CNN on War in Space

[Note: This item comes from friend Jen Snow. DLH]

I had to send this, very important and well done series that I think many folks may have missed. Please feel free to share Zack’s description and video links to your distro, this is too important not to share and I believe the tech community will have a major role to play in keeping this from going to MAD. Zack is at LLNL and was one of my thesis advisors, very bright guy, loves space stuff!

Very Best,

From: “Davis, Zachary S.”
Date: December 5, 2016 at 6:26:25 PM EST
Subject: FW: CNN on War in Space

FYI, For anyone interested in space issues, this CNN special is getting good reviews from my colleagues here. These issues will figure prominently in our emerging and disruptive technology curricula. ZD

Subject: CNN on War in Space

CGSR colleagues

Space security doesn’t get much press, but CNN ran a long piece last week on the rising threats to space. Lots of good interview material with top military brass, and some nice animations to boot.

CNN: Special Program 11/29/2016 09:00:13 PM – “War In Space: The Next Battlefield”
(VIDEO – part 1:, VIDEO – part 2:, VIDEO – part 3:, VIDEO – part 4:, VIDEO – part 5:, VIDEO – part 6:

Thought some of you might be interested.


Thieves can guess your secret Visa card details in just seconds

Thieves can guess your secret Visa card details in just seconds
Distributed guessing attacks are surprisingly effective.
Dec 5 2016

Thieves can guess your secret Visa payment card data in as little as six seconds, according to researchers at Newcastle University in the UK. Bad actors can use browser bots to distribute guesses across hundreds of legitimate online merchants.

The attack starts out with a card’s 16-digit number, which can be obtained in a variety of ways. Attackers can buy numbers on black-market websites, often for less than $1 apiece, or use a smartphone equipped with a near-field communicationreader to skim them. The numbers can also be inferred by combining your first six digits—which are based on the card brand, issuing bank, and card type—with a verification formula known as the Luhn Algorithm. Once an attacker has a valid 16-digit number, four seconds is all they need to learn the expiration date and the three-digit card-verification value that most sites use to verify the validity of a credit card. Even when sites go a step further by adding the card holder’s billing address to the process, the technique can correctly guess the information in about six seconds.

The technique relies on Web bots that spread random guesses across almost 400 e-commerce sites that accept credit card payments. Of those, 26 sites use only two fields to verify cards, while an additional 291 sites use three fields. Because different sites rely on different fields, the bots are able to enter intelligent guesses into the user field of multiple sites until the bots hit on the right ones. Once the correct expiration date is obtained for a given card—typically banks issue cards that are valid for up to 60 months—the bots use a similar process to obtain the CVV number. In other cases, when sites allow the bots to obtain the CVV first—a process that can never require more than 1,000 guesses—the bots then work to obtain the expiration date and, if required, the billing address.

“We came to an important observation that the difference in security solutions of various websites introduces a practically exploitable vulnerability in the overall payment system,” researchers from Newcastle University wrote in a research paper titled Does the Online Card Payment Landscape Unwittingly Facilitate Fraud?. “An attacker can exploit these differences to build a distributed guessing attack which generates usable card payment details (card number, expiry date, card verification value, and postal address) one field at a time.” The researchers continued:

Each generated field can be used in succession to generate the next field by using a different merchant’s website. Moreover, if individual merchants were trying to improve their security by adding more payment fields to be verified on their site, they potentially inadvertently weaken the whole system by creating an opportunity to guess the value of another field, as explained later in the article.


Why Blue States Are the Real ‘Tea Party’

[Note: This item comes from friend Jock Gill. DLH]

Why Blue States Are the Real ‘Tea Party’
Dec 3 2016

When the modern Tea Party movement coalesced in the early days of the Obama presidency, its allusion to the political grievances of the protesters in Boston Harbor a couple of hundred years earlier seemed plausible enough: Its members felt that their taxes were too high and their interests not adequately represented by the remote authorities in Washington.

But the election of 2016 presents a challenge to that historical lineage. The home states to the Tea Party are actually doing great on the taxation and representation front. It’s the progressive blue states that should be protesting.

Start with the Electoral College. It has always deviated from the one-person-one-vote system that most Americans imagine they live in, but demographic shifts in recent years have made its prejudices more conspicuous, culminating in the striking gap between Hillary Clinton’s decisive popular vote victory and her Electoral College loss. Thanks to the two extra votes delivered to each state for its two senators, the Electoral College gives less populated states a higher weight, per capita, than it gives more populated states in the decision of who should be the next president.

This was always a betrayal of one-person-one-vote equality, in that a voter in rural Wyoming has more than three times the power of a voter in New Jersey, the country’s most densely populated state. But those imbalances have become far more glaring, thanks to a filter bubble more pronounced than anything on Facebook: the “big sort” that has concentrated Democrats in cities and inner-ring suburbs, and Republicans in exurbs and rural counties.

The right way to think about the political conflict in this country is not red state versus blue state, but red country versus blue city. And yet we are voting in a system explicitly designed to tip the scales toward the countryside.

But that’s only part of the imbalance. When the founders were plotting the Electoral College, more urban states to the north had significant debt, while the rural Southern states were in better financial shape, thanks in part to the free labor of slavery. Recall the line from “Cabinet Battle #1” from the musical “Hamilton”:


Facebook’s Walled Wonderland Is Inherently Incompatible With News

[Note: This item comes from friend Judi Clark. DLH]

Facebook’s Walled Wonderland Is Inherently Incompatible With News
By Frederic Filloux
Dec 5 2016

Setting aside the need to fix its current PR nightmare, Facebook has no objective interest in fixing its fake stories problem.

In the end, it all boils down to this:

• Facebook is above all an advertising machine. A fantastic one. I encourage everyone to explore its spectacular advertising interface and, even better, to spend a few bucks to boost a post, or build an ad. Its power, reach, granularity and overall efficiency are dizzying.
• Facebook’s revenue system depends on a single parameter: page views. Pages views come from sharing. Which page criteria lead to the best sharing volumes?
• Emotions. Preferably positive ones. The little one’s smile, the cat looking at a horror movie, etc. Or the human story loaded with sentiment. Facebook is plainly honest about emotions being a dominant factor: I often heard its people telling social media editors: “Go for emotion. It gets the best engagement.”
• Fun, entertaining stuff. Again, cat videos, listicles, cartoons.
• Proximity. Things emanating from friends and family. Facebook has to severely edit its huge content firehose in order to determine what is eligible to be shown in one’s newsfeed. In doing so, the company chooses to give more weight to content originated by friends and family.
• Affinities. Content that will comfort users in their opinions and feelings toward society or politics. On Facebook, you’ll never be alone thinking or believing what you hold dear.

So, sharing is key because it leads to higher page consumption which, in turn, leads to multiple bespoke advertising exposures.

How does Facebook tweak its system in order to favor sharing? It does so by becoming the ultimate filter bubble.

On Facebook, what you click on, what you share with your “friends” shapes your profile, preferences, affinities, political opinions and your vision of the world. The last thing Facebook wants is to contradict you in any way. The sanction would be immediate: you’d click/share much less; even worse, you might cut your session short. Therefore, Facebook has no choice but keeping you in the warm, comfort of the cosy environment you created click after click. In the United States, Facebook does this for 40 minutes per user and per day.


The Most Disruptive Transformation in History

The Most Disruptive Transformation in History
How the clustering of knowledge lays bare the need to devolve power from the nation-state to the city
By Richard Florida
Dec 2 2016

We are undergoing several nested transformations at once that are causing incredible disruptions of the economic, social, and political order.

The first is the shift from an economy that is powered by natural resources and physical labor to one in which knowledge and the mind have become the dominant means of production. This shift has advantaged roughly a third of the population and workforce, while the other 66 percent have fallen further behind.

The second shift is toward urban clustering as the source of innovation and economic advantage. This massively concentrates talent and economic assets in a handful of superstar cities and knowledge-tech hubs.

The world has become spikier and spikier, across nations, across regions, and within cities. The clustering of talent and economic assets also makes the city the new economic and social organizing unit, undermining two core institutions of the old order: the large vertical corporation and the nation-state.

I would suggest that this transformation — the clustering of knowledge over physical labor — is among the most disruptive in recorded history.

So it should not be surprising that so massive an upheaval would generate an equally powerful backlash.

In contrast to claims of American “decline,” the U.S. is perhaps the best-positioned of any place to succeed and compete in this new age. America has research universities, startups, clusters, and is still relatively open to immigration. But many Americans look at this transformation and perceive that their old world is being torn apart — and that they are being left behind.

The right has played this exactly as we should have expected, promising to bring back a bygone era of American Greatness. And, of course, by preying upon our national, racial, ethnic, religious, and gender divisions, also as we should have expected.

The great failure of our time is the failure of the left to outline an inclusive future in this new age of urbanized knowledge capitalism that does not mean reaching backward to placate the forces of reaction, but creating a vision of a diverse, inclusive, and prosperous society.

At the very top of the list, a new vision of how the 70 million members of the low-wage, multi-racial service class can prosper is desperately needed. To make this a reality requires a new social compact for the urbanized knowledge economy.

But even more so, this age of urbanized knowledge capitalism requires a shift in power from the nation-state to cities, which are the key economic and social organizing unit of the knowledge economy. That means also means that cities must take on the outsized power of the nation-state and the imperial presidency. We must devolve power and resources back to the local level — raking back their tax money from the federal government so they can spend it on themselves.


I’m Giving Up On PGP

I’m Giving Up On PGP
By Filippo Valsorda
Dec 6 2016

After years of wrestling GnuPG with varying levels of enthusiasm, I came to the conclusion that it’s just not worth it, and I’m giving up. At least on the concept of long term PGP keys.

This is not about the gpg tool itself, or about tools at all. Many already wrote about that. It’s about the long term PGP key model—be it secured by Web of Trust, fingerprints or Trust on First Use—and how it failed me.

If you got a link to this in response to an encrypted email or to a request for a public key, you might want to skip to the “Moving forward” section.

Trust me when I say that I tried. I went through all the setups. I used Enigmail. I had offline master keys on a dedicated Raspberry Pi with short-lived subkeys. I wrote custom tools to make handwritten paper backups of offline keys (which I’ll publish sooner or later). I had YubiKeys. Multiple. I spent days designing my public PGP policy.

I travelled 2 hours by train to meet the closest Biglumber user in Italy to get my first signature in the strong set. I have a signature from the most connected key in the set. I went to key signing parties in multiple continents. I organized a couple.

I have the arrogance of saying that I understand PGP. In 2013 I was dissecting the packet format to bruteforce short IDs. I devised complex silly systems to make device subkeys tie to both my personal and company master keys. I filed usability and security issues in GnuPG and its various distributions.

All in all, I should be the perfect user for PGP. Competent, enthusiast, embedded in a similar community.

But it just didn’t work.

First, there’s the adoption issue others talked about extensively. I get at most 2 encrypted emails a year.

Then, there’s the UX problem. Easy crippling mistakes. Messy keyserver listingsfrom years ago. “I can’t read this email on my phone”. “Or on the laptop, I left the keys I never use on the other machine”.

But the real issues I realized are more subtle. I never felt confident in the security of my long term keys. The more time passed, the more I would feel uneasy about any specific key. Yubikeys would get exposed to hotel rooms. Offline keys would sit in a far away drawer or safe. Vulnerabilities would be announced. USB devices would get plugged in.

A long term key is as secure as the minimum common denominator of your security practices over its lifetime. It’s the weak link.

Worse, long term keys patterns like collecting signatures and printing fingerprints on business cards discourage practices that would otherwise be obvious hygiene: rotating keys often, having different keys for different devices, compartmentalization. It actually encourages expanding the attack surface by making backups of the key.

We talk about Pets vs. Cattle in infrastructure, those concepts would apply just as well to keys! If I suspect I’m compromised I want to be able to toss the laptop and rebootstrap with minimum overhead. The worst outcome possible for a scheme is making the user stick with a key that has a suspicion of compromise because the cost of rotating would be too high.

And all this for what gain?


The Rise and Fall of the Everyday Tycoon

The Rise and Fall of the Everyday TycoonMakerBot made a bold bet that 3D printers would become as common as microwaves. Just one problem: now one else shared that dream.

By Andrew Zaleski

Dec 1 2016

It was October 2009 when Bre Pettis — his unmistakable sideburns and dark-rimmed rectangular glasses framing his face — took the stage at Ignite NYC, threw his hand in the air, and shouted “Hooray!” two times. A PowerPoint slide lit up behind him, revealing a photo of a hollow wood box crisscrossed with wiring. Bouncing up and down, his profuse mop of graying hair flopping about, Pettis began: “I’m going to talk about MakerBot and the future and an industrial revolution that we’re beginning — that’s begun.”

A former art teacher, Pettis had emerged as a key character in the growing maker movement of the late 2000s, a worldwide community of tinkerers who holed away in makeshift workshops and hackerspaces, equally at home with tools like old-school lathes and contemporary laser cutters. Pettis had begun his ascent in 2006, producing weekly videos for MAKE magazine—the maker movement’s Bible—that featured him navigating goofy tasks such as powering a light bulb with a modified hamster wheel. In 2008, he cofounded the NYC Resistor hackerspace in Brooklyn. By then, Pettis was a star. A year later, he launched a Brooklyn-based startup with friends Adam Mayer and Zach Smith (also a NYC Resistor cofounder) called MakerBot.

“We have a machine that makes 3D objects and it’s freaking awesome,” Pettis said giddily from the Ignite NYC stage. By shrinking the technology inside hulking, $100,000-plus machines into affordable desktop boxes, MakerBot had kicked off a revolution in 3D printing. With a 3D printer, objects designed in computer software are physically formed, in three dimensions, as layers of molten plastic are stacked one upon the other. Now anyone with a MakerBot device could design and print their own objects.

To Pettis, the implications were explosive. People printing objects at home would mean we travel to the store less often and make anything we want. He shared a quick story about “printable happiness”: Someone who planned to propose needed an engagement ring, so he printed one out. For five and a half minutes, Pettis extolled what he dubbed the “Industrial Revolution 2,” with MakerBot leading the way.

“You get to be the tycoon by making things yourself,” he said. As he wrapped up his talk, he implored his listeners to literally “make the future.”

The year before MakerBot was founded, analysts predicted that a global 3D printing market worth about $1.2 billion would double in size by 2015. By the end of 2012, it basically had. MakerBot seemed to be right on time: That year it released the company’s best known, and arguably best-performing, 3D printer — the Replicator 2. MakerBot predicted it would find its way into thousands of homes. Wired declared the Replicator 2 the company’s “Macintosh moment” in its October 2012 issue, with a cover featuring a confident-looking Pettis cradling his new baby and the words, “This machine will change the world.”