Category Archives: Security

Food, History, Security

Identity and the Gefilte Fish Test

Leave a comment

I love old black and white spy movies where a subtle etiquette or taste mistake foils a plan. They highlight the importance of privacy and identity as related to culture. One example is the American spy in German-occupied France of WWII who switched his fork and knife during a meal in a cafe.

It is news to me that the flavor of Gefilte fish can be one such identifier. Today few of us probably are familiar with variations of home-made Gefilte, but many years ago

The “gefilte fish line” ran though eastern Poland.

Jews living to the west — most of Poland, as well as Germany and the rest of Western Europe — ate the sweet gefilte fish. Those to the east — Lithuania, Latvia and Russia — ate the peppery version.

The real story is how fish flavor represents a major geographic divide in customs, culture and even language. In other words, choose the peppery version and you could reveal far more information than you might realize.

Can you tell where this recipe is from?

Balls
—————————-
Grind together

1 lb whitefish
1 lb pickle
1 small onion
1 stalk celery
1 egg

Mix in

1 heaping Tablespoon matzo meal
1 teaspoon salt

Broth
—————————-
Fish heads and bodies that were carefully boned
1 sliced onion
1 whole carrot
1 stalk celery
1 teaspoon salt
1 teaspoon sugar
2 inches water
Bring to boil then simmer

Together
—————————-
Form fish balls in palm of hand
Put on top of broth
Poach for about 1 hour with pot covered
Strain broth after removing fish balls
Add gelatin dissolved in 1/4 cup cold water to broth
Mix well and chill

Other recipes, such as the three day one used by Firefly, call for just 1/2 teaspoon black peppercorns.

History, Security

Churchill’s Cherwell and the 1943 Famines

1 Comment

Scientific American has a detailed historical look at the role of Lord Cherwell who served as Winston Churchill’s Personal Technocrat. The article says the analysis of security for Britain had a humanitarian flaw — a disregard for people of their former Colonies and the importance of trade routes — that caused unnecessary famine.

In his memo to Churchill, Lord Cherwell suggested that the Bengal famine arose from crop failure and high birthrate. He omitted to mention that the calamity also derived from India’s role of supplier to the Allied war effort; that the colony was not being permitted to spend its sterling reserves or to employ its own ships in importing sufficient food; and that by his Malthusian logic Britain should have been the first to starve — but was being sustained by food imports that were six times larger than the one-and-a-half-million tons that the Government of India had requested for the coming year. The memo did raise the prospect that harm would be inflicted on long-suffering Britons if help were extended to over-fecund Indians.

Cherwell was born in Germany in the late 1800s as Frederick Alexander Lindemann. He gained respect from his strong work ethic, broad intelligence, innovation, and sharp data analysis. However, he also seems to have been insecure about his intelligence. This is perhaps what led to his most notable mistakes such as believing in a model of humanity with structured high and low status.

“Somebody must perform dull, dreary tasks, tend machines, count units in repetition work; is it not incumbent on us, if we have the means, to produce individuals without a distaste for such work, types that are as happy in their monotonous occupation as a cow chewing the cud?” Lindemann asked. Science could yield a race of humans blessed with “the mental make-up of the worker bee.” This subclass would do all the unpleasant work and not once think of revolution or of voting rights: “Placid content rules in the bee-hive or ant-heap.” The outcome would be a perfectly peaceable and stable society, “led by supermen and served by helots.”

That perspective is probably not what most people think of when they hear the name Cherwell or read the stories of a brilliant scientist known as the most fervent anti-Nazi, Hitler-hating, advisor to Churchill.

Food, Security

Insects Flee From Breath

Leave a comment

Researchers have found that insects sense the breath of approaching herbivores and flee plants to survive. A process of elimination isolated the characteristics of their detection system

The team suspected that several cues might have motivated the mass dropping, including the sudden shadow cast by the goat, plant-shaking triggered by the munching marauder, and/or the herbivore’s exhalations. The researchers tested the effects of each cue individually and found that simply casting a shadow on the plants had no effect on the aphids. Vibrations caused by leaf picking caused only one quarter of the insects to flee the plant. By contrast, when the researchers placed a lamb within five centimeters of the foliage (close enough to breathe on it, but not nibble on it), nearly 60 percent of the bugs dropped to the floor, suggesting that breath was the key danger signal.

Temperature and humidity turned out the be the most important factors

Altering either parameter alone produced only modest increases in aphid dropping, but the combination of increased warmth (to 35 degrees Celsius) and humidity (at 90-100 percent) caused nearly 40 percent of the aphids to plummet.

The next question should be whether they vacate completely or come back shortly after.

Security

x.509 Certificate Danger

Leave a comment

The EFF and iSEC have posted their slides on x.509 certificate research. They call it an HTTPS Observatory. I guess it is a good thing they did not ask me because I would have called it the SSLatarium.

Some of the observations (ok, observatory makes sense) are the usual stuff you might expect. Our trust includes far more information than we could possibly verify in detail. This is true in regular life so it’s no surprise we have similar behavior when faced with the nontrivial certificate system on the web. I have always argued that certs are basically a failure and authority does not exist. The value of SSL is in the ability to encrypt communications. No one, except perhaps Verisign, walks around boasting about CAs or talking about how authorities are great.

I would like to take this moment to remind everyone how many unprotected windows there are in an average neighborhood. We trust that all the anonymous people wandering by outside will not try to break the window or fool us into opening our door. Authority is something difficult to put a finger on. A badge? A car with blinking lights? The Internet is a dangerous place with even less information about authority. It’s not obvious in what kind of neighborhood your browser lives and who it should trust. Back to the question of certificates. We knew they were bad. We knew they were untrustworthy. What now?

The presentation says to this point “Who are these [Certificate Authorities] we trust & what’s going on?” I sense a Harvey Keitel movie plot coming — Certificate Authority gone bad.

The observatory was created by mining the Internet for TLS communication and then recording X.509 certificate data. Here are some fun facts from their database of roughly 10 million handshakes:

  • The majority (6.5 million) of sites used invalid or self-signed certs
  • Wildcard certs are used more often than they should.
  • Google and Microsoft are impersonated
  • There are around 1,500 CA Certificates trusted by IE (the presentation says Windows) or Firefox
  • Your browser probably trusts all intermediary certs signed by the CAs, including the Department of Homeland Security and Booz Allen Hamilton.
  • Mozilla has 124 trust roots from 60 organizations.
  • GoDaddy is practicing unsafe authority-ness with just one signature for 300,224 leaf certs. I would have guessed this from their advertising campaigns anyway, but it is nice to see the data backs it up.

To answer the question in the presentation, yes the CA model is fundamentally broken. Authority has not worked out so well at the giant global level. No big surprise since there is hardly any big global authority to back up the authority role and management that a clean CA infrastructure would require. I think the failure maps well to the world outside of technology and people are wise to think of it in the same way they might identify and measure a physical authority.