Friday Squid Blogging: Chesapeake Bay Squid

Great pictures.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on April 27, 2012 at 11:32 AM • 30 Comments

Comments

Erich SchmidtApril 27, 2012 12:24 PM

Security theater indeed. Crooks in the TSA (drug smuggling via bribes)? What a shocking, unexpected development. But we're all safer, right?

61northApril 27, 2012 12:47 PM

Bruce,

I'd love to hear your thoughts on the Secret Service scandals. The problem as I see it is not so much that the agents have low moral standards, but that their actions put them in vulnerable positions (both physically and through possible blackmail). Those types of actions can certainly affect the ability of a military member to get certain security clearances. It would seem that the people guarding the president would need to meet an even higher standard. If the agency has been willing to tolerate this behavior for so long (it appears it was a long-standing problem), then why wouldn't certain agents be willing to compromise the president's security with the right incentives? It would seem that LOTS of heads should roll over this, but so far there are only a few scapegoats.

NobodySpecialApril 27, 2012 12:55 PM

I would have thought there was a rather larger security concern than low morals

30years ago the IRA planted a bomb in a hotel that was going to be used for a government party conference a month later. They checked in as a guest and hid the bomb inside the wall. It killed 5people but missed the Prime Minister.

On the other hand I suppose given the nature of the encounter these agents could claim that they had very thoroughly searched the ladies in question

Andrew GronoskyApril 27, 2012 1:33 PM

@Erich Schmidt,

I don't think many people, certainly not in the press, have grasped the implications of the TSA bribery incident. If a terrorist wanted to get a bomb on a plane, he could pose as a drug dealer and bribe a screener. Then the screener would treat an actual terrorist as a drug mule, skip the search, and let the bomb right on board. Yet ANOTHER reason why TSA screenings are ineffective!

paranoia destroys yaApril 27, 2012 1:48 PM

I'm curious about the recent Flashback trojan affecting some Apple computers. The reports claiming 1/2 million infections all suspiciously came from a small security company located in the same country where the attacks are believed to have originated. If that figure is true, how does the percentage of infected computers compare to other operating systems? Apple sells millions of computing devices per week. Is this a case of exaggerating a threat to scare people?

Petréa MitchellApril 27, 2012 2:06 PM

From the department of unintended consequences: You've probably seen it noted in passing somewhere that closed head wounds are the "signature injury" of the wars the US has been engaging in this past decade. Modern armor and technology have gotten so good at keeping soldiers alive that many attacks which would have resulted in deaths in past wars now result in concussions. Sometimes not even that.

The long-term results are starting to become more visible as CTE starts to be diagnosed in veterans. CTE (chronic traumatic encephalopathy) is a degenerative neural disease which is linked to brain trauma-- originally concussions, but now it's believed it can be caused by repeated sub-concussive hits. It was first diagnosed in athletes, but there's been suspicion ever since that veterans were also a high-risk group.

Alan KaminskyApril 27, 2012 2:34 PM

Awww, cute squid pictures. I'll never be able to eat calamari again.

MortApril 27, 2012 3:50 PM

The Trustworthy Internet Movement SSL Taskforce looks like an excellent initiative, and their SSL Pulse page is a nice at-a-glance overview of SSL deployment.

Given their stated purpose and their composition, I'm guessing they will be addressing the current CA mess sooner rather than later.

bobbleheadApril 27, 2012 5:52 PM

@ paranoia destroys ya

I haven't read anything about "country of origin" claims for Flashback, nor about the locations of the compromised Macs. Got a URL for those?

One estimate I read was that the 650k Macs comprised a little more than 1% of the installed base.
http://www.macworld.com/article/1166254/...

The coverage on Ars Technica is fairly good, though some of the comments can be a bit nutty.
Google search terms: flashback site:arstechnica.com

Blog Reader OneApril 27, 2012 11:17 PM

Lenore Skenazy of FreeRangeKids has mentioned the case of Etan Patz, who disappeared in Manhattan, New York in 1979 at six years of age and who was legally declared dead in 2001. Recently, the Etan Patz case was reopened. Among other things, Ms. Skenazy speculated as to whether the case of Etan Patz may have been the beginning of "stranger danger" concerns and talked about how parents might be actually able to help keep kids safe.

ZoaApril 28, 2012 8:09 AM

@Andrew Gronosky

That sort of thing has always been possible, really. I think the root of the TSA's problems is that their primary responsibility appears to be blame mitigation, rather than risk mitigation.

a noun a mouseApril 28, 2012 1:43 PM

The Postmodernism Generator is a computer program that automatically produces imitations of postmodernist writing, especially that of critical theory. It was written in 1996 by Andrew Bulhak of Monash University and is currently hosted at elsewhere.org. The essays are produced from a formal grammar defined by a recursive transition network. It was mentioned by Biologist Richard Dawkins in his article Postmodernism Disrobed for the scientific journal Nature and in his book A Devil's Chaplain.[1][2]

Post Modern Essay Generator
Posted on April 23, 2008 | 1 Comment
For all of your post modern essay needs! Simply click here and you will be furnished with a unique, brand-new post modern essay complete with citations! Check out my essay that I plan to turn into Dr. Jim Hampton next week:
The Narrative of Failure: Cultural objectivism in the works of Lynch
Jane Buxton Jim Morrow
Department of English, Miskatonic University, Arkham, Mass. Asbury Theological Seminary
1. Marxist class and precapitalist theory
“Class is part of the fatal flaw of sexuality,” says Bataille; however, according to Long, it is not so much class that is part of the fatal flaw of sexuality, but rather the absurdity, and hence the futility, of class. Sartre’s essay on precapitalist theory suggests that consensus is created by communication.
Thus, the subject is contextualised into a that includes narrativity as a reality. Lacan uses the term ‘Marxist class’ to denote the role of the artist as observer.
In a sense, the subject is interpolated into a that includes language as a whole. The primary theme of the works of Rushdie is not discourse as such, but postdiscourse.
Thus, the subject is contextualised into a that includes art as a reality. Bataille suggests the use of cultural objectivism to deconstruct and modify sexual identity.
2. Narratives of paradigm
In the works of Rushdie, a predominant concept is the concept of neotextual narrativity. However, the subject is interpolated into a that includes language as a paradox. Hanfkopf states that we have to choose between dialectic sublimation and subcultural textual theory.
The main theme of Hanfkopf’s model of cultural objectivism is a self-sufficient whole. Therefore, any number of theories concerning precapitalist theory may be discovered. Foucault promotes the use of semioticist substructural theory to attack hierarchy.
“Class is responsible for capitalism,” says Debord. Thus, in The Ground Beneath Her Feet, Rushdie reiterates precapitalist theory; in Midnight’s Children, however, he affirms capitalist desemioticism. Lyotard suggests the use of Marxist class to analyse sexual identity.
In a sense, the primary theme of the works of Rushdie is the role of the poet as reader. Marx uses the term ‘cultural objectivism’ to denote a pretextual totality.
But the subject is contextualised into a that includes consciousness as a reality. Capitalist situationism suggests that sexuality is capable of intention.
In a sense, many narratives concerning the role of the artist as writer exist. Lacan’s essay on Marxist class holds that expression comes from the masses.
Thus, the subject is interpolated into a that includes consciousness as a totality. An abundance of sublimations concerning the posttextual paradigm of discourse may be revealed.

1. Long, B. (1979) Cultural objectivism in the works of Rushdie. O’Reilly & Associates 2. Hanfkopf, M. A. ed. (1995) Discourses of Stasis: Cultural objectivism, Sartreist
existentialism and rationalism. Schlangekraft
3. Hanfkopf, L. (1989) Cultural objectivism and Marxist class. Loompanics
YIELDS
Contexts of Collapse: Surrealism and material discourse
O. Wilhelm Long
Department of Politics, Harvard University
1. Narratives of failure
If one examines patriarchial nationalism, one is faced with a choice: either accept submodernist textual theory or conclude that the task of the reader is deconstruction, given that the premise of surrealism is invalid. However, many deconstructions concerning the bridge between society and art may be discovered.
“Class is part of the futility of truth,” says Sartre; however, according to Dahmus[1] , it is not so much class that is part of the futility of truth, but rather the dialectic, and some would say the economy, of class. The subject is interpolated into a neocapitalist paradigm of context that includes sexuality as a whole. In a sense, Marx suggests the use of submodernist textual theory to modify and read art.
The main theme of the works of Pynchon is the failure, and eventually the paradigm, of cultural society. The primary theme of Hubbard’s[2] essay on surrealism is the role of the artist as reader. Thus, Baudrillard uses the term ‘material discourse’ to denote the common ground between consciousness and society.
Bataille promotes the use of surrealism to challenge capitalism. It could be said that any number of theories concerning capitalist nationalism exist.
Foucault uses the term ‘material discourse’ to denote the collapse of neotextual truth. However, several discourses concerning the bridge between sexual identity and class may be revealed.
The main theme of the works of Pynchon is a semantic totality. Therefore, Sontag uses the term ‘postdialectic theory’ to denote not narrative per se, but subnarrative.
If submodernist textual theory holds, we have to choose between surrealism and capitalist libertarianism. Thus, Foucault suggests the use of material discourse to deconstruct sexual identity.
2. Surrealism and Baudrillardist simulation
In the works of Pynchon, a predominant concept is the distinction between ground and figure. Prinn[3] holds that we have to choose between postcultural Marxism and the textual paradigm of consensus. In a sense, the characteristic theme of Bailey’s[4] model of Baudrillardist simulation is the stasis, and some would say the failure, of subpatriarchialist class.
The primary theme of the works of Tarantino is a self-referential paradox. If cultural discourse holds, we have to choose between material discourse and posttextual dialectic theory. Thus, Sontag uses the term ‘the subcapitalist paradigm of context’ to denote the role of the writer as participant.
“Sexuality is impossible,” says Bataille; however, according to Abian[5] , it is not so much sexuality that is impossible, but rather the absurdity, and eventually the genre, of sexuality. Any number of theories concerning surrealism exist. Therefore, Marx’s essay on Baudrillardist simulation states that the State is capable of intent.
Werther[6] suggests that we have to choose between precultural objectivism and dialectic demodernism. In a sense, material discourse implies that art may be used to entrench hierarchy.
The subject is contextualised into a surrealism that includes narrativity as a whole. It could be said that if subcultural socialism holds, we have to choose between material discourse and textual neosemioticist theory.
Baudrillard promotes the use of surrealism to attack sexism. In a sense, the main theme of Porter’s[7] critique of Baudrillardist simulation is a cultural paradox.
A number of sublimations concerning the difference between class and language may be discovered. Thus, Derrida’s analysis of material discourse suggests that the raison d’etre of the reader is significant form.
In A Portrait of the Artist As a Young Man, Joyce denies surrealism; in Dubliners, however, he affirms material discourse. In a sense, Sontag suggests the use of surrealism to read and analyse society.

1. Dahmus, E. Y. (1983) Surrealism in the works of Rushdie. Oxford University Press
2. Hubbard, G. A. Q. ed. (1974) Deconstructing Socialist realism: Material discourse and surrealism. University of Michigan Press
3. Prinn, Z. (1997) Material discourse in the works of Tarantino. University of North Carolina Press
4. Bailey, D. P. ed. (1988) Deconstructing Marx: Surrealism in the works of Mapplethorpe. Schlangekraft
5. Abian, Y. (1991) Nationalism, surrealism and structuralist narrative. Cambridge University Press
6. Werther, G. N. ed. (1977) The Forgotten Sea: Material discourse in the works of Gaiman. Loompanics
7. Porter, L. (1992) Surrealism in the works of Joyce. Harvard University Press

The essay you have just seen is completely meaningless and was randomly generated by the Postmodernism Generator. To generate another essay, follow this link. If you liked this particular essay and would like to return to it, follow this link for a bookmarkable page.
The Postmodernism Generator was written by Andrew C. Bulhak using the Dada Engine, a system for generating random text from recursive grammars, and modified very slightly by Josh Larios (this version, anyway. There are others out there).
This installation of the Generator has delivered 5735619 essays since 25/Feb/2000 18:43:09 PST, when it became operational.
More detailed technical information may be found in Monash University Department of Computer Science Technical Report 96/264: “On the Simulation of Postmodernism and Mental Debility Using Recursive Transition Networks”. An on-line copy is available from Monash University.
More generated texts are linked to from the sidebar to the right.
If you enjoy this, you might also enjoy reading about the Social Text Affair, where NYU Physics Professor Alan Sokal’s brilliant(ly meaningless) hoax article was accepted by a cultural criticism publication.

ChrisApril 29, 2012 12:14 AM

Social use of jargon codes in France to circumvent legal restrictions on reporting election results: www.france24.com....

i.e.
Nicolas Sarkozy: "tokai wine" or "rolex";
Francois Hollande: "gouda cheese" or "flanby"; etc.

Leading to messages such as this:
"Dutch cheese at 27 euros, Tokai wine at 25 euros."

Clive RobinsonApril 29, 2012 5:52 AM

@ a noun a mouse,

The Postmodernism Generator is a computer program that automatically produces imitations of postmodernist writing,

The question is "how does it produce imitations?"...

Computers use determanistic processes with no degrees of freedom, so one would expect one or more random elements to be used, to rearange, select or in some way modify the deterministic process to produce "unique output".

These elements can be either, truly random or pesudo random of long or very long sequence.

Humans however are far from determanistic and are thus quite imperfect in what they do, and as any writter of any kind of work scholarly or otherwise knows there is "many a slip twix thought and print". Thus even scientific papers published in prestigious journals after peer review have mistakes in them.

Now this combination of known problems gives rise to the issue of when random makes sense as in the "infinte monkeys typing out the works of Shakespeare".

Thus to "Invoke the Law of Douglas Adams" you would expect at a finite improbability the generator to actually produce a new, original and correct paper/essay from time to time...

And if I remember corrrectly somebody has already produced a computer capable of doing basic science research using an algorithmic approach using tailered random input...

FigureitoutApril 29, 2012 3:43 PM

be verbose; use big words and complex sentences; don't worry about fact-checking

@Petrea

Sounds exactly like what the "Postmodernism Generator" does. There are some epic quotes of nonsense in that essay a noun a mouse. Very nice:)

I noticed that it uses words like "interpolated", "paradigm", "paradox", "futility", "fatal flaw" a few times, as well as "(random verb)..into a that.."--which should raise a red flag. Another thing it does is use names like "Sartre", "Bataille", "Foucault", and "Baudrillard". These names sound (French) sophisticated enough to be trusted.
I think the Sokal Hoax worked because a normal response to reading something that makes no sense to someone is to first accept it (because that person must be smarter than you) and then do research later. Clive noted that sometimes a novel concept or a whole correct paper might randomly be created, or a sentence will sound so absurd it may actually be very abstract and enlightening.

In the era of "information overload", I think everyone is guilty of at least one instance in which they say they read and understood something that they didn't. The Sokal Hoax was quite a riot though.

Clive RobinsonApril 30, 2012 7:35 AM

OFF Topic:

@ Bruce,

You might find this an interesting read,

http://gmangham.blogspot.co.uk/2012/04/...

Mr Mangham was arrested in the UK for "hacking Facebook" the whole trial process was at the time seen as "Justice being seen to be done, rather than being done" and the judge at the time was very clearly out of his depth or taking advice he should not have been listening to.

Mr Mangham's legal team has appealed on a couple of counts (although there were several others they could have gone for) and won both points.

So Mr Mangham is now actually allowed a right to reply (which previously he had been denied under the conditions of the "Super ASBO").

I suspect there is way more he could have said but decided not to. Either way Facebook representatives end up looking like a group of crooked politicians, convicted by their own actions.

Rich WilsonMay 1, 2012 2:12 PM

There may be interesting arguments against profiling (or anti-profiling of the sort I recommend here), but I haven’t noticed any amid the torrents of criticism I’ve received thus far. If there is an expert on airline security who wants to set me straight, I am happy to offer this page as a forum.
http://www.samharris.org/blog/item/...

please please please Bruce!

Clive RobinsonMay 1, 2012 7:32 PM

@ Marc,

"German Authorities Find Al Qaeda Plans Disguised In Porn using steganographically"

Two words of warning "bible codes"...

You can find almost anything you want in a sufficiently large "body of works" and for many years people have been employed in doing so.

The first I'm aware of (of the top of my head) was Francis Bacon (Ancient English Monk) and through the years various others including the "father of US cryptography" William F. Friedman. Even today there are religious scholars still looking for "hiden meaning" in various texts.

However that is not to say that information is not hidden in a video or other large work, however to pull it out with a high degree of confidence you need to show a predictable method by which it is hidden within the redundancy within the work. Then use that as a "predictor" to show valid information in other works confirms this predictable method is credible. This generaly only happens with "home brew" grade stego.

There is however a huge gap between the "home brew" grade and "deluding yourself" second guessing, where you can show that there are anomalies in the work but be unable to show it is hidden information. Partly because the person has rather sensibaly pre-encrypted the data and is simply using the stego as a low bandwidth comms channel or to avoid having large quantities of obviously "odd" data around the place.

Then of course any "analog" recording contains sufficient random noise that you could show an individual two videos and they would not be able to tell the two appart. However one would be "as recorded" the second with around a 1% added information content.

The question then falls to who added the extra information and when...

It is now a year on from the killing of OBL and timing is everything when it comes to promoting stories in the media.

Thus being skeptical about such things tends to become a habit ;-)

AnonymoussssssssMay 2, 2012 11:44 PM

Firefox security bug (proxy-bypass) in current TBBs

blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs

"A user has discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This means when connecting to a websocket service, your Firefox will query your local DNS resolver, rather than only communicating through its proxy (Tor) as it is configured to do. This bug is present in current Tor Browser Bundles (2.2.35-9 on Windows; 2.2.35-10 on MacOS and Linux).

To fix this dns leak/security hole, follow these steps:

Type “about:config” (without the quotes) into the Firefox URL bar. Press Enter.
Type “websocket” (again, without the quotes) into the search bar that appears below "about:config".
Double-click on “network.websocket.enabled”. That line should now show “false” in the ‘Value’ column.

See Tor bug 5741 for more details.
(bugs.torproject.org/5741)
We are currently working on new bundles with a better fix."

- pastebin.com/xajsbiyh

rMay 3, 2012 12:35 AM

A Firefox security bug (proxy-bypass) in current TBBs

blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs

"A user has discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This means when connecting to a websocket service, your Firefox will query your local DNS resolver, rather than only communicating through its proxy (Tor) as it is configured to do. This bug is present in current Tor Browser Bundles (2.2.35-9 on Windows; 2.2.35-10 on MacOS and Linux).

To fix this dns leak/security hole, follow these steps:

Type “about:config” (without the quotes) into the Firefox URL bar. Press Enter.
Type “websocket” (again, without the quotes) into the search bar that appears below "about:config".
Double-click on “network.websocket.enabled”. That line should now show “false” in the ‘Value’ column.

See Tor bug 5741 for more details.
(bugs.torproject.org/5741)
We are currently working on new bundles with a better fix."

http://pastebin.com/xajsbiyh

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..