Internet voting is insane

I have a bad feeling about this:

West Virginia is about to take a leap of faith in voting technology — but it could put people’s ballots at risk.

Next month, it will become the first state to deploy a smartphone app in a general election, allowing hundreds of overseas residents and members of the military stationed abroad to cast their ballots remotely. And the app will rely on blockchain, the same buzzy technology that underpins bitcoin, in yet another Election Day first.

“Especially for people who are serving the country, I think we should find ways to make it easier for them to vote without compromising on the security,” said Nimit Sawhney, co-founder of Voatz, the company that created the app of the same name that West Virginia is using. “Right now, they send their ballots by email and fax, and — whatever you may think of our security — that’s totally not a secure way to send back a ballot.”

But cybersecurity and election integrity advocates say West Virginia is setting an example of all the things states shouldn’t do when it comes to securing their elections, an already fraught topic given fears that Russian operatives are trying again to tamper with U.S. democracy.

“This is a crazy time to be pulling a stunt like this. I don’t know what they’re thinking,” said David Jefferson, a computer scientist at Lawrence Livermore National Laboratories who is on the board of Verified Voting, an election security advocacy group. “All internet voting systems, including this one, have a host of cyber vulnerabilities which make it extremely dangerous.”

I demand paper ballots! What is so hard about this? A security expert weighs in:

This is crazy (and dangerous). West Virginia is allowing people to vote via a smart-phone app. Even crazier, the app uses blockchain — presumably because they have no idea what the security issues with voting actually are.

As for what those security issues are:

Today, we conduct our elections on computers. Our registration lists are in computer databases. We vote on computerized voting machines. And our tabulation and reporting is done on computers. We do this for a lot of good reasons, but a side effect is that elections now have all the insecurities inherent in computers. The only way to reliably protect elections from both malice and accident is to use something that is not hackable or unreliable at scale; the best way to do that is to back up as much of the system as possible with paper. […]

Last year, the Defcon hackers’ conference sponsored a Voting Village. Organizers collected 25 pieces of voting equipment, including voting machines and electronic poll books. By the end of the weekend, conference attendees had found ways to compromise every piece of test equipment: to load malicious software, compromise vote tallies and audit logs, or cause equipment to fail.

It’s important to understand that these were not well-funded nation-state attackers. These were not even academics who had been studying the problem for weeks. These were bored hackers, with no experience with voting machines, playing around between parties one weekend.

The Navarro effect

There’s no such thing as a free lunch — anymore:

President Donald Trump announced that the US would pull out of an obscure 144-year-old postal treaty, in what looks to be his latest direct shot at China.

The Trump administration announced Wednesday that the US would leave the the Universal Postal Union treaty, an agreement from 1874 that helps to standardize postal rules among the international community.

The interesting aspect of the UPU decision is a more recent addition to the agreement. The UPU, which is now under the United Nations’ purview, sets rates that national postal services pay to ship goods internationally. Under a deal reached in 1969, developing countries can ship smaller items at lower rates than developed nations like the US. The provision is designed to help facilitate exports from smaller countries to give a boost to growing economies.

But the provision also allows Chinese producers to ship items to the US at significantly low rates even compared to some US domestic shipping rates. The Trump administration says many companies even offer free shipping to the US from China because of these lower rates — and as a result, roughly 60% of inbound shipping to the US comes from China.

Trump’s trade adviser Peter Navarro appears to be the instigator of this move.

The Good and Bad War

A review of The Phoney Victory: The World War II Illusion by Peter Hitchens

The Phoney Victory Peter Hitchens“Facts are better than dreams.” – Winston Churchill

The Phoney Victory: The World War II Illusion by journalist Peter Hitchens is a powerful and unsettling book that aims to correct the historical record surrounding Britain’s involvement in World War II. It casts a cold eye on British decision-making before, during, and immediately after the greatest conflict in human history, and finds that large swaths of the conventional wisdom about the Good War are simply not true.

The argument goes something like this. Britain, wanting to preserve its credibility as a great power, foolishly committed itself to a war it was unprepared to fight. This tragic folly led to a long series of disasters. By June 1940, after the costly evacuation at Dunkirk and the German occupation of the Channel Islands, Britain had lost the war it had declared nine months earlier – chased out of continental Europe and defeated though not conquered by Germany.

The world’s greatest empire was reduced to a bankrupt, marginal power at the fringes of the war, essentially out of the fight in Europe, and had to be rescued by the United States. Why did this happen? The origins of this disastrous situation can be traced back to March 1939, when Britain and France made an unconditional guarantee to protect Poland’s borders and independence, knowing full well they were unable to enforce this pledge militarily. When Hitler invaded Poland in September, they were forced to declare war, although they did nothing practical to help Poland, then or later.

German occupation Guernsey

German occupation of the Channel Island of Guernsey (Source)

In examining the background to the guarantee, Hitchens finds evidence that the Chamberlain government was actually looking for a fight. As he argues:

Far from blundering into a guarantee they did not mean to fulfil, they wanted the guarantee to commit them irrevocably to an idealist war whose practical details interested them very little. For they had resolved to fight such a war that year to reassert their fast-shrivelling power and importance. [Italics in the original]

Hitchens asserts that Hitler needed to be overthrown at some point. His quarrel is with the motives and circumstances of Britain’s ill-timed intervention:

I am saying that we might have done better to follow the wise example of the USA, and wait until we and our allies were militarily and diplomatically ready before we entered that conflict.

The book later delves into “the wise example of the USA,” specifically the cold, harsh calculations of American self-interest that undergirded Roosevelt’s policy towards Great Britain. In a fascinating couple of chapters, Hitchens records how the US took advantage of Britain’s helplessness to strip the empire of its assets and its naval supremacy in exchange for desperately needed aid.

Stalin FDR Tehran

Stalin and Roosevelt in Tehran (Source)

Under the “cash and carry” agreement, a hopelessly indebted Britain shipped its life savings in the form of gold bullion and securities across the Atlantic to pay for war supplies. Much of this loot still remains in Fort Knox. Under the Destroyers for Bases deal, Churchill handed over British territories across the Caribbean, Bermuda and Newfoundland to the US, a humiliating loss of imperial possessions, in return for 50 decrepit ships. The ruthlessness of these bargains is stunning and very damaging to the trope of the Anglo-American “special relationship.”

The Churchill myth also takes a severe beating here. There is no doubt that Churchill was a great leader with many admirable qualities. But as the book reveals, he was also prone to absurd posturing and hubris that led to a number of damaging errors. One of these was his refusal to send reinforcements in time to Malaya, which paved the way for the devastating loss of Singapore to the Japanese in 1942. Churchill was also bizarrely fixated on Egypt, sending scarce resources to the Mediterranean and Middle East theater at the expense of nearly losing the all-important Battle of the Atlantic. A failed intervention in Greece “was also begun for reasons of prestige, not military ones.”

In the book’s most upsetting chapters, Hitchens addresses the British bombing of German population centers during the war, and the ethnic cleansing of Germans from large parts of central and eastern Europe under the post-war Potsdam Agreement. The first issue tends to ignite strong emotions. Many people believe that the deliberate mass bombing of German civilians in their homes was a justified response to Nazi aggression and was necessary to break the will of the German population.

Operation Gomorrah Hamburg

Effects of Operation Gomorrah (Source)

The chapter titled “Gomorrah” – named after Operation Gomorrah, the carpet-bombing of Hamburg in July 1943 which annihilated ten square miles of the city and killed over 40,000 civilians – dismantles these arguments, showing that the “area bombing” of entire towns and cities was futile and morally indefensible. The bombings had limited military value, and were done mainly for psychological and PR reasons, because they pleased Britain’s ally Stalin, and because, as Churchill put it, they were “better than doing nothing.” Huge numbers of British airmen were sacrificed in the raids, which accomplished little compared to the targeted bombing of industrial and military sites. The suggestion here is that Britain turned to carpet-bombing, a savage and largely pointless policy, because this was one of the few ways it could project power after having blundered into a war it was physically unable to win.

The follies continued long after Hitler self-terminated in his Führerbunker. The chapter “Orderly and Humane” covers the brutal, chaotic transfer of between 12 and 14 million ethnic Germans, mainly innocent women and children, out of Poland, Hungary, Czechoslovakia, Romania and Yugoslavia under the aegis of the victorious Allied powers. An estimated 500,000 to 1.5 million people died in this process, which is shockingly unknown to most people in the Anglo-American world.

Pointing out these facts is a dirty job, but someone has to do it. Hitchens goes to considerable lengths to fortify his book against the predictable misunderstandings. He makes it perfectly clear, for example, that condemning certain actions by the Allies in no way amounts to a defense of Nazi Germany or an argument that the two sides are morally equivalent. The book is also careful to praise the undeniable courage and sacrifice of the men and women who fought in and otherwise lived through the war, even as it shines a harsh light on the political and military decisions that were made by the people in charge.

Not being an expert on WWII, I am in no position to assess the book’s historical claims. My opinion is that Hitchens’s arguments are well supported and have the ring of truth. However, The Phoney Victory has attracted a couple of highly critical reviews, by Sir Richard Evans – described as “arguably the pre-eminent historian of 20th-century Germany” – and by Daniel Johnson, editor of Standpoint magazine (and son of historian Paul Johnson). Hitchens has also responded in detail to these reviews on his blog:

You can judge for yourself whether the above critics have successfully undermined Hitchens’s arguments. In my humble opinion, the book survives these attacks virtually unscathed. The sneering, dismissive article by Professor Evans can be, and is, easily demolished by Hitchens. It’s not clear whether the great academic even bothered to read the book.* Johnson’s review is far more thoughtful and detailed, but also ignores key parts of the book’s argument and veers off into embarrassing Churchill-worship.

I should also note that the book includes a highly entertaining and well-written index, which could almost hold its own as a separate work. Here’s a sample:

Great Britain, moderately important country off NW coast of Europe; its principal concern in 1939 preservation of its standing as a great power, 34; actively obstructs single largest escape route for persecuted European Jews, 34; naval weakness in Mediterranean, 34; seen by many Americans as selfish, mean and bullying, 37 […]

===

*A reader posted the following astute comment on Hitchens’s blog:

Sir Richard’s rant reaffirms my belief that Mr. Hitches is correct about the lingering power of the WW2 myth: it’s striking to witness a historian of his standing react so emotionally and with so little grace; especially the nitpicking that Mr. Hitchens highlights, a common refuge of those who duck and weave around a challenge they’re unwilling to face head-on.

Just as the Great Patriotic War’s been dragooned into service by successive Soviet and Russian governments eager to prop up their ramshackle hold on power, so the Second World War’s been used by successive British governments to mask imperial decline.

===

UPDATE: The book has also been reviewed by Ross Grainger, Dr Nicolas Lewkowicz, and Niall Gooch. And Mr Hitchens has kindly mentioned my review on Twitter:

Peter Hitchens tweet

Is this a parody?

Melania Edwards Bay Area

The best part of waking up is Business Insider taking this totally not staged photo

It might as well be:

A day in the life of an HSBC exec who wakes up at 5:30 a.m. to work out, always eats green, and studies at Stanford in her free time

Melania Edwards is always on the move.

The HSBC exec, who’s part of the bank’s Global Venture Capital Coverage Group, works from two Northern California offices an hour apart. She previously worked across Asia, Europe, and the US training senior executives to lead the international bank by putting them in top roles across different businesses around the globe.

On a typical day, she gets up at 5:30 a.m. to meditate, check in with friends and family in different time zones, and play tennis. She walks to work and spends her workday connecting venture-capital firms and their portfolio companies to HSBC’s global network.

She recently broke down her daily routine for Business Insider. Here’s what her day looks like.

What’s puzzling is that some people would find this kind of lifestyle desirable. Reminds me of this (definite) parody found on LinkedIn:

I wake up every morning at 4 AM and go for a 10 mile run followed by an hour lifting weights.

I try my best to read the local newspaper and at least 1/4 of a book before I leave for work at 8.

I have completely cut out meats, veggies, and fruits from my diet because I don’t want to damage anything on earth. I eat 100% Soylent.

During my lunch break I build houses for the homeless and then hire them at my job as a public service.

I answer no less than 300 emails an hour… all personalized.

Before I leave work I remind my friends that LinkedIn isn’t a dating site in case they forget.

After work I instruct hot/cold yoga in a room-temperature room… right before I head off to provide my spiritual advice to local religious leaders.

I am currently writing my 10th book.

I also created the Fidget Spinner.

I am the most interesting person on LinkedIn.

US back on top of competitiveness ranking

Some good economic news for the US. Also, Japan is up to #5 from #9 last year:

After a decadelong absence, the U.S. has regained the distinction of most competitive country in the world, according to the World Economic Forum. In fact, only Japan made a bigger improvement of all 140 countries in the survey.

“Economic recovery is well under way, with the global economy projected to grow almost 4% in 2018 and 2019,” said the report, which measures economies by 98 indicators to determine how close they are to the ideal state of competitiveness.

More on Japan’s economic recovery.

Idiocracy and other new English words

Idiocracy Costco

Idiocracy (the movie)

The English language, if the Oxford English Dictionary is to be believed, has over 600,000 words and gains several thousand new words every year. New words enter the OED only if there is evidence of widespread use for a significant period of time (typically, at least a decade), so the quarterly updates to the dictionary offer an interesting glimpse into how our collective consciousness is expanding and mutating. I was amused, for example, to discover that the following words were recently added to the dictionary:

  • apocalyptician, n.
  • apocalypticist, n.
  • Archie Bunker, n.
  • areligious, adj.
  • butthurt, adj.
  • Chan, n.
  • douchebaggery, n.
  • douchey, adj.
  • Dunbar number, n.
  • idiocracy, n.2
  • Indiana Jones, n.
  • Kansas, n. [Ed: ??]
  • Kubrickian, adj.
  • lumbersexual, adj. and n.
  • Lynchian, adj.
  • Mrs Robinson, n.
  • Nollywood, n.
  • nothingburger, n. and adj.
  • prepper, n.3
  • Scorsesean, adj.
  • Spielbergian, adj.
  • Tarantinoesque, adj.
  • Tarkovskian, adj.
  • verbalness, n.
  • yarg, n. [Ed: This appears to refer to either “an ironic invocation of the pirate spirit by rule-bound individuals frustrated by the setbacks of civilized life” or a semi-hard cheese made in Cornwall]

Standing on an asteroid

If you could stand on the asteroid Ryugu, about 194 million miles from earth, this is what you’d see:

Asteroid Ryugu

From Space.com:

Two tiny, hopping rovers that landed on asteroid Ryugu last week have beamed back some incredible new views of the asteroid’s rocky surface.

The Japanese Aerospace Exploration Agency’s (JAXA) Hayabusa2 sample-return mission dropped the two nearly identical rovers, named Minerva-II1A and Minerva-II1B, onto the surface of Ryugu on Sept. 21. In a new video from the eyes of Minerva-II1B, you can watch the sun move across the sky as its glaring sunlight reflects off the shiny rocks that cover Ryugu’s surface.

“Please take a moment to enjoy ‘standing’ on this new world,” JAXA officials said in a statement released today (Sept. 27).

Don’t piss on the fans

This profanity-laced review of The Last Jedi by novelist Larry Correia is far superior to the movie itself, as it is not only more entertaining, logical and emotionally satisfying than Rian Johnson’s curious act of cinematic arson, but it should be required reading in film school for its astute analysis of the movie’s many unforgivable sins. Here’s a sample:

While I’m still on characters, the greatest example of Rain’s fucked up perspective of how to use even the 2nd tier characters… Holy shit.. Admiral Motherfucking Ackbar.

Think about this. Everybody in the world knows Admiral Ackbar. I could hop on a plane to Kazakhstan right now, get a rental jeep, go up in the mountains, find a goat herder in a village that doesn’t have electricity, show him a picture of Admiral Ackbar, bad ass lobsterman, and that goat herd would immediately shout IT’S A TRAP!

Admiral Ackbar has transcended being a character to become a cultural icon. He’s like the #1 meme on the internet. Everybody loves Admiral Ackbar.

Now watch as Rian Johnson pisses in your eyes.

He took this cultural icon, this HERO, and capped him so casually that I wasn’t even sure what happened. Like, wait, what?

But not only that, in this dumbfuck plot some assholes threw together after smoking way too much weed, there’s another new character, Admiral Evening Gown, who struts in and does everything that he easily could’ve had Admiral Ackbar do, big heroic sacrifice moment and all that jazz, but nope. Fuck Ackbar, and fuck your memories. Here’s this totally unlikable new character.

It’s true. Look, I’ve never been a Star Wars nerd, but the movies were part of my childhood, and it’s annoying to see familiar characters die meaningless deaths or otherwise be humiliated or defiled by some punk filmmaker who thinks he’s being clever and subversive. That sort of casual subversion of expectations might “work” in a black-and-white indie film, but in an epic space opera it’s just rude. And that’s not even the movie’s worst crime, as Correia explains:

Despite Rey being the best at literally everything in the universe EVER, there were some possible character arcs that could’ve been taken after TFA. But nope, Rain is SO EDGY, but he couldn’t possibly do anything to humanize the uber character. Same with Kylo. One of the only things I’ll give this movie is that at least he was more interesting that the mopey emo crybaby they made him in the last one.

You could not possibly write a more boring, featureless character than Rey if you tried. What a waste.

Characters it’s all about rooting for someone. When your characters do nothing but stupid shit, it’s hard to root for them. Your antagonists need to be menacing, not clowns, or worse, just thrown away! (hey, Snoke is interesting… and never mind…). Or Phasma. Hey, wow, she must be super bad ass to have the silver armor and…. Garbage chute… Maybe some menace this time and…. Oh fuck it.

The Ewoks had more character than this. AND THEY COULDN’T BLINK.

As for plot… The Last Jedi freely violates the established rules of the Star Wars universe (this is bad):

Then we’ve got the scene with the space bombers. Because gravity totally works in space… What the hell was that nonsense?

The plot doesn’t even make a lick of sense:

There’s this thing in writing, where you couldn’t have a plot unless the characters are really stupid. You see it mostly in low budget horror movies. Where if the characters were smart, they wouldn’t get in trouble, but instead it’s like hey, there’s an axe murderer, let’s go off by ourselves to smoke pot and have sex. Yeah…. That’s this level of writing. The plot only exists because all the characters are too stupid to live. […]

So then we’ve got this absurd subplot where Fin and Rose go off to get some specific hacker on casino planet. Except remember, the whole goal was to get somewhere to send a message… Why doesn’t Fin just send the message on Casino Planet?

But anyways, let’s shove in some hamfisted message about the military industrial complex or WTF ever that was supposed to be. (Trust me, before I was a writer I was in the military industrial complex, it’s relatively boring, and I never once got to swim in a Scrooge McDuck style money vault). But then they rescue space horses, and after all that recruit the totally untrustworthy guy who like totally won’t betray them… And the only reason they got caught was because they parked their shuttle someplace stupid.

Seriously, bad horror movie writing. If Fin and Rose had taken a break to get high and make out in the forest and then gotten killed by an axe murderer, it would have made just as much sense as this shit. When teenage characters make those kinds of decisions in movies like Night of the Demons, the audience gives it a pass, but when a bunch of supposed military rebel professionals do stupid shit like that, the audience groans.

As for the spectacular scene where Laura Dern goes kamikaze on Snoke’s flagship:

Let’s break this down, and why it is so obnoxiously, incredibly, painfully stupid.

If you can take a cheap ass freighter and easy button instakill an entire carrier battle group, then why haven’t they done this in any of the previous movies? Why fly down the trench of the Death Star? Or into the interior of the 2nd? Why have big fleet battles at all?

In writing, this is a basic fuck up that you usually see from newer fantasy authors.

Here’s the scene by the way:

(I note in passing that John Williams, who wrote the score, is still going strong for a guy in his mid-80s. Much respect.)

Yes, it’s pretty. The problem is that The Last Jedi throws any pretense of coherent storytelling and characterization out the window. It’s just a bad movie, and the scale and intensity of its badness has comprehensively destroyed what remains of the world’s most valuable film franchise.

Is Bloomberg peddling fake news about Chinese hardware hacking?

Infosec hardware implants

The state of infosec right now (Credit: Colin O’Flynn)

The jury is still out, but this isn’t looking great for Bloomberg:

The veracity of a bombshell yarn claiming Chinese agents managed to sneak spy chips into Super Micro servers used by Amazon, Apple and the US government is still being fiercely argued over five days after publication. […]

Faced with such uncertainty, some are reaching for a unifying explanation: that Bloomberg was misled by some in the intelligence community that wish, for their own reasons, to raise the specter of Chinese interference in the global electronics supply chain. Bloomberg could be accurately reporting an intelligence misinformation campaign. […]

On the possible failure of adequate fact checking, earlier this week one of the security experts that Bloomberg spoke to in order to explain how the claimed spy chip would actually work, Joe Fitzpatrick, gave an interview to Aussie veteran infosec journalist Patrick Gray in which Fitzpatrick said he had told the Bloomberg spy-chip reporters of his doubts that it was feasible and that he was “uncomfortable” with the final article.

An NSA official is also pushing back:

Rob Joyce, Senior Advisor for Cybersecurity Strategy at the NSA, is the latest official to question the accuracy of Bloomberg Businessweek’s bombshell “The Big Hack” report about Chinese spies compromising the U.S. tech supply chain.

“I have pretty good understanding about what we’re worried about and what we’re working on from my position. I don’t see it,” said Joyce, speaking at a U.S. Chamber of Commerce cyber summit in Washington, D.C. today, according to a subscriber-only Politico report viewed by MacRumors.

“I’ve got all sorts of commercial industry freaking out and just losing their minds about this concern, and nobody’s found anything,” Joyce added.

Twitter user Hector Martin (@marcan42) had a fierce response to Bloomberg’s second story on the alleged Chinese hardware hacking:

Ah, I see, Bloomberg. So instead of a (partial) retraction of your at least half if not fully bullshit China implant story, you’re going to now publish *one guy’s* claim of Ethernet jack implants. When you had <5 days to check anything he provided.

Remember when a certain other security researcher was convinced his Ethernet jacks had implants? Remember all this “evidence”? How *we* knew it was BS? Now consider whether Bloomberg’s technically clueless journalists would know it’s BS.

Seriously, this is just pathetic now. They just went from “1 year and multiple sources” to “<5 days and one guy”. This is just negligence.

https://t.co/eReEXegOHZ

Why is it that every time something like this happens nobody has any hard documentation or analysis results? Ah yes, the best cop-out. “We don’t have it any more, we can’t give you more details”.

So now we have *software* detecting *analog* stuff like the “power consumption” of a *network*.

None of those words go together. At all.

Basically every Ethernet jack I’ve seen in anything but cheapo consumer routers/switches has been metal. How the hell is this an IOC?

Nevermind that… Ethernet jacks don’t have power pins. Where is this module (that uses so much power that it gets hot) magically powering itself from? Nobody runs PoE out to servers. Did they modify the board design to add power pins too?

Commenting on the above thread, Joe Fitzpatrick had this to say:

I was contacted and declined to give comment for this story. I explained this wasn’t the first time this year someone was making this claim.

@marcan42 has experience debunking claims of ‘backdoored’ ethernet jacks. Details in this story are almost identical to last time.

Sepio systems also shared a document with me yesterday. It had juicy details about rogue hardware.

It was a marketing 1-pager.

Whatever the truth of the  matter, Yossi Appleboum, the ex-Israeli intelligence guy cited in Bloomberg’s follow-up story, gets the last word:

We found it in different vendors, not just Supermicro. We found it not just in servers, in different variations, but hardware manipulation on different interfaces, mostly in network related. We found it in different devices connected to the network, even Ethernet switches. I am talking about really big what are considered to be major American brands, many compromised through the same method.

This is why I think that Supermicro has nothing to do with that. In many cases, by the way, it is not through manufacturing, it is after through the supply chain.

People think of the supply chain in a very narrow sense between the manufacturer and the customer. Supply chain never ends. There are technicians, there are integrators, there are people that work in your facilities. We have seen after installation, after the fact attacks where someone switched something already installed. This is why Supermicro would have no idea what happens later in the supply chain. […]

We have a problem. The problem is the hardware supply chain. All of us are dealing with what happened to Supermicro, and whether Amazon knew or did not know. That is not the main issue for me. The main issue is that we have a problem. It is global. This is why I think Supermicro is suffering from the big players. I am talking about the really big players who know that they have the same problem, and they are kind of using the story right now to throw Supermicro under the bus instead of coming out and saying that it is a global problem, let’s fix it and find a solution.