Things related to computer security in some way or another.

‘Justice’ is a Manipulative, Dangerous Lie (and Encryption is Vital to Security)

I think it is time I finally discuss what I’ve long said: There is no such thing as a justice system; there are only legalities created and maintained by those who also are in a position to change the laws to fit their agenda – which is not at all to protect society (granted some of it is but it is done in a poor, inefficient, sometimes manipulative way and it isn’t their only agenda by any means). At the same time I will discuss (albeit only briefly because that’s all it takes) just how much encryption is a vital part to the security of the Internet and the security of everyone on planet Earth – including those who want to degrade encryption in the name of ‘national security’ (something that is a farce when you have the mentality that encryption is dangerous to security). Make no mistake: the manipulative, dangerous, power hungry, filthy, bloodthirsty bloodsucking cockroaches from hell that are politicians are not at all protecting their citizens; they serve no one but themselves in the vast majority of things. I have said I will not get into the cesspool that is politics and I have no intention of changing that. However, because of personal experience in the lack of justice (albeit not in a court setting justice shouldn’t only be about the court of law – yet it isn’t anything but a lie) I will discuss the ‘justice system’ and the way politicians abuse certain things in order to progress their agenda of mass control and inadvertent destruction of exactly what they claim to protect.

Justice is a farce for so many reasons. I will discuss some of them but it is impossible to discuss them all because there are so many variables and some of those variables are very dynamic in nature. I will then discuss how the mentality of politicians is dangerous, manipulative and destructive, as well as how encryption is vital to the security and therefore safety of everyone – including themselves and who they are supposedly protecting. This post will be brutal to anyone who is ignorant of just how much blood the United States of America has on its hands but it isn’t just about the United States of America.

‘Justice’ System a Dangerous Lie and Justice a Myth

Many nations in this accursed world guarantee a speedy, fair, unbiased trial in the court of law. This is a lie in order to make the vast majority of the citizens believe that the authorities really are protecting them, that every person that does ‘wrong’ will be brought to ‘justice’. Unfortunately for the civilians and fortunately for the authorities, most people do believe this absurd lie. ‘Justice’ typically means time in jail, a fine and/or community service (any combination of the three – and sometimes other things). In at least one case there is also a guarantee of no cruel or unusual punishment – including a bloody (literally and figuratively) and accursed nation called the United States of America that still has not outlawed execution. Yes, I will be discussing that indeed. But I won’t get ahead of myself. I’m going to discuss each of these claims one by one. I am not at all going to define these terms under the legal definition because the lawyers speak in their own language (a mutant version of gobbledygook, perhaps?) which deliberately allows for loopholes and other abuses. I won’t even begin to discuss stupid laws because that they exist is unsurprising to say the least (and there are many stupid laws throughout this world).

What is a speedy trial? One might think it is a trial that isn’t delayed (e.g. there actually is a trial), a trial that doesn’t linger on unnecessarily and one that benefits the defendant (but usually benefits the one with the best lawyer – which often means the plaintiff or otherwise the prosecutor in a trial brought forth by the city, state, county, and whatever other jurisdictions might exist). But yet a speedy trial could equate to a hasty trial and being hasty is being incomplete, not at all thorough and that is not at all justice. Indeed, this tactic is exactly what happened during witch hunts. This absolutely happened in the Salem Witchcraft Trials – one of the only fascinating times in United States of America specific history to me. When you combine this with the fact they allowed all sorts of ‘evidence’ that could implicate anyone you can see that this was the exact opposite of ‘justice’ (and no matter how many were charged and executed the affliction continued). Indeed, on June 29 of 1692, the one accused-‘witch’ declared innocent called Rebecca Nurse was shortly after declared guilty because the moment she was declared innocent the afflicted girls started to thrash around, howl and more or less make a dramatic scene. Certainly, a speedy trial here did not benefit anyone – and many innocent people were executed from the mass-hysteria affecting Salem Massachusetts at the time.

Yet sometimes trials aren’t even started; a very good example of this disgrace is the prisoners of Guantanamo Bay, Cuba. As I recall, some prisoners weren’t even charged with anything at all (which is mostly to delay so-called justice and because there wasn’t enough evidence to charge them – at least until tortured enough but torture results in inaccurate evidence and is still unethical and immoral). This is obviously the complete opposite of a speedy trial because there isn’t any crime in the first place (the only crime is that done by the blessed United States of America). I will return to this place again in the no cruel or unusual punishment part.

Unbiased? There is no such thing as unbiased. Even this article has some bias in it no matter how much effort I try to be unbiased. We all see things through our own experiences and we all have different experiences. How can someone have experiences as if they weren’t their own? But I’ll extend this: first impressions. If someone were unknown, accused of a heinous crime in front of jurors and they looked different (long hair, afraid to look at people, blunt or flat affect, distant, a perfect description of me) what would the jurors think? Prejudice exists everywhere in some form or another and surely if I am not showing much emotion, can’t look at people, don’t have much emotion in the voice, it must be true what the prosecutors are saying? There doesn’t need to be any evidence besides how I look! You call that justice? You call that scientific? It isn’t justice and it isn’t scientific – not even close.

No cruel and unusual punishment? That is complete bollocks and it is an utter disgrace for a nation such as the United States of America to spout as if it were even close to true. Innocents have been executed! Is that justice? Is that kind? Is that compassionate? Is that anything else the United States of America claims to be? Absolutely not. Yet the US also calls out other nations for similar things. Hypocrisy to the extreme. The fact pharmaceuticals are denying executioners medications for use in execution (as they should!) only makes these worthless, arrogant bastards more desperate for a solution (literally and figuratively, perhaps!) to execute prisoners while still being humane! Execution isn’t humane! But even if it is humane, the fact the United States Supreme Court backs the use of the sedative midazolam for execution says a lot. Yet it is worse than that. The botched execution in Oklahoma last year as described here:

He is reported to have writhed on the execution table, attempting to lift his head and speak. He eventually died of a heart attack, but not until after the administering authority had decided to suspend the execution and attempt to revive him. Oklahoma quickly issued a two-week stay for Charles Warner, who was scheduled to be given a lethal injection later the same night.

They actually tried to revive him? I can only presume that they wanted to try it again. Indeed, there is this inherent mentality of officials (like executioners) should have the final way of how someone who supposedly deserves death by state should die; if they die by self-inflicted gunshot then that would be less desirable than execution; is a life not a life? If it is really about ‘justice’ then it doesn’t matter if they commit suicide or are executed. No. It isn’t about ‘justice’; execution is about revenge – nothing else. Yet what that person went through is beyond incomprehensible; really, the state of Oklahoma did that to someone? If murder is illegal – as he was executed for – then why is the state of Oklahoma (or any state declaring murder is illegal) executing – i.e. murdering – a man? Why did they torture a man to death (if the executioner were to torture someone outside of their death chamber then it would be decried as heinous but in his death chamber it is undesirable but still acceptable – and in some people’s opinion the torturous death is not at all a problem) if they are executing the condemned for murder (torturous or otherwise)? Revenge. But yet, some actually approve of such a disgusting act, for example in the tweet from Bill Hobbs:

An execution that ends with the thug dead is NOT a “botched execution.”

And responding to the Drudge Report headline “Oklahoma inmate dies after execution botched”, conservative commentator Ann Coulter tweets:

Isn’t that what’s supposed to happen?

A website about the death penalty in the United States even shows that some states allow the use of the gas chamber and others the firing squad (one for each also is used in case lethal injection is outlawed and/or if the drugs aren’t available). Tell me, Americans that approve of all of this (perhaps Bill Hobbs, Ann Coulter or the governor of Oklahoma or Utah?). Doesn’t America condemn the mass extermination of Jews during the Holocaust (or for that matter any other genocide in the history of mankind)? Does it matter if it was through gas (which was used) or by gun (which they did including at a Potters Field and even killing two with one bullet by way of tying the two condemned back to back and shooting in one mouth so that it goes through one skull and then into the skull of the other)? Don’t bother answering; I’ll answer instead. No, it doesn’t matter how it is done so much as if it is done – unless it is being done by the United States of America, in which case it is perfectly acceptable. This is not unlike the Nazis modelling their eugenics on the United States of America eugenics (which included Jews and other life unworthy of life). We can’t forget, either, about Project Paperclip (other places called Operation Paperclip) where the United States of America covered up the crimes of Nazi scientists in order to learn from them! The reasons are potentially many but amongst them is to keep them away from the Soviet Union. I quite like the last sentence of the BBC article I linked to:

But, while celebrating the undoubted success of Project Paperclip, many will prefer to remember the thousands who died to send mankind into space.

The fact the US also tortured prisoners at Gitmo (in addition to not charging with crimes, etc.) only makes this all the more worse. Then there are the experiments in torture, other human experiments (a scary amount of experiments that have been documented in various places; for instance here) and much more. While Americans tend to believe the lies America spreads about being the most caring, most compassionate nation in the world, the actions of the nation and the mentality of many Americans demonstrate the exact opposite. That many are in fact caring, compassionate and do their best to be ethical and moral is fine and well (the actions of a man who is paralysed from a sniper attack is a humbling example[1]) but that doesn’t excuse the others.

No, no, no. Justice is a lie. Even if the person convicted truly is guilty without a doubt, and with full intention, it doesn’t take away the victims suffering. There is no justice in a world led by humans because humans on a whole are inhumane, unethical and immoral. It doesn’t matter if it is the treatment of animals or the treatment of humans; it is all the same on a whole.

Lastly, going back briefly to the Salem Witchcraft Trials, there is an amusing little final words of a condemned ‘witch’. Taken from (with me changing the spelling to haemorrhage)

At the hangings, the Rev. Nicholas Noyes asked Sarah Good to confess. “I am no more a witch than you are a wizard, and if you take away my life God will give you blood to drink.” was her reply to him. Twenty-five years later, the Rev. Nicholas Noyes died of a haemorrhage, choking on his own blood.

I changed my mind. That is an example of justice. Or maybe it is just cruel but well-deserved irony. Nonetheless, the reverend deserves what happened.

[1] At one point in recent years (I can’t find the reference at this time) an American Jew attempted to stop an execution of the sniper who paralysed him to the extent of requiring a wheelchair by suing the state. Despite being unsuccessful it shows extremely positive character. The saddest part is, if I am recalling correctly, the attacker was paranoid schizophrenic and unfortunately read Mein Kampf which definitely fed into any of his paranoia. But this is yet another problem with execution (and in general mentally ill are treated with less respect, less dignity and as inferiors; ironically the Nazis would have considered him an inferior himself but that doesn’t take away the unnecessary loss of a life, does it?). He put it quite well (I don’t have the exact quote but it is close enough for now): He doesn’t think a state where it is illegal to murder should be in the business of killing. He adds that he has had many years in a wheelchair to think about this exactly. Despite this many states still disagree – and it is quite hypocritical to say the least.


So US politicians are making claims that encryption really needs to be weakened in order to properly detect bombings (etc.) in advance. The reasons this has come up is obvious and not one I really care enough to get into because it is frankly irrelevant. Without encryption e-commerce would be made more unsafe (it isn’t safe now …); commerce in any form would be unsafe; online banking would be unsafe; authentication in general would be unsafe. Weaker encryption would be going back to the dark ages – if not before mankind! Even Julius Caesar used a form of encryption (commonly called ROT-13 because it was a rotation of the letter by 13)! There is a reason we migrated from TELNET to ssh (for one example of many more). But here we have idiots in power wanting to weaken security to … improve (!?) security! That makes no sense at all. This is very basic but something politicians just don’t get due to their greed, lust for power and their inherent stupidity: the more information someone has the easier it is to launch an attack and the more personal information someone has, the easier it is to steal the ID of a victim. There is but one exception here: you cannot steal the identity of a politician because politicians are so exceedingly arrogant and infernally stupid, demonic maniacs hell-bent on world domination and destruction, that no identity thief could fool anyone into believe they really are who they claim (and if they considered trying they are probably seriously ill). But you could cheat them out of money (even if they have far more than they deserve) or cheat their family (including those who were unfortunate enough to be born in a cesspool). No; encryption is not a threat to the security of the west; weak encryption is but more than anything else, the west is its biggest enemy simply because the leaders ignore history and are misguided morons.

As for what inspired me to finally get around to writing about justice being a farce (and it admittedly went beyond that – a lot more than I expected but I feel is more than worth the time and effort) is this article entitled: When Phone Encryption Blocks Justice

No, encryption doesn’t block justice; mankind blocks justice and this is why justice is a lie. That’s the brutal truth of the matter despite what many claim and many more will believe.

Linux.Encoder.1: Hilariously Pathetic but Offers an Important Lesson

This will be a short post because there isn’t much to say, really. Many have claimed over the years that Unix and its derivatives (and really, Linux is only not a ‘proper’ Unix in the sense of licensing) are immune to malware, despite this being shown false again and again and again (I’ve certainly cited examples before and I will continue to do where it fits what I’m writing). But they are woefully naive if not stupid (ignoring the truth because you don’t want to deal with it is quite lazy and very stupid – even for humans). It has come to my attention that a ransomware attempt on Linux has affected some servers.

Yet it is so primitive you would think that the programmer only just learned to program (having a long way to go) and/or is very ignorant of how seriously inadequate the C pseudo-random number generator (pRNG) is; indeed, you can get the same results as long as you have the same seed – which they conveniently kept by way of the (I presume) modification timestamp of the affected files. Complete failure; it is an ineptitude that you would never want a programmer of legit software to have. Of course it would be easy to fix that flaw and it would be easy to fix the flaw of using rand() but I’m obviously not going to point out how because it would be unethical to do so (and anyone worth their salt would be able to fix it in a heartbeat). So yes, I guess you could say I’m mocking the author for an extremely pathetic attempt at writing software (but mostly it is to once again stress that malware isn’t only a Windows problem; to backup and to use privilege separation as it was meant to be used). It is amusing to note that virus writers of old actually had really good programming skills and now the malware authors of today typically do not (that isn’t to say it is always the case; indeed there were some authors that were also inept – however, there certainly was art to it before whereas now it is just causing harm in some form or another). This is amusing because even amateur programmers know just how inadequate rand() is for random numbers of any kind. But make no mistake: the fact of the matter is it will likely be fixed and it can cause a lot of problems. Even if it doesn’t affect you directly, the reality is it can affect others – and indirectly you. The fact they made this error is amusing for the reasons I cited but it doesn’t have to be this way – and often isn’t.

This is summarised as the following by Bit Defender Labs (they also have a decryption tool with a caveat that some systems have had the files encrypted twice which is yet another reason the lesson I was going to point out anyway, is so critical):

We mentioned that the AES key is generated locally on the victim’s computer. We looked into the way the key and initialization vector are generated by reverse-engineering the Linux.Encoder.1 sample in our lab. We realized that, rather than generating secure random keys and IVs, the sample would derive these two pieces of information from the libc rand() function seeded with the current system timestamp at the moment of encryption. This information can be easily retrieved by looking at the file’s timestamp. This is a huge design flaw that allows retrieval of the AES key without having to decrypt it with the RSA public key sold by the Trojan’s operator(s).

As for the lesson. I don’t understand why people don’t get this but it really is so simple: BACKUP YOUR DATA! Not every once in a while; not when you feel like it. EVERY SINGLE DAY! Not just files that have changed; not only some data files; all files and in a cycle (ask your local administrator about backup options). If you don’t do this, you will eventually be sorry. Even if you can recover files from some file systems easily enough, what if something else goes wrong? What if the drive is completely toast (literally or figuratively)? Where will you be? What if you lose photos or videos of lost loved ones? What if you lost a story or even a book you wrote? There are a lot of risks and why suffer the consequences when you can simply backup? As I recently put in my fortune file, backing up is simple which makes it all the more ironic that so many people don’t backup:

Humans are inherently lazy and weak. This is why they tend to do what is easiest instead of what is right – even ethically and morally so. It is rather ironic, then, that so many people refuse to implement proper backup and recovery systems – which would save them time, money and much grief – when it is also much easier than trying to recover lost or corrupted data.
— Xexyl

Remember that and follow up on it. You’ll save yourself so much grief when disaster strikes. And let me remind you that a backup that does not work is useless; yes, this means you must TEST recovery. Yes, this means you must TEST EVERYTHING about it (including making sure your backup medium is error free). CDs, DVDs, Bluray discs do not work well for daily backup because of the burning nature but they do work for the occasional extra backup (e.g. you want to have a second copy of all your photos and videos). Just note that you should replace those discs every so often; I’m not sure actually what the time frame is but there is a time frame and if you rely on optical discs then make sure you consider this. That isn’t to say other mediums are error-resistant (errors eventually happen) so much as just because the data is burnt into the disc, does not mean it never will have a problem (this isn’t even considering scratches, snapping in half, and so on). Redundant backups are a good thing and NO, the cloud is NOT a backup system! It is fine if it is in addition to your regular backups but it is NOT a backup system by itself! These rules (and actually more) apply regardless of your OS of choice.

Actually, make that lessons (and reminders). In addition to backups:

Make use of privilege separation; don’t use root unless you have to, don’t run programs as root unless it is absolutely required (the program complains for ALL operations that it is required). Similar goes for other OSes.

There exists malware that targets OSes other than Microsoft Windows; the fact Windows has a much larger user base is only relevant in that more malware targets Windows because the return on investment is – oddly enough – higher. But that doesn’t mean malware doesn’t exist anywhere else; it does and this very post gives an example of it. Only recklessly naive and ignorant people would claim otherwise; of course, many people are recklessly naive and ignorant (as well as being carefully naive and ignorant) but it doesn’t change the reality of the situation that malware is cross-platform.

Security Through Obscurity

I was on the fence of whether to call this ‘Insecurity through Obscurity’ or ‘Security Through Obscurity’ but I’ve opted for the latter because that is how the rationale usually goes. However, while it is true it isn’t a sound security policy by itself, it doesn’t mean obscurity is useless. People tend to think on either extreme while calling out others for also being extreme. We’re all guilty of it to some degree but the subject of security through obscurity is one where you typically see either extreme (the negatives) but much less of the moderate (the positives). That is because too many people are pendulum thinkers.

In order to understand this, one must ask what security through obscurity and security by obscurity means. It is basic language but through and by implies that you’re attempting to make it secure through obscurity or by making something obscure. By itself is the key point. Regardless of whether someone interprets it that way or not, though, the point is still the same, and that point is what matters. Nothing is secure by itself. Security is a many-layered thing and this has always been known. No single thing by itself is secure. This will never change. But that doesn’t mean obscurity is useless; it isn’t.

As I am quite open about fantasy being a significant part of my life, I’m going to bring up a very relevant quote to security from the Harry Potter and the Half-Blood Prince, where Professor Severus Snape talks about the Dark Arts:

The Dark Arts are many, varied, ever-changing, and eternal. Fighting them is like fighting a many-headed monster, which, each time a neck is severed, sprouts a head even fiercer and cleverer than before. You are fighting that which is unfixed, mutating, indestructible.

(As a note: I don’t have the book in front of me, so I copied that from the Harry Potter wiki; unfortunately I’ve noticed a lot of mistakes there – made much worse by the movies being very wrong in many things. If there are any slight differences or mistakes, that is why. It seems about right, though, as I seem to recall that when I recently reread the books)

That is exactly the same as computer security! When you replace ‘The Dark Arts’ with ‘Cyber-attacks’, the analogy is perfect. What might seem secure might later be deemed quite weak and/or broken (this has been shown many times, including recently; SHA-1, anyone?). Or an attacker might have a new tool or has different insight which led them to discover a flaw in your otherwise carefully planned, so-called perfect security policy. The list of possibilities goes on ad infinitum. The bottom line is this: no matter what you think is possible or impossible with security, it won’t stay that way (even if you are correct at the time being). I’m obviously excluding things like there is no 100% security; that is true and it is absolute – this will never change. No matter what protections are in place, and no matter what policies are deployed, it will eventually be breached. That’s why the quote above is so perfect for computer security – it is equivalent.

Now, with that in mind, obscurity does have a positive effect on security. But only when used with other layers. I will be citing an example of where it was taken too far because it highlights the point quite well. Yet sadly some people professing security are completely missing this point, while also defeating their own logic without realising it because – wait for it – it is too obscure for them to see. The irony is incredibly amusing and simultaneously shows exactly how obscurity can be of value; they don’t even know that they rely on exactly what they’re calling out, because it is obscure enough to hide from them. In that case, it is convenient to them because they can still see themselves as correct. But they aren’t.

About a year ago Fedora proposed to require all files under /usr to be world-readable. The very first response starts out:

Yes, yes, yes! Down with security by obscurity!

Which is quite ironic because the proposal doesn’t even bring up security directly (it only brings it up in the list of some of the offenders). But never mind that irony; it demonstrates exactly what I mean. The theory goes that if something isn’t world-readable, then it is more obscure (true) and therefore it is less secure (false) or is irrelevant to security (false). Except that, again, security is a many-layered thing.

My question to those on that page – as well as others who use similar logic to justify any number of things that are in their mind, related to security – is this: When will it be recommended that we make /etc/shadow 0444 (u=r,g=r,o=g) or anything other than 0000 (as it is now)? Never? Do you know why? I’ll tell you why. Even in the 90s it was far too easy to take a copy of /etc/passwd off a server (which is world-readable and has – that is, had – the salted hashes of all the logins of the system), perhaps because of the Apache 1.3.x (as I recall, that was the tree) phf bug, and run a password cracker on the file, and giving you passwords to logins of that server. And once you have shell access, you’re a local user (the difference being connectivity problems including because the system – or an administrator – detected you and cut your connection) and local users are a lot closer to root access. Then consider that much weaker standards, policies and practises were accepted and in place (r* services which could lead to the system being compromised without a password, TELNET, insufficient filtering, etc.), on top of the login/password matches, and it makes things very ugly indeed. It didn’t even take much computer power to run a dictionary attack and now we have a lot more computer power (not only through CPUs but also GPUs as well as parallel computing – all helped by the fact computers are far cheaper these days; anyone who was around then will know exactly what I’m talking about because it is a drastic difference). Don’t forget password policies, reuse, sharing, amongst other things, are still terrible. You note that this form of obscurity is the same as the /usr discussion suggests (whether anything in /usr should or shouldn’t be world-readable is detracts from the point). Oh, and by the way, here is yet another way obscurity can be of use, cited at It works together with other defences. Is it really that hard to understand?

At the other end of the spectrum, you have vendors (or organisations) keeping vulnerable software (and/or configurations) installed because any bugs in it are obscure enough, or the service is so rare that surely no one will know of it. That’s not how it works, though. If you’re attempting to secure a service through this, you’re making a terrible mistake. One hopes that you are using other layers too, but if you aren’t – or your other layers aren’t sufficient – you are potentially walking on thin wires just below reaching space (and if you are indeed knowingly allowing bugs to exist, you are walking on thin wires). Hope you don’t fall (but if you do please don’t hit anyone or anything). I should point out, lastly, that to not fix bugs for any reason is silly, it defies what a good programmer does, and it is especially stupid if you don’t fix it because you have a workaround, you add sanity checks (used only to try to prevent the bad code from executing) or you think it isn’t a problem – security wise or not. That is where obscurity is not helpful. Not that it really is obscure: if you think a bug is obscure enough that it won’t be a problem, then you’ve not encountered enough users with the right mindset (or they abused it and you don’t even know it) and you don’t have the right mindset, either. As I’ve put it before, if you are a master at troubleshooting, then you understand how problems arise in the first place, and therefore you can easily cause them. I know this because I’ve done this exactly; I know what checks to put in place, I know what to guard against, and I know how to find bugs in programs that I am testing. As I’ve also put it, using workarounds does not equate to a fix and you will eventually be bitten – again and again – by the bugs until they are fixed properly. Recompiling the source with a bigger sized array instead of dynamically allocating it (or using a language that does this for you) is not a fix; it isn’t even a hack – it is an ugly workaround (if that) due to laziness and nothing else (workarounds and checks are fine until you can fix it but those do not take the place of fixes in a properly working program – that’s the difference).

Speaking of workarounds, here is another amusing example of one, going back to Fedora and the world-readable /usr issue again. This is from the logs (or as they call it, ‘journal’) of the oh-so-precious systemd:

systemd: Configuration file /usr/lib/systemd/system/auditd.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.

Amusing, isn’t it? I never touched that file in any way. Yet despite what they ‘require’, it isn’t true, and this is one example of littering the logs with useless crap. Useless, unless you are looking for an example (e.g. for documenting purposes like this) of stupid ideas and their equally stupid workarounds required. The fact APIs allow access when the access mode does not, says a lot – and nothing positive. But you know what this is? That’s right, it’s a workaround. If it wasn’t for the fact I constructed this the way I did, I would say the irony is perfect. But it is still ironic that they would use a workaround on something that some say improves security. Yes, removing obscurity would improve security but only if you incorrectly believe obscurity is never helpful to security; but it doesn’t because obscurity is useful to security when used in addition to other defences.

The Dangers of External Media (floppy diskettes, USB, etc.)

I’ve written about master boot record/boot sector infecting viruses before, albeit not specifically how they work (though I am familiar enough to do so if I really wanted to). I’ve reminded people of the similarity to floppy diskettes and USB drives in how they are a source of viruses (and malware more generally), as well as how systems can boot off of both of these (as well as CDs/DVDs and other devices) – while simultaneously installing malware. I believe I’ve made references to BadUSB and I’ve written about more of all this under Bring Your Own Demon (BYOD) and the Internet of Things (IoT). I also strongly criticised Fiat Chrysler for encouraging people to use USB sticks they receive in the mail. But now I have more to write on the matter. Because besides viruses (and I include BadUSB in that category) there is a new version of USB Killer. It actually kills computers (and it seems USB Killer v1.0 also did this). Yes, I of all people would find it odd that a non-sentient thing could die; I would also have argued it is literally speaking, impossible.

But I’ve changed my mind. I’m also reminded of some old issues that many are probably not aware of. To those who don’t remember the old AT power supplies (or those who have never heard of them or what dangers lurked inside them), if you plugged the power cable (referring to the 20-pin cable) in the wrong way[1] then you would have a very nasty power problem.

Then there is the old trick of sending a PSU (power supply unit) to a friend overseas or even a friend in the same country (therefore using the same line voltage) with the incorrect voltage set on the PSU. Or if you forget to change the voltage (as a long time friend from the Republic of Ireland did, when another friend sent him a PSU from the US), you would also be very unhappy indeed. But he was able to laugh about it, at least.

And then there is USB Killer v2 (video of USB Killer v2.0 on a laptop). There is another version – a remake of v1.0 (I guess it is) which in my opinion is worse than what v2.0 does – unsure what it would do to a laptop but the PSU catches fire and the internals of the computer are charred. He was going to attempt to salvage it but he didn’t expect it to be as bad as it turned out to be.

Yet, even though a version of USB Killer was released on April 1 (a comment at the video of one of the videos links to a website that I have used on) of this year, it was no joke. I should have linked to that in my article on the lie of security being of utmost importance but I had forgotten about it (I only remembered BadUSB and others, and I hadn’t seen the video of USB Killer v1.0 – I’m glad I have now). Chrysler really should be absolutely ashamed with themselves, especially for dismissing the risks as hypothetical.

People that also participate in that game (I can’t remember what it is called) where they look for items (based on coordinates that are published, maybe?) including USB sticks, should seriously reconsider doing so. While I’ve always been against destruction of data, I could still see just how amusing it would be to do this (even though I would never do this even if I were to participate in such games) – I mean, after all, anyone playing this game is asking for trouble (on the other hand, the fact people might test it on another person’s computer is reason enough to not do it) and games are meant to be amusing (and you can’t deny destruction amuses a lot of people). Still, with BadUSB and USB Killers, not to mention other malware and associated risks, it really shows just how reckless people are (same goes for older floppy diskettes; just leaving it in by accident or through forgetting, could lead you to being infected by a MBR/BS virus, perhaps even a multipartite – which is MBR/BS virus which also infects files). It might be due to unawareness but how does someone who is unaware become aware if they don’t know there is a problem?

Everyone who thinks the Internet of Things (IoT) or Bring Your Own Device (BYOD, which I have said the D is for Demon) are good ideas, really, really, and I do mean really, needs to wake up to the risks. These are very bad ideas. It is bad enough at home – it is worse in certain professional settings (social services or medical settings come to mind especially). Be aware, people. Stay vigilant or you will run into problems (you might run into problems even if you are vigilant but the chance goes up a lot when you aren’t vigilant). Be suspicious. Be concerned and careful. No, no, no, this is not paranoia. Paranoia involves no evidence that you are being targeted – it might involve evidence to the contrary. This is being intelligent. There. I’ve finally said it. I said there is such a thing as intelligence. Who knew?

[1] It was two different male connectors that you placed (together) into the female port on the motherboard. But you could put them in the wrong order (if coloured you wanted black to black, as I recall). If you didn’t do this correctly you would be very sorry.

Artificial Intelligence, Aliens and Computer Viruses

Okay, to be fair, Watson (that defeated the champions of the US trivia show Jeopardy) did have to interpret the questions in order to answer them, but without all that information it was fed its chance of winning would have been a lot lower. Storage capacity is huge compared to what it used to be (and it is a lot cheaper too) and more generally, technology and its power is advanced enough that it makes things like this less significant. I’m all for the evolution of technology but it is a mistake to not have serious, very long, very thorough discussions about AI – of every single concern at every level (technical, ethical and moral included). Yes, this means trying to find potential problems instead of ignoring the reality that we haven’t thought of everything (and no, we haven’t thought of everything – this is shown over time, repeatedly, when something new does come up).

I admit this might be childish of me but I readily admit that I can be childish. Whatever. It seems that a so-called AI machine was given an IQ test. The results, however, say a lot of just how good AI is (not). Maybe I’m so amused because I’ve stated many times that devices are not at all smart and maybe it is because I’ve pointed out the stupidity that many humans exhibit. But in any case, the intelligent machine scored the IQ of a four year old child. Yes, people, that is how intelligent AI really is and still people have faith, despite the fact some AI already has shown scary implications (as I refer to the OpenWorm project). No, feeding a robot (e.g. Watson) information in order to beat masters of trivia does not count as being smart but instead capable of retaining information. But since the machine got the result of a four year old, I’m going to childishly refer to a quote of mine that essentially likened human intelligence to that of artificial intelligence. Certainly, only fools will call themselves intelligent without any questioning and this is unfortunately something humans tend to excel in (and revel pointing it out as if it makes them superior than other species).

So. Saturday, September 12, I was made aware of a most amusing, ridiculous concern from scientists at Oxford University – that we have to be careful because we might send computer viruses to our friendly aliens in outerspace. Graham Cluley has an amusing video on the matter here. Yes, they genuinely believe we might spam and/or send viruses to the computers of aliens. One argues that we already spam the universe with reality soaps and I can’t say I disagree there; but that’s a different story. But I’m going to take this as an opportunity to discuss:

  • The pros, the cons and the risks of AI
  • The treatment of (‘against’) animals, the abuse of the environment, the destruction of planet Earth (and all its lifeforms) and the ethics of trying to find replacement planets because we’re too fucking stupid to take care of the planet we have
  • The possibility of aliens and the mentality humans tend to have about it (and them)
  • Alien computers and computer viruses (here versus there, wherever or whatever there might be)

Artificial Intelligence: The pros, the cons and the risks humans are subjecting themselves to.

I fully admit that I am mostly against AI but yet I do appreciate that there are legitimate uses of it. No good comes without bad and no bad comes without good. We all have dark and light in ourselves despite what many will say about certain figures in the history books.


  1. By experimenting with AI we learn more. Perhaps not enough to understand and appreciate the risks (but this is just like history), but the more we learn, the better things can be (perhaps with the exception of military advances – but even that is better for the military, I guess).
  2. A robot could be designed (or improved upon) to help rescue people trapped under rubble after a natural disaster (for instance, the 8.8 earthquake in Chile earlier this month?).
  3. A robot could do other things that are impractical for humans to do. Whether thinking is one of those things or not is another matter entirely (I would argue yes but only if AI really takes off).


  1. This is something I’ve never quite understood. So many people want AI to be advanced in order to do tasks that these same people consider tedious. But yet, if this is accomplished the robots will succeed the humans doing these tedious tasks, therefore taking their job (and that includes actual activity – of the brain and the body, both of which are part of slowing deterioration). Machinery doesn’t need money to live (an arcade machine isn’t alive even though it expects money) but humans do need some way to barter. There is just no getting around it.

The sceptic might look at the above lists and point out that despite the fact I’m against advancing AI, I’ve given less cons than pros. But besides the fact the list is not at all complete (and some pros might be cons to some and the same with cons as pros to others), there is something worse than cons: the many dangers that AI poses to mankind.


Rather than include a list of risks, I’m going to remark on some things I find concerning. Most would know I’m not at all the only one to warn these things, and some might claim I’m just another coward who is afraid of machines. But there is a reason I’m not the only one: there are actually very legitimate concerns. There is also the subject of ethics and morals (which in my view is equally important).

The fact that some countries want to develop killer robots should say enough to most people. I’m not sure if it does but it definitely says enough – far too much – to me. It shows an extreme and disgraceful disregard for human life and it shows just how far people are willing to go to for their own benefit. I’m going to call it as it is: those (nations recognised by the UN) who go so far as to develop (and/or buy into or fund) killer robots are selfish cowards to the absolute extreme. Then there is the Israeli Harpy drone that decides itself whether to shoot or not. The proponents will say things like they wouldn’t launch the ‘fire and forget’ device into the area if they didn’t think there was an enemy (does the fact humans aren’t perfect come to mind? It should) but besides the fact that the more advances with this technology, the fewer choices humans will have (I refer to a project in a bit that demonstrates this), and besides the fact a tank is still a tank (see also the concept ‘friendly fire’), a life is a life, is it not? If a remote controlled drone kills innocents, what makes any rational person believe a drone controlling itself, will do any better? An indiscriminate weapon is still an indiscriminate weapon and a life is still a life! (Yet, as an Israeli historian says, Israel has not learnt the full humanitarian lesson of the Holocaust as [they] should and [they] do manipulate the Holocaust but [they] also feel very, very deeply about it.) But I’m not trying to lecture anyone on this matter (there are plenty of resources and there are faults on all sides but the closest thing – that I’m currently aware of – to a killer robot, is the Harpy drone) – it would be futile and counter-productive, anyway; the bottom line is that AI has real risks to mankind and just like history it is being ignored by foolish people (which indeed includes military and government officials), AI is too (it is inevitable but there really needs to be far more discussion on the ethics and the implementations of). Yes, yes, I know many Americans and (all?) Israelis will condemn me to hell for these statements but I also imagine they would LOVE the technology in the hands of Hamas and Hezbollah! But you know something? Just like there is no going back after the splitting of the atom, there is no going back on this type of thing. Choose your poison and choose it well. However, if you ignore history for a moment (and not a moment more) and look at a telling experiment called the OpenWorm Project (pay particular attention to: Wriggle room; Silicon Immortality; and note Moore’s Law), then you should be able to understand exactly why killer robots are a horrible idea (besides the blatant disregard for life, life that could be your own or someone you care for deeply). Some would point out the Fighting Fate section and make the assumption that someone like me would agree with fighting death. Well, I don’t agree with fighting death any more than I agree with the blatant disregard for life that many humans exhibit: we’re all mortal and this is completely different from improving the lives (which includes health) of others. The section brings up a valid point, though – Mother Nature doesn’t care what humans are capable of (or have supposedly cured); the event they refer to is a good example (a specific solar flare). There are more examples than solar flares – for instance, supervolcanoes. Another example is the Tunguska explosion in Siberia in 1908. The bottom line is that artificial intelligence could overtake humans. Whether that is a problem to anyone or not is another matter entirely.

Planet Earth: The treatment of animals, the harm to the environment and the ultimate destruction of the planet.

I was going to write about this in more detail but after attempting it a few different ways, I see this is impossible for me to do – this subject is one I feel very strongly about and it is one of the things that most disgusts me about humans. The treatment of wildlife, the damage to the environment (and things like deforestation), and the fact humans can’t even respect themselves is just beyond comprehension. Last year, it was reported that in the past 40 years, 50% of world wildlife populations have been destroyed. (For some populations it was more than 50%.) Yet some claim that because there are difficulties with establishing these statistics, they aren’t statistically valid. This claim only proves just how out of touch (or unconcerned?) humans are with the amount of damage they cause.; humans cannot respect themselves so they certainly cannot respect anything else. What I will say is this: the planet will be devoid of all life, long before the Sun dies. One of the species will deserve it and the rest will not. The species that deserves it is the species that causes it – homo sapiens (whether directly or indirectly, mankind will destroy the world).

The possibilities and implications of extraterrestrial life.

I’ve long felt that humans need to stop looking for other planets to one day occupy. The reasons should be clear already, but I’ll reiterate it anyway: we cannot take care of our own planet, so do we really have the right to populate other planets – only to destroy it as well (not that those doing so really care if they have the right or not; humans tend to believe they inherently have the right to do whatever the hell they want)? The reality is if we can’t take care of the planet we have, we won’t be able to take care of other planets. It is one thing if mankind wants to destroy each other (and ultimately Earth) – and this is bad enough – but it is another entirely to find more planets to destroy. While not all humans are this way, the overall impact humans have on the world makes me truly question whether we deserve another planet. I don’t think we do even though some will suffer – and are suffering – because of those that don’t care about anyone or anything. But that’s not what this is about. The issue is quite simple:

If there are other lifeforms out there, and they are actually intelligent (at least in what humans call intelligence and in which case they will probably be more intelligent) and capable of contacting (or travelling to) us, then there are two likely outcomes:

  • They would have the capability to completely destroy us. I will not express my opinion on this matter other than say it would be cruel irony.
  • They will stay clear the hell away from Earth. This would seem plausible unless the first possibility is true. Humans cause so much damage to each other and the world, and humans destroy the unknown (hence the hunts for big foot and the stories of killing it; there are other examples though), why would aliens – who are intelligent enough to contact us – want to contact us? A Twilight Zone (or so I think it was) episode highlighted this quite well; I can’t recall the episode name but the idea was a town was inhabited by what they thought was an alien. In the end, someone was dead and they then understood that the alien was themselves; indeed, one of the humans killed another human they thought was an alien. That is sadly a rather accurate depiction of how humans behave.

Realistically, if they were capable of travelling here, they would probably be capable of destroying us, so the fact this hasn’t happened yet (unless they’re secretly mating with humans, silently taking over? I imagine some would like to believe – if not fantasise about – that) could possibly answer both questions at once (there are lifeforms that are intelligent enough to hide and there aren’t other lifeforms capable of travelling to Earth). I wish we’d stop looking though, I really do, because of the tendency to destroy the unknown.

Alien Computer Viruses.

What to say on the matter. There are so many things it is hard to know where to begin or even what to include. Let’s start with the technical aspects. It is true that computer malware has been accidentally sent to the International Space Station (though off hand I don’t have references, it has happened). That is scary enough and it is yet another reason nations writing malware (and abusing exploits; I’m looking at the US especially) is just a very reckless and stupid idea. But whether there are computers on other planets is another matter entirely.

There is this inherent belief that just because life on planet Earth requires certain things (carbon, hydrogen, oxygen and nitrogen for four examples), it should be the same for other forms of life on other planets (or all species), and therefore if a planet doesn’t have the same requirements we require, it cannot possibly have life. This is just stupid and arrogant. What makes anyone here believe life on other planets have the same restrictions we do? They could have more restrictions, they could also have less restrictions (or maybe none? At least one scientist believes that intelligent lifeforms on other planets will be machines) or it is entirely possible they can live under different restrictions (e.g. carbon, hydrogen, oxygen and nitrogen does not harm them but they don’t need any of it, either). They might live in fire instead of water; they might live underground instead of above ground. The reality is we just do not know and anything else is assuming – and assuming does nothing to settle matters (aside from settling who is made an ass of).

Similarly to how we don’t know what lifeforms on other planets might require (or if there are lifeforms at all), we also can’t say that if they had computers (I doubt it but I also don’t think we will ever know; not in our lifetime) they would have the same requirements. They might even be capable of real magic (including things humans have yet to accomplish – and probably will never succeed in – without illusions e.g. invisibility). We simply do not know! Let’s assume that there is life on other planets. Let’s also assume that they have computers. For fun we’ll also consider they have the same life requirements as we do. What sane person would think they will have the same operating systems (and software for!) we have? What really makes anyone (these scientists that are making jokes of themselves, for instance) think these aliens will run Microsoft Windows, Mac OS X, any of the Linux distributions, BSD Unix (any of them), or even DOS, VMS or something else we have? To worry about sending viruses… it is just absolutely absurd. Hilarious but an absurd way of reminding us that we should really worry about resolving the way we abuse Earth before we worry about life on other planets. Space exploration is important (many things people take for granted were discovered through it) – but that is different from trying to find a planet to inhabit (which I’ve seen references to).