Tuesday, August 30, 2016

Guest Post: "The NSA Was Hacked", or Only Idiots Need "Security" by Friendly Rich

This guest post is rather timely, seeing as how the new American college semester has begun and a million new laptops and tablets are in circulation.
"The NSA Was Hacked", or Only Idiots Need "Security"

by Friendly Rich

Someone I know recently sent these links on various mailing lists, and they deserve some outside comment:

> https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/
> http://www.theregister.co.uk/2016/08/19/snowden_docs_shadow_brokers_nsa_exploits/

Not mentioned in the articles, but visible in the main FOXACID document: this stuff is almost exclusively aimed at Microsoft Windows. The basis is a set of tools to break into Internet Explorer via Javascript/XML malware. Just disabling Javascript on a browser, or using Firefox with NoScript, will probably stop FOXACID exploits. The NSA does have exploits for Linux, Solaris and Free-BSD, and so presumably OSX as well, but other OSes aren't mentioned anywhere in this set of documents. The NSA uses Linux heavily for internal systems, especially Red Hat/Fedora and their own SELinux, so I assume they have break-in methods for various versions of Linux. But I will bet you it is more difficult than cracking a Windows machine.

Evidently most of the NSA's "secret methods" depend on the idiocy of browser users, just like any common hacker malware. The "CNO Course" document talks about handing out infected flash drives to random people and leaving them in internet cafes. Really? That's what the mighty Uncle Sam uses to crack PCs? Obviously it works. Because there are idiots in every organization.

The FOXACID server runs Windows Server 2003. Which is just hilarious. Ten years behind the times. And they get MIT to load the software on the servers before deployment. Why? Do they not trust their own employees and customers? They even have bogus SSL certificates. Hey, isn't that illegal in some places? Not that anyone seems to care.

All of this shit was originally aimed at breaking into PCs in Afghanistan and Pakistan. The Pakistani government's Green Line network was explicitly mentioned as a major target. So where's the diplomatic complaint? And the CNO Course shows a BLINDDATE PC using a wireless packet-injection exploit while driving around....Kabul. Again, it depends on web browser weaknesses to install malware on a PC. Field personnel aren't expected to know how to write malware nor understand how all the tools they use actually work. This is a classic case of idiots hacking other idiots.

It's an old "joke" and rumor: Microsoft has grown to such size and arrogance because Bill Gates cheerfully negotiated "special deals" with the US government back in the late 1980s. And they've gotten closer and closer since then. The NSA, CIA and Microsoft's operating-system division routinely exchange developers and knowledge. This is supposedly why the 1997 attempt to prosecute MS for breaking antitrust laws failed so massively.

Their "Shared Source Initiative" in 2001 was an attempt to calm their big corporate users, and I'm not sure it really helped much. Googling gets plenty of Microsoft press releases and very little honest discussion of the SSI. "Shared source" is Microsoft official jargon; nothing is "shared". Accessing the source code is very costly, there are numerous restrictions, and extremely harsh nondisclosure agreements are demanded of anyone allowed into the SSI.

But bring any of this up in mixed company and IT "professionals" will accuse you of being a conspiracy freak. Even though the signs have been visible for many years online.




This Gates interview from 2014 is notable. He ever-so-delicately tiptoes around the issue of surveillance and security. But does manage to splutter about Ed Snowden being a "criminal". An interview that communicates very little otherwise.

"Even so, do you think it's better now that we know what we know about government surveillance?"
"The government has such ability to do these things. There has to be a debate. But the specific techniques they use become unavailable if they're discussed in detail. So the debate needs to be about the general notion of under what circumstances should they be allowed to do things." LOLWUT?

And here's a 2004 article about Windows vs. Linux security. Despite being 12 years old, I've never seen any indications that the general situation has changed much. PC operating systems became more-or-less "stable" a long time ago and any updates tend to include new hardware support, new multimedia formats, and other improvements outside the kernel.

This is the glorious state of the glorious software world today. It's all badly designed, insecure, and sooner-or-later compromised by our wonderful government. Because there is so little real choice in the way of modern operating systems for PCs today, the NSA spooks have a variety of ways to break into machines. Evidently they don't even need "sneaky back doors" any longer. If you don't want anyone to sort through your hard drive, either don't connect your machine to the internet, or use a VPN exclusively; and don't do stupid things with a browser. Think before clicking on things.

Monday, August 29, 2016

Back on the Chain Gang - UC Chancellor Linda Katehi Screws Around with Wikipedia

Just before August vanishes off the calendar, let's talk about Linda Katehi, who resigned as Chancellor of  the University of California at Davis on the second Tuesday of this month. She was involved with Wikipedia as far back as 2009, completely focused on her own Biography of a Living Person (BLP) article. The problem was she possibly had underlings at UC Davis do all the work on that piece.

The Background

Katehi (born Pisti Basile Katehi; Athens, Greece) was a professor of electrical and computer engineering at Purdue University who left Indiana for the University of Illinois at Urbana-Champaign, where she taught the same subjects while also getting sucked into the endless white-walled makework machine that is college administration (Prof. Katehi was provost and vice chancellor of academic affairs at UIUC). However that machine gives enough time for politicking and she was able to impress the UC Regents and they made her Chancellor of UC Davis, with her husband (chemistry professor Spyros Tseregounis) brought along as well to teach. (By the way, if two academics are married and one accepts a position somewhere else, the college will often hire the spouse, especially if they have been tenured before. So this move for the Katehi-Tseregounises is common.) Linda Katehi's BLP first appeared on Wikipedia as a stub before she was hired on in California in May 2009. It didn't remain a stub for long.

Two years later Occupy Wall Street brought back the sit-in protest to national news, and Occupy groups appeared everywhere, including UC Davis. On Thursday, November 17, 2011 Occupy UC Davis held a sit-down protest in the Quad over tuition hikes and the violent treatment Occupy Cal protesters got at UC Berkeley earlier that month. The next day the protesters were still in the Quad; they had camped out overnight. Chancellor Katehi called in the UC Davis police and by 3pm the famous images of Lieutenant John Pike pepper spraying students sitting on the ground were being snapped by cameras. Quickly his nonchalant action became an internet meme.

                           The Beatles are somehow involved, as always. (Stolen from the sadly-defunct Gawker.)

There were claims that doused people were vomiting blood and that the UC Davis and UC Berkeley police were shooting pepper spray in students' mouths. There were investigations and Lt. John Pike was later fired, but Davis was still stuck with Linda Katehi. And this is where Wikipedia and PR really come in.

Conflict of Interest Editing, the UC version

We can't find the real names, but we know the Wiki-handles of a number of probable COI editors or sockpuppets of one smart paid editor.

The first COI editor was Mtang6, who started the article on May 7, 2009. That probably was Katehi, because it was only a couple of lines. Possibly it could have been her children, working at her behest.

Next was Eve2500, who added bulk to the BLP in June of 2011.

In early November 2011 before the pepper spray incident, two IP addresses did some "embarrassment cleanup" and made the article larger; they were and - now there is a gap in the record from July 22 to the 18th of November.

After the outright barfight of edits (mostly with IPs, not accounts) following John Pike's claim to fame, Jokestress (Andrea James) took the semi-protected version of the article and began re-editing it, but remained neutral - we are not claiming she is a COI editor, just that a "name" editor showed up to tinker with things for a day and then dropped the article like a hot rock.

Spin the watch hands to October 2013, and there was Linda F UC Davis, who tried to get the editors to include more mentions of Linda Katehi's STEM background in the BLP and stated outright that she worked for UC Davis in the article's talkpage. Linda F UC Davis has not been seen on Wikipedia since.

Move forward another year to November 2014 and the unpronounceable Wvxihjazb acts mostly like an SPA (single purpose account), editing the Katehi article along with the Larry N. Vanderhoef article (chancellor of UC Davis before Linda Katehi), an article on Greek academic John Panaretos (which had a link to the Linda Katehi), "improving" the list of notable alumni in the UCLA Henry Samueli School of Engineering and Applied Science (I give you one guess who got mentioned), and finally the article on the Western Association of Schools and Colleges (adding a list of Commissioners, one of whom was Linda Katehi.) All of Wvxihjazb's edits were done from the 5th of November to the 26th of November skipping every two days. Like H.P. Lovecraft's vowel-less monsters, Wvxihjazb utterly disappeared after wreaking havoc, back to the Void.

Last but not least was KianaHooper. For a paid editor, "she" played the part of the neophyte Wikipedia editor very well: "Hi! I'm Kiana Hooper. I was urged to create an account so here I am! I think Wikipedia is really awesome and I can't wait to improve it. I never knew Wikipedia was run by such an intricate and well though out set of rules. It's really cool!" is what the first line of "her" userpage ran. Nobody noticed as all she did was edit in bursts, first on "Hispanic-serving institutions" redirect page, then UC Davis, then Linda Katehi....and that's all "she" focused on. Notice how the editor came and went until the fateful day of June 5, 2015 when the explosion of text erupted and "she" more than doubled the size of the article. Then KianaHooper vanished, or went back to being Linda Katehi's administrative assistant, or a paid-off grad student, or a hired hack, whatever the truth is.

Paying for a Spotless Reputation

Realizing that the photos from the pepper spraying had been posted to the Internet, UC Davis hired Nevins & Associates at $15,000 a month for six months to massage the internet and make the problem go away. Problem was, they did it in January of 2013. There went  more than 90,000 dollars down the drain. Then they hired Purple Strategies, a public relations firm in Virginia to "Get me off the Google" as chancellor Katehi demanded. (I can only hear that demand in Arianna Huffington's voice.) Purple Strategies were paid 44,600 American dollars total for three months of work; in the end with more cash burned in a pyre for another PR firm, the university urinated away $407,000.

                                Not actual UC Davis money burning, but a realistic approximation.

Did I mention this idiotic vanity site was part of the cash expended? None of it worked, of course, and you would think a person trained in EE and computer science would know how the Internet functions in the early 21st century. Her other "footbullet" element was a predilection for international travel; according to the Sacramento Bee, she cost UC Davis over S174,000 in 26 international trips to drum up business for the college, going to Mexico, Chile, Brazil, Dubai, France, Austria, Germany, Italy, Greece, and Cyprus over a five year stretch from 2010 to 2015; very little came of these trips for the college, and Chancellor Katehi flew first class every time. Meanwhile, she was a board member at the corporation behind the for-profit DeVry University, and had previously spent time at textbook publishers John Wiley & Sons, raking in $420,000 for three years work, making the costly textbooks (which the publisher makes obsolete constantly) part of the UC Davis scene if they weren't already. And this is a person that makes $420,000 without the need to part-time it in private industry! In the end Linda Napolitano put her on ice this April, then gave her the axe this month, nearly three weeks before the UC Fall 2016 semester began.


Wikipedia was useful once for building a reputation, but in a world of "gotcha" journalism, everybody having a camera on a cell phone, and Google caching it has become insanely easy to ruin yourself. Linda Katehi might be out of a job, only because she never took Thomas J. Watson's command to THINK seriously. But then, IBM leased punch card machines to Nazi death camps, so what did he really know?

                               Neither of the two men above are Greek, but dance along anyway.

Wednesday, August 17, 2016

MORE IMPORTANT THAN WIKIPEDIA: "ICANN Can't", a Guest Post by E.A. Barbour

Because he's always looking at things under the radar, things that are barely noticed are massive mountains to E.A. Barbour, who shares with us the fiasco of the forthcoming ICANN internet takeover.


By E.A. Barbour

What is ICANN? It's the special organization which is being given control of all the domain-name assignments and technical standards which the Internet depends on. It was created in 1998 out of whole cloth, because original ARPANET sysop Jon Postel was "overworked". ICANN is essentially a nonprofit government contractor which exists by fiat order of the Department Of Commerce. The Net was opened to the public in 1994 and domain names were handled by Postel and other ARPANET sysops for the first four years. (Amusingly, right in the middle of setting up ICANN, Postel died of "undetected cardiac problems".) And its first chair was Esther Dyson, venture capitalist and one of the most connected women in Silicon Valley (plus an early cheerleader for Wikipedia). A later chair was Postel's fellow "Original Internet Father" Vint Cerf; whose display case at home is bulging with bowling trophies given to him by the computer industry for his magical awesomeness. His ass tastes like fine wine, judging by the millions of kisses he's gotten since the 1980s.

For two decades the system for Internet domains has more-or-less worked passably well. The US government, its contractors, and other large corporations worked with ICANN to keep the DNS/IANA system running. Although here have been complaints about large registrars like Network Solutions/VeriSign, RegisterFly, and GoDaddy, nothing was deemed "problematic" enough to call for major reform of the "system". It was open enough to make open-source cheerleaders happy and it was stable enough to keep corporations and other major financial interests content (and profitable). New domains and systems were introduced to keep things flowing. The gold-rush of the early Web insured that people were willing to allow laissez-faire--until recently. When the US federal government stated that it wished to get rid of all domain control, and have ICANN handle it exclusively. Although little reported anywhere else in the media, these Register articles give some pause.

This happened right in the middle of the US government handing over the final governance controls to ICANN. Under the government's relatively benign control since the 1980s, the Internet grew with a remarkable level of free speech, openness and freedom from graft. These stories suggest that when ICANN has full control over TLDs and governance, they will start acting like FIFA or the Olympic Committee -- playing favorites, taking bribes, and covering everything up. And the product will decline. (And most "customers" won't care, as long as they get their damned football games/websites.)


Last month it was reported that the transition of the IANA to ICANN control is being fought by the Republicans. It was even put in the2016 GOP official platform. Not many people noticed or commented on it. Of course it's being blamed on outgoing president Obama, and of course it's being used as a "political football". Admittedly the GOP is full of shit and this is merely a pretext. But one still has to wonder; once domain-name controls are fully in the hands of ICANN, what will happen to them? No one seems to know---or care.

I suspect we have already seen the best days of the Internet. Its future will likely be a dark, broken Third World chaos with dominance by large corporations. Getting a domain name will probably involve paying large bribes to creepy outfits with no fixed address. Legs will be broken and heads will be chopped. And DNS lookup will get more and more unreliable. Just like getting a Class A broadcast license from the FCC, or a taxi license in New York City. The rot is inevitable when big money and monopoly control is involved, and one small organization has the keys.

BTW, there's a Wikipedia angle here. The ICANN article itself was greatly expanded in the last 3 years, mostly by a succession of random-looking IP addresses and SPAs. And if someone tries to insert information of a negative nature, an anonymous  administrator named "Cenarium" removes it. Cenarium is a vandalism patroller who evidently has some knowledge of advanced mathematics. A very weird combination.

And that's not all. The WMF has very close relations with the Berkman Center at Harvard (Jimbo Wales is a "Fellow" thereof), the EFF, Creative Commons, and the Sunlight Foundation. The number of "common friends" they have in these organizations is truly remarkable: Berkman's Wendy Seltzer was an ICANN delegate, MIT professor Ethan Zuckerman has connections to the EFF and is on the WMF Board of Advisors, Jonathan Zittrain cofounded the "Chilling Effects" group with Wendy Seltzer and is on the EFF Board. Rebecca MacKinnon and Peter Suber are on the WMF Board of Advisors and also Berkman Center fellows. (MacKinnon edits her own Wikipedia bio with apparent impunity.) Tamar Frankel, a lawyer who helped set up ICANN in the first place, is also a Berkman fellow. All of these connected people have Wikipedia biographies, which are carefully watched by Wikipedia insiders.

More? Harald Alvestrand, a former ICANN Board member and current Google employee, is a Wikipedia administrator AND has been allowed to edit his own Wikipedia bio. Former WMF Trustee and current WMF Advisor Matt Halprin (his seat was bought for him by his boss Pierre Omidyar) was also on the Board of the Sunlight Foundation--with Esther Dyson and former WMF Director Sue Gardner. On the Advisory Board at Sunlight: Jimmy Wales. Also on Sunlight's Board, as well as the WMF Board of Advisors: Craig Newmark of Craigslist. And I won't even get into the Google connections. You get the idea.

The WMF is already corrupt in third-world ways. Some of these "free culture" Internet organizations have built-in conflicts of financial interest. Is it really surprising that ICANN is likely to go the same way?

Monday, August 8, 2016

Stuff That Has Nothing to do With Wikipedia: Inside Boston University. Plus Board Nonsense!

This was one I wanted to do for a while, and now that it looks like the site owner has walked away from it, the blog needs to be mirrored. The website in question is Inside Boston University, and the author is Raymond "Ray" Carney.

"....A Man of Constant Sorrow"

Ray Carney is a Professor of Film at Boston University; he has written rafts of books on independent filmmaking and is an expert of the films of John Cassavetes, whom he interviewed repeatedly before the director/star died in 1989. The problem with Carney is that he is utterly disenchanted with film school and the cinema mainstream; he was yelled at by fellow BU film professors for telling also-disenchanted film school students to switch to the creative writing program - one prof howled "You are sending students to other departments!!!!???? You are taking food from my baby's mouth!" He is the only professor in America that I know of that has had his professional website taken down because of his opinions and his opinions alone. (Thankfully, most of it has been restored, but there are chunks of it where you have to use the Wayback Machine to recover them.) That he wrote a very critical article in a 1995 issue of The Baffler didn't help matters.

"....Now, fans of films like Schindler’s List will claim that they reveal new truths too. But I can’t see much difference between Spielberg’s so-called serious movie and his boy’s-book movies. Schindler’s List simply rehashes Spielberg’s inflatable, one-size-fits-all myth about how a clever, resourceful character can outsmart a system. Is that what the meaning of the Holocaust boils down to—Indiana Schindler versus the Gestapo of Doom? Schindler is a Hollywood producer’s self-congratulatory fantasy of how giving people a chance to work for you is doing them a big favor. What real courage did it take to make this movie? What new understanding of the Holocaust did it reveal? Spielberg could have made a really courageous film if he had dared to make a movie sympathetic to the SS, a movie that deeply, compassionately entered into the German point of view in order to reveal how regular people with wives and children could be drawn into committing or silently consenting to such horrors. How about a movie that showed that, at least potentially, we are them? A film that didn’t locate the bad guys in an emotional and historical galaxy far away? Of course, Spielberg could never make that film even if he tried to, because it would require too much insight on his part. And if he did make it, it would not get Academy Awards. It would require viewers to think. And thinking, real thinking, is always dangerous. Audiences might be forced to confront truths that they would rather avoid. Instead of affording them another opportunity to revel in their own virtue, they just might be made to squirm a little." - From "Pulp Affliction", The Baffler.

The real killer was an interview with the UCLA Daily Bruin's Devon Dickau where he told the student that film schools should be replaced with auto mechanic's courses ("A modest proposal") because most film school grads never make a film afterwards. That set the stage for the great shift Carney had with his department shortly afterward, but more on that later.

Bizarre battles: Gena Rowlands and Al Ruban, Mark Rappaport

Outside of academia Ray Carney has been embroiled in a series of weird battles with people whom he either respected, or were related to or worked with people he respected. We don't want to go into great detail with all of it, but we will leave links for deeper reading.

Gena Rowlands was married to John Cassavetes, Al Ruban was his producer on a number of films, acted in some, is the business manager of Rowlands' estate. Both of them loathe Carney for destroying chunks of their control over Cassavetes' legacy. Mostly this has to do with the fact that Carney discovered a first version of Shadows (1957, second version 1959), and he holds that uncopyrighted print. This hunt took seventeen years and as a reward Rowlands and Ruban wanted Carney to hand over the print so that Ruban could destroy it or Rowlands could hide it away. The other jab was how Carney also found that the Library of Congress had an unseen earlier version of Faces (1968) in 2001, proving that Cassavetes would come up with multiple versions of films that he would screen for test audiences, and that he did not throw the "lesser" versions away. For the sin of knowing way too much about John Cassavetes, Carney's contributions to a Criterion Collection DVD set in the early 2000s were scrapped at Rowlands' insistence. Al Ruban spent the early 2000s badmouthing Ray Carney at a series of Cassavetes film showings. We can only say that the conflict between the two parties was "ego versus rationality" that desperately needed an arbitrator, but nobody in LA would touch it with a barge pole.

The fight with Mark Rappaport started simply, then spiraled out of control. Like with Cassavetes, Rappaport is a independent filmmaker, and after years of living in New York City, he decided to move to Paris around 2005. Carney claims that Rappaport told him that there was this stuff he didn't want, and that there were no-strings-attached and so Carney had the stuff mailed and he paid for the shipping, film reels in metal pans and disks and other bits and pieces of cinematic detritus. He cleaned the things up, allegedly spent "tens of thousands" setting up a display and storage space for the material, kept Rappaport updated by email....then seven-and-a-half years later Rappaport demanded all the stuff back, after Carney had returned some video masters back in 2010. It got very ugly very quick, because Rappaport and his lawyer went online to the various cinephile websites, and all the indy cinema people that Carney wrote about began demanding that he just turn the "films" over. Independent filmmaker Jon Jost claimed that Ray Carney had perjured himself in his legal descriptions of the Rappaport material, and therefore should stop teaching and undergo therapy for his "psychological demons." This went on for about six months; news pieces and blog posts about it litter the internet from 2012-13. In the end, I still don't know if Carney returned everything; it really doesn't matter because the drama it created burned bridges between the professor and the two directors. It also made Carney's relationship with Boston University worse.

The Blog Itself

Laid out sequentially from March 2013 to April 2015, Inside Boston University is a simple recounting of how Ray Carney's professional life fell to pieces when John J. Schulz was appointed Dean of the College of Communication in 2003. Thanks to the history of Boston University he easily built a collection of yes men who backed everything he did and brooked no compromise. Even when he was replaced in 2008 by Thomas Fiedler (main claim to fame: exposing the Gary Hart-Donna Rice tryst in 1987), nothing changed because of the unspoken system created by one man forty years ago.

Carney is very open about the role John Silber had in creating a system of "Nixonismo sin Nixon" (to modify a 1980s Nicaraguan phrase* about the Contras) at Boston University. Silber (a former University of Texas philosophy professor) was appointed BU president in 1971 and immediately began running the place in ways that would have pleased then-President Nixon or then-Governor Reagan; the Students for a Democratic Society chapter was given the boot, he would not relent when it came to having US Marine Corps recruiting on campus even though there were large demonstrations about it and the students later voted against having USMC recruiters on campus. Silber's response? "I would be much more impressed by a thoughtful document that was brought in by one single student than I would by a mindless referendum of 16,000." And that comment was to The Daily Free Press, the student newspaper! To 60 Minutes, the CBS news-magazine, he said "[a] university should not be a democracy. . . . The more democratic a university is, the lousier it is." Because of his loathing of tenure all the professors joined the AAUP, the professor's union, and Silber had to waste funds hiring lawyers to nullify the move to form a BU AAUP local, all in vain. Beyond the contempt for student protestors (whom he called "primates") and successful attempts at starving the student press, he was in love with nuclear power, banking, defense contractors, and he was able to continually defeat votes to have him removed by sucking up to the trustees. He survived as BU President until 1996 and was Chancellor until 2002, and as he lasted so long, he was able to create a Mafia within the administration and Right-leaning faculty. In 2003, Daniel S. Goldin, the former NASA leader was appointed BU President, but that was immediately scuttled when he said he would "clean house." The college paid him off to the tune of $1.8 million. Silber was willing to break labor law and not give raises to professors who opposed him; Carney claims the same tactic is used against him today, that his pay is stuck at 2004 levels.
Beyond the money, Carney goes into great detail about how badly he's been treated under both deans, the idiotic anti-intellectualism of BU's administration, etc. This blog is a must read for anyone who wants to become an American professor in the era of Massive Open Online Courses, college over-financialization, mindless expansion of the unaccountable administration class, etc. Professor Carney has stopped answering emails; I hope that he is not being pressured by the college to stop updating his blog.

Board Nonsense

Because the Wikipedia Sucks! forum allows guest commenting, we get the occasional oddball. One of the members that continually takes attacks from nowhere by nameless nobodies is wwhp, mainly because of RationalWiki's idiot article about him. That lone bit of online trash has prompted attack page after attack page, and I don't see the nonsense ending soon. As it is wwhp keeps a low profile. We have people on that board who have been so badly burned by Wikipedia and its spawn that they are terrified to admit who they were on Wikipedia and other wiki sites, and that is one of the reasons why the board and this blog exist. If you know the truth about Walesville, you will never want to have an online life there.


* The Nicaraguan phrase was "Somocizmo sin Samoza", "Samoza-ism without Samoza" - a reference to the overthrown and assasinated former dictator of that country, and the Contra attempt to build a new dictatorship through their civil war.