History, Security

When Futurists Get History Wrong, Can They Predict Right?

Leave a comment

What if I told you there is ample evidence to say projectiles with lethal effects beyond arm’s reach are as old as weapons themselves?

…researchers found that 14 of the 25 point fragments bore evidence of impact-related damage, animal residues, and wear features that strongly indicated that these points may have been used for hunting. Examination of the impact-related fractures and the distribution of the points indicated that these points may have been attached to handles to form projectile weapons and that these weapons were projected from a distance, most likely with a flexible spear-thrower or a bow. …the new Sibudu Cave site data may push back the evidence for the use of pressure flaking during the MSA to 77,000 years ago…

There’s even a dart-firing Atlatl product design discussion from the Stone Age:

Darts were not only easier to transport but they penetrated hides with greater force, which likely killed animals quicker. In Alberta, darts were used to hunt bison, sheep, elk, deer, antelope, and smaller animals. Each species likely involved a different strategy and context of atlatl use.

If you really want to get more technical about it, archaeologists say things like the blowgun comes from the Stone Age… yet recent digs in Africa also found primitive Middle Stone Age tools used just 11,000 years ago (20,000 years later than previously thought to have been obsolete and deprecated).

Groups of ancient humans were shifting to newer tools at relative speed, not linearly. It’s actually very important to notice how groups were somewhat isolated and developing projectiles based on locality leading to domain shifts and imbalance in conflict.

I mean it’s kind of like a chicken and egg riddle to ask did the rock wall or throwing a rock come first?

All of that is just preamble to introduce a futurist who has written a prediction of future war based on a curious understanding of the past:

Up until now, the history of military innovation has been about moving lethal effects to an intended victim with greater efficiency. In the Stone Age, a club was an inert object wielded by a human hand to create lethal injury. With the advent of metal, a sword became a more maneuverable and sharper instrument to create the same effect. Gunpowder and the advent of projectiles allowed for lethal effects beyond arm’s reach. Artillery increased the range and impact of lethality. Navies became ways of moving artillery over the oceans to bring lethal effects to other ships and to the shore through fire support missions. Aircraft carriers were invented to support aircraft that in turn delivered munitions with lethal effects. And so on.

That phrase “gunpowder and the advent of projectiles allowed for lethal effects beyond arm’s reach” is just so strange as to be unbelievable. It reminds me of how wrong early theories about Easter Islanders holding weapons were, given they were in fact more like hoes or shovels.

Everyone studies the 1415 Agincourt projectile battle, right? And the whole debate about the ethics of crossbows because too automated any peasant could use one versus a highly trained archer… all long predates this “advent of projectiles” sentence that starts with gunpowder.

It doesn’t look like a typo because it is a linear progression by the futurist. Club then sword then boom you have a bullet and a gun with powder? No. Instead imagine a line from the Stone Age to today for projectiles, a line from the Stone Age to today for hand-held weapons… and even parallel lines for artillery and navies instead of a serial one.

From there this futurist, based on what feels like a very weak presentation of history (falsely linear, and falsely handheld first then projectile 10,000s of years later), presents what he calls the next chapter:

Now comes the discontinuity. In 1999, a book called Unrestricted Warfare was published by two Chinese colonels from the People’s Liberation Army. Its take-home message was that all elements of an advanced society could now be considered as means of waging war. We see this visible now in the war of the meme, disinformation, kompromat, lawfare and cyber threats to key infrastructure, to name but a few.

Use of all means of waging war is by no means a new concept. WWI is probably the best foundational reading for “all means of waging war” in our modern context, particularly Woodrow Wilson’s use of propaganda and nationalizing communications as well as German military spy infiltration of British colonies to force fractures and revolution.

It’s just so strange to see this already dated concept labeled “modern” or “future” war, stranger to see it attributed to 1999 Chinese authors, let alone see that earlier false linear history in the windup.

Security

Node Package Squatter Squats on 35 Organizations

Leave a comment

An extremely primitive supply-chain attack is being carried out for profit by a “researcher” on Node Package Manager (npm) in three languages. After finding a public reference to a package name, a squat is attempted:

During the second half of 2020… we were able to automatically scan millions of domains belonging to the targeted companies and extract hundreds of additional javascript package names which had not yet been claimed on the npm registry. I then uploaded my code to package hosting services under all the found names and waited for callbacks.

They rate success in terms of the easy money paid to them by targets offering a “bounty”, as well as quantity for potential squats:

…logging the username, hostname, and current path of each unique installation. Along with the external IPs… [squatted] more than 35 organizations to date, across all three tested programming languages. The vast majority of the affected companies fall into the 1000+ employees category, which most likely reflects the higher prevalence of internal library usage within larger organizations. Due to javascript dependency names being easier to find, almost 75% of all the logged callbacks came from npm packages…

They repeatedly pat themselves on the back for getting money out of people for this and they exhibit a lot of “social entry” interest in their “shout-out” section, which thanks “bounty programs, making it possible for us to spend time chasing ideas”…

History, Poetry, Security

We Wear the Mask

Leave a comment

by Paul Laurence Dunbar

…born in Dayton, Ohio, on June 27, 1872. His parents, Joshua Dunbar and Matilda Murphy Dunbar, were married six months earlier, on December 24, 1871. Both slaves prior to the Civil War, Joshua Dunbar escaped and served in both the 55th Massachusetts Infantry Regiment and the 5th Massachusetts Colored Cavalry Regiment before coming to Dayton…. Many of their experiences of slave and plantation life influenced Dunbar’s later writings.

A poem about authenticity and power in America:

We wear the mask that grins and lies,
It hides our cheeks and shades our eyes,—
This debt we pay to human guile;
With torn and bleeding hearts we smile,
And mouth with myriad subtleties.

Why should the world be over-wise,
In counting all our tears and sighs?
Nay, let them only see us, while
We wear the mask.

We smile, but, O great Christ, our cries
To thee from tortured souls arise.
We sing, but oh the clay is vile
Beneath our feet, and long the mile;
But let the world dream otherwise,
We wear the mask!

Security

Hackers Attempted to Remove Regulation of Poison Content in Florida

Leave a comment

Someone needs to say “damn Florida, water you even doing right now” (puns intended) given the latest news.

And I don’t say this lightly, despite the puns, given Florida’s awful history of “killing zones” in water.

This blog post title could be talking about Facebook’s “business” relationship with Cambridge Analytica being so obviously toxic to humanity, or it could be talking about Flint Michigan being a foreshadowing.

The reader would be forgiven for assuming either of those stories are linked here to a metaphor of poisoned content, misuse of controls, and the need for better regulation.

However, this is a non-metaphorical story. A hacker literally attempted to bypass regulations, change control of levels of known harmful contents, to flow in a massive content delivery system — water.

“The hacker changed the sodium hydroxide from about one hundred parts per million, to 11,100 parts per million,” Gualtieri said, adding that these were “dangerous” levels. When asked if this should be considered an attempt at bioterrorism, Gualtieri said, “What it is is someone hacked into the system not just once but twice … opened the program and changed the levels from 100 to 11,100 parts per million with a caustic substance. So, you label it however you want, those are the facts.”

So now when clubhouse, or Uber or some other anti-regulatory tech darling says they want to be the next water, be sure to ask them to explain this story and how they’d handle it.

There are a couple obvious integrity questions being floated (pun not intended) here.

First, why could the amount go up more than a small percentage, for example? Adding a bunch of zeros to 100 (or 1s, from 100 to 11100) sounds like this was a lazy attack to overflow (pun not intended) the input field in more ways than one.

Second, what’s this remote access direct into changing levels all about? I can maybe understand remote access to something with limited capabilities (see point one) but total control with no multi-factor authentication (MFA)? Everyone knows that is just wrong, mismanagement of basic plant safety. Update: TeamViewer has a history of this, where users report losing control even with MFA.

Third, multiple entry? Coming back a second time means the platform admins allowed a hacker to lye in wait (ok, pun intended because sodium hydroxide is lye, get it?). I just wanted to say lye in wait. But seriously, what else did they change and can the admins even tell or should the whole infrastructure be treated (pun not intended) as contaminated?