Existential threat to Bitcoin

I don’t trust the stability of Bitcoin. I trust it even less than fiat U.S. dollars. I see mining bitcoin as wasting electricity to produce… well, what does “mining” actually turn those gigawatt hours into? Isn’t it simply faith in it’s value by some subset of the worlds population? What if people start losing their faith? Doesn’t the value of Bitcoin decrease exponentially with this loss of faith? Once some sufficiently large number of people lose faith isn’t there a high likelihood of an avalanche of people losing faith? Isn’t it likely Bitcoin will go down in the history books as another Tulip bulb or Mississippi bubble?

There is also the risk of one or more countries declaring it illegal and reducing it’s trading value to near zero in that country.

It turns out there are far more subtle yet greater or equal threats to it’s value: Bitcoin’s Greatest Feature Is Also Its Existential Threat: The cryptocurrency depends on the integrity of the blockchain. But China’s censors, the FBI, or powerful corporations could fragment it into oblivion.

Quote of the day—Rolf Nelson

This tendency of AI to speak “racist” or “problematic” things is nearly 100%. As someone who has thought about AI, and written about it, I find this humorous. It is almost as if none of these people being offended consider the possibility that the AI is correct.

Rolf Nelson
March 21. 2021
Racist AI
[It is relatively, for certain values of “relatively”, easy to create software which responds rationally to data. The response of people to that same data is almost certainly not going to be rationally without exceedingly careful processing of that data. People just don’t work that way. Hence, when the AI responds contrary to the expectations of the humans the humans are surprised.

It is irrational to expect people to be rational.—Joe]

How to make your own primers

I received a link to Homemade Primer Course via email from Rolf. I put a copy on my server as well.

This is the description of the document and author:

This document describes how to make homemade ammunition primers. Approaches to make corrosive and noncorrosive primers are covered.

W. Marshall Thompson PhD

Revision Date: June 28, 2019

I found it fascinating reading. It starts with how primers work and the history of primers, then tells how to make primers that are extremely simple and safe to make but are somewhat less reliable and powerful than commercial grade primers, and concludes with how to make commercial grade primers and even “green” (lead free) state of the art primers. It’s amazing!

Thank you Rolf.

Quote of the day—Alexey Bobrick

We went in a different direction than NASA and others and our research has shown there are actually several other classes of warp drives in general relativity. In particular, we have formulated new classes of warp drive solutions that do not require negative energy and, thus, become physical.

Alexey Bobrick
March 4, 2021
Engineers Have Proposed The First Model For a Physically Possible Warp Drive
[I wish Eric Engstrom were still alive.

Chromium Communications Corporation was incorporated on January 1, 2000 by G. Eric Engstrom. The next day, yes, a Sunday, I went to work for Eric as his first employee at the brand new company.

A couple weeks earlier I had told him I was looking for a new job and he lite up and engaged his famous “Engstrom Reality Distortion Field.” His sales pitch included his plans for the future with his company and the money we would make. He outlined he would be the first man on Mars, and exploring the planets would be so awesome that we would need to wait around for warp drive so we could explore other solar systems. To do that we would need to be able to extend our expected lifetimes essentially forever because there was so much out there to see and do. And he had plans on how to make that a reality too.

As was usual, the enthusiastic belief in the story Eric wove rapidly faded once I escaped the range of the distortion field. But that doesn’t mean I don’t still feel the yearning for some of those things to be true.

Eric is dead but maybe his dream of a warp drive will become a reality for someone he knew and influenced.—Joe]

Solar energy from space

When I was an undergraduate in electrical engineering at the University of Idaho I wrote a paper reviewing the use of microwaves to beam energy from space to the surface of earth. In 1973 Peter Glaser, vice president of Arthur D. Little, Inc was granted a patent for certain aspects of this concept.

I was quite enthralled by the concept. The critics claimed things like:

  • Bird will be cooked by the microwave beams mid flight.
  • Planes which accidently get in the path of the microwave beam will drop out of the sky.
  • The losses will be so great that on earth you wouldn’t be able to power anything bigger than a toaster.

Most of the critics were, to electrical engineers, laughable wrong.

In regards to cooking the birds the frequency of the microwaves would different from your microwave oven. A frequency that was not absorbed by rain and water vapor would be chosen to decrease transmission losses.

The energy density of the microwave beam would be little different than a microwave communications tower. The beam width was quite large and hence large amounts of energy could be transmitted without frying the electronics of anything blocking a small portion of the beam.

There are few things more well known that how to calculate the power loss of electromagnetic radiation in free space. You could power small cities from a single satellite.

There was one problem which did not have a good response. That was the cost to get the materials into orbit and to assemble it in space. If I recall correctly, Little’s study claimed the cost to orbit needed to get down to $30/pound for it to match earth based systems. Again, IIRC, the price at the time was well over $100/pound.

When the Space Shuttle went operation I thought perhaps the costs would be low enough that the concept would be practical. Nope.

It turns out that people are working on the concept again:

Scientists working for the Pentagon have successfully tested a solar panel the size of a pizza box in space, designed as a prototype for a future system to send electricity from space back to any point on Earth.

The panel — known as a Photovoltaic Radiofrequency Antenna Module (PRAM) — was first launched in May 2020, attached to the Pentagon’s X-37B unmanned drone, to harness light from the sun to convert to electricity. The drone is looping Earth every 90 minutes.

An important difference from Little’s plan is that these satellites would be be in low orbit rather than in geosynchronous orbit. This allows a handoff from one satellite to another when a satellite goes into the earth’s shadow.

It’s clean power. And more importantly, in contrast to earth based solar power, it’s 24/7/365.

I wish them luck.

Quote of the day—Selmer Bringsjord et al.

We propose to build directly upon our longstanding, prior r&d in AI/machine ethics in order to attempt to make real the bluesky idea of AI that can thwart mass shootings, by bringing to bear its ethical reasoning. The r&d in question is overtly and avowedly logicist in form, and since we are hardly the only ones who have established a firm foundation in the attempt to imbue AI’s with their own ethical sensibility, the pursuit of our proposal by those in different methodological camps should, we believe, be considered as well. We seek herein to make our vision at least somewhat concrete by anchoring our exposition to two simulations, one in which the AI saves the lives of innocents by locking out a malevolent human’s gun, and a second in which this malevolent agent is allowed by the AI to be neutralized by law enforcement. Along the way, some objections are anticipated, and rebutted.

Selmer Bringsjord
Naveen Sundar Govindarajulu
Michael Giancola
February 5, 2021
AI Can Stop Mass Shootings, and More
[See also this glowing review of the paper.

“…some objections are anticipated, and rebutted.” Uhhh… No.

Here are the objections they anticipated, paraphrasing:

  1. Why not legally correct AIs instead of ethically correct?
  2. What about “outlaw’ manufactures that make firearms without the AI?
  3. What about hackers bypassing the AI?

Their responses, paraphrasing in some cases:

  1. “There is no hard-and-fast breakage between legal obligations/prohibitions and moral ones; the underlying logic is seamless across the two spheres. Hence, any and all of our formalisms and technology can be used directly in a ‘law-only’ manner.”
  2. Even if the perpetrator(s) had “illegal firearms” in transit other AIs in a sensor rich environment “would have any number of actions available to it by which a violent future can be avoided in favor of life.”
  3. “This is an objection that we have long anticipated in our work devoted to installing ethical controls in such things as robots, and we see no reason why our approach there, which is to bring machine ethics down to an immutable hardware level cannot be pursued for weapons as well.”

The first objection and rebuttal doesn’t really require any response. It just doesn’t matter to me. Sure, whatever.

They dismiss the second objection with a presumption of unknowable knowledge. People smuggle massive quantities of drugs in vehicles even though the vehicles are searched by any number of sensors, dogs, and dedicated humans. What makes them think a single firearm can be possibly be detected by semi-passive or even active sensors?

More fundamentally they are avoiding the objection and providing their critics with the response of “If there are any other number of actions available” without an AI controlling access to the firearm then you don’t need the AI in the gun to begin with.

The third objection puts on full display their ignorance of firearms and perhaps mechanical devices in general. To demonstrate the absurdity of their claim imagine someone saying they were going to put an ethical AI, at an “immutable hardware level”, on a knife so it could not be used to harm innocent life.

Such people should, and would be, laughed off the stage into obscurity. It should also happen to those who seriously suggest it is possible to do this for firearms.—Joe]

Quote of the day—Sam Levy

[Privately assembled firearms are] a way for prohibited persons to access firearms they could not buy legally by passing a background check, a way to stymie law enforcement investigations for those who want to use those guns to commit crimes because they are untraceable.

Sam Levy
Everytown for Gun Safety
Baltimore police report a 400% increase in untraceable ‘ghost guns,’ mirroring a state trend
[Levy thinks the so called “Ghost Guns” are a problem for their side? Wow. That’s only going to get worse as the 3-D printed guns start approaching the quality of existing mass produced guns.

And then, I have my popcorn and easy-chair ready for when Levy and gang hear SCOTUS has handed down a ruling that could blast a hole in registration, including the “soft registration” via 4473’s, and other infringements for years. If you remember, there have been lower court rulings saying, according to U.S. law and ATF regulations, the AR-15 lower and perhaps as many of 90% of the firearms in the U.S. aren’t legally firearms.—Joe]

AR15.com update

If you are regular visitor to ARFCOM you probably already know this. But I got some email from someone a little behind the times so I thought I would update everyone here on the story with the GoDaddy deplatforming of AR15.com. Originally I thought GoDaddy was the hosting provider (as they are for this blog) for AR15.com. Hence when I looked up their current, and functional, IP address and found it belonged to Amazon I was concerned they hadn’t take as big a leap as necessary to escape the purge.

I was wrong. GoDaddy was only the domain registrar. It’s a lot easier and cheaper to get your domain registered than it is to change your hosting provider. They quickly changed their domain registrar (to Epik, the same as Gab) and were up and going again quickly.

It is claimed they have backup plans for other possible issues such as losing their hosting provider.

ARFCOM NEWS has all the details:

Quote of the day—Michal Kosinsk

Ubiquitous facial recognition technology can expose individuals’ political orientation, as faces of liberals and conservatives consistently differ. A facial recognition algorithm was applied to naturalistic images of 1,085,795 individuals to predict their political orientation by comparing their similarity to faces of liberal and conservative others. Political orientation was correctly classified in 72% of liberal–conservative face pairs, remarkably better than chance (50%), human accuracy (55%), or one afforded by a 100-item personality questionnaire (66%).

Michal Kosinsk
January 11, 2021
Facial recognition technology can expose political orientation from naturalistic facial images
[Via Stanford Scientist Can Tell If You’re A Liberal Just By Looking At Your Face

I have often thought I could tell the difference between gun people and anti-gun people just by looking pictures of them. Self defense instructor Greg Hamilton believes, and teaches, something similar.

The research paper cited above is saying that such a thing is possible.

Now just imagine what big tech/government could do with this technology.

We live in interesting times.—Joe]

East Germany had to assign real people

Via email from Chet (who worked with me at Microsoft on the location services for Windows Phone 7):

It is Big Tech that knows more about you than your spouse and that if they so choose could make your life miserable. As I discussed many times when we were working on location, carrying a device is like having a private detective assigned to you. Fitbit is just another source.

In East Germany they at least had to assign real people. Now, everyone can be tracked and monitored in real time without lifting a finger.

We have invented the tech that will enslave us.

This was in response to an announcement that Fitbit is now officially a part of Google.

He has a point.

But there is another point to be made as well. Intelligence sources, which your phone is, can be manipulated to your own advantage.

If your cell phone location is proof you were at some location then doesn’t your phone not being at some location prove (or at least represent evidence) you weren’t there?

Quote of the day—Kevin Maxwell

In my legal opinion the Rare Breed Triggers FRT is a perfectly legal, semi-automatic, drop-in trigger. And my opinion is further supported by the opinions of whom I believe to be two of the most significant subject matter experts in the industry.

Rare Breed Triggers FRT – Full Video from RARE BREED TRIGGERS on Vimeo.

Kevin Maxwell
December 2, 2020
[As Greg said in a private post on Facebook:

pretty genius, I doubt it will last long on the market.

If you’re into this type of fun then get them while they last!

FRT is an acronym standing for “Forced Reset Trigger”. And that tells you all you need to know to have your giggle box kicked over.

We live in interesting times.—Joe]

Quote of the day—Brad Smith

As much as we appreciate the commitment and professionalism of so many dedicated public servants, it is apparent to us that the current state of information-sharing across the government is far from where it needs to be. It too often seems that federal agencies currently fail to act in a coordinated way or in accordance with a clearly defined national cybersecurity strategy. While parts of the federal government have been quick to seek input, information sharing with first responders in a position to act has been limited. During a cyber incident of national significance, we need to do more to prioritize the information-sharing and collaboration needed for swift and effective action. In many respects, we risk as a nation losing sight of some of the most important lessons identified by the 9/11 Commission.

One indicator of the current situation is reflected in the federal government’s insistence on restricting through its contracts our ability to let even one part of the federal government know what other part has been attacked. Instead of encouraging a “need to share,” this turns information sharing into a breach of contract. It literally has turned the 9/11 Commission’s recommendations upside down.

Brad Smith
December 17, 2020
A moment of reckoning: the need for a strong and global cybersecurity response
[Free markets have their faults. But if you want something really messed up then have a government do it. Why else do you think they are so good at war? You send your government to some other country and they mess up that country.—Joe]

Quote of the day—Ida Auken

Welcome to the year 2030. Welcome to my city – or should I say, “our city”. I don’t own anything. I don’t own a car. I don’t own a house. I don’t own any appliances or any clothes.

It might seem odd to you, but it makes perfect sense for us in this city. Everything you considered a product, has now become a service. We have access to transportation, accommodation, food and all the things we need in our daily lives. One by one all these things became free, so it ended up not making sense for us to own much.

All in all, it is a good life. Much better than the path we were on, where it became so clear that we could not continue with the same model of growth. We had all these terrible things happening: lifestyle diseases, climate change, the refugee crisis, environmental degradation, completely congested cities, water pollution, air pollution, social unrest and unemployment. We lost way too many people before we realised that we could do things differently.

Ida Auken
November 11, 2016
Here’s how life could change in my city by the year 2030
[Auken also says:

Author’s note: Some people have read this blog as my utopia or dream of the future. It is not. It is a scenario showing where we could be heading – for better and for worse. I wrote this piece to start a discussion about some of the pros and cons of the current technological development. When we are dealing with the future, it is not enough to work with reports. We should start discussions in many new ways. This is the intention with this piece.

The “devil’s in the details” as they say. If you think about it just a little bit you realize it isn’t even possible. A few examples:

  • Auken’s statements are self contradictory. Everything is free? Then what is “employment” about then? They claim, “It is more like thinking-time, creation-time and development-time.” Do they get paid for this or not? If yes, then who are the consumers and do they pay for the products and/or services? If they don’t get paid, then what is their motivation to product a product and/or service someone is interesting in using?
  • They don’t explicitly say this but it’s implied that all the services are supplied by artificial-intelligence/robots. So what of crime control? Even if one were to concede there was no physical need for sustenance, shelter, entertainment, etc. there will be still be crimes of violence. Conflicts over relationships, insults, broken agreements, etc. Who pays for the cops, lawyers, judges, and prisons? Keep in mind that in a place where everything is free fines are meaningless.
  • Accommodations are not all equal. Who gets the penthouse overlooking the ocean and who gets the street view of the recycling center? They’re both free you know.
  • They don’t own anything, really? Not even clothes they say. Yet, I just demonstrated that a claim on quality of accommodations is going to occur. What about the dress they were married in? Or the food they ordered which just arrived from the robot pizza joint down the street? And what of the food they made themselves? Or the photographs they took, the art object they made, the diary they kept, or the book they wrote?

There will always be markets with sellers and buyers of property. They may be black markets in a time and place where thugs attempt to create a utopian world of free everything and equality for all, but markets will always exist.

Auken vision is not one of “for better or worse”. It’s one of reality or delusion.—Joe]

Dystopian plot point is reality

On a recent trip to Idaho I listened to the book Alongside Night (and from Audible):

It’s the near future and America is in trouble. Hyperinflation and disorder reign in the towns and cities of the nation.

Alongside Night tells the story of Elliot Vreeland, son of Nobel Prize-winning economist Dr. Martin Vreeland. When his family goes missing and while being shadowed by federal agents, Elliot, with the help of his mysterious companion Lorimer, explore the underground world of the Revolutionary Agorist Cadre to rescue them. It’s a story of romance, intrigue, action, adventure, and exhilarating science fiction thrills.

The original copyright is 1979. This explains the existence of phone booths in the book. One of the novel and interesting (to me) plot points was the existence of a special code certain government people could use to make phone calls even though communication services for the average person were shut down by the tyrannical government.

I didn’t realize it was created by President Kennedy by a Presidential Memorandum on August 21, 1963, was extended to wireless services, and still exists.

A security story

My job is computer security. My job, among other things, is to think like a bad guy and then prevent security breaches and/or catch them soon after they have begun executing their “kill chain”. Most people, even many very smart people, do not have the capacity to think like a bad guy. I have a real life story to illustrate.

Just because this is computer security don’t think this isn’t relevant to current events of a vital importance to the entire nation. I’ll tie all together before the end.

Please do not assume this happened at the company I work for. I have contacts with many other people in the security industry. We often share stories. Sometimes this story sharing is to warn others of how clever the bad guys are and how they succeeded or almost succeeded. Other times stories are shared about how mind bogglingly stupid and numerous some of the mistakes were in the implementation of a computer network system.

This story is about how stupid and numerous the mistakes were.

The type of business and other potentially identifying aspects of the story have been changed to protect the guilty. But the critical aspects of the story are true.

The company penetration testers were asked to test a tool used by customer facing employees. This tool allowed employees to assist the customers with their business with the company. It gave the employees access to personal information about the customer. The personal information access was required for the employee to do their job. The tool had been “released to production” months before the penetration testers (and apparently or other security professionals) took a look at things.

A simplified view of the tool architecture looked something like this:image

Database Servers A & B are the only servers applicable to the Customer Assist Tool. The other Database Servers are for other web applications unrelated to the Customer Assist Tool.

Everything from the Load Balancer up were Internet facing. It wasn’t originally designed that way. Originally everything seen in this diagram was inside the corporate network. But because of COVID they had “reasons” and they changed the design so employees working from home could easily access the Customer Assist Tool.

The Internet facing Customer Assist Tool required a company network username and password. The Load Balancer did not. The Load Balancer accepted connections from anyone on the Internet. The Database Servers did not require any security tokens or login. Anything coming from the Load Balancer was considered valid.

The penetration testers didn’t bother trying to do a brute force attack on the login to the Customer Assist tool. They connected directly to the Internet facing Load Balancer and sent queries to the Database Servers. If they knew just a tiny bit of unique public information about the customers, say an email address, phone number, street address, or Social Security Number, they could then get access to extremely personal information from the database.

The penetration testers sounded the ALL HANDS ON DECK alarm. The incident response people (IR) showed up.

The software developers (SDs) of the system were brought into the virtual room and told this is a really big problem. Except for biologically required breaks you’re not leaving the room until this is fixed.

SDs: “We don’t see why this is such a big deal. Someone would have to know the URL for the load balancer. And the only people that might know it are the users of the tool. And we don’t think very many, if any of them are smart enough to figure it out.”

IRs: <blink><blink> “The penetration testers figured it out. And the bad guys out there do this sort of stuff all the time. It’s how they make their money. I’m not going to waste our time explaining this to you. Fix the problem. NOW!”

The IRs then asked how far the logs go back, “You do have logs, right?” The software developers assured the IRs they had logs. The logs went back 90 days. There probably were a few days of missing traffic between when the system was released to production and the oldest log files but most of it was there.

IRs: “Okay, good. We can find out if there was actually any customer information lost.”
SDs: “Oh. You want logs for that? We just log activity at the Customer Assist Tool Web Application. The penetration testers, and any bad guy activity, won’t be in those logs.”
IRs: “Okay…. are there ANY log on the database servers?”

The SDs go looking and find there are generic web logs available that go back to the beginning of the release to production. The IRs looked at the logs for a few seconds and realized the IP addresses of all the requests are of the Load Balancer. There is no indication of the origin of the request. Requests from the Customer Assist Tool are indistinguishable from a request from anywhere else on the Internet.

What about load balancer logs? Maybe. But they don’t go back very far. And if they do exist, all the data is intermixed with the other web applications and other Database Servers.

Within a few hours the SDs have a fix.

IRs: “Tell me about your fix.”

SDs: “The login credentials of the employee used to login to the Customer Assist Tool are passed to the Database Server which validates the credentials before responding.”

IRs: “Okay, we should improve upon that, but maybe that will be good enough that we don’t have to shut down the application until a permanent fix is in place. But that’s a question for our VPs to discuss. Oh, by the way, how many employees do you have authorized to use this tool?”

SDs: “Uhhh… all company employees can use this tool.”

IRs: <blink><blink> “Everyone in the company? Really?” <IRs go to the tool and verify they have access>

SDs: “Yes. If someone improperly used the tool to gain access to customer information when they weren’t supposed to they could be caught and could lose their job. Therefore the customer information is safe from misuse.

IRs: <some facepalm><others bang their heads against the wall> “This is a large company. There are thousands of employees. Anyone on the Internet can find valid company credentials in five minutes or less. We disable hundreds of accounts per week as we find credentials on the web ourselves.”

SDs: <blink><blink>

The story goes on but the important part is that the SDs, not stupid people, made a ton of errors. These errors started with not getting a security professional in the room when they changed the design. The errors compounded dramatically from there.

They had a world view much different than the bad guys and the security professionals.Things which could not even be imagined by the SDs were child’s play to the penetration testers and the IRs.

Now to tie this to current events. Our recent election.

Several courts reviewing the lawsuits claiming foul play have concluded the election was fair and honest.or, at least, there was insufficient evidence of widespread fraud to change the results.

As seen in the story above there are failures modes which not only allow unauthorized access/fraud but make it impossible to determine if such access/fraud occurred. Furthermore, unless someone is experienced in thinking like a bad guy they can honestly believe everything is “fair and honest” and be completely, totally, catastrophically, wrong.

I trust the courts to know their profession. I don’t trust them with security issues. I trust them to accurately asses the integrity of our election far less than the SDs could accurately asses the security of their system. The system they designed and built.

The legal professionals of the court did not design or build the election system. They did not evaluate the security after the (supposedly) COVID inspired changes were made from the viewpoint of a security professional. The original election security features had evolved over hundreds of years and thousands of people poking at it, finding faults, and attempting to prevent future fraud and errors. In the span of a few months a few people made changes which did not go through nearly as rigorous review as the pre COVID system.

I don’t know with a 100% guarantee that sufficient fraud occurred to change the election results. I do know, with 100% certainty, that many people were highly motivated to commit fraud. I do know, with 100% certainly, that some fraud occurred. I’m nearly certain the system in use has issues which make it impossible to detect fraud after the fact.

The bottom line to this is that anyone who says the election was fair and honest because the courts say it was is either lying or placing their trust in a body of people that don’t know anywhere enough about security to make that call.

Facebook banishment

Last night I received a message from Barron:

Janelle and I just got permanently banned on FB. No possible appeal, no idea why.

And I mean at the same time. It was working for both of us this morning and then the traffic of me being gone started on the side channel. Janelle went to look and she was logged out and they said her account was disabled.

This is weird. It’s not like Barron and Janelle had followings which could change election outcomes. Nor were they advocating terrorist activities (although they do have three small boys which might be considered terrorists if you were sleep deprived and they were being particularly active).

So, what could be the motivation for their simultaneous banishment? I have to think it was some sort of political issue. But without additional data it’s tough to test that hypothesis.

It’s happening to others too.