What do we want? Evidence based science! When do we want it? After peer review!

Posted by Sappho on April 23rd, 2017 filed in Daily Life

I went to the March for Science in Fullerton yesterday, taking the train from Irvine with my friend Vivian and her friend Linda. The train station was crowded, as I encountered, not just others headed to the March for Science in Fullerton, but also a group biking to raise money to fight breast cancer, a few stragglers headed to the March for Science in LA, and some people I knew from a local hiking group, who were headed to walk somewhere in Santa Barbara.

The sound system at the demonstration was a bit spotty (though the woman who sang the Star Spangled Banner triumphed over the audio limitations). It didn’t matter much, though, as the crowd, and all the creative homemade signs, more than made up for our difficulty hearing the speeches from where we were. Vivian took many photos for her Signs of Resistance page, and I took some as well.

On the return portion of the march, we encountered a thirteen-year-old boy, filming the march on his cell phone. He had biked all the way from Irvine to Fullerton, on his own, to get to the march, leaving at 6:30am. We talked him into coming back with us on the MetroLink (with his bike), and got him a ticket; he then called his parents. He was a bright and informed kid, the son of immigrants from China.

About those signs: They ranged from tributes to scientist parents, to “I study ferns, and I vote,” to lists of the benefits of science, to Earth Day concerns for the environment (“There is no Planet B”), to humor (“Science says I should sleep. My mother said I had to come to this march. I like science.”) Lots of appreciation for no more polio, but also a long list of other things that we wouldn’t want to be without.

Afterward, I checked Twitter for reports on the March for Science around the world (including an underwater March for Science in Guam).

Comment now »

On War, Trust, and Becoming President

Posted by Sappho on April 8th, 2017 filed in News and Commentary, Peace Testimony

Another war, and we are led by a President whom I viscerally distrust, in a way in which I am not accustomed to viscerally distrusting my President, even when said President was of the other party.

In a similar way, I viscerally trusted Obama.

I should perhaps explain what I mean by that. I don’t mean that I always agreed with Obama. I don’t even mean that I assumed he’d be immune to doing something absolutely awful, which made things horribly worse for people. I simply mean that I saw him as a basically honest, well-meaning, good, intelligent, and thoughtful person, and I supposed that, if he did make some really dreadful decision, most people in his shoes would either make the same dreadful decision, or a similarly dreadful decision, rather than that he’d have made it because he was unusually awful. Situational pressures work on Presidents, too, for good or ill.

Meanwhile, with Trump, I so viscerally distrust his character that even should he do something good, it would be hard for me to believe that he did it for good motives. None of this necessarily prevents him, in a given situation, from making the same darn decision, for good or ill, that any of the other presidential candidates would have made. He might. Situational pressures work on Presidents, too, for good or ill.

Anyway, all of this is a lead in to how I look at the great, unsurprising flip, in which nearly all Congressional Republicans, apparently, thought that it would be disastrously wrong for Obama to bomb Syria in response to a chemical attack, while nearly all the same Republicans think it’s absolutely great that Trump just did so. (There are, of course, notable exceptions, like McCain, who always thought we should bomb Syria, and Paul, who remains opposed. But they’re exceptions.) You could look at this as cynical political hackery. But it might be something closer to tribalism. Maybe many of these people viscerally distrust Barack Hussein Obama the way I viscerally distrust Trump, and viscerally trust Trump the way I viscerally trust Obama? It would explain why bombing Syria would have been promoting Al Qaeda if Obama did it, but is standing up for American values if Trump does it.

But what about the substance of the decision? How should you decide whether to applaud or condemn it? Let me, unQuakerly though it may seem for a Quaker blogger, assume, for the sake of argument, that attacking Syria is a good thing, that this is the right occasion for war.

Now, if we live in the world where sending Tomahawks to Syria is a good idea, what, minimally, must be true? Surely, the first thing that must, minimally, be true is that the Tomahawks will accomplish their goal. That there will be no more chemical weapons used, and that there will be fewer fathers weeping over their dead twins than there would be if we had not sent the Tomahawks. That materially fewer innocent people will be dead and maimed.

But do we judge war this way? Even now, people are suddenly applauding how “presidential” Trump is. How the day he ordered the Tomahawks on their way was the day he became President.

Perhaps, in a sense, it was. It was, unusually, a day on which he made a decision that nearly any POTUS might have made, and didn’t simultaneously do several odd things that no other POTUS would do. But then, that’s a low bar. Shouldn’t “presidential,” at the very least, mean that he has the sustained focus to form and carry out a plan that takes more than a day, and that shows actual positive results? Even if you believe in those Tomahawks, is your faith in them really so great that you’re sure, now that a single round has hit an airport, that fathers will weep no more for their dead twins? Shouldn’t you at least want to know that your war has a plan that involves more than demonstrating our resolve to the world, and that is likely to work?


Good dog!

Posted by Sappho on April 1st, 2017 filed in Daily Life

We have trained our dog to ring a bell whenever he wants to go out. It took some time, but once he got the hang of it, he loved it. It has gradually shifted to a “Pay attention to the dog” signal.

Ring, ring. Take the dog out.

Ring, ring. Feed the dog.

Ring, ring. Couldn’t you put the dog on your lap?

At a certain time of the day, it will be one ringing of the bell after another, as the dog goes through his various requests of me.

Today, I heard the ring, ring of the bell. Drake, what do you want this time? I grabbed his leash, went to the door and opened it – and the cat came running in. She had wandered out on the porch at a moment when the door was open, and accidentally got shut out.

Good dog!

Comments Off on Good dog!

Article 50 round up

Posted by Sappho on March 29th, 2017 filed in Uncategorized

Today, Prime Minister Theresa May announced that the UK had triggered Article 50, starting the Brexit process. Here is a round up of media coverage in several countries.

The Guardian’s rolling coverage of Brexit and Article 50. A point of concern: An analysis of May’s Article 50 letter, by Andrew Sparrow, suggests that May is making an implicit threat to withdraw the UK’s cooperation on security matters if the desired Brexit deal isn’t forthcoming:

She hints that refusing to give the UK a deal could lead to the UK offering the EU less support on security issues. This threat is not made explicitly – to many, the prospect of using security as a bargaining chip is deeply unpalatable – but it is implicit in this paragraph, which juxtaposes Brexit with no deal with security cooperation for no obvious reason.

“If, however, we leave the European Union without an agreement the default position is that we would have to trade on World Trade Organisation terms. In security terms a failure to reach agreement would mean our cooperation in the fight against crime and terrorism would be weakened. In this kind of scenario, both the United Kingdom and the European Union would of course cope with the change, but it is not the outcome that either side should seek. We must therefore work hard to avoid that outcome.”

Wait, what? Wasn’t one of the big selling points for Brexit security concerns over immigration? Isn’t a breakdown of European cooperation countering crime and terrorism a worse security threat? Apparently there’s push back in the UK, as a later update in the rolling coverage says:

Tim Farron, the Lib Dem leader, has interpreted the article 50 letter (see 2.07pm) as a “blatant threat” to the EU to withdraw security cooperation if the UK does not get a good trade deal.

For media reaction in the EU, I’ll start with Das Bild, because it has a huge circulation, and so is useful as a window to what a large segment of the German public will be reading. It leads with an article quoting May saying that there will be no turning back from Brexit now.

Großbritannien tritt als erstes Land aus der Europäischen Union aus! Heute Mittag übergab der britische EU-Botschafter Tim Barrow den Austritts-Antrag an EU-Ratspräsident Donald Tusk.

It gives an account of May’s letter that’s actually gentler than the Guardian’s, quoting the part about Britain wanting to the Europe’s best friend and neighbor and not seeing any veiled threats about cooperation on security. But then moves quickly to the Scottish question (will there be a new independence referendum?) and reactions in the EU (regret).

Der Spiegel has several articles; I’m picking this one on what we can expect now, as Britain has two years to exit the EU: Long lines for travel from Germany to London, marriages so that couples with different nationalities can stay together, Oxford no longer part of the Erasmus Program for student exchange, no joint hospital insurance agreement, etc.

The Frankfurter Allgemeine Zeitung suggests that Brexit could cost every British citizen 5000 Euros a year.

With the French election approaching, Le Monde leads, not with Brexit, but with a question and answer session with journalist Oliver Faye in the wake of revelations about parties of the extreme right in the European Parliament, with readers posin, and Faye answering, a number of questions about France’s National Front and its leader Marine Le Pen.

But here’s the front page Le Monde article on Brexit. It’s a round up of the British press:

Euphoriques comme le Daily Mail titrant « Liberté ! », ou circonspects comme le Guardian qui redoute un « saut dans l’inconnu », les quotidiens britanniques sont d’accord sur un point : le caractère historique du Brexit déclenché mercredi 29 mars.

It’s true. Taking the Guardian as my British media sample skews my picture of the British media reaction. So here’s the Daily Mail article, announcing that Article 50 has been “FINALLY triggered.” The Daily Mail begins with a more upbeat account of Brexit than you’d see in the Guardian, but, like the Guardian, the Daily Mail sees hints that May could use loss of security cooperation as a stick to get the UK a favorable deal:

The PM’s letter put the government on a collision course with Brussels by demanding that the divorce arrangements should be discussed at the same time as a future trade deal. The EU’s chief negotiator Michel Barnier is preparing to present the UK with a £50billion bill and is arguing that it should be settled before other issues are considered.
Mrs May warned that the EU was ‘fragile’ and could put its own survival at stake if it treated the UK badly, hinting that Britain could reduce security cooperation.

Read more: http://www.dailymail.co.uk/news/article-4359418/PM-gathers-Cabinet-ahead-Article-50-triggered.html#ixzz4civyVtUT
Follow us: @MailOnline on Twitter | DailyMail on Facebook

I’m now out of time for rounding up media from any more countries, as I have to get ready for work. Maybe more later. Maybe not.

Comments Off on Article 50 round up

And Sure Enough, Things Got Worse

Posted by WiredSisters on March 17th, 2017 filed in Democracy, History

It was one of those poster people put up on their cubicle “walls.”  This one said, “They told me, ‘Cheer up.  Things could always be worse.’  So I cheered up, and sure enough, things got worse.”  It calls to mind some of the “centrist” blather about how liberals have been claiming ever since 1968 that the current GOP candidate (or incumbent) was the worst ever.  “Crying wolf,” they call it, and blame the liberals who engage in that kind of analysis for 45 getting elected.  I’m not quite sure about the logic of that last step.  But the fact is that, with the possible exception of Gerald Ford[1] and Bush Senior[2], every Republican president since 1968 has been the worst yet, until his successor came along.  Which is why I wince whenever somebody tells me 45 isn’t the worst imaginable.  No, he’s not, but he is definitely the worst yet, and just soothing ourselves with the notion that he isn’t the worst imaginable leaves us waiting anxiously for the next worst yet—Attila the Hun, perhaps, or Ivan the Terrible. Caligula? Nero?  For history buffs this is a really scary exercise.

To be specific, Nixon was a certifiable crook, and managed to leave the White House one step ahead of the sheriff.  But he made some good Supreme Court choices, and founded the EPA.  By the standards of today’s conservatives, he was a flaming liberal.   (So was Barry Goldwater, in 1964, by the way.  At least culturally.)

Then along came Reagan.  I am told that most people cut him a lot of slack because at least he had charm and charisma.  I think I was born with an inadequate supply of charisma receptors, because Ronnie never pushed any of my buttons.  But at least he cared whether people liked him.  And despite his tough talk about budget-cutting, his actual budgets weren’t all that bad (well, I worked at EPA for a couple of years of his administration, and it was kind of disheartening, but OTOH he never proposed obliterating it.)

Dole, who ran against Clinton in 1992, was at least a genuine war hero, and didn’t take himself too seriously.  Bush Junior was clueless, the spoiled son of a rich and powerful man.  He got us into what some analysts call a war of choice, which I prefer to call a recreational war. That was in 2003.  It’s still going on and has pretty much trashed the entire Middle East and North Africa.  But he has kind of improved with age, now that he is out of office. While he was in office, however, he was definitely the worst ever.  Until November 2016.

My point is that characterizing each new GOP candidate or incumbent as “the worst ever” was not “crying wolf.”  And insisting that the current GOPnik isn’t the worst imaginable is just asking for the next one to be worse.  This is helpful only for writers of dystopian sci-fi, and only for so long as they are allowed to keep writing.

[1] Ford was a decent and relatively unambitious president, who paid serious attention to cleaning up the mess after the Vietnam War, and pardoned many of the resisters.

[2] Bush Senior, when he wasn’t selling his soul to the Religious Right, took his obligations of service to the voters seriously.  His conduct of the Gulf War was remarkably sane.  He took the advice of his senior military advisers, especially Powell.  If this seems like faint praise, that’s only because at the time, we didn’t realize how much worse a president could be.

1 Comment »

John Bellinger, at Lawfare Blog, on why Gitmo was opened and why it should be closed

Posted by Sappho on March 13th, 2017 filed in News and Commentary

Guantanamo Redux: Why It was Opened and Why It Should Be Closed (and not Enlarged)


More on Wikileaks and the CIA

Posted by Sappho on March 13th, 2017 filed in Computers, News and Commentary

My early political awareness was shaped by the Church Committee hearings, in the wake of the Nixon Administration, on the activities of US intelligence agencies. The NSA and the FBI spying on Martin Luther King. The CIA engaging in weird assassination plots against Fidel Castro and Patrice Lumumba. Etc. I get the mistrust of US intelligence agencies. Some wariness of intelligence agencies is justified. For any government. If you have a group of people who do things in secret, it’s tempting to use them to do things that you want kept secret, not only from foreign powers, but from your own population. It’s important, for any country, to watch, and regulate, the watchers.

But there are a couple of things to remember, here. First, governments do have legitimate reasons for secrecy. Diplomacy, with all of its boons to peace, can’t easily take place if governments can’t have enough secrecy to allow negotiations to take place, and frank evaluations of foreign governments to be supplied to our own government. Second, though intelligence agencies can be abused, their fundamental purpose – supplying our government with information to guide our foreign policy – isn’t intrinsically wrong. Third, we do have laws restricting what our intelligence agencies can do. These include, for instance, the Foreign Intelligence Surveillance Act of 1978, written to stop the domestic surveillance abuses exposed by the Church Committee. Before we assume our intelligence agencies are breaking these laws, maybe a little evidence? Rather than taking for granted that of course any technology that’s been developed for use against foreign adversaries is also employed against our citizens?

Finally, Wikileaks has some reliability issues. And here I come to today’s link on Vault7, Nicholas Weaver’s post at Lawfare Blog, How Wikileaks Hacked the Media. An excerpt:

Wikileaks actually has a very strange track record of credibility. There is no indication yet that they have deliberately manipulated documents (apart from one case of suspicious exclusion) and, more surprising, no indication that someone else has successfully tricked them into distributing false information. Wikileaks relies on this, as it means that the press will trust the content. Yet Wikileaks’s own statements are rightly viewed as completely untrustworthy.

Consider Wikileaks’ framing of the claim that “the CIA had 24 “weaponized” Android “zero days.” A study of the actual document in question shows that most exploits target old Android: version 4.4 or earlier, which was considered insecure back in 2016 when these documents were stolen. Old Android doesn’t meet the security requirements of a teenager, and to claim that such exploits are weaponized zero-days is patently false. One of the claimed “zero-days” targeted Android 2.3.6, a version dating back to 2011!

By dumping a massive amount of data at once, Wikileaks simply overwhelmed the press and ensured that reporters couldn’t process the data….

This is a pattern with Wikileaks. Their document dumps appear to be generally accurate. But their descriptions of what their documents show are often way off the mark. And because the dumps are so large, and hard to process quickly, often what hits the news is Wikileaks’ version of what the document dump says, not what it actually says.

Consider the claim that CIA malcode reuse is a “false flag” that allows them to impersonate Russia. As Weaver points out in the post linked above, and as others have pointed out, UMBRAGE does no such thing; it’s a library to allow the efficient reuse of code, with programmers following the time honored programming technique of learning from others. And consider that Wikileaks, which is now suggesting that the CIA hacked the DNC as a false flag operation to pin on Russia, previously insisted that the same operation was carried out by a lone Romanian hacker, and then that it was an inside operation, where Sidney Rich leaked the data and then got killed by Hillary Clinton. Come on, Wikileaks, it can’t be all three!

Comments Off on More on Wikileaks and the CIA

Cancer Moonshot

Posted by Sappho on March 12th, 2017 filed in Health and Medicine

Today is the fifth anniversary of my cancer diagnosis. At this time, I remain cancer free. I am grateful to the doctors and nurses who treated me, and to the medical researchers who developed my treatments.

Today, also, Joe Biden spoke at the South by Southwest festival in Austin, Texas about the Cancer Moonshot. Here is his whole speech.

Comments Off on Cancer Moonshot

On #askWL

Posted by Sappho on March 10th, 2017 filed in News and Commentary

Julian Assange is (or was, I haven’t checked whether it’s now happening or just happened) live streaming something or other. There’s an associated Twitter hashtag, #AskWL, with questions friendly and hostile. I find it darkly amusing. For instance, among the tweets with the #askWL hashtag, I find this gem:

No way @POTUS44 Obama didn’t know about massive @CIA hacking/spying!

Um, yeah. The CIA is the Central Intelligence Agency, an agency that exists for the purpose of spying. There is no way Obama didn’t know that the CIA did a whole bunch of spying. Likewise, there is no way that George W. Bush didn’t know. Or that Clinton didn’t know. Or that George H.W. Bush didn’t know. Or that Reagan didn’t know. Or that Carter didn’t know. Or that Ford didn’t know. Or that Nixon didn’t know. Or that Johnson didn’t know. Or that JFK didn’t know. Or that Eisenhower didn’t know. Or that Truman didn’t know.

FDR, though, knew nothing of CIA spying. But only because that same spying was at the time being done by the CIA’s predecessor, the Office of Strategic Services.

Was it supposed to be a brand new revelation that spying now also involves computers and smartphones?

Comments Off on On #askWL

More #Vault7 links

Posted by Sappho on March 9th, 2017 filed in Computers, News and Commentary

Sean Gallagher at Ars Technica on the CIA and geek culture:

There are lots of technical details on the Central Intelligence Agency’s software development process for espionage tools in the documents dumped by WikiLeaks earlier this week—many of which we’ll take a closer look at over the coming days and weeks as even more documents are published. But there’s one thing that’s immediately clear from perusing the personal pages of CIA Engineering Development Group software developers that were included in the dump: they are like the rest of us in tech. The liberal use of Internet memes, animated GIF images, as well as gamer- and pop-culture references sprinkled throughout the serious business of building software to support CIA’s espionage mission makes this leak look like a peek inside any random development team’s internal Wiki….

Joseph Cox at Motherboard on a new Rand study of zero day exploits:

But one crucial thing has been missing from the zero-day debate: data. Now, a new study from the RAND Corporation aims to change that by using details on over 200 zero-day vulnerabilities, and tries to shine light on questions such as how long zero-days remain undetected, or what percentage of them are discovered by more than one party.

According to the report, the dataset spans some 14 years, from 2002 to 2016, and over half of the vulnerabilities included are still unknown to the public.

The first major finding is that the average life expectancy of a zero-day exploit and its underlying vulnerability is fairly long: 6.9 years, or 2,521 days.

A quarter of the vulnerabilities do not survive to a year and a half, the report continues, and another quarter live for over nine and a half years….

Krebs on Security has a detailed analysis of what’s in this Wikileaks dump:

Some of the exploits discussed in these leaked CIA documents appear to reference full-on, remote access vulnerabilities. However, a great many of the documents I’ve looked at seem to refer to attack concepts or half-finished exploits that may be limited by very specific requirements — such as physical access to the targeted device.

The “Weeping Angel” project’s page from 2014 is a prime example: It discusses ways to turn certain 2013-model Samsung “smart TVs” into remote listening devices; methods for disabling the LED lights that indicate the TV is on; and suggestions for fixing a problem with the exploit in which the WiFi interface on the TV is disabled when the exploit is run.

ToDo / Future Work:
Build a console cable

Turn on or leave WiFi turned on in Fake-Off mode

Parse unencrypted audio collection
Clean-up the file format of saved audio. Add encryption??

According to the documentation, Weeping Angel worked as long as the target hadn’t upgraded the firmware on the Samsung TVs. It also said the firmware upgrade eliminated the “current installation method,” which apparently required the insertion of a booby-trapped USB device into the TV.

As limited as some of these exploits appear to be, the methodical approach of the countless CIA researchers who apparently collaborated to unearth these flaws is impressive and speaks to a key problem with most commercial hardware and software today: The vast majority of vendors would rather spend the time and money marketing their products than embark on the costly, frustrating, time-consuming and continuous process of stress-testing their own products and working with a range of researchers to find these types of vulnerabilities before the CIA or other nation-state-level hackers can.

Krebs’ post also supplies links to other analyses, of which I am stealing a few (I owe all the links below to Krebs):

Leonid Bershidsky at Bloomberg, in Wikileaks’ CIA Revelations Look Like a Dud for Now, writes

… If you didn’t know before that spy agencies could apply these tools and techniques, you’re naive, and if you think it undermines the attribution of hacker attacks on the Democratic National Committee and other targets, you’ll be disappointed.

There is little content in the dump to support these panicky reactions. Nothing in it indicates that the CIA has broken messenger encryption, as Open Whisper Systems, the software organization responsible for Signal, has been quick to point out. The CIA can only read messenger communications if it plants malware on a specific phone or computer; then it can harvest keystrokes and take screenshots. This is not about mass surveillance — something that should bother the vast majority of internet users — but about monitoring specific targets….

Some of the vulnerabilities probed by the CIA were in Cisco routers, which carry a lot of the Internet’s traffic.

Craig Dods, a researcher with Cisco’s rival Juniper, wrote an analysis of the Cisco bugs, but, between the time Krebs read the LinkedIn post and the time I got to it, all the technical details had been removed (I’m guessing that lawyers were involved, whether in Juniper’s legal department or in Cisco’s).

A Cisco blog post reports

Since none of the tools and malware referenced in the initial Vault 7 disclosure have been made available by Wikileaks, the scope of action that can be taken by Cisco is limited. An ongoing investigation and focused analysis of the areas of code that are alluded to in the disclosure is underway….

An preliminary analysis by Cisco of the disclosed documents follows; as a software quality assurance professional, I was particularly interested in:

It would also seem the malware author spends a significant amount of resources on quality assurance testing – in order, it seems, to make sure that once installed the malware will not cause the device to crash or misbehave.

Oh, that sounds like a fun job! Hey, CIA, if you want someone to test your spy malware to make sure it doesn’t cause devices to crash or misbehave, I’m currently in the market for a job. Just look me up on LinkedIn and send me an InMail.

(OK, not seriously planning to work for the CIA. Among other things, I expect to be employed again at a job I like long before anyone at the CIA is likely to notice this post. But, from the point of view of sheer fun, testing CIA malware does have a certain appeal.)

Finally, we have this interesting extended conversation, at the CIA, of how to learn from the NSA’s mistakes: What did Equation do wrong, and how can we avoid doing the same?

Comments Off on More #Vault7 links

A round up on #Vault7

Posted by Sappho on March 8th, 2017 filed in Computers, News and Commentary

Wikileaks has a habit of making dumps of data that are in one sense significant and informative, and in another sense overhyped. Consider even CableGate. Huge that Chelsea Manning got all of those State Department cables to Wikileaks. But advertised with a sense of “now you can see the underhanded doings of the US government” that didn’t hold up when you actually read the cables. And I did – the colorful account of the Caucasus wedding, the doubts about Turkey. I read some of the cables on Wikileaks, and others in Wikileaks’ then partners, the New York Times, the Guardian, and Der Spiegel. I even struggled with my meager French and Spanish (much less serviceable than my German) to read bits and pieces in Le Monde and El Pais. I read reactions in Greek and Turkish papers (as you might expect, the Hurriyet Daily News followed the story closely), and in the various African papers aggregated at AllAfrica.com. And, yes, the cables were revealing. But what they mostly revealed was US diplomats properly doing their jobs (which, along with help to US citizens and negotiation with foreign governments, do include giving the State Department frank accounts of what is going on in other countries, so that our government’s policies can be well informed).

I do sympathize with Chelsea Manning, vulnerable and brave, the victim of bullies sensitized by her experience to the suffering of the victims of war. As someone who once held a security clearance, there is no way I’d have done what she did, and I judge her leak to go way beyond reasonable whistle blowing (there are legitimate reasons for diplomats to send the kinds of confidential communications that were leaked, and there was a real cost to these leaks). But she seems to have overreached with the best intentions, and I’m glad Obama pardoned her and that she didn’t serve her full term. (And there’s a whole other post I could write about some of the overreactions to CableGate, such as the e-mail warning students at Columbia’s School of International and Public Affairs to refrain from accessing WikiLeaks cables. The fact that the government had legitimate concerns about the damage done doesn’t make all the responses right.) My point is, even when a Wikileaks story is genuinely newsworthy, they’re often not quite the dragon slayers they make themselves out to be, and at least some of what they reveal is people doing their jobs, according to the policies that we more or less already knew were in place. Email dumps about Hillary show her in favor of free trade? Imagine my surprise! We already knew that she was for free trade before she became, of political necessity, a TPP skeptic.

There are plenty of criticisms that people can make of US State Department policies. And plenty of criticisms that people can make of Hillary. But, if you actually read the documents, you find that the criticisms to be made after reading them are generally the same criticisms you’d make before reading them, that people are surprisingly close, in secret, to what you’d have expected of them from what you knew of them in public.

So it is with #Vault7. The fact that someone got, and leaked, this secret CIA cache is huge. But just what does the dump tell us? And what, that you might have believed from a cursory glance at Twitter, turns out not to hold up?

And here, after my long-winded preamble, I get to my round up.

Errata Security corrects some misconceptions about the CIA hacking tools in question.

The CIA didn’t remotely hack a TV. The docs are clear that they can update the software running on the TV using a USB drive. There’s no evidence of them doing so remotely over the Internet. If you aren’t afraid of the CIA breaking in an installing a listening device, then you should’t be afraid of the CIA installing listening software.

The CIA didn’t defeat Signal/WhatsApp encryption. The CIA has some exploits for Android/iPhone. If they can get on your phone, then of course they can record audio and screenshots. Technically, this bypasses/defeats encryption — but such phrases used by Wikileaks are highly misleading, since nothing related to Signal/WhatsApp is happening. What’s happening is the CIA is bypassing/defeating the phone. Sometimes. If they’ve got an exploit for it, or can trick you into installing their software….

There’s no false flags. In several places, the CIA talks about making sure that what they do isn’t so unique, so it can’t be attributed to them. However, Wikileaks’s press release hints that the “UMBRAGE” program is deliberately stealing techniques from Russia to use as a false-flag operation. This is nonsense. For example, the DNC hack attribution was live command-and-control servers simultaneously used against different Russian targets — not a few snippets of code….

Etc. Check out the linked post for lots more.

Bruce Schneier writes

If I had to guess right now, I’d say the documents came from an outsider and not an insider. My reasoning: One, there is absolutely nothing illegal in the contents of any of this stuff. It’s exactly what you’d expect the CIA to be doing in cyberspace. That makes the whistleblower motive less likely. And two, the documents are a few years old, making this more like the Shadow Brokers than Edward Snowden. An internal leaker would leak quickly. A foreign intelligence agency — like the Russians — would use the documents while they were fresh and valuable, and only expose them when the embarrassment value was greater.

Nick Weaver writes at Lawfare Blog

The story here isn’t that the CIA hacks people. Of course they do; taxpayers would be right to be annoyed if that weren’t the case. The CIA’s job, after all, is collect intelligence, and while its primary purview is human intelligence, hacking systems interacts synergistically with that collection. The actual headline here is that someone apparently managed to compromise a Top Secret CIA development environment, exfiltrate a whole host of material, and is now releasing it to the world. The compromise appears to have occurred in February or March 2016.

The dump itself is mostly developer notes and Wiki-type contents, probably from a private Atlassian development coordination server based on automatic-text in a PDF. It describes a large variety of tools targeting a whole host of platforms, ranging from Cisco routers to iPhones to Samsung Smart TVs. Technically, there really are no big surprises; these are all systems we would expect the CIA’s hackers to target.

Herb Lin, also at Lawfare Blog, adds

First, I echo Nick’s observation that it’s hardly a surprise that the CIA has a bunch of its own hacking tools. Indeed, if they didn’t, I’d say someone ought to be fired.

Nothing in the documents suggests how, if at all, any of them have been used. In particular, nothing released as yet indicates they have been used against Americans. And it’s the CIA’s job to gather intelligence from non-Americans. Whether you think that’s a legitimate mission is an entirely different issue than the release of the Vault7 documents.

The Wikileaks press release says that the CIA hoarded vulnerabilities rather than disclosing them, and thereby compromised the security of the affected devices. No evidence has emerged that the CIA planted vulnerabilities, so in fact, the actor most immediately responsible for compromising the security of the affected devices is Wikileaks itself….

Comments Off on A round up on #Vault7

The difference between Yes, Minister and the derin devlet

Posted by Sappho on March 6th, 2017 filed in News and Commentary

“Deep State” is a translation of the Turkish term “derin devlet”; in Turkey it refers to a shadowy group of non-democratic individuals who formed a state within a state (including the occasional military coup). “Yes, Minister” is a satirical British show (with a sequel, “Yes, Prime Minister”) about the interaction between an elected official and the civil service. What people have recently been calling the “Deep State” in the US is more “Yes, Minister” than “derin devlet.”

Claire Sadar, co-editor of Muftah’s Iran, Iraq, and Turkey pages, writes in What Is the “Deep State” and Does America Have One?

… the “deep state” is a misnomer when it comes to describing the phenomenon being witnessed in the United States. As Nate Schenkkan, an expert on Central Asia and Project Director at Freedom House succinctly stated, “it is not a deep state if everyone involved is a government official.” It is also incorrect to use the term “deep state” if the only weapon being wielded against the government is information. Information can topple a regime, but only if democratic institutions, the press, and civil society are functioning properly.

Comments Off on The difference between Yes, Minister and the derin devlet

Samantha Power’s tribute to Vitaly Churkin

Posted by Sappho on March 1st, 2017 filed in News and Commentary, Peace Testimony

As my friend Cheryl Rofer puts it, “This is how professionals interact.”

I’ve been clear that I don’t want Trump’s version of a Russia reset, one where the one constant in his changeable foreign policy appears to be a Russia policy that does more or less whatever Putin wants, and where that friendliness toward Russia appears to be motivated more by Trump’s interests (his susceptibility to flattery, his appreciation for Putin’s help with the election) than our country’s interests. Nor am I fond of the Russia friendliness of those among Trump’s associates who seem to see in Putin some great savior of white Christendom.

But I do respect the work of diplomats, among my country’s rivals as well as among my country’s allies, to find peaceful solutions. As Samantha Power puts it,

I was America’s permanent representative to the United Nations from 2013 until President Trump took office, and over the last few years I was probably Ambassador Churkin’s most visible foe. He faithfully defended President Vladimir V. Putin’s deadly actions in Ukraine and Syria.

At the same time, Vitaly was a masterful storyteller with an epic sense of humor, a good friend and one of the best hopes the United States and Russia had of working together. I am heartbroken by his death.

Vitaly Churkin, RIP.

Comments Off on Samantha Power’s tribute to Vitaly Churkin

On the travel ban, an intelligence report, and responses by Foreign Service officers and international affairs scholars: links

Posted by Sappho on February 25th, 2017 filed in Blogwatch, News and Commentary

From the Wall Street Journal: Donald Trump Rejects Intelligence Report on Travel Ban

The report, reviewed by The Wall Street Journal, came from Homeland Security’s Office of Intelligence and Analysis. It said that its staff “assesses that country of citizenship is unlikely to be a reliable indicator of potential terrorist activity.” …

“The president asked for an intelligence assessment. This is not the intelligence assessment the president asked for,” a senior administration official said. The official said intelligence is already available on the countries included in Mr. Trump’s ban and just needs to be compiled.

From Benjamin Wittes and Susan Hennessey at Lawfare Blog, Memo to the NSC: Check Out Some Databases at the State Department before Finalizing that New Executive Order

We received this morning an extraordinary message from a group of Foreign Service officers.

… inquiry from a Foreign Service officer who has done consular work abroad. Writing for a small group of three other colleagues, this individual begins by noting Lawfare’s prior “advice for civil servants about the ethics of service under the Trump administration” and goes on to seek out ethical advice about how to best handle certain specific concerns facing Foreign Service officers. Namely, this group is worried that the rollout of the executive order on immigration—both the initial order and the forthcoming substitution—is taking place without consideration of important, available data.

This email was triggered in part by a report I read today on CNN.com, which details the White House’s efforts to collect evidence that the seven countries named in the original E.O. have “all been exporters of terrorism into the United States.” We have questions about whether the administration analyzed records from the State Department or other agencies prior to forming this immigration policy. If those records have not been analyzed, that would tend to support the concerns voiced by intelligence officials in this article, who suggest the administration is seeking evidence to justify its policy, rather than crafting policy based on all available evidence. There is of course lots of sensitive data that is held within the federal government. But there is no need to even discuss that in order to illustrate the hypothesis that not all relevant government-held data is being consulted in the E.O. drafting process. There are plenty of databases the fact of which are matters of public record which represent at least the surface of what the Administration should be considering here.

More at Lawfare Blog.

Charli Carpenter at Duck of Minerva posts an open letter from international affairs scholars, We Have Studied the World. President Trump Should Too.

Recently, President Trump tweeted that people should “Study the world!” to understand his foreign policy. As scholars of international relations, we have studied the world, and we are concerned that the actions of the President undermine rather than enhance America’s national security.

… But our knowledge of global affairs, based on history, scientific fact and experience, tells us that many of the policies Trump has undertaken thus far do not advance these goals. Instead, they have made Americans less safe.

First, the President presented his temporary travel ban on citizens of seven Muslim-majority nations (and all refugees) as a measure to protect the US homeland from terrorist attacks. Yet this move will make our country less safe, not more. First, the vast majority of terrorist attacks on US citizens come from “home-grown” terrorism and are carried out by non-Muslims: the ban does nothing to address this. Second, countering transnational terrorism requires transnational coordination, and this ban impedes our ability to coordinate with our allies abroad. Finally, studies show terrorists are strengthened when governments over-react: indiscriminate intolerance feeds radicalization by driving moderates into the arms of radicals. We are confident the travel ban will likely reinforce anti-American sentiment and strengthen terror networks while weakening US intelligence capacity.

Comments Off on On the travel ban, an intelligence report, and responses by Foreign Service officers and international affairs scholars: links

Gene of the day: DRD4

Posted by Sappho on February 18th, 2017 filed in DNA, Genealogy

Now that I have mapped, in at least some cases, from which grandparent I and other family members have inherited particular segments of DNA (I may explain how this is done in another post), I have been having fun seeing which genes I may have inherited (one copy at least) from particular ancestors.

Usually this takes me to genes whose function is a little obscure to me, though my mother may, when I supply her with the information, be able to make more of the gene. For instance, I have determined that my mother inherited her copies of the RYR3 (Ryanodine Receptor 3) protein coding gene from her mother’s father and her father’s mother, while her brother inherited his copies from his mother’s mother and his father’s father. This gene affects the release of calcium from intercellular storage. My mother knows all about such things, but I, as a simple computer geek, do not.

DRD4, though, is a gene whose possible function is more accessible to lay people, since it’s one of the few genes possibly associated with a personality trait. But I have to put a bit of emphasis on possibly. In the first place, we have to remember that personality traits, even if partly genetic, also have a heavy environmental component. Besides this, it seems that the evidence isn’t entirely in on the effects of this gene; here is what a 2002 article by Beth Azar found at the APA web site has to say:

Finding any real “personality” genes is decades away. But researchers have a good start….

To date, there are only two real candidate genes that anyone speaks of with any confidence. The first potential link is between some behaviors related to the Big-Five trait novelty-seeking and a gene that produces the protein responsible for creating a dopamine receptor called DRD4. While some studies have failed to replicate this connection, others have identified a link between the DRD4 gene and other traits linked to novelty-seeking, such as drug abuse and attention-deficit hyperactivity disorder. The indication is that this gene–or perhaps some other gene related to it–may influence all these interrelated characteristics.

So, I can’t be sure whether my DRD4 gene influences my novelty-seeking or lack thereof (though it’s apparently a more likely link than for most candidate personality genes). But I do know where I got one of my copies of DRD4, for this is a segment that I have mapped.

I inherited my maternal copy of my DRD4 gene from my great-great-grandmother Hannah Burton, who was born in Lancashire, England, married a barrister named James Gooden, and followed him first to South Africa and then to California.

Perhaps, then, I owe a tiny bit of my personality to her.

Comments Off on Gene of the day: DRD4

what goes around comes around

Posted by Topaz on February 12th, 2017 filed in Uncategorized

If all undocumented farmworkers in California were deported, the crops will not be picked. If the crops are not picked then the farmers will have financial problems. If the farmers have financial problems then they will charge more. If the farmers charge more then the people who are so concerned about undocumented workers are taking jobs away from US citizens will pay more for food. If they need to pay more then they will complain about prices,

Perhaps they will be angry at the state of California. Trump said the state was “out of control”. Will this be used are another reason for antagonism?

Then again, the oraville dam is flooding. Some residents of Oroville ave been told to evacuate. Te dam isunder the supervision of the Army Corp. od Engineers. Some dams in California are under sttate controll and some are Army Corp. of Engineers. I understand that at least one engineer said that it did not matter wat they found, there was no money to repair them. Another example of our failing infrastructure.

My question is whether Trump will “punish” California by refusing to declare a state of energency. Will he create an alternate reality where the federal government and the Corp. of Engineers have no responsibility whatsoever for the dam.

What then? Judicial action?

1 Comment »

On Darwin and slavery

Posted by Sappho on February 12th, 2017 filed in History, Race, Science

Sometimes Twitter’s an endless loop of “someone is wrong on the Internet.” But other times, you can learn interesting new things. Today’s discovery:

Karen James ?@kejames
For #DarwinDay, a review of Darwin’s Sacred Cause: How a Hatred of Slavery Shaped Darwin’s Views on Human Evolution: https://ncse.com/library-resource/review-darwin-s-sacred-cause

An excerpt from the book review:

The result is fascinating and provocative. Written with much of Darwin’s flair and energy, Desmond and Moore tell an under-told story of how Darwin’s repugnance at slavery continued throughout his life, flaring up at times with all the emotional intensity of when he saw a female slave whipped in Argentina and an old lady’s collection of screws kept to crush the fingers of recalcitrant slaves. This book does the great service of humanising Charles Darwin. We see how keenly-fought debates over the nature of non-white peoples, their ultimate origins, even their capacity for interbreeding, occupied much of Darwin’s time and helped shape the reflections which led him to his mature theory. Along the way the reader receives a vivid, detailed, and utterly engaging lesson in the racial debates of Victorian Britain and America, with believers in a single origin for all humans as described in Genesis pitted against the often pro-slavery exponents of polygenesis, the idea that each race had been created separately. It is in the context of these conflicts, fought out in clubs and societies but with implications for plantations and slave markets, that Darwin formulated an evolutionary riposte to the polygenists. Or so Darwin’s Sacred Cause argues.

Comments Off on On Darwin and slavery

More self-published short stories at Smashwords

Posted by Sappho on February 11th, 2017 filed in Fiction

I have now self-published ten short stories at Smashwords. These stories are temporarily free (through the end of the month), in the interest of maybe getting reviews for some of them. My Smashwords author page is here. The short stories (some of them short story length, others more flash fiction length) are:

Declutterers, Inc.

A Little Sister’s Tale (part of the series: The Fall of the Ubagane Empire)

The Chaplin’s War (part of the series: The Fall of the Ubagane Empire)

The Chaplin’s Rescue (part of the series: The Fall of the Ubagane Empire)

Blood Will Tell

Crazy for You

Dear Reader

In Her Dreams

Tempting a Ghost

Tower of Babel

I have half a dozen other short stories waiting to be published once I have drawn covers for them.

Comments Off on More self-published short stories at Smashwords

Who said that names can never hurt you?

Posted by Topaz on February 7th, 2017 filed in Uncategorized

  • I am not a “dummie”.
  • I am not a whiner.
  • I am not a loser.
  • I am not a total loser.
  • I am not a sore loser.
  • I am not any <adjective> loser.
  • I do not have sour grapes.
  • I am not a buttercup.
  • I am not a poor little snowflake.
  • I am not a cry baby.
  • I am not a hater.
  • I do not have my opinion while you have yours, when mine are verifiable facts.
  • There is not my truth and your truth.
  • I have already given him a chance

Why do people say these things to me in order to me to shut up?

Comments Off on Who said that names can never hurt you?

Woe to thee, O land!

Posted by Sappho on February 4th, 2017 filed in Bible study

And here’s the passage that caught my eye today, as I read through Ecclesiastes a chapter at a time:

Woe to thee, O land, when thy king is a child, and thy princes eat in the morning!

Ecclesiastes 10:16


Let thy garments be always white; and let thy head lack no ointment.

Posted by Sappho on February 3rd, 2017 filed in Bible study

I am reading through Ecclesiastes, and came across this passage in my reading today. The passage reminds me of an odd fact.

A. J. Jacobs, a not particularly devout Jew, decided, as an exercise, to spend a year following all the commandments that he could find in the Bible (Christian and Jewish), and to write a book about his experience. His experience was varied. But one thing that struck me was that one of the “commandments” that he actually found meaningful was this one, “let thy garments be always white,” something that even the most literal minded reader of the Bible would likely take as a metaphor rather than a commandment.

I think this says something about the meaning of ritual, even rituals that really, when you come down to it, are more personal than anything else.

If you find it a helpful reminder to yourself, it’s probably a good idea to keep doing it.

Comments Off on Let thy garments be always white; and let thy head lack no ointment.