Another Word For It Patrick Durusau on Topic Maps and Semantic Diversity

May 29, 2020

Whitesplaining and Mansplaining: An Example

Filed under: Feminism,Protests — Patrick Durusau @ 7:36 pm

I was blocked by @LadyMenopause at the end of this exchange, so what follows are my views on “whitesplaining” and “mansplaining,” not hers.

Twitter Exchange, @LadyMenopause and @PatrickDurusau, May 28, 2020.

After sleeping on it, I think my posts were guilty of both “whitesplaining” and “mansplaining,” but have no idea what prompted @LadyMenopause’s response.

As far as “mansplaining,” the tweet that prompted by response by @LadyMenopause was not about protest tactics, targeting, the best ways to engage oppressors or anything of the sort. (I really need to start archiving my timeline.) So my initial response, suggesting better targeting for Republican majority areas, was off-topic and hijacking her thread, for a topic of no evidence interest to her.

Another aspect of “mansplaining” was my dismissal of her view of Republican areas as guarded by “rednecks with all their artillery in front of them….” Whatever I or you may think about that view of Republican areas in Minneapolis, it is her view. I continued to err in treating the topic as one about tactics and strategies, which were not her focus.

On “whitesplaining,” I am a child of a violent white culture and assume that resources and tactics can be whistled up with little or no difficulty. My perspective also does not account for members of the Black community, their hopes and desires, to say nothing of their interest (or lack thereof) in wading in their oppressors blood. Unlike some white people, I don’t think I can evaluate or even properly consider the hopes and desires of the Black community. To suggestion action anyway, is a form of “whitesplaining.”

I’m utterly convinced that Black people, women, and others have been, are and likely will be oppressed by the white male capitalist patriarchy. I have had no doubts on that score for decades. I try to not speak the language of the Empire but as you can see, I can and do fail. Apologies to anyone who was offended and should you be called out for either “mansplaining” or “whitesplaining,” perhaps this will be a good starting point to discover your error.

PS: When you see me falling into “mansplaining” or “whitesplaining,” I’d appreciate a comment, here or on Twitter. Thanks!

May 5, 2020

Six Degrees of Corona – McConnell Edition

Filed under: Politics,Social Networks,Weaponize Data,Weaponized Open Data — Patrick Durusau @ 7:08 pm

This post is an extension of Six Degrees of Corona (New OSINT Game) which you should read first.

Six Degrees of Corona – Mitch McConnell Edition

You know the gist of the game from its similarity to six degrees of Kevin Bacon, but where would you find information for McConnell? He has no known movie credits for constructing degrees of separation.

That’s easy enough to fix. Let’s do a short list and see what others add to it:

  1. Mitch McConnell, U.S. Senator from Kentucky – McConnell’s official website. Lots of data on him and people around him. Could do a lot worse as a starting point.
  2. Federal Election Commission – You are looking for major donors, the larger the better. $20 will get you a seat to see McConnell walking away from you. I’d discard anything less than $1K.
  3. Kentucky newspapers (by circulation): The Courier-Journal, Lexington Herald-Leader, Owensboro Messenger-Inquirer, Bowling Green Daily News, and, Ashland Independent. All of these will carry news about who met with McConnell, where McConnell appears at during campaigns, fund raisers, etc. (Think co-occurrence searches.)
  4. Campaign events, photograph everyone on stage but also support personnel, who come and go without even being seen. Run image recognition on your photos.

Other sources? Put your thinking hats on!

BTW, I should mention that completing your Six Degrees of Corona – Mitch McConnell edition by reducing the degrees of separation, say by becoming a waiter or busser is cheating. Complete the six degrees of separation.

May 4, 2020

Six Degrees of Corona (New OSINT Game)

Most of you have heard of “six degrees of Kevin Bacon,”

The game, which celebrates its 20th anniversary this year, requires players to link celebrities to Bacon, in as few steps as possible, via the movies they have in common. The more odd or random the celebrity, the better. For example, O.J. Simpson was in “The Naked Gun 33⅓” with Olympia Dukakis, who was in “Picture Perfect” with Kevin Bacon.

Kevin Bacon on ‘Six Degrees’ game: ‘I was horrified’ by Brandon Griggs. March 12, 2014.

The more general case, “six degrees of separation” between any two people in the world is usually shown as:

Generic Six Degress of Separation Diagram

Kevin Bacon is interesting for trivia purposes but he returns only 49K mentions on Twitter today. Compare President Trump grosses ~3.2 million and Joe Biden at ~2.6 million (both exact phrases so didn’t capture nicknames or obcenities).

To make an OSINT game, who are the people you can identify with either Donald Trump or Joe Biden? Those go between #5 and #6, then proceeding from them, who should go between #4 and #5? As you proceed right to left, it requires more digging to fish up people who can provide the bridge.

You will need all your OSINT skills as you compete against others to find the best path to people more popular, or should I say more notorious than Kevin Bacon?

Here are two templates, depending upon your political persuasion to get you started with the Six Degrees of Corona:

Six Degrees of Corona – Trump version.

Six Degrees of Corona – Biden version

Some wag is going to gift us with their deep legal knowledge to proclaim that intentional transmission of a disease is illegal. It’s also a violation of the Biological Weapons Convention. It’s also likely a battery (civil and criminal) in most jurisdictions. None of which is relevant to an OSINT game to sharpen your skills. The choices of images (you can supply your own) is only a matter of motivation.

Feel free to circulate these images or to create your own Six Degrees of Corona OSINT game, substituting other images as you deem appropriate.

PS: My money is on Jared being #5 for Trump. No data science for that opinion but he reeks of the closeness that would transmit most diseases.

May 2, 2020

Michigan: Cosplayers Come In Out Of Rain

Filed under: #DAPL,Politics,Protests — Patrick Durusau @ 4:47 pm

Protest in Michigan answers a lingering question from the 20th century, do ignorant white cosplayers do have enough sense to come in out of the rain?

One of the more popular images from protests at the Michagan State House seems to support the “storming” of the building by armed white folks.

Cosplayer in out of the rain.

The “storming” narrative is sweeping social media, driven by people who are soliciting your money, either now or soon. The problem is none, repeat none of the “storming” narratives is true. They are completely and utterly false! NBC captures what happened in a single paragraph:

As the protests moved indoors from the rainy steps of the Capitol, police took the temperatures of those entering the building using forehead thermometers, according to NBC affiliate WOOD of Grand Rapids.

Hundreds of protesters, some carrying guns in the state Capitol, demonstrate against Michigan’s emergency measures April 30, 2020 by Dartunorro Clark.

Armed white cosplayers, came in out of the rain in Michigan, after having their temperatures checked by the police. Not my idea of “storming” a state capital. Yours?

PS: Yes, police have reacted with extreme violence against unarmed Black Children (Children’s Crusade, Birmingham, AL May 2-3, 1963) and peaceful Native Americans (Standing Rock, for example, 2016-2017), but not against these armed white people. Your point? Over 500 years, white settlers have practiced and refined racism into the warp and woof of North America. Shaming it for being the society they built, one injustice at a time isn’t a winning strategy.

May 1, 2020

That’s Illegal!(?) (Happy May Day!)

Filed under: Protests,Weaponize Data,Weaponized Open Data — Patrick Durusau @ 8:36 pm

Apologies for the long silence! I haven’t been sick so much as disorganized and distracted. Working on both of those and hope to mark May Day 2020 by returning to regular blogging.

One persistent question, charge or comment that I get on Facebook and Twitter to some of my bolder suggestions is: That’s illegal! So far as I know, “legal” depends on who you are, not the act in question.

Take “terrorist” bombing for example. Every US president in my lifetime (let’s just say 60+ years) with one exception, Carter, has engaged in the murder of civilians in foreign countries, by bombing. By extension, so have the troops under their commands engaged in terrorist bombings/attacks.

The same is true for both CIA and other agency operatives who engage in acts most of us would describe as murder, torture, etc. We can conclude from the lack of consequences for their acts, someone thought their actions were legal.

But if I describe how to weaponize data in order to, in theory at least, to interfere with oil or gas pipelines, refineries, airports, some wag will interject: That’s illegal! As though that is meaningful in the face of crimes that will blight the lives of millions, or worse.

True enough, some act might be “illegal” in the eyes of a system rigged to benefit the wealthy and destroy the ecosphere, but isn’t that just a caution to not be apprehended? The “property rights” of oil and gas companies that are destroying this planet have no strings that tug at my heart. Especially when compared to the rights of children to grow up in healthy, sustainable environments.

That’s illegal! most often originates from people who, having secured privileges in the present system, are loathe to see it change. If Martin Luther King were alive today and in jail in Birmingham for protesting environmental crimes, they would be named addressees. (It’s sad that letter is most often reprinted sans the addressees names. We really should know who the moral cowards of previous generations were.)

Do some acts have more consequences than others? Sure, mugging for TV cameras to “draw attention” to an issue has consequences. Using IEDs or the threat of IEDs, punching holes in pipelines not yet in use, making pipelines fail under pressure, all of those increase costs and deter investors. Given the pathological greed of capitalism, do you think drawing attention or increasing construction costs on an exponential scale are more likely to be effective?

I freely concede if you want to preserve your present privileges, by all means, listen to those who want to sustain present exploitation of people and the environment. If you want to take a chance on having a meaningful impact for the better, treat cries of That’s illegal!, as booterism for a foul present.

That said, as always, consider your present status, CIA, FBI, NSA agent, contractor (Whitey Bolger?), US military, etc., and local laws, along with your appetite for risk, when evaluating whether you should or should not use techniques described herein.

PS: I may revisit/update some old classics like Steal This Book by Abbie Hoffman that has this great passage:

A special metallic bonding glue available from Eastman-Kodak will form a permanent bond in only 45 seconds. Gluing up locks of all the office buildings in your town is a great way to dramatize the fact that our brothers and sisters are being jailed all the time.

Of course you know this “special metallic bonding glue from Eastman-Kodak” by the more familiar name: Cyanoacrylate, no, sorry, “Super Glue.”

While honoring the source as Abbie Hoffman, be imaginative! Some random places where Super Glue could be appropriately applied: gas caps, lug nuts (esp. if caltrops are likely), suitcases, home/hotel/motel doors, laptops, traffic arms, anywhere with two surfaces in contact. (Be sure to check your status as a US mercenary before undertaking such uses.)

March 23, 2020

#DontRiotAtHome

Filed under: Politics,Protests,Social Sciences — Patrick Durusau @ 1:53 pm

Race Troubles: 109 U.S. Cities Faced Violence in 1967 Over fifty years ago U.S. News and World Report wrote:

More than 100 cities of the U. S. have been hit by Negro violence this year. At least 177 persons have been killed, thousands injured. Property damage has approached 1 billion dollars.

I remember the summer the cities burned. I was puzzled at the time, being 13 years old, why the rioters didn’t attack wealthy sections of town, instead of burning their own?

One explanation of the riots identified this recurrent pattern:

A particular pattern emerged: What usually ignited the powder keg of resentments was police brutality or abuse. Triggering the rioting in Newark was an incident on the hot summer night of July 12 in which police arrested John Smith, an African-American taxi driver, pulling him roughly from his cab during a traffic stop. The cops beat Smith and dragged him into the nearby Fourth Precinct station. Hundreds of residents watched from a large public housing project and an angry crowd quickly gathered outside the police building. A false rumor swirled through the streets that Smith had been killed, adding to the outrage.


The location of riots looks like happenstance, people riot where they are located when a triggering event takes place. In the 1967 riots, those locations were the ghettos where so many Black Americans were imprisoned and remain so to this day.

Data question: What if oppressed people assembled (not marched to) at locations frequented by the owners of government? Say gated communities for instance. If those assemblies were met with police brutality or abuse, would people riot? Any empirical evidence on that question? Asking for a friend.

October 28, 2019

How-To Black Box Google’s Algorithm of Oppression

Filed under: Algorithms,Bias,Feminism,Search Algorithms,Search Data,Searching,sexism — Patrick Durusau @ 6:55 pm

Safiya Noble’s Algorithms of Oppression highlights the necessity of asking members of marginalized communities about their experiences with algorithms. I can read the terms that Noble uses in her Google searches and her analysis of the results. What I can’t do, as a older white male, is authentically originate queries of a Black woman scholar or estimate her reaction to search results.

That inability to assume a role in a marginalized community extends across all marginalized communities and in between them. To understand the impact of oppressive algorithms, such as Google’s search algorithms, we must:

  1. Empower everyone who can use a web browser with the ability to black box Google’s algorithm of oppression, and
  2. Listen to their reports of queries and experiences with results of queries.

Enpowering everyone to participate in testing Google’s algorithms avoids relying on reports about the experiences of marginalized communities. We will be listening to members of those communities.

In it’s simplest form, your black boxing of Google start with a Google search box, then:

your search terms site:website OR site:website

That search string states your search terms and is then followed by an OR list of websites you want searched. The results are Google’s ranking of your search against specified websites.

Here’s an example ran while working on this post:

terrorism trump IS site:nytimes.com OR site:fox.com OR site:wsj.com

Without running the search yourself, what distribution of articles to you expect to see? (I also tested this using Tor to make sure my search history wasn’t creating an issue.)

By count of the results: nytimes.com 87, fox.com 0, wsj.com 18.

Suprised? I was. I wonder how the Washington Post stacks up against the New York Times? Same terms: nytimes 49, washingtonpost.com 52.

Do you think those differences are accidental? (I don’t.)

I’m not competent to create a list of Black websites for testing Google’s algorithm of oppression but the African American Literature Book Club has a list of the top 50 Black-Owned Websites. In addition, they offer a list of 300 Black-owned websites and host the search engine Huria Search, which only searches Black-owned websites.

To save you the extraction work, here are the top 50 Black-owned websites ready for testing against each other and other sites in the bowels of Google:

essence.com OR howard.edu OR blackenterprise.com OR thesource.com OR ebony.com OR blackplanet.com OR sohh.com OR blackamericaweb.com OR hellobeautiful.com OR allhiphop.com OR worldstarhiphop.com OR eurweb.com OR rollingout.com OR thegrio.com OR atlantablackstar.com OR bossip.com OR blackdoctor.org OR blackpast.org OR lipstickalley.com OR newsone.com OR madamenoire.com OR morehouse.edu OR diversityinc.com OR spelman.edu OR theybf.com OR hiphopwired.com OR aalbc.com OR stlamerican.com OR afro.com OR phillytrib.com OR finalcall.com OR mediatakeout.com OR lasentinel.net OR blacknews.com OR blavity.com OR cassiuslife.com OR jetmag.com OR blacklivesmatter.com OR amsterdamnews.com OR diverseeducation.com OR deltasigmatheta.org OR curlynikki.com OR atlantadailyworld.com OR apa1906.net OR theshaderoom.com OR notjustok.com OR travelnoire.com OR thecurvyfashionista.com OR dallasblack.com OR forharriet.com

Please spread the word to “young Black girls” to use Noble’s phrase, Black women in general, all marginalized communities, they need not wait for experts with programming staffs to detect marginalization at Google. Experts have agendas, discover your own and tell the rest of us about it.

October 7, 2019

TLP:GREEN Leak to Lossen Your Bowels

Filed under: Classification,Government,Security — Patrick Durusau @ 4:45 pm

Zak Doffman in FBI Issues Surprise New Cyber Attack Warning posted a link to: Cyber Criminals Use Social Engineering and Technical Attacks to Circumvent Multi-Factor Authentication, which is clearly marked:

TLP:GREEN:

This PIN has been released TLP:GREEN: The information in this product is useful for the awareness of all participating organizations within their sector or community, but should not be shared via publicly accessible channels.

Do you think Forbes.com qualifies as a “publicly accessible channel?”

I ask just to highlight the absurdity of information restriction that has taken over government and cybersecurity in general. Notice that the evils doers in this scenario are already informed and the only people left uninformed, are members of the public.

I’m sure someone at the FBI has the authority to assign TPL:GREEN classification, but not anything lower or higher, plus they have auditing routines to check their work, monthly reports, etc. Now imagine all the turf protection and routines that must go on for other security classifications. All to hide information from the voting public.

Ask your 2020 candidates to sweep away all but launch code and location of nuclear submarine secrecy. It’s not like a modern army can conceal its intentions to invade. Think of all the classification staff that will become availabe to fill the front ranks.

October 6, 2019

Getting Started in Bug Bounty

Filed under: Bugs,Cybersecurity,Hacking — Patrick Durusau @ 8:11 pm

The key lesson here is that hours and hours of practice are required. There’s no shortcut to avoid putting in the time to learning your tools and the weaknesses they are best at detecting.

Reminder, as of October 7, 2019, there are 270 working days left until the 2020 elections in the United States. Use your time wisely!

October 5, 2019

Automatic News Comment Generation

Filed under: Artificial Intelligence,Natural Language Processing,Social Media — Patrick Durusau @ 3:09 pm

Read, Attend and Comment: A Deep Architecture for Automatic News Comment Generation by Ze Yang, Can Xu, Wei Wu, Zhoujun Li.

Abstract: Automatic news comment generation is beneficial for real applications but has not attracted enough attention from the research community. In this paper, we propose a “read-attend-comment” procedure for news comment generation and formalize the procedure with a reading network and a generation network. The reading network comprehends a news article and distills some important points from it, then the generation network creates a comment by attending to the extracted discrete points and the news title. We optimize the model in an end-to-end manner by maximizing a variational lower bound of the true objective using the back-propagation algorithm. Experimental results on two public datasets indicate that our model can significantly outperform existing methods in terms of both automatic evaluation and human judgment.

A tweet said this was a “dangerous” paper, so I had to follow the link.

This research could be abused, but how many news comments have you read lately? The comments made by this approach would have to degrade a lot to approach the average human comment.

Anyone who is interested in abusive and/or inane comments, can scrape comments on Facebook or Twitter, set up a cron file and pop off the next comment for posting. Several orders of magnitude less effort that the approach of this paper.

Wondering, would coherence of comments over a large number of articles be an indicator that a bot is involved?

October 4, 2019

Follow the Link: Exploiting Symbolic Links with Ease

Filed under: Hacking,Microsoft — Patrick Durusau @ 3:17 pm

Follow the Link: Exploiting Symbolic Links with Ease by Eran Shimony.

In the first part, we will explore the attack vector for abusing privileged file operations bugs along with how to fix those bugs. To start, we will walk through CVE-2019-1161, a vulnerability in Windows Defender that can be exploited to achieve Escalation of Privileges (EoP), which Microsoft released a patch for it in August patch Tuesday.

Hundreds of millions of Windows machines –- any machine running Windows 7 and above – are vulnerable to the arbitrary delete vulnerability. A malicious user can abuse Windows Defender to delete any file he wants with NT AUTHORITY\SYSTEM privileges. The vulnerability lies in a process named MpSigStub.exe, which is executed by Windows Defender with high privileges. This process suffers from an impersonation issue that could lead to EoP using Object Manager symlinks.

Prepare for the 2020 election season by refreshing your memory on Windows hacks. If MS marketing is to be believed, 1.5 billion people use Windows every day. Odds are an office or organization of interest to you uses Windows.

Shimony’s walk through on symbolic links leaves us at:

Nevertheless, we can either create a file in an arbitrary location or delete any desired file that might lead to full privilege escalation in certain cases.

It’s a starting place and I’m looking forward to the next installment!

rtweet (Collecting Twitter Data)

Filed under: R,Twitter — Patrick Durusau @ 2:18 pm

rtweet

A boat load of features and one of the easiest on-ramps to Twitter I have seen:

All you need is a Twitter account (user name and password) and you can be up in running in minutes!

Simply send a request to Twitter’s API (with a function like search_tweets(), get_timeline(), get_followers(), get_favorites(), etc.) during an interactive session of R, authorize the embedded rstats2twitter app (approve the browser popup), and your token will be created and saved/stored (for future sessions) for you.

Add to that high quality documentation and examples, what more would you ask for?

Not that I think Twitter data is representative for sentiment measures, etc., but that’s not something you need to share with clients who think otherwise. If they are footing the bill, collect and analyze the data that interests them.

Avoided Ethics Guidelines

Filed under: Ethics,Facebook,Google+,Government — Patrick Durusau @ 10:46 am

Ethical guidelines issued by engineers’ organization fail to gain traction by Nicolas Kayser-Bril.

The world’s largest professional association of engineers released its ethical guidelines for automated systems last March. A review by AlgorithmWatch shows that Facebook and Google have yet to acknowledge them.

In early 2016, the Institute of Electrical and Electronics Engineers, a professional association known as IEEE, launched a “global initiative to advance ethics in technology.” After almost three years of work and multiple rounds of exchange with experts on the topic, it released last April the first edition of Ethically Aligned Design, a 300-page treatise on the ethics of automated systems.

If you want to intentionally ignore these guidelines as well, they are at: Ethics in Action.

Understanding “ethics” are defined within and are supportive of a system, given the racist, misogynistic, homophobic, transphobic, capitalist exploitation economy of today, I find discussions of “ethics” quixotic.

Governments and corporations have no “ethics” even within the present system and following ethics based on what should be the system, only disarms you in the presence of impacable enemies. The non-responses by Google and Facebook are fair warning that you are “ethical” in your relationships with them, only with due regard for the police lurking nearby.

May I suggest you find a sharper stick than “you’re unethical” when taking on governments, corporations and systems. They shrug that sort of comment off like water off a duck’s back. Look around, new and sharper sticks are being invented everyday.

October 3, 2019

Awesome Applied Category Theory

Filed under: Category Theory — Patrick Durusau @ 10:54 am

Awesome Applied Category Theory by Statebox.

A curated set of resources on the application of category theory from databases to manufacturing and petri nets.

Did you know you can apply category theory to the assembly of Lego blocks? The authors of String Diagrams for Assembly Planning apply category theory to evaluate assembly of Lego blocks. Their abstract:

Assembly planning is a difficult problem for companies. Many disciplines such as design, planning, scheduling, and manufacturing execution need to be carefully engineered and coordinated to create successful product assembly plans. Recent research in the field of design for assembly has proposed new methodologies to design product structures in such a way that their assembly is easier. However, present assembly planning approaches lack the engineering tool support to capture all the constraints associated to assembly planning in a unified manner. This paper proposes CompositionalPlanning, a string diagram based framework for assembly planning. In the proposed framework, string diagrams and their compositional properties serve as the foundation for an engineering tool where CAD designs interact with planning and scheduling algorithms to automatically create high-quality assembly plans. These assembly plans are then executed in simulation to measure their performance and to visualize their key build characteristics. We demonstrate the versatility of this approach in the LEGO assembly domain. We developed two reference LEGO CAD models that are processed by CompositionalPlanning’s algorithmic pipeline. We compare sequential and parallel assembly plans in a Minecraft simulation and show that the time-to-build performance can be optimized by our algorithms.

I don’t have any Lego blocks at hand but suspect working through the exercise with them will produce a more intuitive understanding of the value of the author’s technique.

Perhaps a new meme: Category Theory, wherever Lego Blocks are sold!

September 28, 2019

2020 General Election: How Are Your Hacking Skills?

Filed under: Hacking,Politics — Patrick Durusau @ 3:53 pm

5 Websites That Teach You How to Hack Legally by Simon Batt.

Despite news stories of hacks ranging from health providers to porn sites, you don’t hear of hacks of members of Congress. There is an off chance that security for congressional IT is that good. That’s possible but I suspect the real answer is most hackers are looking to make money, not political noise.

But the only way to know if congressional IT security is that good, is to develop hacker skills yourself and get hired to test their security.

The websites Batt has collected will give you a jump start on developing the sort of hacking skills you will need to test, with permission, congressional IT. Who knows? You may be able to add congressional websites to the IT hacking news.

Circulate this and encourage others to develop hacking skills so every member of Congress will have the opportunity for their IT security to be tested.

September 27, 2019

Weaponizing Your Information?

Filed under: Advertising,Fake News,Social Media,Social Networks — Patrick Durusau @ 8:29 pm

Study: Weaponized misinformation from political parties is now a global problem by Cara Curtis.

Social media, a tool created to guard freedom of speech and democracy, has increasingly been used in more sinister ways.

Memory check! Memory check! Is that how you remember the rise of social media? Have you ever thought of usenet as guarding freedom of speech (maybe) and democracy (unlikely)?

The Global Information Disorder report, the basis for Curtis’ report, treats techniques and tactics at a high level view, leaving you to file in the details for an information campaign. I prefer information as “disinformation” is in the eye of the reader.

I don’t have cites (apologies) to advertising literature on the shaping of information content for ads. Techniques known to work for advertisers, who have spent decades and $billions sharpening their techniques, should work for spreading information as well. Suggested literature?

September 26, 2019

Thirty-Two Tips For…Propaganda And Manipulation

Filed under: #DAPL,Environment,Politics,Protests — Patrick Durusau @ 4:30 pm

Thirty-Two Tips For Navigating A Society That Is Full Of Propaganda And Manipulation by Caitlin Johnstone.

Johnstone in full voice and possibly at her best! Her automatic condemnation of propaganda and manipulation does cause concern.

What if propaganda and manipulation could end the $5.2 trillion in fossil fuel subsidies? (direct and indirect) What if propaganda and manipulation could lead to a non-development economy? Or propaganda and manipulation moving us towards less sexism and racism? Any objectors?

I’ll go first. No objections. What about you?

Society being full of propaganda and manipulation isn’t a recent thing. The slaver “founding fathers” of the United States rather handily manipulated the public into the U.S. farce known as a “democracy.” It is a very long way from any sane definition of democracy. The senate, electoral college, supreme court, wage/wealth gaps, just to name a few of the departures from “democracy.”

Climate news grows worse with every report, while industry plots to use the same techniques that drive climate change to save us, for a price. Now is not the time to be picky about how we enlist others to save themselves and the planet.

Study Johnstone’s list to avoid being manipulated and to perfect your techniques for a worthy cause.

September 25, 2019

Banned By Twitter

Filed under: Censorship,Free Speech,Twitter — Patrick Durusau @ 7:28 pm

Twitter is vigilant about protecting the feelings of people who deny vaccines for children and even let them die in their custody. I’m speaking of CBP/ICE agents and the following notice I received from Twitter:

Twitter Suspension

Isn’t that amazing? No doubt had Twitter been around when the Brown Shirts and SS were popular, it would be protecting their feelings as well.

Apologies for the long silence! I hope to resume at least daily postings starting with this one.

July 11, 2019

Rmd first: When development starts with documentation

Filed under: Documentation,R,Requirements — Patrick Durusau @ 3:19 pm

Rmd first: When development starts with documentation by Sébastien Rochette.

Documentation matters ! Think about future you and others. Whatever is the aim of your script and analyses, you should think about documentation. The way I see it, R package structure is made for that. Let me try to convince you.

At use’R 2019 in Toulouse, I did a presentation entitled: ‘The “Rmd first” method: when projects start with documentation’. I ended up saying: Think Package ! If you are really afraid about building a package, you may want to have a look at these slides before. If you are not so afraid, you can start directly with this blog post. In any case, Paco the package should make this more enjoyable ! I hope so…

I’m tilting at windmills at a non-profit which has for decades, developed its IT infrastructure in a topsy-turvy way, with little or no documentation.

It’s very unlikely the no-requirements, no-documentation, no accountability approach of the non-profit will change. It has survived changes in administration and over decades, still, I make the pitch.

My current woes highlight Rochette’s advantages of packages:

Package forces standardized general description of your project

Package forces standardized documentation of functions

Package recommends to show reproducible examples for each function

Package allows integration of user guides (vignettes)

Standardized structure of a package and its check are supposed to conduct to a re-usable code

Whether you are working in R or not, start projects with requirements and documentation.

July 5, 2019

Surveilling Concentration Camps (Weaponizing Data)

Filed under: Government,Protests,Weaponize Data,Weaponized Open Data,Weather Data — Patrick Durusau @ 4:32 pm

A tweet I saw yesterday suggested surveilling U.S. concentration camps using a drone. That’s certainly possible but hobbyist type drones put you within easy visual distance of government forces. There are long range drones, all of which carry hefty price tags. What if you don’t have access to a long range drone? Alternatives?

Low-cost, low-tech answer: Consider the lowly helium balloon. With some experimenting, you can discover a stable buoyancy height for a ballon suitable for carrying a wireless digital camera.

Unlike a short range drone, you can launch a balloon plus digital camera from random and distant locations from an actual concentration camp. Launch locations are chosen based on weaponizing weather data, made available by most governments. In the United States, the National Weather Service provides current wind data and maintains historical weather data.

Once you have a stable buoyancy height for your balloon plus digital camera (password protected), record the harness and camera weight so you can create other balloons to accompany the one or more balloons with cameras at a similar height. Authorities will go nuts trying to chase every balloon down as “evidence” and it creates opportunities for balloon spotters (BSers) to call in reports of balloon sightings and landings.

For surveillance purposes, use maps of wind conditions to select launch points that will result in your balloons passing over the concentration camps of interest. Concentration camps tend to be fixed locations and as you develop more experience with local wind patterns, the more successful you will be on a regular basis.

Perhaps old school but I would insure that every balloon has a physical limit to its travels. If you can’t think of any ways to do that, ask your former eight grade (US educational system) science teacher. That’s good for the environment. Should you find balloons released by others, remember that some devices bite upon discovery. Report discovered balloons to local law enforcement.

Balloons are cheap, annoying to government officials, and provide low-risk ways to document government activities, from rain forests to concentration camps. Weaponizing weather data for surveillance is only one way to use the common balloon. Other suggestions are forthcoming.

PS: Here is one list of U.S. concentration camps. I express no opinion about the accuracy of that list or the legality of surveilling any location mentioned therein. To avoid being U.S. specific, I’m happy to update this portion of the post with pointers to other lists of concentration camps around the world. Go carefully.

June 18, 2019

Eight Miracles To Stop The MVP

Filed under: Environment,Pipelines (Oil/Gas),Protests,Weaponize Data — Patrick Durusau @ 8:20 pm

Cynthia Munley has a list of seven miracles that would stop the Mountain Valley Pipeline (MVP):

1. Virginia’s top law-enforcer, Attorney General Herring: Don’t negotiate MVP crimes. Stop work!

2. Banks: Divest from pipelines.

3. Voters: Rid Virginia of corporate Democrats.

4. Equitrans (ETRN): At your Pittsburgh stockholder meeting: Recognize that your MVP “engineering marvel” is an investors’ black hole and cut your losses.

5. Federal courts: Respect environmental rights over corporations.

6. FERC: Transform to “FREC” (Federal Renewable Energy Commission).

7. Congress: place fracking under the Clean Water Act.

https://www.roanoke.com/opinion/commentary/munley-seven-ways-to-stop-the-pipeline/article_8acee576-c629-51b7-8fdb-28b5f57c435d.html

Add to that list:

8. PowerBall or other lottery winnings sufficient to buy and close the MVP project.

How successful are Munley miracles at stopping pipelines?

Pipeline 101 maps show how rare Munley miracles are in fact.

U.S. Liquid Pipelines

The U.S. has more than 2.4 million miles of energy pipelines, with 72,000 miles of crude oil lines connecting regional markets.

Munley miracles have a spotty record, to say the least, at stopping pipelines.

Protests and lawsuits have delayed pipelines, in some cases for years. But delay isn’t stopping and new pipelines are underway, in hopes of last minute profits in the face of accelerating climate change.

If Munley miracles don’t stop pipelines, then how? What does data science have to offer pipeline opponents? Can data be weaponized for the people?

May 17, 2019

Declining Hacktivism

Filed under: Cybersecurity,Hacking — Patrick Durusau @ 7:24 pm

A 95% drop in Hactivist attacks since 2015 is explained by Cimpanu as mostly due to the decline of the Anonymous hacker collective, described as:

But nothing has led to the group’s demise more than the inefficiency of most of its attacks. Defacing websites and launching DDoS attacks rarely gets anything done.

Neither does stealing data from websites that are completely unrelated to a specific topic. In many cases, Anonymous hackers ended up dumping personal user information into the public domain and hurting innocent people for ridiculous causes, attracting both scorn and ridicule.

Most hacking attacks don’t have the impact of an AGM-114 Hellfire missile at a BP Oil shareholders meeting. Granted but that’s hardly a criteria for hacking success.

Cimpanu’s “hurting innocent people for ridiculous causes” captures his allegiance to oppressive status quo systems better than any invective from me. Would dumping the personal information of DoD employees qualify? Or DoD employees with their deployments overseas, matching them up with locations for anyone looking for likely suspects in war crimes? There are parts of the world where that would be a very popular database.

Cybersecurity degrades with every hire and new 0days appear on a regular basis. Now should be a golden age of hacktivism, save for next year, which will be even better.

Don’t be discouraged by law enforcement puffery about stopping hackers. If they are that good, why are children being sold for sex through the Atlanta airport? Or drugs pouring across the border in large cargo trucks? Or banks being robbed for that matter. Don’t they know where all the banks are located?

I’m hopeful the headlines next year will declare hacktivism is on the rise, don’t you?

May 16, 2019

Free Online Proxy Servers (Review)

Filed under: Cybersecurity,Proxy Servers,Tor — Patrick Durusau @ 3:59 pm

The Best Free Online Proxy Servers You Can Use Safely by Dan Price.

From the post:

Proxy sites and proxy servers allow internet users to bypass internet restrictions and access content that would otherwise be blocked.

Lots of free proxy providers exist, but which are the best? Are there any risks of using a free online proxy? And what alternatives are available?

Price has a top 5 free proxy servers that starts with HideMyAss and goes down from there. 😉 Links to several paid proxy services are listed as well.

HideMyAss uses cookies so best to approach them using a VPN and a Tor browser. You should be using a VPN and a Tor browser by default. Even if you don’t need that level of security, it helps to generate traffic that benefits others.

RIDL and Fallout: MDS attacks (Intel Chips)

Filed under: Cybersecurity,Hacking — Patrick Durusau @ 2:50 pm

RIDL and Fallout: MDS attacks

From the webpage:

The RIDL and Fallout speculative execution attacks allow attackers to leak private data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your data to malicious websites. Our attacks leak data by exploiting the 4 newly disclosed Microarchitectural Data Sampling (or MDS) side-channel vulnerabilities in Intel CPUs. Unlike existing attacks, our attacks can leak arbitrary in-flight data from CPU-internal buffers (Line Fill Buffers, Load Ports, Store Buffers), including data never stored in CPU caches. We show that existing defenses against speculative execution attacks are inadequate, and in some cases actually make things worse. Attackers can use our attacks to leak sensitive data despite mitigations, due to vulnerabilities deep inside Intel CPUs.

In addition to being a great post, there is an interactive image of the Intel chip with known vulnerabilities in color.

The uncolored areas may have unknown vulnerabilties.

Good hunting!

0day “In the Wild” (05-15-2019)

Filed under: Cybersecurity,Hacking — Patrick Durusau @ 1:56 pm

0day “In the Wild”

Catalin Cimpanu tweeted that Google has updated its 0day “In the Wild” spreadsheet.

For an introduction to the spreadsheet, see Zero Day.

Given update rates, the earliest zero days from 2014 probably have another five (5) years of useful life left. Perhaps more with government installations.

Enjoy!

Brzozowski derivatives – Invisible XML – Thinking, Wishing, Saying – Must be … Balisage 2019!

Filed under: Conferences,XML,XQuery,XSLT — Patrick Durusau @ 1:20 pm

Balisage 2019 Program Announced!

An awesome lineup of topics and speakers await Balisage 2019 goers. From the expected, standoff markup in browsers (yes, that usual fare at Balisage) to re-invention of markup “seen” when looking at a file with no markup (HyTime) and beyond, you are in for a real treat.

I saw several slots for late-breaking news so if you have something really profound and coherent to say, you’d best be polishing it now. Just looking at the current program gives you an idea of the competition for slots.

Why attend? General Eric Shinseki said it best:

If you dislike change, you’re going to dislike irrelevance even more.

Don’t risk irrelevance! Attend Balisage 2019!

May 9, 2019

Skipping ISP Blocks – Thanks Google!

Filed under: Browsers,Privacy — Patrick Durusau @ 8:01 pm

Google’s Web Packaging standard arises as a new tool for privacy enthusiasts by Catalin Cimpanu.

From the post:

… Web Packaging allows website owners to create a cryptographically-signed version of the page, in one single file, which they can distribute to users via alternative channels, even without breaking HTTPS support.

Google says that website owners can share these signed versions of their pages via their normal web server, via cache systems, or even using peer devices, such as other users’ smartphones and computers.

Web Packaging looks like an ideal solution in cases where nation-states or internet service providers might block access to a website.

Website owners can create signed packages of their sites’ pages, which can then be introduced inside a network of peers and shared among users without having to connect to the origin server that might have been blocked locally.

Further reading:

Dodging ISP blocks can be done as simply as zipping up files and posting the zip archive to a non-blocked ISP. What motivates the Web Packaging work is a desire for “signed” pages for offline use. The dodging of ISP blocks is a side effect of other requirements.

Even if unintentional, another mechanism for dodging ISP blocks merits your support and patronage. Presently supported only in Chrome.

April 28, 2019

Ex-Police Chief, Outs Self as Extremist!

Filed under: Censorship,Government — Patrick Durusau @ 4:20 pm

The Ex-Met Police assistant commissioner Sir Mark Rowley has outed himself as an extremist (or an idiot, take your pick) in remarks to BBC Radio Programme 4, saying:

The top-ranked search referred to by Sir Mark takes users to the Wikipedia entry for Anjem Choudary, who was released from prison last year, halfway through a five-year jail term for encouraging support for the so-called Islamic State group.

He told Today: “I think I mentioned on your programme a few months ago, if you Google ‘British Muslim spokesman’ you get Anjem Choudary. That’s a disgrace.”

Sir Mark said: “These algorithms are designed to push us towards contentious material because that feeds their bottom line of advertising revenues, by pushing readers to extremist material.”

This is something Google denies, pointing out that it actually wants to get people off the platform and on to a third-party site as quickly as possible.

‘Extremist’ Google algorithms concern ex-police chief

Extremist may sound harsh but using the results of one “Google” search to condemn search algorithms untested and unseen, is clearly extreme. Public policy cannot be reasonably based on ad hoc reports by public figures and their reactions to search result content. Any student writing a paper on the recent history of Muslims in the UK would likely appreciate the pointer to Anjem Choudary.

Unless Sir Mark intends to expunge Choudary from BBC and other news reports held in libraries. And prohibiting discussion of Choudary online and in the news, opps, Sir Mark has already violated his own rule! Discussion of Choudary as “British Muslim spokesman.” Which now shows up as the first “hit” in a competiting search engine.


April 24, 2019

Metasploit Demo Meeting 2019-04-23

Filed under: Cybersecurity,Hacking — Patrick Durusau @ 1:05 pm

Metaspoilt Demo Meeting 2019-04-23

Entertaining and informative update for metasploit. Billed as:

The world’s most used penetration testing framework.

Knowledge is power, especially when it’s shared. A collaboration between the open source community and Rapid7, Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game.

Enjoy!

Deobfuscating APT32 Flow Graphs with Cutter and Radare2 [Defining “foreign” government]

Filed under: Cybersecurity,Government,Hacking,Radare2 — Patrick Durusau @ 12:30 pm

Deobfuscating APT32 Flow Graphs with Cutter and Radare2 by Itay Cohen.

The Ocean Lotus group, also known as APT32, is a threat actor which has been known to target East Asian countries such as Vietnam, Laos and the Philippines. The group strongly focuses on Vietnam, especially private sector companies that are investing in a wide variety of industrial sectors in the country. While private sector companies are the group’s main targets, APT32 has also been known to target foreign governments, dissidents, activists, and journalists.

APT32’s toolset is wide and varied. It contains both advanced and simple components; it is a mixture of handcrafted tools and commercial or open-source ones, such as Mimikatz and Cobalt Strike. It runs the gamut from droppers, shellcode snippets, through decoy documents and backdoors. Many of these tools are highly obfuscated and seasoned, augmented with different techniques to make them harder to reverse-engineer.

In this article, we get up and close with one of these obfuscation techniques. This specific technique was used in a backdoor of Ocean Lotus’ tool collection. We’ll describe the technique and the difficulty it presents to analysts — and then show how bypassing this kind of technique is a matter of writing a simple script, as long as you know what you are doing.

The deobfuscation plugin requires Cutter, the official GUI of the open-source reverse engineering framework – radare2. Cutter is a cross-platform GUI that aims to expose radare2’s functionality as a user-friendly and modern interface.  Last month, Cutter introduced a new Python plugin system, which figures into the tool we’ll be constructing below. The plugin itself isn’t complicated, and neither is the solution we demonstrate below. If simple works, then simple is best.

Way beyond my present skills but I can read and return to it in the future.

I don’t know how Cohen defines foreign government but for my purposes, a foreign government is one that isn’t paying me. Simple, direct and to the point. That may be a U.S.-centric definition. The U.S. government spends $billions on oppressing people around the world but cybersecurity sees it with a begging cup out for volunteer assistance. On a scale of volunteer opportunities, the U.S. government and its fellow travelers should come out dead last.


Older Posts »

Powered by WordPress