Another Word For It Patrick Durusau on Topic Maps and Semantic Diversity

November 8, 2017

Responding to Bricking to Promote Upgrading

Filed under: Cybersecurity,Security — Patrick Durusau @ 11:38 am

The chagrin of Harmony Link device (Logitech) owners over the bricking of their devices on March 16, 2018 is understandable. But isn’t the “bricking to promote upgrading” strategy described in Cimpanu‘s: Logitech Will Intentionally Brick All Harmony Link Devices Next Year a dangerous one?

Dangerous because the intentional bricking will highlight:

  1. If Harmony Link devices can be remotely bricked on March 16, 2018, they can be bricked at any time prior to March 16, 2018.
  2. If Harmony Link devices can be remotely bricked, local re-installation of earlier firmware will unbrick them. (Backup your firmware today.
  3. If all smart devices can be remotely bricked, …, you knew that but hadn’t considered it operationally. Makes you wonder about other “smart” devices by Logitech can be bricked.

I can’t second Cimpanu‘s suggestion that you run to the Federal Trade Commission (FTC).

First, it would take years and several presidents for “bricking to promote upgrading” rules to be written and with loopholes that favor industry.

Second, successful enforcement of an FTC rule is akin to where Dilbert says “then their lawyers chewed my clothes off.” A long and tedious process.

Logitech’s proposed action suggests one response to this ill-advised bricking strategy.

What if other “smart” Logitech devices began bricking themselves on March 17, 2018? How would Logitech investors react? Impact management/investor relations?

March 16, 2018, Harmony Link Bricking Day (as it will be known in the future) falls on a Friday. The next business day is Monday, March 19, 2018.

Will present Logitech management survive until March 21, 2018, or be pursuing new opportunities and interests?

eTRAP (electronic Text Reuse Acquisition Project) [Motif Identities]

Filed under: Text Analytics,Text Mining,Texts — Patrick Durusau @ 10:49 am

eTRAP (electronic Text Reuse Acquisition Project)

From the webpage:

As the name suggests, this interdisciplinary team studies the linguistic and literary phenomenon that is text reuse with a particular focus on historical languages. More specifically, we look at how ancient authors copied, alluded to, paraphrased and translated each other as they spread their knowledge in writing. This early career research group seeks to provide a basic understanding of the historical text reuse methodology (it being distinct from plagiarism), and so to study what defines text reuse, why some people reuse information, how text is reused and how this practice has changed over history. We’ll be investigating text reuse on big data or, in other words, datasets that, owing to their size, cannot be manually processed.

While primarily geared towards research, the team also organises events and seminars with the aim of learning more about the activities conducted by our scholarly communities, to broaden our network of collaborations and to simply come together to share our experiences and knowledge. Our Activities page lists our events and we provide project updates via the News section.

Should you have any comments, queries or suggestions, feel free to contact us!

A bit more specifically, Digital Breadcrumbs of Brothers Grimm, which is described in part as:

Described as “a great monument to European literature” (David and David, 1964, p. 180), 2 Jacob and Wilhelm Grimm’s masterpiece Kinder- und Hausmärchen has captured adult and child imagination for over 200 years. International cinema, literature and folklore have borrowed and adapted the brothers’ fairy tales in multifarious ways, inspiring themes and characters in numerous cultures and languages. 3

Despite being responsible for their mainstream circulation, the brothers were not the minds behind all fairy tales. Indeed, Jacob and Wilhelm themselves collected and adapted their stories from earlier written and oral traditions, some of them dating back to as far as the seventh century BC, and made numerous changes to their own collection (ibid., p. 183) producing seven distinct editions between 1812 and 1857.

The same tale often appears in different forms and versions across cultures and time, making it an interesting case-study for textual and cross-lingual comparisons. Is it possible to compare the Grimm brothers’ Snow White and the Seven Dwarves to Pushkin’s Tale of the Dead Princess and the Seven Nights? Can we compare the Grimm brothers’ version of Cinderella to Charles Perrault’s Cinderella? In order to do so it is crucial to find those elements that both tales have in common. Essentially, one must find those measurable primitives that, if present in a high number – and in a similar manner – in both texts, make the stories comparable. We identify these primitives as the motifs of a tale. Prince’s Dictionary of Narratology describes motifs as “..minimal thematic unit[s]”, 4 which can be recorded and have been recorded in the Thompson Motif-index. 5 Hans-Jörg Uther, who expanded Aarne-Thompson classification system (AT number system) in 2004 defined a motif as:

“…a broad definition that enables it to be used as a basis for literary and ethnological research. It is a narrative unit, and as such is subject to a dynamic that determines with which other motifs it can be combined. Thus motifs constitute the basic building blocks of narratives.” (Uther, 2004)

From a topic maps perspective, what do you “see” in a tale that supports your identification of one or more motifs?

Or for that matter, how do you search across multiple identifications of motifs to discover commonalities between identifications by different readers?

It’s all well and good to tally which motifs were identified by particular readers, but clues as to why they differ requires more detail (read subjects).

Unlike the International Consortium of Investigative Journalists (ICIJ), sponsor of the Panama Papers and the Paradise Papers, the eTRAP data is available on Github.

There are only three stories, Snow White, Puss in Boots, and Fisherman and his Wife, in the data repository as of today.

November 7, 2017

Built-in Keylogger – Penetration Strategy?

Filed under: Cybersecurity,Security — Patrick Durusau @ 7:35 pm

Built-in Keylogger Found in MantisTek GK2 Keyboards—Sends Data to China by Swati Khandelwal.

From the post:


The popular 104-key Mantistek GK2 Mechanical Gaming Keyboard that costs around €49.66 has allegedly been caught silently recording everything you type on your keyboard and sending them to a server maintained by the Alibaba Group.

Serious keylogging requires more stealth than Khandelwal reports but the idea is a good one.

When renting computers or a furnished office with computers, who is going to check all the systems for keyloggers?

Or if you sponsor a “contest” where the winner gets a new keyboard?

Or upgrades at a Fortune 100 or one of the top law firms includes new keyboards?

Or computers and keyboards are donated for use in public libraries?

Phishing is easier and cheaper than a built-in keylogger for a keyboard but don’t overlook hardware approaches for particularly tough cases.

Intel MINIX – Universal Vulnerability?

Filed under: Cybersecurity,Privacy,Security — Patrick Durusau @ 7:03 pm

MINIX — The most popular OS in the world, thanks to Intel by Bryan Lunduke

Unless most claims of being “widespread,” the claims about MINIX, a secret OS on Intel chips, appear to be true.

From the post:


MINIX is running on “Ring -3” (that’s “negative 3”) on its own CPU. A CPU that you, the user/owner of the machine, have no access to. The lowest “Ring” you have any real access to is “Ring 0,” which is where the kernel of your OS (the one that you actually chose to use, such as Linux) resides. Most user applications take place in “Ring 3” (without the negative).

The second thing to make my head explode: You have zero access to “Ring -3” / MINIX. But MINIX has total and complete access to the entirety of your computer. All of it. It knows all and sees all, which presents a huge security risk — especially if MINIX, on that super-secret Ring -3 CPU, is running many services and isn’t updated regularly with security patches.

For details, see Replace your exploit-ridden firmware with a Linux kernel, by Ron Minnich, et. al. (Seventy-one (71) slides. File name: Replace UEFI with Linux.pdf. I grabbed a copy just in case this one goes away.)

Intel material on UEFI.

Unified Extensible Firmware Interface Forum, consortium website. For the latest versions of specifications see: http://www.uefi.org/specifications but as of today, see:

ACPI Specification Version 6.2 (Errata A)

ACPI can first be understood as an architecture-independent power management and configuration framework that forms a subsystem within the host OS. This framework establishes a hardware register set to define power states (sleep, hibernate, wake, etc). The hardware register set can accommodate operations on dedicated hardware and general purpose hardware. [page 1.] 1177

UEFI Specification Version 2.7 (Errata A)

T
his Unified Extensible Firmware Interface (hereafter known as UEFI) Specification describes an interface between the operating system (OS) and the platform firmware. UEFI was preceded by the Extensible Firmware Interface Specification 1.10 (EFI). As a result, some code and certain protocol names retain the EFI designation. Unless otherwise noted, EFI designations in this specification may be assumed to be part of UEFI.

The interface is in the form of data tables that contain platform-related information, and boot and runtime service calls that are available to the OS loader and the OS. Together, these provide a standard environment for booting an OS. This specification is designed as a pure interface specification. As such, the specification defines the set of interfaces and structures that platform firmware must implement. Similarly, the specification defines the set of interfaces and structures that the OS may use in booting. How either the firmware developer chooses to implement the required elements or the OS developer chooses to make use of those interfaces and structures is an implementation decision left for the developer.

Using this formal definition, a shrink-wrap OS intended to run on platforms compatible with supported processor specifications will be able to boot on a variety of system designs without further platform or OS customization. The definition will also allow for platform innovation to introduce new features and functionality that enhance platform capability without requiring new code to be written in the OS boot sequence. [page 1.] 2575

UEFI Shell Specification Version 2.2

The UEFI Shell environment provides an API, a command prompt and a rich set of commands that extend and enhance the UEFI Shell’s capability. [page 1] 258

UEFI Platform Initialization Specification Version 1.6

This specification defines the core code and services that are required for an implementation of the Pre-EFI Initialization (PEI) phase of the Platform Initialization (PI) specifications (hereafter referred to as the “PI Architecture”). This PEI core interface specification (CIS) does the following:
[vol. 1, page 1] 1627

UEFI Platform Initialization Distribution Packaging Specification Version 1.1

This specification defines the overall architecture and external interfaces that are required for distribution of UEFI/PI source and binary files. [page 1] 359

TCG EFI Platform Specification

PC Client Work Group EFI Platform Specification, Version 1.22, Revision 15

This document is about the processes that boot an Extensible Firmware Interface (EFI) platform and load an OS on that platform. Specifically, this specification contains the requirements for measuring EFI unique events into TPM PCRs and adding boot event entries into the Event Log. [page 5] 43

TCG EFI Protocol Specification

PC Client Work Group EFI Protocol Specification, Family “2.0”, Level 00, Revision 00.13

The purpose of this document is to define a standard interface to the TPM on an EFI platform. This standard interface is useful on any instantiations of an EFI platform that conforms to the EFI Specification. This EFI Protocol Specification is a pure interface specification that provides no information on “how” to construct the underlying firmware implementation. [page 9] 46

By my count, 5,585 pages from the Unified Extensible Firmware Interface Forum, consortium website alone.

Of course, then you need to integrate it with other documentation, your test results and the results of others, not to mention blogs and other sources.

Breaking this content into useful subjects would be non-trivia, but how much are universal vulnerabilities worth?

November 6, 2017

Scope and Bracketing Public Officials – Schedules for Heads of Agencies

Filed under: Government,Politics — Patrick Durusau @ 5:45 pm

Detailed Calendars/Schedules for Heads of Agencies by Russ Kirk

From the post:

One of the most important things we can know about high-level officials is their detailed scheduled. Who is the head of the EPA meeting with? Who’s been calling the chair of the Federal Reserve? Where has the Secretary of Education been traveling? What groups has the Attorney General been making speeches to?

Problem is, these crucial documents are almost never readily available. They’re released only due to FOIA requests, and sometimes not even then. I’ve filed requests with dozens of agencies for the daily schedules of their leaders covering the first half of 2017. I’ll be posting all the results here, as well as collecting the few calendars (usually from previous administrations) that are posted in the FOIA sections of some agencies’ websites. Keep checking back.

For an example of the important things that these calendars tell us, check out “E.P.A. Chief’s Calendar: A Stream of Industry Meetings and Trips Home” from the NYTimes.

Agency time servers will waive the “scope and bracketing” language in the title as justification for their secrecy but that’s not why they meet in secret.

Their secrets and alliances are too trivial for anyone to care about, save for the fact they are non-democratic and corrupt. No sane person spends $millions for a public office that has a starting salary less than a New York law firm.

Not without expecting non-salary compensation in the form of influencing federal agencies.

The information that Russ Kirk is gathering here is one clue in a larger puzzle of influence.

Enjoy!

Data Munging with R (MEAP)

Filed under: Data Science,R — Patrick Durusau @ 2:21 pm

Data Munging with R (MEAP) by Dr. Jonathan Carroll.

From the description:

Data Munging with R shows you how to take raw data and transform it for use in computations, tables, graphs, and more. Whether you already have some programming experience or you’re just a spreadsheet whiz looking for a more powerful data manipulation tool, this book will help you get started. You’ll discover the ins and outs of using the data-oriented R programming language and its many task-specific packages. With dozens of practical examples to follow, learn to fill in missing values, make predictions, and visualize data as graphs. By the time you’re done, you’ll be a master munger, with a robust, reproducible workflow and the skills to use data to strengthen your conclusions!

Five (5) out of eleven (11) parts available now under the Manning Early Access Program (MEAP). Chapter one, Introducing Data and the R Language is free.

Even though everyone writes books from front to back (or at least claim to), it would be nice to see a free “advanced” chapter every now and again. There’s not much you can say about an introductory chapter other than it’s an introductory chapter. That’s no different here.

I suspect you will get a better idea about Dr. Carroll’s writing from his blog, Irregularly Scheduled Programming or by following him on Twitter: @carroll_jono.

November 3, 2017

Scoop Mainstream Media on “… 6 Russian Government Officials Involved In DNC Hack”

Filed under: Fake News,Journalism,News,Reporting — Patrick Durusau @ 1:11 pm

You have read US Identifies 6 Russian Government Officials Involved In DNC Hack or similar coverage on Russian “interference” with the 2016 presidential election.

Here’s your opportunity to scoop mainstream media on the identities of the “…6 Russian Government Officials Involved In DNC Hack.”

Resources to use:

Russian Political Directory 2017

The Russian Political Directory is the definitive guide to people in power throughout Russia. All the top decision-makers are included in this one-volume publication, which details hundreds of government ministries, departments, agencies, corporations and their connected bodies. The Directory is a trusted resource for studies and research in all matters of Russian government, politics and civil society activities. Government organization entries contain the names and titles of officials, postal and e-mail addresses, telephone, fax numbers plus an overview of their main activities.

Truly comprehensive in scope, and listing all federal and regional government ministries, departments, agencies, corporations and their connected bodies, this directory provides a uniquely comprehensive view of government activity.

For playing “…guess a possible defendant…,” $200 is a bit pricey but opening to a random page is a more principled approach than you will see from the Justice Department in its search for defendants.

If timeliness isn’t an issue, consider the Directory of Soviet Officials: Republic Organizations:

From the preface:

The Directory of Soviet Officials identifies individuals who hold positions in selected party, government, and public organizations of the USSR. It may be used to find the incumbents of given positions within an organization or the positions of given individuals. For some organizations, it serves as a guide to the internal structure of the organization.

This directory dates from 1987 but since Justice only needs Russian sounding names and not physical defendants, consider it a backup source for possible defendants.

For the absolute latest information, at least those listed, consider The Russian Government. The official site for the Russian government and about as dull as any website you are likely to encounter. Sorry, but that’s true.

Last but be no means least, check out Johnson’s Russia List, which is an enormous collection of resources on Russia. It has a 2001 listing of online databases for Russian personalities. It also has a wealth of Russian names for your defendant lottery list.

When Justice does randomly name some defendants, ask yourself and Justice:

  1. What witness statements or documents link this person to the alleged hacking?
  2. What witness statements or documents prove a direct order from Putin to a particular defendant?
  3. What witness statements or documents establish the DNC “hack?” (It may well have been a leak.)
  4. Can you independently verify the witness statements or documents?

Any evidence that cannot be disclosed because of national security considerations should be automatically excluded from your reporting. If you can’t verify it, then it’s not a fact. Right?

Justice won’t have any direct evidence on anyone they name or on Putin. It’s strains the imagination to think Russian security is that bad, assuming any hack took place at all.

No direct evidence means Justice is posturing for reasons best know to it. Don’t be a patsy of Justice, press for direct evidence, dates, documents, witnesses.

Or just randomly select six defendants and see if your random selection matches that of Justice.

XPath and XQuery Assertions in SoapUI

Filed under: XPath,XQuery — Patrick Durusau @ 11:06 am

The video, XPath and XQuery assertions in SoapUI in depth, drew my attention to SoapUI, but be forewarned the sound quality was so bad I could not follow it. Still, I can now mention SoapUI and that’s not a bad thing.

The SoapUI documentation has extended examples for Validating XML Messages, Getting started with Assertions, and Transferring Property Values.

SoapUI has the usual hand-waving about security but since critical airport security plans can be found USB litter, I’m not sure anyone bothers. Your Amazon account root password is probably on a sticky note on someone’s monitor. Go check.

Academic Torrents Update

Filed under: Data,Humanities,Open Access,Open Data,Social Sciences — Patrick Durusau @ 7:06 am

When I last mentioned Academic Torrents, in early 2014, it had 1.67TB of research data.

I dropped by Academic Torrents this week to find it now has 25.53TB of research data!

Some arbitrary highlights:

Richard Feynman’s Lectures on Physics (The Messenger Lectures)

A collection of sport activity datasets for data analysis and data mining 2017a

[Coursera] Machine Learning (Stanford University) (ml)

UC Berkeley Computer Science Courses (Full Collection)

[Coursera] Mining Massive Datasets (Stanford University) (mmds)

Wikilinks: A Large-scale Cross-Document Coreference Corpus Labeled via Links to Wikipedia (Original Dataset)

Your arbitrary highlights are probably different than mine so visit Academic Torrents to see what data captures your eye.

Enjoy!

November 1, 2017

MathB.in (Sharing Mathematical Text on the Web) [Leading Feds Into Woods of Logicism]

Filed under: Mathematical Reasoning,Mathematics — Patrick Durusau @ 10:45 pm

MathB.in

From About MathB.in:

MathB.in is a website meant for sharing snippets of mathematical text with others on the web. This is a pastebin for mathematics. This website was born out of a one night hack on Sunday 25, 2012.

Posting and sharing

A new post can be composed by visiting the home page and writing or pasting code in the box on the left hand pane of the page. Once a post is composed and submitted, the page is saved and it becomes accessible with a new unique URL. The new page looks similar to this page and it has a unique URL of its own. The URL can be shared with anyone on the web and he or she will be able to visit your post.

Code

The post can be composed in a mixture of plain text, LaTeX, Markdown and HTML. HTML tags commonly used for formatting text elements are supported. For a demonstration on how LaTeX is rendered, see the demo page. To quickly get started with posting math, see the tutorial.

Bug reports and suggestions

If you come across any bugs, or if you have any suggestions, please email Susam Pal at susam@susam.in or report an issue at https://github.com/susam/mathb/issues.

Your mileage will vary but drawing on Principia Mathematica without citation will leave any government agents tracking your posts in the wilds of 20th century logicism. Unlikely they will damage anything.

If your Principia notation skills are weak, consider The Notation in Principia Mathematica to translate proofs into late 20th century logic notation.

Oracle Identity Manager Sets One Black Space Password – Functional “Lazy” Hacking?

Filed under: Cybersecurity,Oracle,Security — Patrick Durusau @ 4:02 pm

Oracle Identity Manager – Default User Accounts

From the webpage:


OIMINTERNAL

This account is set to a ‘run as’ user for Message Driven Beans (MDBs) executing JMS messages. This account is created during installation and is used internally by Oracle Identity Manager.

The password of this account is set to a single space character in Oracle Identity Manager database to prevent user login through Oracle Identity Manager Design console or Oracle Identity Manager System Administration Console.

Do not change the user name or password of this account.

That’s right! Hit the space bar once and you’ve got it!

What’s more, it’s a default account!

Is this “functional hacking?” Being lazy and waiting for Oracle to hack itself?

Poor Phone Support = Fake Website?

Filed under: Cybersecurity — Patrick Durusau @ 9:15 am

Poor phone support is a sign of a fake website!

Lenny Zeltser in Ouch | November 2017 says:

Verify the website has a legitimate mailing address and a phone number for sale and support-related questions. If the site looks suspicious, call and speak to a human. If you can’t get a hold of someone to talk to, that is the first big sign you are dealing with a fake website. (emphasis added)

Even outside holiday shopping (the subject of Zeltser’s post), message only and deep phone trees merit a copy of Zeltzer’s column.

« Newer Posts

Powered by WordPress