Category Archives: Security

Medal of Honor for Major John J. Duffy

A recurring theme in Duffy’s new MOH award statement is repeatedly taking on more responsibility to benefit others, courageously disregarding self, a remarkably caring leader even under the most extreme pressure even from an enemy battalion.

In the two days preceding the events of 14 to 15 April 1972, the commander of the 11th Airborne Battalion was killed, the battalion command post was destroyed, and Major Duffy was twice wounded but refused to be evacuated. Then on 14 April, Major Duffy directed the defense of Fire Support Base Charlie, which was surrounded by a battalion-size enemy element. […] With the goal of a complete withdrawal, Major Duffy was the last man off the base, remaining behind to adjust the covering fire from gunships until the last possible moment. When the acting battalion commander was wounded, he assumed command of the evacuation and maintained communication with the available air support to direct fire on the enemy. […] Only after ensuring all of the evacuees were aboard, did Major Duffy board while also assisting a wounded friendly foreign soldier in with him. Once on board, he administered aid to a helicopter door gunner who had been wounded during the evacuation.

I would argue this is the definition of “type A” personality, to give up anything so that others may have something.

The Army page points out Duffy was very highly decorated for his four years in Vietnam, including 1972 special advisor for Military Assistance Command Vietnam (MACV) Team 162 “Red Hats”; and for his poetry.

…honored with 64 awards and decorations, 29 of which are for valor, including the Distinguished Service Cross (currently in final stages to an upgrade), the Soldier’s Medal, four Bronze Stars with “Valor” device, eight Purple Hearts, seven Air Medals (six with “Valor” device), three Army Commendation Medals with “Valor” device, the Cross of Gallantry with Palm (Vietnam’s highest award for valor), two Crosses of Gallantry with Silver Stars, one Presidential Unit Citation (Naval), three Presidential Unit Citations (Army), the Vietnam Cross of Gallantry w/Palm (Unit), the Vietnam Valorous Service Medal (Unit), the Combat Infantry Badge, Master Parachutist Wings, plus numerous other awards for service and merit. […] Duffy has been nominated for the Pulitzer Prize and has published six books of poetry. Two of his poems were selected to be inscribed on monuments, and others appear in countless publications and anthologies.

The Forward Air Controller
by John J. Duffy
Dedicated 2008 FAC Memorial Park
(With MOH Bud Day present)
Colorado Springs, CO

It is the lonely mission,
The Forward Air Controller.
His are the eyes above the battle.
His is the link to those below.

While others avoid and strike fast,
He lingers and trolls for contact,
Seeking out the enemy below,
Determining the strike force needed.

His is the job to control the air attack.
He determines the needs of the troops,
And works the airstrike margins.
His judgement is relied upon by all.

Watching a “FAC” roll in hot on target,
All guns blazing at his destruction,
Is to watch a man of courage in action.
This is the daily job of the “FAC”.

Report Proves GDPR Dramatically Reduced “Useless” Apps

The Register does a mixed job reporting on a report, as this seems to be the very buried lede.

[Report co-author and lecturer at the University of East Anglia in the UK Michael] Kummer said the one-third decline looks scary but the paper does point out that these apps only accounted for 3 percent of app usage. “These apps are, largely as Max [Schrems] suspects, useless,” he said.

A one-third decline in apps available for Android is attributed to regulation that requires privacy protection. Schrems has the best quote:

It may well be that some ‘flashlight apps’ are gone now, but I am not sure if anyone misses them.

And that reminds me of Google’s own shady calculator app requiring network access.

European Parliament approves Digital Markets Act (DMA) and Digital Services Act (DSA)

The Digital Markets Act: meant to stop “digital moat” mindset of Silicon Valley (i.e. Stanford) and prevent anti-competitive wealth generation models because it is clearly immoral to lock-in users.

Aside from Facebook obviously being a dumpster fire of harm that nobody should still use (unsafe by design)…

Apple runs afoul with a closed approach to a “public store” for applications. If a store is closed then regulators are saying it shouldn’t be unfairly promoted in a market as bring open.

By way of analogy this reminds me of when tech company “bus services” in Silicon Valley started that fraudulently would use public bus stops, open its doors to the public, and then demand that nobody in the public be allowed to get on the bus while blocking actual public buses.

Closed bus service pretends to be open

I gave a talk about this exact thing in Kiwicon 2016, to many chuckles from the audience — people get it there.

Basically I rode around (to work) in Silicon Valley for free on Apple and Google buses where more authentic public transit services had been denied access. Simply I theorized if such companies could impersonate a public bus in every way, while denying public access, then why not impersonate the person allowed to ride on their impersonation?

It came to an abrupt end when Apple’s impersonation of a public bus had a breakdown (it was a dilapidated, rattling retired school bus painted white) such that it failed to show up on schedule.

And while I didn’t work at Apple, Apple confusingly thought of me as their only rider.

A dispatcher stood at the stop to warn me the bus failed, such that when I walked up this person recognized me as a “regular” and with his walkie-talkie (I told you it was a long time ago) motioned for a big black limousine immediately to take me wherever I needed to go… AS LONG AS THE DESTINATION WAS AN APPLE ADDRESS.

Sigh.

My impersonation was working against me — I didn’t want to seem like Apple staff, I wanted their fraud bus to become more real.

So I stepped out of a giant limo in front of the Apple campus and then casually walked away and jumped a hedge to go to a building next door (Silicon Valley sidewalks rarely connect workers) to work with people not at Apple.

Since the Apple transit service clearly was unable to maintain basic availability, an integrity failure that destroyed its impersonation of being open, I never rode it again.

Of course many years later these fraud buses got themselves into a bit of trouble with people who understood the problem.

…two-tier system where the public pays and the private corporations gain. Tech Industry private shuttles use over 200 SF MUNI stops approximately 7,100 times in total each day (M-F) without permission or contributing funds to support this public infrastructure.

The companies running these buses didn’t even pay taxes.

It was layers of abuse.

Notably the CA government officials were shocked when I met with them in Silicon Valley and told them I agreed with anti-fraud protests. I mean the CA government expressed to me they were fearful to go against tech companies, treating wealthy fraudsters with kid gloves, not least because they didn’t think anyone inside tech was opposed to fraud.

Really.

I was asked (as if some kind of strange alien) to file a letter to California legislators explaining the obvious — even tech workers could know that a false premise of tech buses being open while running closed was harmful to society in many ways.

Unfortunately CA regulators acted upon the problems barely at all.

Whereas before the dot-com crash of 2000 big tech companies like Cisco were awkwardly funding light-rail “with empty trains running past single-story tilt-ups (office buildings), single-family homes and empty lots”; the post-crash tech company business ethic meant scheming to run far-reaching closed and invisible services.

Both obviously are stupid to anyone with an ounce of common sense about transit.

I bring all this up since politics in Silicon Valley are in fact a bell-weather of why it’s such a battle in America to provide basic safety to anyone in technology. Note this giant hint about billionaires driving policy:

…analysis is weakened by continually referencing to studies by the [Koch Brothers’] Cato Institute, a libertarian [anti-regulation] think-tank…

Strong regulation will spur market innovations in more meaningful directions (e.g. force higher integrity), which is exactly what some powerful Americans (usually in technology these days) do not want because as it lowers immediate profit goals and stymies long-term anti-competitive aims (digital moats).

The Digital Services Act: enacts standards illegal content removal, including a ban on ads that target children and a requirement to assess integrity of third-parties. When 45 million EU users or more are in question, regulators get to assess risk and specifically the algorithms used for content promotion.

Facebook in theory won’t be allowed anymore to profit from killing children.

That’s not an exaggeration. The European Centre for Algorithmic Transparency (ECAT) also is being established to gather experts who can protect society better from Facebook.

Using my transit example above, Apple should never have been authorized to run their broken-down jalopy “bus” on highways let alone impersonate public transit.

An illustration of Apple’s early attempt at providing a closed transit system for staff using public-funded infrastructure and equipment.

Seats were missing fasteners, there were no seatbelts and the doors didn’t even close properly. The company clearly didn’t have anyone who actually rode public transportation and yet they went about creating a loose (and unsafe) impersonation of it. Things only improved when they outsourced the whole operation to a well-regulated transit company.

Long story short, Europe says companies are now required to make services interoperable and provide users access to their data, while protecting society (notably children) from known harms.

Those in violation of these two new European laws could start to see fines in 2023 as high as 10% of global revenue under DMA and up to 6% for breaches of DSA. Fines rise to 20% if violations repeat.

The Guardian even reports this as government regulations against unregulated client-side encryption are good for privacy, which I’ve written about on this blog before.

Home secretary says new powers to require tech firms to remove encrypted abuse material would bring privacy and security.

Removing encrypted abuse material would indeed help protect privacy of victims, or as I wrote a year ago “If You Like Privacy, Then Love Apple Child Protection Measures”.

U.S. “foreign internal defense was the hottest mission set”

An article about the importance of the U.S. troops understanding foreign languages has this buried lede:

…foreign internal defense was the hottest mission set, and every unit — even Navy SEALs and Delta Force, which tend to focus on direct-action operations — jumped at the opportunity to conduct it in order to be deployed.

It makes the military sound geared towards being highly competitive on budget to be sent far away, which seems ironically contradictory to core concepts of internal defense values (collaborative and local).

Also it reminds me of the University of London School of Oriental and African Studies (SOAS), which was chartered 5 June 1916 to better “understand” foreign languages within and around the British colonial empire.

In other words during the height of WWI the hottest mission set was to train officials (e.g. spies) for overseas postings who would maintain and expand British influence and resist German sabotage. One might even say this training for internal defense is what laid the foundation for the English expression “101”.