Sunday, September 30, 2007


In Memoirs of a Geisha, the protagonist says, "There is a poem called Loss. It consists of three words which the author has crossed out. You can't read Loss. You can only feel loss."

It's a good movie, though I find it ironic that a Chinese actress plays the main role of a Japanese geisha. I've seen her in Hero. As a matter of fact, ethnic Chinese actresses play the three main Japanese geishas in the movie. It turns out that there was an artistic reason for casting Chinese actresses to play the three parts. If Hollywood was playing to the Chinese demographic, it backfired because the Chinese government denounced it, although the denouncement might have been free advertising and spurred more people to view the film. I find that rather shrewd and cynical. Shrewd in the sense of profit, and cynical to think that Americans and others would not notice the difference between Japanese and Chinese women. I wonder if such a subtle lack of detail will keep the movie from becoming a film classic.


Tuesday, September 25, 2007

Outsourced Treatments

Here's a BBC News article about cheap overseas healthcare when your insurance company denies your surgery or treatment.

The Operation was a Success, but is the Patient Already Dead?

Jeffrey R. Cooper's paper, Curing Analytic Pathologies looks at the current state of the CIA and its analysis arm. A review by Secrecy News is a little depressing, but it's a fascinating read. There's no peer review within the CIA and due to secrecy compartmentalization, one analyst may know something important and relevant to a second analyst's work, but never know about the second analyst's report. Possibly the worst revelation was the fact that the CIA became essentially a newsletter to the President. I think calling the CIA a newspaper to the President is a little inaccurate, so I used the analogy of a newsletter. The government is trying to change that with Intellipedia, which is for spooks.

The reason I am bringing up the CIA at this point is that computer network security and analysis has many parallels with intelligence gathering and analysis. The problems are similar as well - never enough knowledge about the remote network you are dealing with, people compartmentalizing information that would be helpful to you, the risk of losing credibility if you get it wrong too many times, and senior managers playing politics with your results.


Bush Neural Shampoo and Conditioner

Pete's blog has an excerpt of an August 22, 2007, article about the Bush Administration preparing us for strikes against Iran. The logic and premise are plausible and it's known that Bush doesn't care for the truth as defined by reality, but truth as defined by his own beliefs. Why else gut the CIA, make the Intelligence Czar a cabinet position, and withhold drafts of the current NIE from Congressional Oversight Committees? Maybe Cheney wants oil at $100/barrel before they leave office. That would make his Halliburton stock even more valuable.


Monday, September 24, 2007

Expensive Chinese Takeout No One Can Afford

Titan Rain isn't the name for the precipitation on the Saturn moon, Titan. It's the name the United States government has given to a Chinese Intellectual Property theft effort that has likely been ongoing since August 2004 or earlier. That's also when an IP theft worm called Myfip emerged onto the Internet. Joe Stewart discovered it and wrote one of the first analyses and a lovely lecture in pdf format. While the original worm only stole pdfs, Myfip.B, and later variants, steal pdfs, docs, mdbs (Microsoft database files), and various CAD files. The Myfip.h variant is a kernel mode rootkit that removes its process from the Windows kernel process list without the need of a kernel mode driver which is unusual according to F-Secure. So, one can see that the worm has gotten even more sophisticated with time. Any collected files were initially sent to a remote server at address '', which no longer exists, using TCP on port 34330. Current Myfip distribution servers are located in Tianjin, China's third largest city, while the collection servers are in Guangdong and Tianjin. It is speculated that the group responsible for this worm started getting back sensitive information that the Chinese government would be interested in which is why the second variant of the worm broadened its collecting to documents, CAD/CAM files and databases instead of just pdf files.

Besides the theft of IP, Guangdong is the other connection between the worm and Titan Rain. Shawn Carpenter, an IT Security Investigator, then at Sandia National Laboratory, discovered an intrusion and tracked the attackers back to Guangdong. These were very skillful and professional attackers who made only one mistake - they got noticed by Shawn Carpenter. His Lockheed Martin bosses didn't want him to pursue the issue further, so he offered to help Army Counterintelligence and the FBI in his spare time. He monitored the thieves attacks via their gateway router in Guangdong and he guesses that there are 10-15 workstations manned 24x7 actively stealing information from all over the world. For all his hard work and diligence, Lockheed Martin terminated him and harassed his wife who also worked there because he shared his information with other government entities even though he was expressly told not to do so. He recently won a lawsuit that Sandia National Labs and Lockheed Martin are appealling.* The Chinese government denies that they have anything to do with Titan Rain and they are not cooperating with the American government. The Germans recently accused the Chinese government of cyberespionage.

So, what is going on? Is it a Chinese criminal gang who is stealing trade and government secrets and selling them to the highest bidder? Is it the Chinese government actively doing the stealing? Or is it both? The simplest explanation is the latter one. A criminal gang started the enterprise and when the Chinese government discovered how lucrative, cheap and easy it was, they offered people and resources to the gang for a piece of the action. The Chinese government maintains plausible deniability by using the Chinese criminal gang as cover for their cyberespionage activities while reaping huge benefits. It doesn't help that U.S. government contractors cover up the attacks on government and corporate systems at government facilities because they don't want the bad press. As to how extensive and successful Titan Rain is and what has been stolen, only the thieves know. Our government isn't disclosing what's been lost, possibly from embarrassment. This "hypertrophied secrecy" prevents the full extent of the damage from being known and disseminated, and is analogous to the government declaring certain projects Black Projects to hide risky or expensive military projects from the American taxpayers' scrutiny. Foreign governments and determined individuals can figure out what the Black Projects are using standard intelligence gathering and analysis techniques. Likely the agents the FBI has on the case aren't from their Computer Forensics Lab, but are field agents who may or may not be competent in both counterintelligence and computer forensics. We can only hope that since the Chinese use Microsoft Windows extensively that we are stealing more of their secrets than they are of ours, but I wouldn't bet on it.

* (Thanks to Richard Beijlich and his Taosecurity blog for informing me of Shawn Carpenter's case.)


Monday, September 17, 2007

How Vitamin C Prevents Cancer

It was thought that cancer cells overcome hypoxia within tumors in order to survive, but a growing body of evidence suggests that hypoxia and defective apoptosis actually drive or promote the growth of cancers. Linus Pauling was the first to promote Vitamin C's anticancer benefits, but the medical establishment didn't trust his hypothesis or evidence at the time. The following article details a molecular mechanism for how vitamin C arrests cancer cells' growth. Basically, vitamin C prevents the hypoxia-induction factor 1 (HIF-1) protein from being induced (turned on) and turning on gene expression of proteins which allow cancer cells to survive in low oxygen conditions by switching their metabolism via the mitochondria from aerobic respiration to glycolysis. Administration of the cheap drug, dichloroacetate, switches aerobic metabolism back on in mitochondria and induces apoptosis as well, so the combined administration of vitamin C and dichloroacetate might be the most effective cancer treatment for some cancers and the administration of vitamin D might prevent the return of the cancer.


A Possible Future

I doubt that my group will likely survive past December of next year at best, and may be this December at worst. Senior management was sold a bill of goods by the senior manager responsible for our group so that he could keep his job and status. Instead of providing actual internal IT security for our firm, we are basically just a policy enforcement arm of HR. We terrorize the average employee for downloading mp3s and catch the occasional child porn offender while executives and administrative staff are allowed to accept and send credit card, wire transfers, business plans and other sensitive information to and from clients, vendors and service providers via unencrypted email. I couldn't get a keylogger ticket accepted because I couldn't prove that the person downloaded the software. I can only prove intent in those cases. So, in other words, we are only allowed to catch idiots, and we are not allowed to change fatally insecure business practices. As our fellow employees realize that their actions are being monitored and they modify their behavior, or are fired for it, our ability to generate the same number of tickets will decrease over time, a decreasing series converging to some number or limit approaching close to, but not equal to, zero. The fact that almost all worms have keylogger activity, are professionally made for criminal enterprises now, and are coded to evade almost all anti-virus scanning software means that sooner or later my firm will experience a major loss since we are a Windows shop. My unit's inability to affect real IT security policy coupled with our inability to maintain performance levels due to our successes and other factors will likely spell my unit's demise. My managers believe otherwise.


Money, Survival, and "Shit" Storms

"Communism is like one big phone company."
Lenny Bruce

They say that money is the root of all evil. This article about the Criminally Rich states, "Criminologists today frame crime in terms of relative poverty." In other words, most crime happens because people don't think they have enough money compared to someone else. It really comes down to envy for the Rich, or the wealthy, and for most people in the developed human world. This idea of relative poverty begs the question of how one differentiates a crime of survival, such as stealing a loaf of bread to keep from starving versus committing accounting fraud or some other white collar crime to keep your business and your job alive through a difficult economic business cycle. In the minds of many people, both are acts of desperate survival, but the comparison is a false one. In the first instance, the person is dying of starvation, a physical need. In the second instance, the person's physical needs are met -- their physical survival is not in question, but his or her role and status are threatened which are psychological needs or beliefs. When psychological needs are threatened or not being met, much unhappiness and pain ensues. The problem is though, that psychological pain and unhappiness are infectious.

When I came into work last Thursday, I experienced the dreadful "shit" storm from my manager. My group is not cutting enough tickets. This is not our fault in many ways. I will not go into the details, but the gist of it is that my managers' perceptions of reality are being realigned to conform with actuality. The Director of Security was unhappy, likely about our performance, and chewed out our director, who in turn chewed out my boss who chewed out my entire group making everyone unhappy. I tried to reason with my boss, but he doesn't want to hear reason when his perceived survival and job are on the line. I could palpably feel his fear, unhappiness and pain. The collective unhappiness and pain within my group was even worse. Here was my mistake, I unconsciously accepted that psychological unhappiness and pain. I became infected by it. I forgot that I have the choice of refusing such a "gift". The choice is illustrated by the following Sakyamuni Buddha parable:

The Buddha was sitting in meditation surrounded by his disciples. The atmosphere was so meditative. The trees were blooming and a sweet scent of flowers permeated the air. The birds were singing and the sun was shining.

A man came to see the Buddha. This Man thought to himself, "Ah, I am going to try and get the Buddha angry". So, he proceeded to verbally insult the Buddha. He taunted and huffed and puffed...and said lots of insulting things. The Buddha said nothing.

This made the man who was insulting the Buddha more and more angry himself. He became bloated and red. He hurled taunts in a vicious voice and stomped his feet. Still the Buddha said nothing. Finally the Angry Insulting Man looked like he was going to burst. He was so red and mad. His face was like a big red beet. He was wildly waving his arms and shouting insults. He ran off yelling and shouting the whole time. The Buddha and the disciples could hear him for a long time.
He was kicking and yelling at things.

Finally the man was gone. The Buddha and his disciples just sat meditating in this beautiful fragrant setting. The birds started chirping again. One of Buddha's disciples waited a while and then asked the Buddha,"That Man was so insulting to you...why didn't you say anything to him?"

The Buddha replied, "If you cook a lot of food and then your invited guests don't eat
it all,.....WHO eats it?"

The disciple replied, "Well, I guess the person who cooked all the food...has to eat it."

The Buddha said, "So it is with anger, if you cook a lot of anger, and your guests
don't eat it....who does?"

Basically, anger is a gift one doesn't have to accept, or in this parable, a meal one doesn't have to eat. This is what Jesus meant when he said turn the other cheek when someone slaps you. The same can be said for accepting gifts of unhappiness and pain. Eckhart Tolle calls all this
unhappiness and pain, the "Pain Body". You see it in children in the form of temper tantrums and moping (passive-aggressive behavior) when they don't get something they perceive they want. You see this in adults in the situation I described. In my case, I didn't rise above it fully, because I forgot that I have the choice not to accept such gifts of unhappiness and pain. I resisted and tried to reason with my boss and strengthened his pain and became infected by the pain/unhappiness myself.

How does one handle a "shit" storm? Well, you first have to recognize it for what it really is, which is pain, anger, fear, and unhappiness all rolled into one psychological entity or bundle. The reasons for it happening are largely out of your control. The best you can do is give your boss what he demands of you even if it is unfair and try not to become infected by this "pain body" yourself which for most people is difficult because we aren't taught to refuse such unpleasant gifts. The other options besides acceptance are to try to change the situation or remove yourself from the situation. Many businesses only experience change through and by "pain bodies" due to perception realignments by actual reality. This is a fact of life at the moment due to the hierarchical egoic nature of most businesses and the psychology of most people.


Tuesday, September 11, 2007

Is 9/11 Overblown?

I noticed that the media is throwing September 11th in every one's face. I got to thinking that I don't remember any one telling me when I grew up to remember Pearl Harbor, December 7, 1941. As many people died that day if not more and much more damage was done. The servicemen who died; their families got little compensation. Many of the victims of 9/11 had insurance and the airlines got bailed out. The airliners were insured in case of loss as were the businesses and buildings. I doubt that the Navy insured battleships or any warship.

We find ourselves in a war in two different countries. The real war is in Afghanistan and the mountains of Pakistan. We can't afford to lose that war. Yet, the costlier war is in Iraq, and that war only has significance if it alters the geopolitical balance of the Middle East. Likely the Iraq war will be known as Bush's Folly, the war that bankrupted the United States and signaled the beginning of the end of our superpower status. It is only noble in that we overthrew a third rate dictator, but the cost might have been too high in blood alone. We have certainly helped the Russians and OPEC by driving up the cost of oil, not to mention Halliburton. The Chinese now own us. Our leaders appear to be fools. Selling the country out for special interests and free trade at the expense of the economy and the Middle Class is the greatest folly of all - all due to greed.


Wednesday, September 05, 2007

Immanentize the Eschaton

Immanentize the Eschaton according to Wikipedia is to implement a policy to bring about "Heaven on Earth", fulfill that utopian desire. It's used by Eric Voegelin to deride both Christian, Nazi, and Communist efforts to bring about a world conforming to each group's idealized vision. He believes that the Christian ideal is a theoretical fallacy.

I am not sure how I feel about this. I mean the man does not have a concept of human evolution. Humanity and society have changed in 2,000 years. We are less brutish and gentler and possibly more meek than people were 2,000 years ago. We still kill, maim, rape and commit various unconscious acts, but by and large people are civilized. Of course, there can be no such thing as a utopia, but ideals are to be aspired or lived up to -- a goal to aim for. There had to be an appealing ideal for Nazism and Communism thrive as they did for a time. If they failed, it was due to human nature, greed, and all the other outgrowths of egos. Nazism would have thrived if Hitler and his people hadn't been so full of hate and such ardent believers in eugenics that they exterminated those they considered unfit or killed because of their wealth. But I suppose you can't separate the eugenics from Nazism. They are both intertwined. The average Russian was better off with Communism. Communism's main failure was the lack of incentive for people to improve their lot in life. The state was too controlling and too inefficient at apportioning resources. The graft and corruption didn't help matters. Voegelin seems to be silent about Capitalism, but my question is, if Capitalism is such a perfect economic system, why have we been seeing the Fed and government bail out hedge funds and corporations that make poor business and financial decisions the last 10-15 years? Surely capitalism must evolve to align with the ideal of Capitalism, or is that a delusion as well? The bailouts would seem to say that Capitalism is as deluded as any other economic theory if the Rich can be rescued from their greedy mistakes. After all, the common folk are not when they lose a large sum to greed.

But is Christianity wrong for saying that eventually, the human world will be a Heaven on Earth? Buddhism makes similar predictions about all things becoming enlightened. Of course, Christianity and Buddhism may be pointing to a change of perspective, a different way of seeing the world, a change in human psychology. As I pointed out above, he is looking at things as though humanity can't change when the evidence points to the contrary. Oh, we are still extremely stupid, or at least ignorant. If we are not careful we will destroy so much biodiversity and ecologies as to undermine the planetary ecology. Predators suffer the most when the food web collapses and we are the ultimate predator. We will suffer the most if we destroy the natural balance we are perched on. But our one redeeming feature is that we can predict various futures and mitigate their effects to an extent. We know how societies collapse and the reasons why, or at least, we are discovering the reasons why past societies died.

I suppose at the end of the day, one shouldn't compare politics and religion, or confuse the goals of the two. Ultimately, the Spiritual is trying to find a place for Mankind in this vast Universe and a purpose for existing. (Possibly the same can be said for Science.) The purpose of Politics should be for the common good, but more often, more cynical reasons emerge due to ego, the empowerment and enrichment of the self at the expense of the body politic. I haven't seen any politician immune to the enticements of office thus far, and the ones who do seem selfless don't make it past the Senate or House into The White House, be he or she Republican or Democrat. McCain will likely not make it as John Anderson didn't, or George McGovern. All things change. How will America immanentize its eschaton?


This page is powered by Blogger. Isn't yours?