I am always interested in military technology, partly because it is impressive stuff to watch (and usually features the leading technology too) and partly because it is such a political and economic battleground.
Mind you, who needs to fight the enemy if you can suck them into buying preposterously pricey military machines that are so expensive it could put the nation in the poorhouse?
The JSF (2) sure looks like that to me anyway: just like the previous wonderplane JSF-1 (which never arrived, please note: our airforce got recycled F-111's instead) we now have JSF-2 and sure enough it is doing exactly the same thing as the previous plan: It certainly looks like Canada has decided to opt out of the plan based on realistic cost projections. Naturally, they will be in trouble with Uncle Sam for that: if too many players opt out, the whole thing will die and billions will need to be "written down".
None of this affects the quality of the plane itself though folks: I fully expect it to go into service, probably some years and some billions overbudget as these things do . . . . . . . but I still think little countries like ours should not be stumping up zillions for this stuff when it does not even look to me to be suitable for our theoretical needs.
The F-111 was actually useful because when fitted with wing tanks it had enough range to cover a fair slice of this huge mostly empty continent. it had a big airframe that provided plenty of room for the various local mods that we gave it over the years too.
How will this single seat high speed fighter fit with that? I have grave doubts, and I am just a normal guy, not some planning bigwig.
I sure hope they are a hell of a lot smarter than I am and can figure out what the point of all the billions of cost will give us.
Saturday, December 8, 2012
Friday, December 7, 2012
A Failure Of Ethics
First, Ross Gittins writes about America's ethical failure here:
Quote:
"Jeffrey Sachs, of Columbia University, is one of the biggest-name economists in the world. Yet in his book, The Price of Civilisation: Economics and Ethics after the Fall, he admits America's greatest problem is moral, not economic. Actually, he says that at the root of America's economic crisis lies a moral crisis."
. . . . and in this article we find out how crazy and completely undemocratic our Australian political system can become, where thanks to one religious zealot, our children are not permitted to attend ethics classes -nay, the children and parents are not even to be informed that ethics classes exist until they have opted out of "religious education". This is after said zealot wanted to abolish ethics classes . . . . . .
I noted this as a child: we may have progressed technologically, but it sure looks like most of the human race is still mentally in the dark ages.
Imagine a Toyota Prius hybrid complete with GPS navigation drives past, and on the door is a church symbol: that is our world.
Thursday, December 6, 2012
Back Online
Well, I'm stumped. My wireless internet service is now back on, and I still have no idea why it didn't work before.
A brief note about the previous post (In whose interest): I do not under any circumstances support "hackers" or those who attack systems or try to cheat on the net or elsewhere. I posted it to give people a clear idea of the way these people think, and maybe even evoke comment (hah!)
Also, I am now on Google +, and it looks good to me. I never liked Facebook and although I have an ID there something about it just didn't sit right with me. I'll see how G+ goes but already I am happier with it since I have this and two other blogs there.
Now I only need to find Google Talk, which according to rumour is/has Video chat.
Oh yeah - I have been seeking a partner online, with somewhat mixed results. Lots of new netfreinds (Hi all! :D) but sill no lovedove. I can't count the number of people who have initially appeared to be local to me , then turned out to be the other side of the world. no offence, but that is fakery and I'm less than impressed by it. Then there is the second step from my point of view: if they meet the basics, and they are not in my home town, I want to video chat with them, and that has been an eye opener: even people who seem genuine suddenly back off . . . almost as if the site is faking me continuously, trying to keep me paying with a string of phonies . . . . . . because they can't really do anything for me. Well, that's the end, no video chat, no more emails. Video chat can't be easily faked (well, not without a lot of prep and some serious computer hardware, and I haven't seen it done yet)
so that remains my big test.
A brief note about the previous post (In whose interest): I do not under any circumstances support "hackers" or those who attack systems or try to cheat on the net or elsewhere. I posted it to give people a clear idea of the way these people think, and maybe even evoke comment (hah!)
Also, I am now on Google +, and it looks good to me. I never liked Facebook and although I have an ID there something about it just didn't sit right with me. I'll see how G+ goes but already I am happier with it since I have this and two other blogs there.
Now I only need to find Google Talk, which according to rumour is/has Video chat.
Oh yeah - I have been seeking a partner online, with somewhat mixed results. Lots of new netfreinds (Hi all! :D) but sill no lovedove. I can't count the number of people who have initially appeared to be local to me , then turned out to be the other side of the world. no offence, but that is fakery and I'm less than impressed by it. Then there is the second step from my point of view: if they meet the basics, and they are not in my home town, I want to video chat with them, and that has been an eye opener: even people who seem genuine suddenly back off . . . almost as if the site is faking me continuously, trying to keep me paying with a string of phonies . . . . . . because they can't really do anything for me. Well, that's the end, no video chat, no more emails. Video chat can't be easily faked (well, not without a lot of prep and some serious computer hardware, and I haven't seen it done yet)
so that remains my big test.
Thursday, November 29, 2012
Only in Japan: Giant Mechs on sale NOW!
Yep, the Japanese really know how to impress folks: now on sale is KURATAS, a 4 ton giant mech that you can ride inside.
No, this is NOT a joke, go here to see videos of KURATAS in action.
For a piddling 1.3 mil you get a steel monster that every Evil Genius will be queueing up to buy . . . oh hang on, the weapons are definitely not mil spec. Ah, who cares? You can crush all opposition anyway!
Thanks to The Register for this all-important news flash.
( Get yours before the world ends on December 21 and you get a free cup holder !)
I love the Japanese, can't wait for competing companies to come out with bigger, badder models . . . . PATLABOR in real life ! Woo-hoo!
No, this is NOT a joke, go here to see videos of KURATAS in action.
For a piddling 1.3 mil you get a steel monster that every Evil Genius will be queueing up to buy . . . oh hang on, the weapons are definitely not mil spec. Ah, who cares? You can crush all opposition anyway!
Thanks to The Register for this all-important news flash.
( Get yours before the world ends on December 21 and you get a free cup holder !)
I love the Japanese, can't wait for competing companies to come out with bigger, badder models . . . . PATLABOR in real life ! Woo-hoo!
In whose interest . . . . .?
Reproduced here in its entirety for your permanent information: from WIRED, a "hacker" tells all about how unsecure your systems really are and Computational Ethics . . . . .
----------------------------------------------------------------------------------------------------------------------
Editor’s Note: The author of this opinion piece, aka “weev,” was found guilty last week of computer intrusion for obtaining the unprotected e-mail addresses of more than 100,000 iPad owners from AT&T’s website, and passing them to a journalist. His sentencing is set for February 25, 2013.
Right now there’s a hacker out there somewhere producing a zero-day attack. When he’s done, his “exploit” will enable whatever parties possess it to access thousands — even millions — of computer systems.
But the critical moment isn’t production — it’s distribution. What will the hacker do with his exploit? Here’s what could happen next:
The hacker decides to sell it to a third party. The hacker could sell the exploit to unscrupulous information-security vendors running a protection racket, offering their product as the “protection.” Or the hacker could sell the exploit to repressive governments who can use it to spy on activists protesting their authority. (It’s not unheard of for governments, including that of the U.S., to use exploits to gather both foreign and domestic intelligence.)
The hacker notifies the vendor, who may — or may not — patch. The vendor may patch mission-critical customers (read: those paying more money) before other users. Or, the vendor may decide not to release a patch because a cost/benefit analysis conducted by an in-house MBA determines that it’s cheaper to simply do … nothing.
The vendor patches, but pickup is slow. It’s not uncommon for large customers to do their own extensive testing — often breaking software features that couldn’t have been anticipated by the vendor — before deploying improved patches to their employees. All of this means that vendor patches can be left undeployed for months (or even years) for the vast majority of users.
The vendor creates an armored executable with anti-forensic methods to prevent reverse engineering. This is the right way to deploy a patch. It’s also manpower-intensive, which means it rarely happens. So discovering vulnerabilities is as easy as popping the old and new executable into an IDA Pro debugger with BinDiff to compare what’s changed in the disassembled code. Like I said: easy.
Basically, exploiting the vast unpatched masses is an easy game for attackers. Everyone has their own interests to protect, and they aren’t always the best interests of users.
Clearly, not all the players will act ethically, or capably. To top it all off, the original hacker rarely gets paid for his or her highly skilled application of a unique scientific discipline towards improving a vendor’s software and ultimately protecting users.
So who should you tell? The answer: nobody at all.
White hats are the hackers who decide to disclose: to the vendor or to the public. Yet the so-called whitehats of the world have been playing a role in distributing digital arms through their disclosures.
Researcher Dan Guido reverse-engineered all the major malware toolkits used for mass exploitation (such as Zeus, SpyEye, Clampi, and others). His findings about the sources of exploits, as reported through the Exploit Intelligence Project, are compelling:
Antisec hackers focused on exploit development as an intellectual, almost spiritual discipline. Antisec wasn’t — isn’t — a “group” so much as a philosophy with a single core position:
This version of antisec has nothing in common with the principles behind the antisec movement I’m talking about.
But the children entrapped into criminal activity — the hackers who made the morally bankrupt decision of selling exploits to governments — are beginning to publicly defend their egregious sins. This is where antisec provides a useful cultural framework, and guiding philosophy, for addressing the gray areas of hacking. For example, a core function of antisec was making it unfashionable for young hackers to cultivate a relationship with the military-industrial complex.
In an age of rampant cyber espionage and crackdowns on dissidents, the only ethical place to take your zero-day is to someone who will use it in the interests of social justice. And that’s not the vendor, the governments, or the corporations — it’s the individuals.
In a few cases, that individual might be a journalist who can facilitate the public shaming of a web application operator. However, in many cases the harm of disclosure to the un-patched masses (and the loss of the exploit’s potential as a tool against oppressive governments) greatly outweighs any benefit that comes from shaming vendors. In these cases, the antisec philosophy shines as morally superior and you shouldn’t disclose to anyone.
So it’s time for antisec to come back into the public dialogue about the ethics of disclosing hacks. This is the only way we can arm the good guys — whoever you think they are — for a change.
----------------------------------------------------------------------------------------------------------------------
Editor’s Note: The author of this opinion piece, aka “weev,” was found guilty last week of computer intrusion for obtaining the unprotected e-mail addresses of more than 100,000 iPad owners from AT&T’s website, and passing them to a journalist. His sentencing is set for February 25, 2013.
Right now there’s a hacker out there somewhere producing a zero-day attack. When he’s done, his “exploit” will enable whatever parties possess it to access thousands — even millions — of computer systems.
But the critical moment isn’t production — it’s distribution. What will the hacker do with his exploit? Here’s what could happen next:
The hacker decides to sell it to a third party. The hacker could sell the exploit to unscrupulous information-security vendors running a protection racket, offering their product as the “protection.” Or the hacker could sell the exploit to repressive governments who can use it to spy on activists protesting their authority. (It’s not unheard of for governments, including that of the U.S., to use exploits to gather both foreign and domestic intelligence.)
The hacker notifies the vendor, who may — or may not — patch. The vendor may patch mission-critical customers (read: those paying more money) before other users. Or, the vendor may decide not to release a patch because a cost/benefit analysis conducted by an in-house MBA determines that it’s cheaper to simply do … nothing.
The vendor patches, but pickup is slow. It’s not uncommon for large customers to do their own extensive testing — often breaking software features that couldn’t have been anticipated by the vendor — before deploying improved patches to their employees. All of this means that vendor patches can be left undeployed for months (or even years) for the vast majority of users.
The vendor creates an armored executable with anti-forensic methods to prevent reverse engineering. This is the right way to deploy a patch. It’s also manpower-intensive, which means it rarely happens. So discovering vulnerabilities is as easy as popping the old and new executable into an IDA Pro debugger with BinDiff to compare what’s changed in the disassembled code. Like I said: easy.
Basically, exploiting the vast unpatched masses is an easy game for attackers. Everyone has their own interests to protect, and they aren’t always the best interests of users.
Things Aren’t So Black and White
Vendors are motivated to protect their profits and their shareholders’ interests over everything else. Governments are motivated to value their own security interests over the individual rights of their citizens, let alone those of other nations. And for many information security players, it’s far more lucrative to sell incrementally improved treatments of a disease’s symptoms than it is to sell the cure.Clearly, not all the players will act ethically, or capably. To top it all off, the original hacker rarely gets paid for his or her highly skilled application of a unique scientific discipline towards improving a vendor’s software and ultimately protecting users.
So who should you tell? The answer: nobody at all.
White hats are the hackers who decide to disclose: to the vendor or to the public. Yet the so-called whitehats of the world have been playing a role in distributing digital arms through their disclosures.
Researcher Dan Guido reverse-engineered all the major malware toolkits used for mass exploitation (such as Zeus, SpyEye, Clampi, and others). His findings about the sources of exploits, as reported through the Exploit Intelligence Project, are compelling:
The so-called whitehats of the world have been playing a role in distributing digital arms.
- None of the exploits used for mass exploitation were developed by malware authors.
- Instead, all of the exploits came from “Advanced Persistent Threats” (an industry term for nation states) or from whitehat disclosures.
- Whitehat disclosures accounted for 100 percent of the logic flaws used for exploitation.
Navigating the Gray
A few farsighted hackers of the EFnet-based computer underground saw this morally conflicted security quagmire coming 14 years ago. Uninterested in acquiring personal wealth, they gave birth to the computational ethics movement known as Anti Security or “antisec.”Antisec hackers focused on exploit development as an intellectual, almost spiritual discipline. Antisec wasn’t — isn’t — a “group” so much as a philosophy with a single core position:
An exploit is a powerful weapon that should only be disclosed to an individual whom you know (through personal experience) will act in the interest of social justice.After all, dropping an exploit to unethical entities makes you a party to their crimes: It’s no different than giving a rifle to a man you know is going to shoot someone.
Dropping an exploit to unethical entities makes you a party to their crimes.
Though the movement is over a decade old, the term “antisec” has
recently come back into the news. But now, I believe that
state-sanctioned criminal acts are being branded as antisec. For
example: Lulzsec’s Sabu was first arrested last year on June 7, and his
criminal actions were labeled “antisec” on June 20, which means
everything Sabu did under this banner was done with the full knowledge
and possible condonement of the FBI. (This included the public
disclosure of tables of authentication data that compromised the
identities of possibly millions of private individuals.)This version of antisec has nothing in common with the principles behind the antisec movement I’m talking about.
But the children entrapped into criminal activity — the hackers who made the morally bankrupt decision of selling exploits to governments — are beginning to publicly defend their egregious sins. This is where antisec provides a useful cultural framework, and guiding philosophy, for addressing the gray areas of hacking. For example, a core function of antisec was making it unfashionable for young hackers to cultivate a relationship with the military-industrial complex.
The only ethical place to take your zero-day is to someone who will use it in the interests of social justice.
Clearly, software exploitation brings society human rights abuses and
privacy violations. And clearly, we need to do something about it. Yet I
don’t believe in legislative controls on the development and sale of
exploits. Those who sell exploits should not be barred from their free
trade — but they should be reviled.In an age of rampant cyber espionage and crackdowns on dissidents, the only ethical place to take your zero-day is to someone who will use it in the interests of social justice. And that’s not the vendor, the governments, or the corporations — it’s the individuals.
In a few cases, that individual might be a journalist who can facilitate the public shaming of a web application operator. However, in many cases the harm of disclosure to the un-patched masses (and the loss of the exploit’s potential as a tool against oppressive governments) greatly outweighs any benefit that comes from shaming vendors. In these cases, the antisec philosophy shines as morally superior and you shouldn’t disclose to anyone.
So it’s time for antisec to come back into the public dialogue about the ethics of disclosing hacks. This is the only way we can arm the good guys — whoever you think they are — for a change.
Friday, November 16, 2012
Simfoods
As if that was not bad enough, now real foods are being stealthily replaced by food simulants.
Up until recently I ate a pot of fruit flavoured yoghurt for morning tea at work - then they just stopped making them in small sizes. No reason given, of course - so I went looking for a replacement, and discovered that there are a whole range of sim-yoghurts that proudly claim themselves "98% fat free": this is presented as some advantage, but the horrible truth is that this stuff is not even yoghurt any more. It's hiding in the fine print on the containers, so that you won't read it but there it is: the cheap way to get 98 percent fat free "dairy" product is to make it without milkfat, so they add plant based gums that form a sort of gel with water that resembles the milkfat in the goop.
I am guessing here but the milkfat must be either very valuable or hard to get because there ain't none of it in these new "dairy" products - but I WANT the milkfat.
EATING FAT DOES NOT MAKE YOU FAT. nope.
It is important to your diet to get enough complex fats though, and this synthetic goop is supposedly great to make you "take a dump" and lose weight - ( I know, I work with "diet" products sometimes and I looked up what the ingredients do) but not for those of us who are NOT overweight or on a "diet".
Of course, all the above assumes that the label is accurate and correct. I wouldn't count on it: what we are really looking at is Bu*****t from the marketing department designed to cash in on people's fear of getting fat.
Well, I found another way to get my morning tea, but the issue is only getting crazier every year: I'm guessing again, but I suspect that artificial goo like Arabica bean gum and it's gummy ilk are a whole lot cheaper than real food ingredients so we will see more and more of it pre-processed "food" in future.
There is also a whole boatload of justification for Corporations to take this route since they only need point to statistics and say "63 % of Australians are overweight or obese, so we are helping them to lose weight" - which in itself is debatable, but they have more political power than me.
I just call them all Food Simulants, or Simfood for short.
Stick with real foods folks - veges, cereals and grains, fruit and maybe even real cheese if you can find it among the simcheeses.
. . . . . . . . and I'm not even going to mention sugar. That's even worse.
Monday, November 12, 2012
Bitcoin
In the second half of this video, Max Keiser talks about Bitcoin: this may be the way of money in the future - but don't take my word for it, watch the show.
Subscribe to:
Posts (Atom)