Saturday assorted links

1. My life as a Whole Foods DJ booker those new service sector jobs.

2. The political power of black women.

3. Antiprioritarianism (pdf), by Hilary Greaves.

4. Was the internet hack driven by commandeered Internet of Things?  I cannot verify what is in there, but it is potentially a very important and also disturbing post, via Binyamin Appelbaum.

5. The evidence for universe acceleration may be flimsier than we had thought.  And do you think this is a bigger story than #4 in this list?

6. No one bid for John Nash’s Nobel Prize — was that the Nash equilibrium?

7. Chemical bike lock causes vomiting in thieves.

Comments

Re #4: it is surprising and unnerving how little freaking out is going on about this one, this is important.

Meh, I think it's being made into a bigger deal. The news keeps saying that Github, reddit, CNN was taken down. In reality those sites were still and perfectly fine, it was just a top-level DNS that was taken down. But OpenDNS and Google DNS among others were still working perfectly fine. It'd be like saying the telephone system got taken down, because somebody stole some of the phone books.

Frankly DNS is a pretty crappy system that's overly centralized. It's a positive some light's getting shined on this. But even if this attack was repeated every single day, it wouldn't be that big a deal. We'd just configure our DNS clients to by default check multiple sources and/or cache previous lookups.

When you can launch a DDOS by using a million lightbulbs or DVRs as proxies, that's serious. Any device that can be totally hacked can spoof its IP address and device type, so you can't filter out a competent attack. The security of many Internet-capable devices is terribly lacking, so we may be looking at the end of the Internet as we know it. There are many political forces that wish to control the Internet to enforce national censorship, IP rights, etc., so we are heading toward a fireball of remaking the Internet. I think the poison pill will be sugar-coated as an anti-spam measure -- eliminate anonymity and spoofing, and then you can defeat spam.

It will be like the conversion from analog to digital broadcast television. Some benefits to some people, but the real goal is to wreck the system. I lost about 75% of the stations I could receive when digital came in, and that's the plan. Destroy over-the-air broadcast television, and all that spectrum will become available for the telecom oligopoly.

Uhhh, when HDTV came out, I got rid of cable and now just use an antenna. I get fantastic picture quality and a lot more stations than when analog ruled.

You must be on the fringes.

I get more fringe stations, but only two of the national broadcast networks. Which I still find very strange. The NBC in my area has a very weak signal and I can't help
but think that's a business decision based on the ad revenue from the additional antenna viewers not justifying the cost.

I'm about a mile west of San Jose city limits. And I've got the second largest TV antenna Radio Shack sold -- I think it's about six feet long. I barely receive the CBS and NBC affiliates (and not when the weather is very cold or very hot), and I don't receive ABC at all. Oddly, the PBS channels are the most reliable, so I watch a lot of PBS commie propaganda. Also a channel that broadcasts a lot of Xena and Hercules reruns, so I watch those too.

I was living in Pasadena CA when the switch to digital on-air TV happened. One VHF station and a couple of UHF stations became weaker, but the others were the same -- and most of them sprouted sub-channels, i.e. I could watch channel 4, or 4.1, 4.2, 4.3, or 4.4. So I had a net increase in channel options.

Granted most of the sub-channels carried infomercials, sports that nobody watches except during the Olympics (men's table tennis was my favorite but they only showed it a couple of times a week), or deep deep re-runs (first time I'd watched "Sea Hunt" since the 1960s). But overall I was better off after the switch.

I wonder what others' experiences were? Mark Thorson's is the first negative reaction I've heard, but I pretty much only talked about this with other southern Californians.

(This all became moot when I moved and lost my remote control for the TV, and realized this was the perfect time to stop watching TV period.)

There is no way to prohibit IP spoofing short of overhauling IP protocol entirely. I'll believe that we as a civilization are capable of the wholesale replacement of IP, when we can actually even coordinate a minor upgrade to IPv6. Anyway, this isn't anything new, IP spoofing has been around for three decades, and the Internet's still chugging along.

IP-level authentication is neither reliable nor frequently relied upon. Most upstream protocols completely avoid the need for any trust at network layer. It was only a factor today, because DNS has an inherently broken design. If this does wind up becoming a persistent issue I think it'll prove to be a lot more practical and viable to change overhaul DNS, which makes up <1% of network traffic and software, rather than the entire Internet from the ground up.

Yes there are many factions that desperately want to control the Internet, but none of them really seem to have any technically feasible proposals. So again, I'm not really concerned.

What is really amusing is just how easy it would be to make such attacks at least somewhat futile - just include the actual IP as part of the history in the browser cache, and then after a site has been visited, only use the IP number for further calls to the same site. Obviously, this is not a perfect solution (flexible/multiple IP numbers versus 000.000.000.000 fixed for a trivial example), but it would mean that such as attack would be relatively trivial to the vast majority of people not visiting Twitter or CNN for the very first time.

Pro tip, if you think some big problem is easily solvable by something you just thought of, then chances are that someone who's job it is to solve these problems has already thought of it. IP caching has been a thing for decades.

http://blog.catchpoint.com/2014/07/15/world-dns-cache-king/

So if there are too many that can access, then just create a new indexing system (infinitely large?) for new web locations? Wouldn't it be trivially easy to have a dozen backups on hand, one of which for example using a 12-character alphanumeric code or something instead of the present numbers. And then the old IoT that became a vulnerability could be cut out if the attacks were too regular or something. Or maybe there's a better way ..

Egress filtering would do a world of good. There's no reason that traffic that isn't yours should leave your network.

'Pro tip, if you think some big problem is easily solvable by something you just thought of'

Amateur tip - read what is written. I was talking about bypassing DNS server requests entirely when DNS fails, through using a cached IP number, and doing it at the browser level (a long, long time ago, there were tools to do this for your history, but at the time resolving an IP number was considered unneeded additional overhead when dealing with those super speedy 9600 baud modems at home). Your example is talking about the DNS system - which is completely unnecessary when using xxx.xxx.xxx.xxx for addressing. Of course this is not 'easy,' particularly when so many addresses can be considered dynamic, not static.

Another amateur tip - maybe consider if the person you are writing to can remember the age of the Internet before DNS existed at all. DNS is 'overhead' added to make the Internet more usable for people, a very laudable goal. It also still functions by translating the name into xxx.xxx.xxx.xxx in the end.

However, if it helps you, I left out any mention of routing tables - here is a recent example of that problem which is not possible to get around through simply saving an IP number in a browser - http://www.theregister.co.uk/2016/06/20/telia_engineer_blamed_massive_net_outage/

"Any device that can be totally hacked can spoof its IP address and device type, so you can’t filter out a competent attack. "

Incorrect. Krebs notes in a previous post that network operators can implement BCP38, a network standard that prevents IP spoofed traffic from leaving your network:

https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/

"As I noted in a November 2015 story, The Lingering Mess from Default Insecurity, one basic step that many ISPs can but are not taking to blunt these attacks involves a network security standard that was developed and released more than a dozen years ago. Known as BCP38, its use prevents insecure resources on an ISPs network (hacked servers, computers, routers, DVRs, etc.) from being leveraged in such powerful denial-of-service attacks.

Using a technique called traffic amplification and reflection, the attacker can reflect his traffic from one or more third-party machines toward the intended target. In this type of assault, the attacker sends a message to a third party, while spoofing the Internet address of the victim. When the third party replies to the message, the reply is sent to the victim — and the reply is much larger than the original message, thereby amplifying the size of the attack.

BCP38 is designed to filter such spoofed traffic, so that it never even traverses the network of an ISP that’s adopted the anti-spoofing measures. However, there are non-trivial economic reasons that many ISPs fail to adopt this best practice. This blog post from the Internet Society does a good job of explaining why many ISPs ultimately decide not to implement BCP38."

That article explains why it won't happen. To be effective, every ISP would have to adopt BCP38. If it's only 90%, you'll still have millions of compromised devices out there ready to launch massive DDOS attacks.

I really should have responded to Doug, who made a much stronger, wrong claim that IP spoofing is an unsolvable problem. The article explains why it hasent happened yet, not why it wont ever happen. The point here is that this isnt the end of the Internet as we know it. There are ways we can deal with this sort of thing and we will as soon as the problem gets prevalent enough.

The nameserver software used by these DNS sites is old, buggy and in need of a reworking. ESR is working on a rewrite, has been for the last bit, removing all the attack vectors. These things are complicated and slow, and the uptake for a reworked piece of software in a hot system is necessarily slow and methodical.

Is there evidence that it was routers or thermostats doing the dastardly work, or simply a very large number of hacked windows machines? Microsoft has been pushing Windows 10 for a good reason; their installed base of older OS' are terrible and essentially open doors to takeover.

What are the vulnerabilities in the other ones if you follow all standard online security protocol? What's better about Windows 10 in these regards?

#4 is big as in Big Bang big. I have BS in Physics - Astronomy from Vanderbilt and most of the last 20 years in cosmology is predicated on this work which predicts, until now, 76% of mass in universe.

Before eternal september, if you had a problem on your network you'd be cut off and would have to call your upstream when the problem was fixed to get turned back on.

That's going to have to be the way this goes. ISPs will have to cut off end users with hacked devices on their network, ISPs that refuse to cut off their misbehaving downstreams so will have to be cut off from their upstreams and/or peers.

Then incentives will be aligned and end users will want secure devices instead of not caring (as is the situation now).

Yep. This will raise costs but that's expected and justified there's a price for robustness and legit value there.

#5

Don't know if anyone here listens to the (fantastic) podcast Talking Machines. Forget which, but one of the episodes had an interview with a Bayesian statistician that worked with cosmologists. Frankly some of the statistical shortcuts that cosmologists take is just astounding. I really wouldn't be surprised to learn that even supposedly gold-standard 5-sigma results get overturned because of basic modeling assumption errors.

We think that the replication crisis just effects the social sciences. Could we be wrong?

This geologist says it is going on in the natural sciences and chemistry, so why not everything else?

The combo of astronomy and cosmology needs a handy portmanteau term. I propose 'astrology'.

My crystal ball says you are onto something.

Well there is something to Cosmology that is tangible and appears real and that is the theoretical basis of the apparent abundance of the elements and their distribution in the cosmos. Assuming a steady state we don't have an explanation for the abundances of the elements, but assuming a big bang of some sort we sure seem to.

That underlies such basic things as the distribution of elements in our own planet and solar system. I have no idea about most cosmology but I sort of have to accept it as true because things like geochemistry are fundamentally messed up if the cosmologists are really wrong on the big stuff.

The latest crew will get a Nobel for overturning a previous Nobel in Astronomy?

This is the weak point in the theory (Boyle's Law): 'So it is quite possible that we are being misled and that the apparent manifestation of dark energy is a consequence of analysing the data in an oversimplified theoretical model - one that was in fact constructed in the 1930s, long before there was any real data. A more sophisticated theoretical framework accounting for the observation that the universe is not exactly homogeneous and that its matter content may not behave as an ideal gas - two key assumptions of standard cosmology' Read more at: http://phys.org/news/2016-10-universe-rateor.html#jCp

The problem is that there is lots of data, the vast majority of it noise, and there is a desire to come to a conclusion.

The upside is that no one makes public policy based on what these guys say. Does Hillary have an Expanding Universe position? Come to think of it, probably, but it won't mean anything.

Some Social Science twerp that massages the data to extract something that tickles the priors of intrusive politicians is far more dangerous. A good summary execution from time to time would be salutary.

The NatureIndex I often quoted explicitly down-weighted astronomy and astrophysics papers.

http://www.natureindex.com/faq#methodology5

"""When ordering by WFC, the exception are the articles from specialist astronomy and astrophysics journals which are down weighted (see Section 3.4)."""

How big is the discount factor?

"""The weighting is achieved by multiplying the fractional count from these astronomy and astrophysics journals by a factor of 0.2."""

#5 I'm a psychologist. I don't call 3-sigma evidence flimsy :D

Re: #5, an expanding universe

Tyler, what percentage of all knowledge would you say humanity as a whole currently possesses? It would seem to be infinitesimal.

I have tried to get that question answered in these comment sections once or twice, because people who comment here are often very well informed. Not much success. One time, an enthusiastic but un-amicable commenter told me I was the "worst" (the way I posed the question had theological implications and people who are afraid of theology are quick to internet anger); another time, in the context of a thread on evolution, a question regarding what percentage of sophisticated evolutionary mechanisms we thoroughly understand went thoroughly unanswered.................
You asked Tyler and you did not ask me, but the collective information understood by all of humanity is clearly sufficient (in science) to understand most of the very basic and repeatably provable questions that are subject to limited mechanical input (right now, protein folding - maybe, in rank of difficulty, the 7 or 8 thousandth most difficult but common repeatedly provable question in the natural sciences, is at the borderline of what I mean) , sufficient (in the field of history) to classify a few thousand historical personages - probably no more than that - as having succeeded or failed at courage or empathy or at other basic human tasks, sufficient (in the arts) to identify a very good novel or a very well built church or a good way of cooking food, and to identify why so many novels and churches and ways of cooking food are inadequate...... Possibly there are specialists who are more sure than they can explain of cosmological questions viewed through the lens of statistics, properly deployed. Possibly there are mathematicians who understand, after years of effort, not only the scope of what they know but can focus through that scope on the extent of the unknown............
I know one very small field of intellectual interest very very well; it took me 20 or 30 years of focused effort to reach that level of understanding; and, even assuming, as is likely, that there are people in other fields who are exponentially more talented in their field than I am in the small field I have chosen, it is likely, based on how little I know (about the admittedly limited subject that I know more about than all but two or three out of a billion people) that the "percentage of all knowledge that humanity as a whole currently possesses" - measured simply by understanding of common phenomena (not, of course, by specific knowledge of things that have or might have happened, much less things that are happening or might happen in the future) is much much closer to zero than to fifty percent. (If I am typical, it is much much closer to zero than to 7.07106781 percent, rather than merely much much closer to zero than to 50 percent - I am not a physicist, but Lev Landau's rating of physicists on an exponential scale - an Einstein being a .5, say, a Feynman a .8, a Landau a 1.5 .... explains why I chose that number, for purposes of simplifying my explanation).

Maybe the more we learn the more we realize that we know less than we thought, as if increasing knowledge is like rowing or sailing a boat into ever greater waters (this is the prediction of Popper for all future generations, no matter how many future generations there are, although he was of course raised in a Calvinist part of the world); maybe the more accurate view is that of the theologians who propose that angels can comprehend within a reasonable period of time, to the extent they choose, and with immediate rationality, all material questions subject to time - which, ipso facto, means everything material : from that point of view, the only "difficult to understand" questions only start after (I am going to personalize one or two intellectual puzzles here) the whole crew of prime number mysteries and the almost constantly-on-the-road (like the Cowsills or Don Rickles or Dylan!) family of cosmological profundities (including the likable cousins the 'local big bang' Question and the 'less than local limit of the cosmic horizon' Question, and also including the traveling salesmen like the 'dark matter' Question and the 'why is there something instead of nothing Question', who are equally cousins) --- and all that ilk --- have been served their last nightcap, last call has come and gone, and they all have slowly and happily walked upstairs and are gently sleeping in their hotel rooms with remarkably empathetic pictures on the wall from Hamlet (Ophelia in her happy days before) and the Rosalindiade. And those of us still awake begin to talk some more about what is important.

OK. God understands us: "The sun shall no more be thy light by day; neither of brightness shall the moon give light unto thee: but the Lord shall be unto thee an everlasting light, and God thy Glory." and then there is this:"Thy people also shall all be righteous:they shall inherit the land for ever, the branch of my planting, the work of my hands ... I will hasten it in time." (Isaiah Chapter 60). (translator notes: the word for sun used here is an archaic word, as if one said "Jolly old Sol" in English, and "hasten it in time" is likely accurate as to hasten, and as to it, and as to time, but the word "in" may not reflect the original Hebrew. Reading the Bible one needs to recognize that it may be better written than we think. Mark Twain was a genius but if you are reading the Bible the way he read it you are reading it wrong, no offense intended).

#2: had the Republicans nominated Condoleeza Rice, they would have won this election easily.

They would have won with several of the candidates who did stand for office, but I agree that Condi is an excellent choice (and there is nothing wrong with nominating a minority to try to expand their appeal).

Uh.... how can you nominate someone who did not run in the primary?

Maybe.

The national media is very, very liberal. Like any liberal they revel in destruction, in particular the destruction of any opposition to their poorly conceived ideas. Further they are strongly motivated by their fear of social media backlash if they don't devote their full efforts to that destruction. The net of this is that it is possible that there is no possible candidate for the non-left to put forward. Heck, Hillary almost lost to a socialist.

Even as benign of a candidate as Mitt Romney was skewered by the liberal media, Romney! I shudder to think what they would have done to Rubio, who was my personal favorite, Bush, or Cruz.

Trump was and is an outstanding candidate but media hates him and they take their marching orders directly from the Obama White House. If not for the media making up lies and fake stories about Trump - such as the heavily edited Access Hollywood video, it would have been a Trump landslide. I still think he's going to win it though by a comfortable enough margin - if we watch the polls to prevent too much voter fraud.

Good one!

I'll bet you $100 he doesn't win.

Hey thanks for the laugh. I got a good chortle out of 'heavily edited Access Hollywood video'. Keep up the good work sir!

Would Condi in the White House (or Yeb, or Christie, or Kasich, or...) really have been a victory, though?

I think you are trying to say that placing another make-no-waves Republican in the White-House would have been no victory. Indeed the Republican primaries offered many better choices. But

(a) Any one of Yeb, or Christie, or Kasich would have been better than Hillary or Trump.

(b) Condi is cleverer than all of them. Intelligence in not my favourite trait in a stateman, but all else being equal, I will take it.

What is the evidence that Condi is all that clever at all?

She would have been a better choice, and probably a better fit, for the Democrats.

I dunno. Maybe the PhD from the University of Denver (with Madeleine Albright's father as her dissertation adviser). The faculties notorious for being cesspits of patronage would be teacher training, law, social work, and certain subfractions of the arts and sciences faculty (victimology programs, sociology, and literature). Dr. Rice learned Russian and made herself an areal specialist in Soviet politics. Josef Korbel was a Czech-born Jew nearly 60 years of age 'ere anyone had ever heard of 'affirmative action', not promising material for the ranks of this country's virtue-signaling poseurs.

The comparative advantage of their SCOTUS appointments alone would have made for a victory.

That any other candidate would have avoided nuking the GOP's Senate majority would have also meant unified Government under GOP leadership.

Gary Johnson is really disappointing. Munger probably would have been a better candidate. That would have been fun. His blog has been rather quiet lately...

He's not even running for governor in NC this year.

6. Everybody knows that the real Nobel Prize is not the medal they give you but the right to say you won the Nobel Prize, and that can't be bought or sold. Also, the million bucks wasn't for sale (as far as I know).

We would have lots of Nobel Prizes of our own if the Nobel committees were not soulless minions of orthodoxy, purveyors of a radical anti-Brazilian stance.

Your great writer Borges won a Nobel, didn't he? So quit yer grousing ;-)

No, he didn't win -- the savage Argentinians were robbed-- and he wasn't Brazilian. Buenos Aires is not Brazil's capital either.
Brazilian Jorge Amado was undermined by the Swedish Communists. Drummond refused to be considered for the prize -- but the Committee had the power to consider him anyway, yet it refused. Meireles and Ramos, both, deserved the Literature Mobel, too. Physics, like Lattes, Schenberg (he probably didn't get the prize because he was a Jewish Communist) and Leite, Doctors, like Cruz and Vital Brazil, sjould have be given the prize instead of nobodies like Dario Foand Egas Moniz. Braga, from my native state, was much better a writer than, say, Knut Ramsun. Robdon should have got the 1956 Nobel Prize.

What is Brazil? Everything.
What has it been hitherto in the international order? Nothing.
What does it desire to be? To become something...
I say, "Nun, Volk, steh auf und Sturm brich los!"

Borges didn't win and Dylan did.... Everything is upside down.

Well...

And don't speak too soon
For the wheel's still in spin
And there's no tellin' who
That it's namin'
For the loser now
Will be later to win
For the times they are a-changin'.

Yes, I knew these things, I just wanted to get your goat. (NB: not literally.)

Thanks for posting an interesting reply. I will look up some of the names you mention. For what it is worth, I found Hamsun to be very good. Fo was a strange choice, but not as outrageous as the Austrian feminist no one has heard of.

The selection of Bob Dylan is ridiculous. He is a fine songwriter but there are many more worthy "creators", such as Tom Stoppard, to name one. (Who is next? Billy Joel?)

If Ramsun or Benavente were Brazilians and had to compete with Brazilian writers to be noted, they would have never been heard of. And who still reads Gabriel Mistral or Verner von Heidenstam (the later got the prize only for flattering Swedish jingoism )? Ah, make no mistake, we, Brazilians, are the most persecuted people that has ever existed!

Correction: Hamsun.

1) Life lesson #1: only criminals and D-bags wear Yankee hats outside of New York City. And sometimes even inside.

@#1 - I thought the biggest news in the DJ story was they don't play Top 40. I wonder why...

Tourists and students from Asia do too, I have noticed.

Yes, "NY" logo is very popular in Asia. In Southeast Asia, without any irony, so are T-shirts lauding Hitler. So are T-shirts with very long messages relating to what a school did, such as "School XYZ chess tournament on date so-and-so at ABC location"

And Yankees fans

#2) So the gender gap is explained by black women voting in high numbers and monolithically for Obama? What, black men don't vote? Don't vote for Democrats? Is it a felon thing?

It is just ever so coincidentally a felon thing, there is clearly no intent to deprive anyone specific of the right to vote.

Just ask North Carolina - after all, the state still maintains it is just coincidence that all the legislative measures involving changing/restricting various forms of access to the voting process this election cycle unduly affected a certain block of surprisingly easy to identify voters. Shame about how the NC legislature forgot that how they restricted voting in specific ways was a matter of documented public record - still a coincidence, though, undoubtedly just a coincidence, you know, one of those things.

Don't worry, the Republican Party will create a "post mortem" document which describes how to reach these, and other, minorities.

The gender gap is actually largest for Whites, this year it is about 20%,

I wonder if a new way of measuring "gender gap" would be helpful. How about ratio of likelihood to vote for the non-preferred party.

Say 96% of black women plan to vote D, but only 92% of black men plan to vote D. Using the standard method, that would be a 4% gender gap. But black men are actually *twice* as likely to vote R than black women.

Now say 55% of white women plan to vote R and 65% of men plan to vote R. That's a 10% gap using the traditional method, but white women are actually only 1.29x as likely to vote D as are white men.

#4: let's go back to 2003........ W32.Blaster made those days remarkable for Windows users. https://www.symantec.com/security_response/writeup.jsp?docid=2003-081113-0229-99&tabid=2 Microsoft reacted and create a patch named the Internet Connection Firewall and today is known as the Windows Firewall. What hapenned yesterday is very similar to what happened to computers back on 2003.

The problem here is that the IoT uses very low-level control programs, a patch similar to Windows Firewall can't be distributed and installed. The IoT is composed by application specific devices that lack the flexibility to make improvements. Perhaps the "general-purpose" attribute of PCs is underrated.

I have not looked at this at all, but I presume that the IoT DVRs do accept patches over the internet, and that was how the malware was introduced. The question now wouild be whether the manufacture can re-assert control, or even the owner, if the admin password has been changed to the hacker's value.

The issue is default passwords that can be changed by the device owner. In 99% of cases they don't care, because a device that is part of a DDoS still works. There is nothing third parties can do to the devices one they are out there without risking trouble: If all passwords are changed to the same new password, it's still broken. If the password is changed by the manufacturer to something random, congratulations, now the owner of the device can't use their own device!

While one could theoretically build easy to patch, relatively secure IoT devices, they will be more expensive without any advantage to the purchaser or the manufacturer. Also, who is going to dedicate the engineering time to keep the system up to date? Your typical device will be in the market 6 months or so. How many more years are manufacturers going to do security updates?

Blaster was different: Any network admin with a Blaster infection had to care. Microsoft had to care, because not only were they the ones getting attacked, but people were affected themselves, so the bad publicity would hit them. The incentives were there for a fix.

While the last few IoT attacks have been single manufacturer, this will change. For instance, when someoene looks for badly defended Linux servers, they don't look for a single vulnerability: They try a big package of them, trying to guess what is behind them. As more IoT attacks are found, the networks will grow larger and more diverse, and it'll be hard to blame anyone individually.

It's a simple issue of misaligned incentives in a massive scale. I suspect that we won't see improvements at all barring either governments, or a government-like association of people owning a big percentage of the internet infrastructure, uses their power to realign incentives. And given how hard it to ask paying customers to use a modern TLS cypher on their API calls, It's going to have to be a group with a whole lot of muscle.

See my post above. When your internet connection is cut off then you'll care that your device is hacked.

It's fairly common for the ISP to own the device that sits between the home network and the WAN link (usually called a router). If not than it is something like linksys or netgear or whatever.

Unfortunately mot of these devices have crap software, some are even attack vectors themselves, but they can be patched and generally have enough processing power to do at least some DPI. Also, unlike the ISP side of the WAN connection it has access to device MACs.

#5. I have to question why such a paper was published in Nature Scientific Reports which is not known for particularly robust review process, but then I don't really follow cosmology at all.

As someone who has published in Scientific Reports, I strongly agree. The review process is weak, and for a paper purporting to upturn such an important finding, the journal is a huge red flag.

#3 I have no idea what practical implications this may have if correct. Can anyone spell those out?

#7 I don't think it would be wise to use these chemical bike locks in the United States. The criminal would sue you and get much more than the bike.

In the USA, you shoot to kill. Dead men can't sue or testify against you in court.

#2 was interesting. Black women are among the most beleaguered Americans. Good for them.

They have somewhat lower incomes than the rest of the population (maybe 1/3, or similar to 1985 levels of real income). Their life expectancy at 78 is just a shade below the national mean and higher than that for white men. The employment to population ratio for black women is actually slightly higher than it is for white women (though the unemployment rate is higher too). They're not exceptionally fecund (they produce 2.1 children per lifetime, just the replacement rate, about 15% higher than the white rate). They're less likely to have a husband in residence with their children than are other women, but they didn't get to the point they are in their domestic life without providing some of their own locomotion. The one way in which their situation is quite different than that of others is the degree of security in their neighborhood and in local schools. The irony is that these politicians they're helping put in office generally do nothing sensible about that.

What will be interesting to see is whether enough black women can break out of the stranglehold the Democratic Party has on them and vote for Trump, who is the only candidate that has connected with a black church and talked about improving job opportunities for black youth, the only candidate to talk about charter schools and improving educational opportunties for disadvantaged kids, the only candidate to talk about making cities safer, etc. -- all issues that should resound with black women.

About 70% of black women are single. Single women are more likely to look to government to help take care of them when there's no man around. Add race to the mix and it's hardly surprising that they vote for the party of the nanny state by such a wide margin.

#4 This attack was an inconvenience, but from it we learned that access to multiple major sites can be brought down at least temporarily if critical infrastructure is targeted.

We also know from the author that the same type of attack was directed at his site a few weeks earlier (several of us directed Tyler to that story in comments a few weeks back), bringing it down for about a day. The magnitude of data directed to the site in that attack was huge but didn't have the same wide ranging effects as yesterday.

The attacks are apparently done using malware to which tens of millions of IoT devices are vulnerable. If enough of them are harnessed, they'll be capable of directing unfathomable amounts of data at a chosen target or targets.

So for fun I'll engage in some wild speculation. Suppose these were cyber weapon tests. Both were successful. We don't know the full magnitude of the damage that this weapon could inflict, but we have to consider the possibility that with savvy target selection and enough captive devices, it could disable substantial web services for a material period of time, let's say a full day or more.

Now let's suppose you control this cyber weapon, and you have an interest in the outcome of the U.S. Presidential election. You plan the most disruptive attack that you can conceive of, and you launch it at 6:00 am east coast time, Monday, November 7. America wakes up to find the web is effectively offline, and it stays that way through the day and into the next day, election day. Access to all the services people take for granted is impaired - Facebook, Amazon, YouTube, news sites. So the evening before election day finds the U.S.A. sitting at home, off-line, digesting the new reality that it has been brought to its knees by a real-life, Bond-style supervillain, for which it was completely unprepared and for which it has no simple answer.

What is the outcome of the election?

#7 I would expect a good market in counterfeit SkunkLock stickers to put on your ordinary lock.

Comments for this post are closed