Man who took photos of a $6.94 Walmart action figure gets banned from Facebook.
The DMCA and how companies respond to DMCA infringement notices have created some very absurd but true stories.
NASA
I'd rather be in outer space đ¸
todays bird
Three Goblin Art
will byers stan first human second
PUT YOUR BEARD IN MY MOUTH
đŞź

Love Begins

#extradirty

ellievsbear
noise dept.
2025 on Tumblr: Trends That Defined the Year
macklin celebrini has autism

romaâ

oozey mess

No title available
Peter Solarz
let's talk about Bridgerton tea, my ask is open
taylor price

No title available
seen from Poland

seen from United States
seen from United States

seen from United States
seen from United States
seen from United States

seen from United States
seen from United States
seen from United States
seen from United States
seen from United States
seen from TĂźrkiye
seen from United States

seen from United States
seen from United States
seen from United States
seen from Canada

seen from United States

seen from Malaysia
seen from Poland
@barelyopinionated
Man who took photos of a $6.94 Walmart action figure gets banned from Facebook.
The DMCA and how companies respond to DMCA infringement notices have created some very absurd but true stories.
There are data breaches and then there are...
http://arstechnica.com/security/2015/11/when-children-are-breached-inside-the-massive-vtech-hack/
I agree with the sentiment that the internet and supporting technologies can play an important role in helping to meet the host of development goals for 2030 or any reasonable date really. Â But I think there are two main issues with how this will unfold: how the infrastructure is provided to these counties and how it is used. Therefore, the internet/computing technology are not going to magically solve everything.
An improper foundation for these technologies is likely to do more harm than good. So care needs to be taken with how this infrastructure is rolled out. Â A year and a half ago, a friend of mine briefly became âinternet [in]famousâ with her blog post âthe-problem-with-little-white-girls-and-boysâ. In it, she talks about her experience volunteering in 3rd world countries in high school. Looking back on her experience, she felt she caused more harm than good. In particular, her group would work on laying bricks for a building, but they had no construction experience. As a result, the locals would tear down their work every night and re-build it over night with the proper foundation. This would happen every day. Her take away wasnât that volunteering is bad, but that the system of throwing volunteers at a problem they canât solve is. Â
Facebook has been offering to provide the âlast mileâ infrastructure for âfreeâ â but as weâve seen in class this is hardly âfreeâ since it was to promote their own company. Which is why I think its important that the one of our readings talked about a need for âlocal ICTs.â Even if its an international company, they should have ties to the local community. Â I think its important that if the implementation is going to rely on developing the infrastructure for this technology, then the local citizens need to be prepared to handle the technology. Other countries should not have a dominating say; otherwise, that seems to work against the SDGs. From our previous readings, we know that Africa as a whole is not currently equipped with a strong internet structure. In fact, Africaâs internet is routed through Europe. So if making use of computing technology is going to improve the lives of these countries, there is a lot of work left to be done to provide them with a solid infrastructure that doesnât leave them unnecessarily dependent on others. However, even the United States has yet to create a perfect internet backbone â there are rural areas in the US where the âinternetâ is almost a myth and âhigh speedâ internet is just a dream. And where will the funding for this come from? Will you really be able to get time and money from people without the expectation that they will get some benefit of their own?
Then there is how this new infrastructure is used. Our healthcare infrastructure still hasnât adapted to technology â healthcare.gov was a disaster at the start and electronic medical records arenât common place. So how do we look to give this technology to other countries when we still have so many flaws in our own adaption of it? Additionally, there are a lot of information policy questions which are unanswered [no matter which country you look at]. Every topic weâve covered in this class is unsolved â and I donât see a solution forming in the immediate future. So I can see how computers can help reach development goals, but there are a lot of road blocks in the way.
I appreciate your post. Your story of your friend (Iâm still not sure why she was considered infamous on the internet by some) reminds me of a conversation I was having with a friend a few days ago. As an engineer he had gone on an aid trip to an isolated village in South America to build a water supply. He mentioned that they had to think really hard about their design because it had to be easy to repair - even if it broke more often than a âbetterâ design. Taking into account the needs, infrastructure, and ability of the workers is important and seems to sometimes get lost in the push to help others.
Also, youâre right, we havenât even got everything settled in the US (or with other technologically established countries). The relationship between healthcare and internet technologies is a mess last I remember. And you are correct that there are people in the US who barely have access to internet. (I seem to remember that we have a program for addressing that but the private organizations tasked with supplying internet to rural areas keep running into cost issues.)Â
Helping or Forcing...
Are Information and Communication Technologies (ICT) the catalyst necessary to bring the/ Sustainable Development Goals (SDG) to fruition by 2030. I believe that technologies like the mobile phone and other ICTs have definitely allowed for great progression throughout the world through the instant ability to communicate and share ideas. I think of when I was a younger lad, doing research involved going to the library, finding books, and digging through those books to find the answers to my questions. Today, with a quick Google search, I can get much more information than I got doing manual searches through books, in a fraction of the time. And now with ICTs like mobile devices, I do not even need to wait until I can get to a computer to do my research. If my phone is connected, I can do almost anything I can on my computer with my phone. The simplicity and ease of doing things made the advancements of ICT so appealing to those like me. The problem I see, and this view stems from the experiences I have had working in austere and less advanced countries like Afghanistan, is that there is a need to be motivated by the improvements and capabilities to truly want to adopt it to your everyday life. Whereas I love being able to do research on my phone, a family living in the mountains of Afghanistan holds value in being able to keep their family warm and looks at a computer as tinder or items that can keep their fire going. This is a bit off topic, but this also shows the brashness in believing that because a person doesnât have the technological capabilities you do, that they are somehow deprived and unhappy. Some of the happiest people I have ever met were people who didnât have a single computerized or electrical item to their name. Also, if you think about it, one of our main uses of these technologies is to connect to those we love: family or friends. But what if our family and friends lived in the same village and were a shouting distance away. Would we be as quick to spend a fortune on long distance connectivity devices? I digressâŚthe reason for bringing this up is that I just think we have to be very careful making policies that assume that because societies or communities are not technologically advanced, they are somehow in desperate need of connectivity. We have to be careful in giving the message that you can only survive in the world by conforming to todayâs technological standards. I understand that there are places that are struggling with healthcare issues or other issues that could greatly benefit from the connectivity and information provided by improving the telecom infrastructure and connectivity to the more modern world. I am not in anyway against these efforts, especially in some parts of Africa where there is an epidemic of HIV and the AIDs virus. I just think we need to be careful about identifying the line between helping and forcing.
All that said, I do think it is amazing to see the efforts being made by different organizations to assess the ICT capability of different parts of the world and the effort to find solutions for improvement. I find it fascinating to see the difference in approach with respect to the difference in the region of the world. I was glancing over the assessments done by the IDRC of the different regions of the world, and it was interesting to see how much the assessments between regions differed and where they saw the effort needed to be with respect to the needs of the region.
The last thing I want to touch on is these Technology Salons. I think those small group collaborations about specific topics covering the âintersection of technology and developmentâ is a novel idea. I am amazed at how I had never heard of these and I lived and worked in the DC area. I think that ideas like this, where the government (assuming this is a federal program) invites people who are well studied on a specific topic to come and discuss contemporary issues in the field. I do not know what the effectiveness of these meetings were to the State Department, but I am eager to find out. It seems like the articles in the link were from 2012, but I visit the site and they are still having these meetings quite frequently. I did not take the time to look into if this exist or not, but if these Tech Salons posted wrap-ups of their meetings so those who didnât attend could get an idea of what was discussed, that would be great as well.
Hi!Â
I just think we need to be careful about identifying the line between helping and forcing.Â
This statement stood out to me in your post (probably because itâs part of your title). I think that it is very important to find this line. I think it becomes extremely difficult because we canât imagine life without our technology and also because, in my opinion, we often see ourselves as the cool kids on the block and assume others want to be like us.Â
I sometimes wonder what the world would be like if our culture had adopted a different view of technology. One such scenario is âwhat if we used it to live closer to the people we care about?â This is opposed to some of the ways technology allows us to be very far from the people important to us and still be a part of their lives - except itâs not the same as living near those people even when Iâve pretended it is. I donât think thatâs an inevitable future for technological nations and I definitely donât want to push that on others.
At the same time, there *is* a lot of good ICTs can do. It can disseminate information quickly. It can keep you in touch with a loved one even when they have to be far away. They can be used to coordinate health care and many more things. Figuring out how to partner with groups in other countries and come up with solutions to known needs is important and there has been a lot of work in that area, which is cool.
ICTs Donât Automatically Solve Everything...
I read The Internet and Development Goals presentation and found I disliked it a lot. Normally I readily support initiatives to improve the lives of others and create a sustainable world. But the means the presentation proposed, I found frustrating. The presentation was unclear about who will be the driving force of ICTs. The current environment in developed countries is where private companies make money off mobile applications through data harvesting. Accelerating the development of other countries through technology seems exploitative (In my opinion, our current system is too). People don't know the value of their data right now. Pushing mobile tech onto people who may not even understand what data is being collected from these devices, which are almost touted as a panacea, is wrong. Moreover, we haven't even figured out adequate security for our own systems. Building up government services almost entirely on these insecure systems seems like it could backfire very easily.
I don't want to ignore the fact that the Sustainable Development Goals are in some form all needed and in some cases people are dying for lack of their implementation. I don't think that tying people into a potentially (probably) exploitative or vulnerable system is an appropriate solution.
This page describes how the IDRC group has the goal of avoiding "technological colonialism" by developing local skills. Â (It's also rather ironic that the website isn't mobile friendly.)
I think a very important part of advancing development through technology in the developing world is developing mobile and information technology in a grass roots style. I'm personally very fond of the open source movement so I vote for that system. One downside is that it essentially involves people who already know good systems design (or people who are learning it) donating time to program/build technology. This doesn't pay as well as most jobs but has the potential to help a lot of people.
Using open source still doesn't fully address my concerns about moving the entire development of a nation onto easily hacked technology. Open source is potentially safer since anyone can review the code. The practice is that people don't always actually review the code. Security is hard.
Open source does address part of my concerns about technologically savvy people exploiting the less knowledgeable. Open source projects often end up being a community project (like Mozilla or the thousands of open source projects on github). It seems reasonable to assume that a community project would try to benefit the entire community. It is, however, still possible that a culture could get stratified in the same way that, in the US, the elderly don't adapt as well to technological change. The stratification could be more striking in a country where technological change is happening extraordinarily quickly.
These problems are all addressable to some degree but I'm not sure that ICTs can hold the weight of the expectations on them - at least the expectations a lot of the articles seemed to place on them. I do want to acknowledge that ICTs are incredibly useful and improving thousands of peoples' lives. That should continue and people in developing countries should have opportunities to contribute to the global conversation about technology. At the same time, I don't think we should push ICTs as a panacea and we should be more cautious about how we integrate services into the internet.Â
Social Physics or Social Engineering?
http://www.economist.com/news/leaders/21677198-technology-behind-bitcoin-could-transform-how-economy-works-trust-machine?fsrc=scn/tw/te/pe/ed/thetrustmachine
http://www.eoht.info/page/Social+physics
First, I like the pictures you chose. I appreciate your opposing view of Pentlandâs somewhat excessive optimism. I think he figured out a really cool way of describing how ideas spread and society forms. I think that itâs possible his success might have gone to his head. I hadnât connected his use of âIâ with the lack of describing other groupsâ experiments. the book does give the impression that Pentland has single-handedly (maybe with a few people on his team) moved this field forward. But youâre correct that this idea isnât new at all. One of my favorite series, Asimovâs Foundation Trilogy) deals with the idea of using equations to statistically predict peopleâs decisions.
There is a point where knowing how to completely change a groupâs output by tweaking a few variables is really impressive. If his theory is as powerful as he indicates, then it is a rather large step toward understanding society. The real question is how should his theory be used. Iâm not a fan of Platoâs Philosopher Kings from the Republic and I wouldnât approve of a few people essentially engineering society (assuming that his theory has that much power). There are many ways that knowing how to âhackâ oneâs networks to accomplish a goal is a good thing. When other people are engineering how a group or a city behaves, however, Iâm much more inclined to say it isnât so good.
E = mc^2, where m = idea, c = flow, and E = emergence...
This weekâs book, Social Physics: How Good Ideas SpreadâThe Lessons From A New Science by Alex Pentland, was very interesting. I may be way off but, I feel like this book, in a way, took a more focused look at the things that lead to emergence in a system of people (organizations, communities, cities, and nations). More specifically, he honed in on how idea flow or social interaction is the catalyst for innovation and change. Although not directly speaking on emergence, his research did conclude that the cumulative intellect of a group of people in a community, city, organization, extâŚhad less to do with the individual intellect of its members, and more to do with the way the members of said group interact. This was very resemblant to the concepts in the emergence reading we had several weeks ago.
It is funny because there were several instances where Dr. Pentland would, very eloquently, build up the research he did for many of the conclusions he drew in this book. My expectations were always that his research would result in some astronomically incredible conclusion that I would never have thought of, but it seemed as though much of the conclusions he drew up were common sense. I do not want to diminish his work in any way. I think this book was very revealing and interesting, but a lot of the conclusions drawn were what I expected them to be. For example, one of his major points in the book was that the people with a diverse social group were always the most innovative people. He mentioned that this was due to the fact that people with diverse social groups could look at a problem in a more holistic view and be open to many more ideas. Â This makes sense to me and would not strike me as a conclusion that shocks me.
That said, what was intriguing was type of person Dr. Pentland chose to contrast against the person with a diverse social network to prove his point: the âexpertâ. This point hit home for me because I have worked in an organization where new ideas were like the plague and people in said organization would put all their efforts in finding a way to make  known solutions to old problems fix new problems. I am blessed to have a very diverse work experience, and as an U.S. Army Officer, I also have to change jobs quite frequently. In my 12 years of service, I have had the honor of holding 7 different positions. My last job was one that brought me to a predominantly civilian organization. What this means is that, unlike my past jobs where personnel come and go frequently, my last job had people working for me that had been there for over 20 years doing the same thing. Kudos to my boss who understood my diverse background and saw putting me in the leadership position he did as an opportunity to bring innovative new ideas to the group and move them forward. That said, that job was easily the most difficult leadership challenge I had faced in my career. I have led a platoon of over 30 men into combat, I have commanded a company of over 200 men in combat, I have been the CIO-J6 of an organization of over 3000 personnel spread out all over the nation of Afghanistan, and none of these jobs were nearly as challenging to me as working to lead this group of nearly 20 civilian personnel and getting them to adopt new ideas. The biggest challenge was getting a group of entrenched personnel, who had done their jobs the same way for decades, to understand that they had to get with the times. As Dr. Pentland showed throughout his research, a groupâs ability to produce innovative ideas were based on the cumulative intellect of the group. His research showed that the groups whose leaders were âexpertsâ suffered from the fact that the leader is good at what he is good at and wants to fit solutions to what he/she knows. In my case, although I was assigned the leader of the group, the true leaders were the personnel who had been there for several years and had the influence over their peers. Every collaborative effort I made to have the group begin looking to new innovative ways to achieve our goals, were railroaded by the naysayers who did not want to learn new ways of doing things. I wish I could say that I found a way to motivate these naysayers to get on board, but I actually ended up having to remove them from our group. It was not until this happened that our organization began to flourish. Without the constant contradiction to what needed to be done, people in the group were open to the innovative ideas brought up in our collaborative sessions. This compounded by the tangible, positive results our organization was producing due to the adoption of several of these innovative ideas, help foster a cultural change in our organization. As a Soldier, it was hard for me to have to let go my team mates instead of making the effort to bring them into the fold, but I realized that with the time I had, something had to give.
Iâm going a bit long here, but the point of my story was to show how Dr. Pentlandâs concept of a having a diverse social network leads to great idea flow, and to show an example of how experts that tend to live in their comfort zones can suppress innovation. Great read!
Hey, I appreciate your example of leading a group and describing the group dynamics of experts who are also naysayers. I find it weird that âexpertsâ can also be some of the least creative people. After a little thinking, I realized that thereâs a term called pigeonholing which is when a person at a company is considered useful for only one function he or she is good at. This is somewhat similar to your description of âexpertsâ except it seems that âexpertsâ almost self-pigeonhole. In my experience, people tend to accomplish a task with the least amount of effort. Constantly searching for new information on a known topic is difficult. But hearing about new information from a friend is a lot easier.
The point is being open to new information and Iâm guessing that having a diverse social network is indicative of one being open to new information. I wonder if it ends up being a sort of feedback loop of being exposed to new ideas leads to a wider social network which leads to more new ideas. I can also imagine that would eventually get tiring. I figure Pentlandâs theory/equations take this into account. But ultimately I agree that what Pentland is describing seems to be common sense.
Social Physics is Weird
The Global War for Internet Governance
To start off this post, I thought Iâd share this link: http://carlyfiorina.org/
Before announcing her run for presidency, Carly Fiorina failed to register this domain name. A faster moving person did instead â and used it to send a message. Specifically, how many people she laid off during her tenure as HPâs CEO. I bring this up because it was the first thing I thought of when reading about domain name squatters. In this case, I found this âsquattingâ effective because months later I still remember scrolling past all those sad faces.
At first, I was thrown to see chapters dedicated to topics from our past weeks â mostly since the topics from the past weeks havenât really bleed into one another. However, in retrospect, this should have been completely expected since they are policy concerns about the internet and thus lend themselves to the topic of this week.
One of the things I liked about this book was that the author first frames the technical aspect of an issue, then the author outlines the policy implications. Itâs helpful to understand why things have become so complicated. At multiple points, the author mentions how the internet wasnât designed with all of these technical â let alone policy â issues in mind. For instance, security wasnât a concern. Initially, everyone connected to the internet was a trusted entity. Â Nor did the inventers predict the exponential growth weâve seen unfold. Its easy to see how weâve gotten this far into the development of the internet and still have technical and political issues.
One of the big things in this book is a point weâve echoed in class before â that there are both public and private actors in place. In fact, the private sector plays an important role in keeping the internet operational. However, the sets off its own issues â such as how to corporate interest impact the internet? One way we really feel the impact of private companies are those that have âthe role of private information intermediariesâ which is why I find it interesting that most of the companies that fit this bill will publish reports depicting the requests they get from various countries to take down content. I think itâs a move to build trust in the consumer base [since itâs our actions on their âfreeâ sites that help them make advertisement revenue]. But its also the private companies setting standards and thus impacting the internet from its core. Or even private ISPs providing that access to the every day person. So when we look to global internet governance and the formation of global policy we can falsely fail to include the impact of all these private actors.
Iâm also thankful the author took a chapter to look at policy issues related to the âcoreâ of the internet. The few internet issues that are being discussed naturally focus on the impacts the end users feel â i.e. net neutrality, privacy concerns. Itâs natural for most citizens to be concerned with whatâs happening at their direct connection to the internet because it feels like that would impact us the most. However, as a result, I did not know about the issues concerning the inter-connections and IXPs where there clearly in an imbalance.
However, in the end, while I walked away with more knowledge and background about all the topics in this book, Iâm left unsatisfied in the policy aspect.  I ended up with a stronger âglobal governance is overwhelmingâ feeling than when I started this book. First, nations have to work together â but so many nations have very different philosophies when it comes to various freedoms. The bookâs examples even show how âdemocraticâ countries still have varying opinions on how things should unfold in the policy spectrum. Additionally, countries currently in power of various internet resources donât want to surrender that for less power [naturally]. Then, there is the interplay of national/international policy and private corporations. There are just so many actors with differing opinions on every topic in hard to imagine a future with a strong international internet policy. But then I guess thatâs why this book is titled a âglobal warâ and not âglobal resolution.âÂ
I got the âglobal governance is overwhelmingâ feeling too! Actually, I suspect that is part of the point of this class. It is neat seeing what people are contributing to the conversation, though. Weâre producing solutions to the various problems piecemeal with varying quality. Like you said, a lot of the solutions are being implemented by private companies. And those solutions sometimes advance or discourage government goals. For instance Google isnât accessible in China. Google also seems to run into government policies a lot. I remember a few months ago, some European counties determined that Google would have to pay to include those countriesâ newspapers in their news aggregator.
Google just stopped aggregating those sites and people stopped visiting those news sites. Should news aggregators pay news sites for displaying those sitesâ news? What if the aggregator makes money off it? What if the net effect is that the news site sees more visitors? What if the current system makes it so itâs near impossible for news sites to get visitors without being aggregated? These questions become thorny. And Google isnât the only company whose agenda conflicts with other governmentsâ goals. In many ways other countries are dependent on US companies for some internet services.
Global Domination of Internet Policy
I found The Global War for Internet Governance to be very informative as to how the internet works and the different protocols that make it interoperable. The book also mentions how the internet was originally not interoperable, and consisted primarily or proprietary network protocols that required companies to purchase specific products to ensure interop within their network. This gave rise to the need to have a standard TCP/IP protocol that would allow all devices to communicate with one another. I mentioned in my previous week that currently we are on the IPv4 standard and this supports a 32 bit address space. The book mentions, like I did, that the rate at which the internet is expanding we will inevitably exhaust the 4 billion IP addresses we currently have. They also mention the slow adoption of IPv6 that was supposed to be completed several years back. With this foundation the book was able to go into more depth about the privacy and governing issues that the internet has spawned.
Being international it is hard to say who should âcontrolâ the internet. One could argue that the US should have this power due to its creation and vast explosion of use there. Would that then mean that other governments would be subject to the US policies about how the internet should operate? This is not the case though, countries maintain their own connections to the internet and maintain the availability within their own nation-states. This creates the issues as to when are governments able to cut off their citizensâ communication with the rest of the internet? Should governments be allowed to have such control? The book gives examples of San Franciscoâs BART blocking protestors cell service to avoid a riot. This gave rise to more outrage over the blocking of communication by a regulator. I personally believe that the internet and the interop that we receive through it are good things and that allowing companies the ability to block these communications is wrong. However, expanding it to the government is a little more complicated. I find myself torn between agreeing with it in the event of a national crisis, and being against it due to the possibility of privacy concerns.
It appeared to me as though each government had its own policies in place for the internet and that they self regulate themselves. In class many of us have advocated for a detailed information policy that would intern affect the internet as well and when we hear of cases like Egyptâs internet blackout we are outraged that that is even a possibility. Should we be careful in forcing our western views on foreign countries? Should the US and its private non-profit internet managing companies be able to create policies that all internet users should follow? I donât believe these are easy questions to answer and I donât have a definitive answer myself. I am eager to hear other views on the matter as I believe there will be a vast array of differences.
Iâm generally ok with government having more control over internet usage - planned outages in the case of riots, deep packet inspection for viruses, etc - as long as these controls are made according to the rule of law. Â Iâm always worried about executive branch overstepping boundaries without congressional or judicial approval.
That may seem like a trivial aspect, but I donât think it is. Â Once a judge agrees to a warrant for DPI, for instance, that agreement is part of the public record. Â Journalists can access the warrant request and let the public know.
Basically, my conceptual stance can be summed up as: Â if government is going to place constraints or surveillance on the free and open internet, let that constraint or surveillance be known as freely and openly as possible.
Over this course, Iâve become more open to the government having some role in determining internet usage. I think the main thing is that it would have to be very transparent. Someone mentioned in a previous post that it would seem reasonable for ISPâs to do DPI to add a little protection the network against intrusions and malware. Some ISPâs actually already do this to target advertising at us. I, however, donât think that there is a great argument for widespread DPI for monitoring citizens. It would seem reasonable for the government to target people with an appropriate warrant - which I think can happen anyways now. @jakethefakesnake, I think youâre correct that the system which the government uses to authorize and inspect data should be public.
@markmgray, I too wonder about how US internet policies should affect other countries (or vice versa). I donât think there is an easy answer. I think the technology we develop encourages certain systems. The current system is very free with connectivity but also prone to breaking. Should we encourage a system that is easy to control? What if it makes it easier to break? What if it makes it easier for our government to abuse? What if it makes it easier for other governments to abuse? One current debate that relates to this is encryption backdoors. (I think those are bad for multiple reasons but itâs an example of a current debate.)
On The Global War for Internet Governance:
This week's book by Laura DeNardis is a somewhat in depth view of many different aspects of how policy relates to the internet. There are multiple sections in the book, each of which describes a different aspect of the conflicts over who implements the rules on the internet. In this post, I am going to focus on the "Cybersecurity Governance" section because I think it is an interesting contrast to last week's book Cyber War.
The Global War for Internet Governance addresses many of the same issues as Cyber War but comes at it from a different perspective. This book doesn't make policy recommendations so much as describes the current structures in place for cybersecurity. It is very interesting how much changes in the two years since Cyber War was published. And the same amount has changed since The Global War for Internet Governance was published. The book talked extensively about how worms, viruses, and DDoS work. In essence, these form two groups: malicious access to a computer and disabling a computer through normal means. In my opinion, DDoS ties most closely with the current structure of the internet. Of course, normally in order to DDoS a server, one needs a botnet which has been created by a virus or worm. DDoS is one of the simpler yet very effective tools for attacking a person or organization. I think the main reason it's so effective is that it takes advantage of the current structure of the internet (TCP/IP, ICMP) to perform an allowed action but at the same time overwhelm the victim server. There is also something called DNS amplification  which, through IP spoofing, gets a legitimate DNS server to flood a target. The entire structure of the internet allows this to happen and it is difficult to stop. The only thing seems to be to respond as servers get flooded and as botnets are formed.
This book talks about Computer Emergency Response Teams (CERTs) which I hadn't heard about before, strangely enough. These seem to be an organized way to combat computer vulnerabilities. The current system of protecting computer systems is to install patches as quickly as possible and occasionally hope your antivirus software will work (sad fact: it doesn't work well against new viruses and worms). The CERTs seem to be a method of disseminating information quickly. Realizing that I keep learning new elements of cybersecurity policy is a little humbling because I get to see how monumental a problem it is. And I see how seemingly impossible it is to fix. We have an entire infrastructure of protocols and physical networks which are a patchwork of security. And it would be a major undertaking to fix the current systems. So we have to make do with what we have. And encryption is one of those methods. It's also one of the few systems where the defender has an overwhelming advantage against an attacker when implemented correctly. Tied up with encryption is identification. It doesn't matter whether or not you are using encryption unless you know that the person/server on the other line is who/what you're intending to talk to. This is the realm of Certificate Authorities. I agree with the author, the system is rather absurd. Essentially you have to assume that the CA is credible. If your computer's trust is misplaced, then a rogue or unscrupulous CA can sign certificates for other websites. There have been instances of CA creating fake certificates for sites such as Google. This allows anyone with that certificate to impersonate a Google website (often without the user knowing). The system is broken yet running. The problem is that changing the current system is difficult because so much depends on the way things are.
That is what I've taken away from the previous two books. The current system won't work for cybersecurity. The current system was designed for a mostly trusted environment and many of the protocols have difficulty adapting to untrusted environments. There are at least two problems in changing the system: 1. all the hardware and software is designed for the current system. 2. Any new protocols would have to be agreed on by many different organizations in different countries. The second part seems particularly impossible. Question: can you imagine a situation where the majority of the internet community would agree on one set of protocols and standards which are also secure? Is it ok to fragment the internet and develop a secure system in the US only and hope everyone else follows along?
The Art of War
Information and espionage have been an integral part of warfare right from the beginning of time - be it the Trojan Horse the Greeks used in the fall of Troy, or the courageous use of fake documents to rescue American hostages from war torn Tehran (as depicted in the Ben Affleck film Argo). If you know the enemy and know yourself, you need not fear the result of a hundred battles - this is perhaps the most famous quote from Sun Tzuâs ancient treatise on military strategy, âThe Art of Warâ. The fact that this was written over 2000 years ago and is still considered essential reading on military strategy gives me one clear message - even though our weapons and the scale at which we conduct war have changed, the basic ideas behind warfare essentially remain the same.
Information is the basis of warfare, and it has been so for millennia. Whichever side is successful in hiding more of its own information while at the same time acquiring accurate information about the enemyâs plans typically wins the war. This is what happened during World War 2 - the Nazis were winning the war until the Enigma cipher was finally broken at Bletchley Park, and the tide finally turned in favor of the allied forces.
I decided to write such a detailed introduction to the importance of knowledge in military strategy because on reading the introduction to âCyber War: The Next Threat to National Security and What to Do About Itâ, I got the sense that the authors wanted to impress upon their readers how much things have changed in terms of how war is waged, even since the days of the cold war. I disagree with this point of view - war is still about the control of information and resources.
While the authors bring out some interesting talking points, and definitely succeed in raising general awareness about the issue, the writing of the book is a bit too dramatic in my opinion. An event such as a cyber-9/11, something that brings death and desolation in its wake, seems a bit far-fetched. Our cyber systems have been in existence for a number of years now, and theyâre surely only getting better, as vulnerabilities keep getting discovered, and more secure software written. Is software perfect? Pick up any high profile security breach from the last 2 years, and youâll have the answer to that question. Itâs an emphatic no. But, are we aware of the danger? Yes. And, are we getting better at cyber security? I believe so.
To me, the essence of the discussion on cyber war is this - the core principles of war remain the same, but in todayâs world war is being waged on multiple, new battlefields. The key takeaway is that we need to be able to defend ourselves against threats in the cyberspace, while also being capable of mounting our own offensive on these new battlefields.
Hi!
I think you have good points. Information and espionage are still integral to cyber warfare. I think accessing information from your enemies without them knowing it is a powerful advantage. And it is definitely shown by the Allies breaking the Enigma cipher. That was incidentally helped by poor operational security on the part of the Nazis. They reduced the randomness in some of the messages.
One way that has changed from traditional warfare to cyber warfare is the amount of change that happens in some amount of time. It's like fighting a war when you may or may not be invisible, your enemies may or may not be visible, and the landscape keeps changing. Information is even more crucial but at the same time it is easier to acquire and also lose. For instance, recently the US Office of Personnel Management (OPM) was hacked and lost a bunch of data on people applying for clearances, containing a rather personal information on government employees. So, whichever nation state has it (probably China) can use that to their advantage. I'm assuming the US has done similar things which have not come to light. I think the ease of losing control of data and information makes cyber warfare different than traditional warfare. I could be wrong and I hope I am.
Also, I'm not convinced that the pace of patching security flaws is similar to that of finding security flaws. I think that there is a strong attacker's advantage. A lot of companies have plans and systems set up for when they get hacked and not if. I think working on that assumption can make a major difference in leveling the attackerâs and defenderâs advantages and this assumption seems to be more and more common.
You have great points and I really liked the connection with Sun Tzu. These are just my thoughts in response.
Hold My Orange Juice...Iâm About to Go to Fix Cyber
Every single book that I have read regarding Cybersecurity or Cyber Warfare always makes me feel like I would need depression medication. It is very easy to get lost in the magnitude of the concept or the domain that is Cyber Space. That said, Cyber is a very macro concept that entails a great deal of adjunct concepts that make it up. I believe that trying to look at the whole without truly understanding the pieces is a recipe for failure. Take the book Cyber Warfare: The Next Threat to National Security and What to do About It, written by Richard A. Clarke and Robert K. Knake. It is a great book that is well written. It does a good job of connecting with any audience reading, regardless of their expertise in Cyber. That said, it also quickly jumps from point to point because of the fact that there are so many points to cover. The way Mr. Clarke explains how the politicians in Washington were dealing with the issue of Cyber Warfare shows that the answer to this problem will not be a top down solution. Let me expound on this concept a bit more. One point that I think Mr. Clarke hit a home run with was the fact that we as a nation are far behind other nations when it comes to being able to defend the critical infrastructure of this nation. As Mr. Clarke mentioned several times in his book, the DoD has a system in place to ensure that the .mil domain is defended well. DHS has a system in place to ensure that the .gov domain can be defended under attack. But what about the .com, the .edu, the .net, and all the other dot somethings? Who is protecting those domains? Mr. Clarke also mentions the fact that many of our privately owned critical infrastructure, such as banking, gas, electric, etcâŚ, are all under these domains the government is not responsible for defending. Mr. Clarke is absolutely right that this is a big vulnerability that needs to be addressed. Mr. Clarke is also correct in the fact that there are several entities that want to see the DoD and the federal government do a better job at defending ALL U.S. domains from attacks from other nation-state Cyber actors. What Mr. Clarke does not get into very clearly is why the government is not taking on this responsibility. I believe that this reason falls in the hands of two major players: money and privacy. Let me start with money. Although big corporations can spend the money needed to thwart attacks from competitors, hacktivist, and other relatively smaller scaled Cyber adversarial actors, they cannot take on the resources of nation-state backed Cyber actors such as China, Iran, or Russia.  In this case, Mr. Clarke mentions that the private sector feels that because it is a nation-state sponsored threat, the DoD or the Feds should be dealing with it. The question is, who is going to pay to construct the infrastructure the government would need to take on such a task? Who is going to forgo a Google or Microsoft salary to work as a GS-9 Cyber Warrior for the government. Notice I said GS-9, which refers to a civilian government employee. The Military is currently going through drastic cuts, so where is the manpower for such a force needed to take on the task of protecting the US owned portion of the Internet? It is easy to pass the buck, but are these corporations willing to also PASS THE BUCKS?
Another issue lies with what it would take to actually defend even just the critical infrastructure of the U.S. When Snowden, the traitor, decided to leak classified information about NSA programs that involved massive bulk collection of telephonic metadata, the country went in an uproar about privacy and how the government was infringing on the privacy of all Americans. I understand that not all Americans had a qualm with the tactics of the NSA, but there was enough pressure to cause a drastic shift in strategy throughout the Intelligence Community. I am pretty sure a lot of you saw the congressional hearings where GEN Alexander was getting grilled by members of congress over the leaked information. If not click on the link. My point is, if NSA cannot bulk collect data for intelligence purposes, then what capability are we as a nation going to hand the DoD to defend domains that host critical infrastructure. The DoD is able to collect and defend the .mil and .gov domains because all systems connected to these networks are under a consent waiver that all users sign allowing the DoD entities the freedom to use all data going in and out of the aforementioned domains for defense and intelligence purposes. It would be infeasible to get everyone to sign off on allowing their systems to be monitored by the DoD or DHS. This is why I say that thinking about Cyber from a top level and trying to work down is not going to be efficient or effective. This is also why our current Cyber defense posture from a federal perspective is a reactionary one, where we have to wait for an incident to happen and wait for the organization the incident happened to to request help before the DoD can act (that is with respect to any non-.mil and .gov domains). As Mr. Clarke mentioned in the book, the capability to inspect traffic in real time along the backbones of the US is a reality. The question is, are we willing to allow the US government to have access to the data traveling across those wires in the name of defense. Mr. Clarke discusses many ways that we could eventually end up utilizing the traffic moving across the backbone for intelligence and defense purposes. I believe the real question is are the American people willing to give up some of their privacy in the name of Cyber defense of our nationâs critical infrastructure. Russia and China have very good Cyber defensive postures. They also have a government that controls their Internet and connectivity to the world. I am not saying that the only solution is for the feds to take control of anything. I am saying that we will not be able to even determine what our defensive posture will be until we address the issue of privacy. There is so much more I want to discuss, but I am well over my word limit so I will save it for discussion.
I liked your comment regarding how you believe money plays a role in the lack of appropriate cyber-defense measures in America. Â This is something I remember you bringing up when a group of us were discussing cybersecurity issues after class one day, and it makes a lot of sense that in some ways the government simply canât compete with the lucrative opportunities that are often available in the private sector.
Regarding your comments about policy, I think you made a good observation regarding the correlation that exists between a nationâs cyber-defense capabilities and its capacity for control with respect to its citizensâ online presence. Â This was one of the more thought-provoking components of this topic for me as I began to mull around the potential implications of performing government-mandated packet inspection on the backbone. Â As I wrote in my blog for this week, I found this proposal by the author convincing, but the potential for abuse does still frighten me, even if stringent transparency measures were enacted. Â This is partially why I liked the authorâs proposal for a separate Cyber Defense Administration. Â Now, of course, such an organization would still be âthe government,â and therefore would still foster many feelings of distrust by the general public that you bring up, but it seems to me like separating this power out so distinctly from other governmental functions might give greater opportunity for oversight and transparency.
Hey thanks for the response. It was great. I think the the thing the makes this so complex is that we are trying to accomplish a creation of a cyber defense force while also trying to create a regulating entity. Although, in the end, these two entities will need to work hand in hand, the development of these two entities needs to be done separately at first. Once we define optimal sets for both the cyber defense force and its regulating entity, separately, we can then look at how theyâre going to work together. In my opinion, without doing it this way the efforts of one will always counteract the efforts of the other and we will get nowhere fast. Thus we can look at the Department of Defense working to increase itâs cyber offensive and defensive capabilities completely separately then the creation of a cyber administration in the government. On top of this, this new administration in the government will need to be modeled completely differently than any other administration currently. The only way and adminstration of this manner will be able to work in a capitalistic society like that of the United States is if there is a lot of influence from the private sectors. I donât believe that our government needs to become the Chinese government, completely controlling or having complete oversight of the backbone. If you want this to work we will need the citizens of this country and the private organizations that provide our critical infrastructure to feel as though they are benefiting from a government organization like the proposed cyber administration.
I think that there is a solution that could work, but getting to that solution will be one of the hardest problems this country will ever solve. What do you think?
Hey,
I think you both bring up good points. I think it would take an extraordinary amount of money for the government to defend the entire US from computing infrastructure from state sponsored cyber attacks. I think that is an incredibly large area to cover. panamaluisito, you bring up a good point that the NSA already was able to do a mass meta-data collection. So in a limited sense, the US does have infrastructure which could act for defensive purposes. I hesitate to say that I think citizens should give up much privacy for the sake of cyber defense.
Both you and hunterk1516 talked about this. I wonder if it'd be possible to create an organization and system which could defend against cyber attacks while not limiting privacy. This may be a pipe dream. But I'd like to imagine there is an alternative to essentially controlling internet communication like in China and Russia (somehow I had never thought of the great firewall of China as a cyber defense system). At very least, I think any US cyber defense organization would have to be wholly separate from law enforcement except when reporting people/systems which are attacking other people/systems. I think one of the main reasons for the backlash against the NSA was people thought they were being secretly monitored for crimes. Any cyber defense would need to be trusted by the tech community - otherwise people will find a way around it. I guess that would mean a lot of transparency and probably participation of the tech community. It would be nice not to end up having China's system which doubles as limiting information. I guess I'm mostly concerned about giving the government a tool which could easily be secretly used to control information.
But I agree with you, panamaluisito, I think that this will be one of the most challenging problems the US will solve.
Thoughts on Cyber War
First off, this is how I feel whenever i write the word "Cyber" but I will use it because it's a common word for our group:
Whenever I read books like Cyber War, I think the world is going to end. It gives a window into how the generations before me felt during the Cold War. A major difference is that there is no warning before a cyber attack. Also large scale cyber attack hasn't happened and so people don't really know what it is like. The closest thing people have heard about is Stuxnet (which was a really cool system but also a reminder not to plug in random USB drives). Besides uncovered the rare state sponsored malware, DDoS attacks, and Information gathering malware, most people I know don't really grasp how bad and how quick a cyber attack could be.
Moreover, our infrastructure really is as bad as it has been described. I'm not sure how much of a push there is to fix the vulnerabilities in our communications and industrial controls systems right now. I am sure Stuxnet got people thinking and I'm hoping that somebody is still paying attention to that. Moreover, code is really hard to get perfectly right. You have to code not only for what you want to happen but anything that can happen. This is really difficult when you want complex functionality. The best code I've seen is a bunch of simple components which are easily verified but produce the complex functionality. The problem is that writing this code often seems more like art. I've written some embarrassingly bad code. And the scary thing is that commercial products have embarrassingly bad code in them. The result is that any program on your computer is a weakness.
"The only secure computer is one that's unplugged, locked in a safe, and buried 20 feet under the ground in a secret location... and I'm not even too sure about that one."
âDennis Hughes, FBI
I think Clarke and Knake's proposal to build a separate network for critical infrastructure and internal government services isn't a terrible idea. (I'm not so sure about having ISP's doing deep packet inspection for malware, though.) A separate network still isn't immune to attacks - especially since it'd have access points all over the country. It'd just be a little harder to siphon information away. Such a network *might* have helped with the recent OPM hacks.
Another problem is that nations and criminals aren't the only ones in business of cyber war. There are a number of companies that specialize in building malware and sell it to people who can afford it. This has little oversight and has been used in sketchy ways. Also, another commercial malware group, Hacking Team, was recently hacked and had everything dumped online. Some people dug through their now public emails and discovered that they had been dealing with repressive governments. And since their code base is freely accessible, it's not a strong assumption that their well developed code will make it into other malware, either developed by criminals, countries, researchers, or anyone with a computer and some knowhow. The sophistication of cyber attacks will keep increasing and I doubt that anyone's ability to defend is increasing at the same rate.
So yeah, it kinda freaks me out.
Interoperability
The amazing thing about this topic is how easy it is to relate most examples to our own lives. Â Just in the past week Iâve dealt with frustrations resulting from lack of interoperability between institutions (different schedules for McCombs and LBJ), between software (upgrading from Windows 7 to 10), and between legal systems (getting my Chinese Visa for studying in Shanghai this spring). Â It made reading the book a personally understandable and rewarding experience. Â And Iâm sure Iâm not the only one who was thinking of this classic the whole time reading the book:
 For me, I think the security and stability issues associated with interoperability are overblown.  I cast my lot pretty firmly with the âmore interoperability is usually betterâ crowd. Why?  Because it has already been strongly demonstrated that, at least in the realm of cyber networks, hackers can fairly easily jump between different networks whether or not they were designed to work together or not.  A computer science classmate of mine in another class, Vismay, told me about the first automatic translator for code.  That means that programs written in different software languages will soon be able to be translated to another language.  In normal speech, as we already learned in Big Data, self learning algorithms have workable instant translations for dozens of languages already, and theyâre working on hundreds.  So our world is rapidly getting more and more connected in most ways.  Itâs not a case of whether weâll make systems more interoperable, itâs how.
So why doesnât that bother me in terms of security and stability?  Because security problems exist whether or not systems are compatible.  Iâm jumping ahead a little bit here, but Richard Clarke describes some pretty serious doomsday scenarios in his book Cyberwar (that we read next week), and the interoperability between systems seems to be childâs play compared to the coordinated attacks possible in cyberwarfare.  Basically, anything connected to the internet in any way is vulnerable, no matter what.  Clarke says: âThe only way in which [cyber experts] were able to prevent their network from being pillaged was to disconnect the organization from the internetâŚIf you are connected to the Internet in any way, it seems, your data is already gone.â  Well guess what.  Most of our critical infrastructure is already connected to the internet, and Iâm not sure any more connections would make a difference.
I might seem to be exhibiting a case of what Alyssa called learned helplessness, where the problem is so complicated that I canât bring myself to care.
And sure, I do have a bit of that. Â But I also think that the more coordinated our systems are, the more we can actually defend from attacks. Â Our institutional systems are not unprotected because of their compatibility with other systems, they are unprotected because no one bothers to protect most of them. Â At least if we really start connecting our systems (like in the smart grid case or health care) there might be enough attention paid to the staggering dangers of security breaches that we at least start to prioritize security on a large scale.
E
I think you bring up a good point. 1. cyber-defense is at a major disadvantage to cyber-attacks. So, if you have anything relatively interesting connected to the internet, it probably has been accessed by someone else already. 2. companies need to build policies to respond when they get hacked and not just focus on building a wall. I think youâre correct that more connectedness will help this. I think it needs to be the right type of inter-connectedness, though. The more connections there are, the more complex the system. With increased complexity, it is more difficult to notice aberrant behavior associated with a cyber-attack.
Also, just because any system will eventually fall given enough time, it doesnât mean that thereâs nothing to do. One way is segmentation of networks or roles. This is an example of lowering connectedness for the sake of security. An attack targeting one network will take some time to get to another network (such as from payment processing to databases). This increases chances to notice and respond if a company has adequate monitoring systems.
We definitely need to pay attention to the dangers of security breaches. That definitely isnât happening enough. (I think part of it is there are no serious penalties to companies with poor security.)
P.S. And yes, that XKCD came to mind. Letâs see how well USB Type C turns out...
Interop: The Promise and Perils of Highly Interconnected Systems
Standardization is extremely important. When companies, entities, etc. can agree on a standard, the system itself expands as its network isnât bound by a conflict amongst pieces. However, as the book mentions, connectivity can be overwhelming. A lot of data flows through these systems and introduces vulnerabilities.
In other situations, having better connectivity can be efficient and useful. For example, I was able to go to the Consumer Electronic Show in January 2015 and saw huge systems, touting the Internet of Everything idea. Qualcomm, Intel, LG, and GE were all advertising their newest tech that involved connecting to your phone, your other appliances, etc. Loweâs had a huge display which was literally a house built inside the convention hall. They had a system that interconnected almost everything in the home. It was overwhelming, a bit reminiscent of Skynet, but still the innovation was exciting. However, Loweâs does not work with Qualcommâs, Intelâs does not work with LG, and so on. Therefore, while their own proprietary systems have a large amount of connectivity and interoperability amongst themselves, they do not have it amongst the different companies. It makes it a huge risk, therefore, to adopt one companyâs system when it may go out of business or doesnât get updated if a competitor is doing better in the market. However, if users were able to connect the different companyâs pieces, it wouldnât be such a risk.
I find the case studies to be quite interesting. They touch on various innovations that we take for granted and how standardization affected its development and adoption. How many amazing ideas were crafted and were subsequently dropped because they didnât tap into the benefits of interoperability? Then again, how many products felt forced into a standard to be adopted by consumers?
I find the idea of a smart home interesting. I donât think the level of connectivity with the internet that many smart devices have is good, though. It introduces a vulnerability to the house which didnât exist before... someone hacks into your system and turns off the heat while itâs freezing and youâre on vacation = bad news. But another problem is that if a company goes out of business or stops updating software, your smart-house could be left with security vulnerabilities.
Device companies already have a hard time keeping phones up to date. I canât imagine buying a new refrigerator every couple of years just to keep pace with emerging technology and so my fridge will work with my pantry, my smartphone, and my thermostat. I may be a little bit of a pessimist with the IoT movement. I do, however, want a standalone smart thermostat!
A Little on Interop in Modern Computing:
The book Interop by John Palfrey and Urs Gasser is a fascinating book. I will admit that a lot of my interest came from reading about technologies that were very popular three to five years ago and pretty much no longer exist. Reading about AIM, VHS, iPods supplied a healthy amount of nostalgia. It also shows how fast technology is moving. A book written less than 5 years ago (2012) is talking about technology and programs that are hardly used now and have been largely replaced by other technologies. That technologies and popular programs change so quickly yet still are interoperable is a very impressive feat. One of the fastest changing areas is in mobile computing. Also, this is an entertaining story on a software programmer's perspective on the AIM vs. MSN Messenger interop fight. It's sad this doesn't seem to happen more often now.
Interop in mobile technology has become an interesting battle. It seems we have 3 companies that are moving to high vertical interop for mobile devices: Apple, Google, and Microsoft. Apple is very vertically integrated and doesn't support other operating systems and devices very well compared to its own products. Google started off very horizontally interoperable but seems to be becoming less so as it moves core parts of the android OS into its Play Store. Android currently seems to be the most horizontally interoperable system. Microsoft seems to be moving toward vertical interop but at the same time is has been making steps to support other systems such as Office being available on both Android and iOS or recently open sourcing parts of its .NET environment. It will be interesting seeing how these different companies handle interop on a hardware and software level. I think this is an example where it isn't clear how interop will affect innovation. As a consumer, I'd definitely prefer more interop, though.
There is another extreme to interop: Linux. Recently I've fallen into using open source software and I can't get out. Linux is highly interoperable. You can find a program or configuration that will let you do almost anything. Recently for my work, I have been experimenting with automation tools. I've found out that I can automate tasks on my computer with simple commands. The downside to this is though there is high interop, there is also high complexity. For each tool available, I seem to learn a new programming language. I can do almost anything with the system but figuring out how to do it can be difficult. I'm pointing Linux out because it has thrived on high interop among its various programs. Because a lot of the programs used on Linux are open source, other programmers can write programs which interact nicely with existing programs or even build improved versions of existing programs. The internet is largely run on Linux and a large part of that is probably its high interoperability (well being free to use is nice).