child in the midst of a heated divorce and custody dispute between Russian Federation and the West.

Now, the bulk of the Ukraine moves west into what will undoubtedly be greater economic prosperity. The result will likely be a reunion with Crimea in the decades to come, as they see the prosperity to their north.

That differs from, say, North Korea, in that the people there cannot see the prosperity they are being denied so clearly. They must blend the dictator’s words and power with the glimpses of the outside. But for Crimea, which will likely retain stable relations with the Ukraine after tensions settle, the picture will be not just in their browsers and phones and televisions, but out their window.

To be clear, the greatest thing that Putin could do, should have done, is to work to modernize the Russian Federation economically. His failure to do so has led to this awful circumstance of now cooling out his entire Western border. This will only stall out the progress of the Russian Federation further. It will be like the United States eight years under leadership that was ineffective at first, then economically destructive at last.

One day Russian Federation itself will decide to turn itself around. Not under Putin, it appears. We can only hope they come to their senses before too much social and economic damage is done across the globe.

To be clear, economic modernization means chiefly diversity of business. Relying heavily on, e.g., extraction and sale of natural resources, is an ineffective strategy. It depends too heavily on a single outlook, blinding the countries and regions that are resource-heavy from other opportunities. No, diversity of business is essential to all regions’ economic health.

Practically every country that relies on resource exportation is authoritarian in nature. Because when you run only one simple national business model, you do not require the sort of culture of excellence that requires cooperation and innovation. But the people of every country have excellence in their hearts, denied by the revulsion of the leadership to diversity of business.

Diversity takes time, and it does not have the same psychological benefits of simple resource extraction. It is a long-term strategy that devalues the immediate gains in favor of holistic and qualitative measures.

But just like evolution, in time the diverse models win out. In ten, twenty years, will Crimea not look north, see the diversity, and seek to join it? How could they not?

Cyber Fisticuffs

A rough look at some of the cybersecurity issues mentioned by SecDef recently.

You can read a transcript of Secretary of Defense Leon Panetta’s remarks: News Transcript: 11 October 2012: Remarks by Secretary Panetta on Cybersecurity to the Business Executives for National Security, New York City. I will be quoting from that document in this post.

I know that when people think of cybersecurity today, they worry about hackers and criminals who prowl the Internet, steal people’s identities, steal sensitive business information, steal even national security secrets. Those threats are real and they exist today.

Right. But we aren’t securing against them. When SSN (Social Security Number) as an authenticator became readily stolen, the fix was to have organizations using it as a mere identifier stop doing so. But it’s still used for both authentication and authorization! It’s ludicrous. They haven’t fixed the problem, and, instead, we have a new “identity protection” industry that tries to paper security over the cracks.

There was a recent story (Slashdot: 9 September, 2012: It’s Easy to Steal Identities (Of Corporations)) showing the same sort of problem for business identities.

I can’t even instantly authenticate the remarks of the Secretary of Defense (sure, I could pull up video footage and see if it matches the transcript, but that’s time consuming). Forget about getting cryptographic proof that the police car pulling you over isn’t someone driving a replica, wearing a Halloween costume.

And the convenience of classified documents drastically undercuts both transparency and security. We, the public, should have a bulk of the currently classified documents in our hands, with only the properly compartmentalized information anonymized. That’s a basic tenet of governance by the people: that we have oversight to the extent that is technologically feasible.

The clearances rely upon anecdotal evidence and proven-invalid nerve-o-meters (“lie detectors”).

In recent weeks, as many of you know, some large U.S. financial institutions were hit by so-called Distributed Denial of Service attacks. These attacks delayed or disrupted services on customer websites. While this kind of tactic isn’t new, the scale and speed with which it happened was unprecedented.

DDoS attacks are a general problem, which can be grossly undermined through service federation. That is, just as the military does not have one giant installation, a service can be fragmented so that a DDoS attack becomes much less feasible. It would require attacking many services simultaneously, which requires far more attack bandwidth.

This is an example of a case where businesses that are interested in monopolizing in various ways (usually with an eye toward exclusive access to customer data, for resale and/or mining) are fundamentally at odds with best security practices and with consumer interests.

But even more alarming is an attack that happened two months ago when a very sophisticated virus called Shamoon infected computers in the Saudi Arabian State Oil Company Aramco. Shamoon included a routine called a ‘wiper’, coded to self-execute. This routine replaced crucial systems files with an image of a burning U.S. flag. But it also put additional garbage data that overwrote all the real data on the machine. More than 30,000 computers that it infected were rendered useless and had to be replaced. It virtually destroyed 30,000 computers.

Without knowing the specific vector this attack used, it’s hard to speculate on the best remedy. It probably involves the use of thin clients (or possibly a hybrid where the thin client is run atop virtualization using a copy of the data saved to a separate drive in a revision control system) and proper backups. But that’s without looking at the specific vector, which might be easier to fix than changing infrastructure over.

One thing seems likely, that insider knowledge was used in such an attack. Which goes back to compartmentalization of sensitive data.

They are targeting the computer control systems that operate chemical, electricity and water plants and those that guide transportation throughout this country.

And if those facilities are proper, the most they should get is data that is public knowledge and nothing more. We’re talking about a man who has spent his entire professional career knowing the security measures surrounding nuclear weapons. Yet suddenly it’s like he can’t remember that a hardened protocol is feasible. That or the nuclear security is far weaker than it should be, or relies far more on snake oil (like the aforementioned stress detectors) than it ought.

You get to a point where you recognize that true cyber security relies on a hell of a lot more than letting a few smart folks at NSA or DoD play WarGames against other nations and shadowy groups of organized criminals. It relies much more on rewiring our outlook on the Internet, to one where things like federated services are the norm, because of the security federation affords.

It relies on having distributed digital payment systems that aren’t reliant on a few choke points. The ability to escrow small amounts for various new service models which fees make impossible today.

Distributed login/credential systems that mean that Facebook and Google don’t own you, and that you can sign up for the latest service or manage your account without a headache. But they also mean the job of attackers just got harder, as they can’t exploit one hole in one monolith to topple a large swath of business.

I am not at all confident in our capacities to guard against cyber attacks if we are unwilling to look at the whole system and recognize that we may have to dismantle some monopolies and disarm some business models. The notion of winning fights one-handed is not how free nations operate.

Threat elimination does not only mean murdering the threat. More often it means rendering the vector itself innocuous.

The Ongoing War on Stupid Government

So why call it a coming war on general computing when it’s really an ongoing war against stupid governance? That’s what we’ve got on our hands. Some have called it an information war. At its heart, it’s all just economics.

The web’s been talking about a talk given by Cory Doctorow titled The Coming War on General Purpose Computing. It’s an interesting idea; summarizing:

The DMCA and SOPA are the first shots of a larger battle to revoke and keep Turing-complete computers out of the hands of the average person.

The talk (54 minutes, embedded in the link above) elaborates on that premise, discussing at times trusted computing, 3D printing of sex toys, and some of the history like the infamous Sony Rootkit.

But it also doesn’t try to paint the target too big. There is plenty of discussion about how actually implementing an appliance to replace general computing will be riddled with problems. So the talk is warning more of the coming actions by governments and corporations to try to do something stupid. Which doesn’t seem different than the status quo.

Today we have governments that try (as Doctorow points out) to declare war on a small set of mostly harmless chemical compounds (ie, illegal drugs) with very little success. Today we have governments that make people suspend disbelief when boarding airplanes that have very little chance of calamity either intentional (ie, terrorism) or unintentional. And we have governments that try to ban incandescent bulbs rather than stop subsidizing energy.

So why call it a coming war on general computing when it’s really an ongoing war against stupid governance? That’s what we’ve got on our hands. Some have called it an information war. At its heart, it’s all just economics.

Regarding the incandescent bulbs, I’m in favor of moving toward more efficient solutions. But the way you encourage efficiency is two-fold:

  1. Let the economic factors obtain
  2. Encourage an emotional desire to be efficient

That’s how advertisers work, after all.  They tout the low price and try to draw on emotional desire.  The notion that the government should simply ban bottled water and plastic bags is just as insane as the notion that governments should pass SOPA, but people seem to ignore the fallacy of the trap when they’re supposed to catch the creatures they oppose.

In fact, there ought to be a ban on believing bans are effective!  I’m writing my congresscritter, who will reply about appreciating my input on this important matter.  The distortion of government is that the conservatives think it’s possible but economically dangerous to place bans on businesses.  They think it’s perfectly acceptable to ban gay rights, and the rights of women.  The same distortion happens with the liberals, but there it’s a ban on driving without a seatbelt, or it’s a ban on incandescent bulbs without the economics to back it up.

It may be the poison of game theory at work.  The prisoner’s dilemma is that both men can have a little pain if they keep silent, but both tend to rat and get maximum pain.  That seems to be the order of the day: instead of believing that their colleagues want good outcomes and are willing to find a good way to get them, the congresscritters simply revert to game theory on any given issue, which maximizes pain.

But if they try to attack general purpose computing, they will simply strike another blow against themselves, as they have in the war on drugs and war on terror.  Every kid will be telling his friends how to bypass the checksums.  Football Mothers will pass on the goods on how to regain control of the shopping carts and vans and stoves.  Fathers will have their daughters hack their wristwatches.  And so on.

Let’s talk about counterfeiting.  For years the major denominations of major currencies have had what’s called the EURion constellation on them.  It’s a particular configuration of dots, meant to tell scanners not to process the image if detected. It’s one among several heuristics that may be used, but none of them are effective if the person is dead set on scanning the bill.  They can simply cover the majority of the bill and scan it in very small patches, bypassing any sort of check.

And that’s the whole point of how dumb the war on GPC would end up being.  It would come down to a mixture of both technological and simple hacks to get devices to keep on doing what they have always been able to do.  Simple hacks like covering up most of a document to hide the intention would prevail for single-purpose uses.  The use of more traditional exploits, which have been employed against computers for decades, would prevail to jailbreak the devices.

There would also be a ton of old GPCs sitting around, ready to be used, not to mention new micro GPCs that would be created by bootleggers hacking up the trusted appliances.

The fact that the trusted appliances would still run arbitrary code based on user inputs (eg, general purpose calculators would still be included on the TPCs) would probably even mean that something akin to the acoustic couplers would be developed.  Acoustic couplers were used to let computers make data connections via a wired telephone’s handset.  The handset was removed from the cradle and placed on the coupler, with the speakers and the microphones of both the coupler and handset at opposite ends.

So, if you had an old, shoddy GPC and a new, shiny TPC, there would probably be some hacked way of interfacing the old with the new, letting the former control the latter, to its own ends.  Crazy dreams of using the output of simple image manipulations or error codes in response to malformed requests.  As we’ve seen with the history of computing, the combinations are too novel to entirely anticipate.

The biggest problem is that the universe functions on information.  That’s why stupid government doesn’t stand a chance.  The schemes to bottle information up inevitably lead to imbalances that inevitably lead to topplings.  It may take time, and it may be painful, but stupid government is doomed.  The tragedy is that stupid government does tend to be too stupid to recognize that fact.  Historically it had to fail outright, rather than be fixed.

The question for stupid government is whether the underpinnings in the Constitution are still smart enough to allow for a transition rather than a revolution.

I believe they are.  The economic drive that leads congresscritters to dare to stoop where men have stupided before also holds the key to their (and our) salvation.  The progress of technology will make clean energy cheaper despite the best efforts of dirty energy to stay cheap.  The progress of technology in education will make smart citizens despite the best efforts of church and state to keep them ignorant.

Bad ideas and stupid government are birds of a feather.  The rise of LCD monitors over CRT monitors is one of many good examples of superior technology dominating.  It’s long been the case that the higher cost of a LCD was offset by the lower cost of its energy use if used for a decent time per day, and it’s been at least a half-decade that LCDs have outpaced CRTs in sales.  While there are still CRTs in the wild, waiting to be replaced, their existence is due to inertia rather than any sort of sound business need.

The stupid governments sit atop sandstone, which erodes irregularly.  It has a constant erosion rate at the deepest levels, but an uncertain collapse rate.  We’ve seen the sudden collapse start in 2011 in a variety of countries.  It may take another decade for the larger systems (as those of the EU, USA, China, and Russia) reach their rebirths, but they are coming.  And the war on GPC?  It has as much chance as the CRT did.