Shared posts

17 Aug 20:45

UC Davis Chancellor spent $400K+ to scrub her online reputation after pepper-spray incident

by Cory Doctorow

maxresdefault

Back in April, we learned that UC Davis Chancellor Linda P.B. Katehi had hired a sleazy "reputation-management" company to scrub her reputation and that of the university after the 2011 incident in which university police lieutenant John Pike hosed down peaceful protesters with pepper spray, jetting chemical irritant directly into their open mouths and eyes. (more…)

17 Aug 13:20

The surprising spryness of fighters in 15th C armor

by Cory Doctorow
Markku.lempinen

Neat :o

animation (1)

Paris's Musée national du Moyen Âge teamed up with The University of Geneva to make this video demonstrating the fighting techniques available to people in 15th century armor, which are much more fluid and athletic that I had presumed -- turns out you can really move in those tin cans. (via We Make Money Not Art)

15 Aug 23:20

Windows 7, 8.1 moving to Windows 10’s cumulative update model

by Peter Bright
Markku.lempinen

So it's another way of pushing that cursed telemetry crap, CEIP and whatnot so one can't opt out?

(credit: Microsoft)

Microsoft is switching Windows 7 and Windows 8.1 to a cumulative update model similar to the one used by Windows 10. The company is moving away from the individual hotfix approach it has used thus far for those operating systems.

One of the major differences between Windows 7 and 8.1 on the one hand and Windows 10 on the other is what happens when you run Windows Update. Microsoft's two older operating systems usually need to fetch a handful of individual patches each month. If a system hasn't been patched for a few months, this can require dozens of individual fixes to be retrieved. In the case of a clean installation, that number can reach the hundreds.

Windows 10, on the other hand, has perhaps one or two updates released each month. A single cumulative update incorporates not just all of the newest security and reliability fixes, but all the older fixes from previous months, too. If a system isn't updated for a few months or has had its operating system freshly reinstalled, the scenario of having hundreds of individual fixes never occurs. Windows 10 just grabs the latest cumulative update and, with that one package, is more or less up-to-date.

Read 9 remaining paragraphs | Comments

10 Aug 18:04

Aviation's war on moisture turns ten today

by Cory Doctorow

tsa-311

Ten years ago, British domestic security claimed to have caught a terrorist cell that had planned to blow up airplanes with a gel they'd carry on in a Gatorade bottle and detonate with an Ipod. (more…)

08 Aug 16:47

Making a real Star Wars Speeder Bike

by David Pescovitz
Markku.lempinen

Neat! :D

screenshot

Vintage Works built this fantastic motorcycle that is exactly like a Star Wars Speeder Bike. Only it doesn't fly. Sadly.

screenshot

screenshot

screenshot

maxresdefault

screenshot

29 Jul 15:55

It’s now or never: Free Windows 10 upgrade ends in just a few hours

by Peter Bright
Markku.lempinen

My main question is: have they finally stopped pushing 3035583 now that the free downgrade period is over?

It's better, we promise.

If you use Windows 7 or Windows 8.1 and want to upgrade to Windows 10 for free, there are just a few more hours left to grab your copy. The offer expires today, July 29. At the time of writing, less than 19 hours still remain.

If you're eligible, you should upgrade. In almost every regard, Windows 10 is a better operating system than Windows 7 or 8.1 (unless you use Media Center, in which case you're trapped on old operating systems forever). If you want to get the free upgrade but can't upgrade right now because of timing or compatibility concerns, your best option is to install Windows 10 onto an empty hard drive using your existing Windows 7 or 8.1 key. Activate that installation and magic will occur: your key will become Windows 10 "enabled," and you should be able to use it to perform the upgrade at a later date. Similar results can likely be achieved by installing into a virtual machine rather than an empty hard disk.

The cut-off doesn't apply to those who use assistive technology such as screen-readers; those Windows users will be able to upgrade to Windows 10 whenever they feel like it, though Microsoft apparently has yet to fully explain how this will work.

Read on Ars Technica | Comments

28 Jul 14:09

RIP, MAD Magazines's Jack Davis

by Cory Doctorow
Markku.lempinen

He was one of my favourite artists in MAD

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1144

Davis had been with MAD since its first run in 1952, and his illustrations helped define the look of satirical art for generations. (more…)

08 Jun 23:30

A scene of Hotline Miami, recreated in LEGO

by Clinton
Markku.lempinen

Hotline Miami was awesome

Hotline Miami LEGO are two things which shouldn’t mix. One is an ultra-violent top down murder fest of a game, and the other is a made-for-kids interlocking bricks system. Luckily, Nannan Zhang does both properties justice with this little scene from the games.

Hotline Miami

Aside from the great colours used to imitate the game and the textured brick pieces being used as carpet details, what I really love is the fact that (as far as I can tell) only LEGO pieces were used. The Chima headpiece acting as a Tony Mask works particularly well. It all comes together so well and makes me want to play the games again.

26 May 15:01

Saturday Morning Breakfast Cereal - Kill All Humans? A Flowchart

by admin@smbc-comics.com
Markku.lempinen

Makes sense

Hovertext: Once you realize there is no hope, you can relax and just enjoy the progress in machine learning.


New comic!
Today's News:
17 May 22:05

Windows 7 now has a Service Pack 2 (but don’t call it that)

by Peter Bright
Markku.lempinen

This also includes the GWX-adware and CEIP packets, I would assume. I'll take the tedious route instead, if I ever need to do a fresh W7 install.

This should become a thing of the past. (credit: Microsoft)

Anyone who's installed Windows 7 any time in the last, oh, five years or so probably didn't enjoy the experience very much. Service Pack 1 for the operating system was released in 2011, meaning that a fresh install has five years of individual patches to download and install. Typically, this means multiple trips to Windows Update and multiple reboots in order to get the system fully up-to-date, and it is a process that is at best tedious, typically leading one to wonder why, at the very least, it cannot pull down all the updates at once and apply them with just a single reboot.

The answer to that particular question will, unfortunately, remain a mystery, but Microsoft did today announce a change that will greatly reduce the pain of this process. The company has published a "convenience rollup" for Windows 7 Service Pack 1 (and Windows Server 2008 R2), which in a single package contains all the updates, both security and non-security, released since the Service Pack, up through April 2016. Installing the rollup will perform five years of patching in one shot.

In other words, it performs a very similar role to what Windows 7 Service Pack 2 would have done, if only Windows 7 Service Pack 2 were to exist. It's not quite the same as a Service Pack—it still requires Service Pack 1 to be installed, and the system will still report that it is running Service Pack 1—but for most intents and purposes, that won't matter. Microsoft will also support injecting this rollup into Windows 7 Service Pack 1 system images and install media.

Read 5 remaining paragraphs | Comments

18 May 05:00

Comic for 2016.05.18

New Cyanide and Happiness Comic
28 Apr 17:37

When you notice a tiny bug

by CommitStrip
Markku.lempinen

A "Casey and Andy" reference, perhaps? :p It should be!

Strip-Le-grille-pain-(650-final)(english)

16 Apr 16:39

Stunning LEGO Nebulon-B Medical Frigate

by Rod
Markku.lempinen

The Nebulon-B Frigates are for some weird reason one of my favourite capital ships.

Morten_Svendsen has built a massive and highly-detailed model of the famous Nebulon-B Medical Frigate, first seen in The Empire Strikes Back. Morten’s dedication to getting the angles, details, and textures just right in comparison with the model used for shooting the movies is frankly astonishing…
 Nebulon_2_full_front perspective
The overall shaping and coloring are simply spot-on, but the little touches are what sets this creation apart. Check out the medical bay window featuring the famous scene of Luke, Leia, and the droids watching the Falcon depart to begin the search for Han Solo…

 photo Nebulon_window_zpsc7vqh9dh.jpg

As you might expect from a builder displaying such attention to detail, this isn’t a model that can only be viewed from one angle. Morten has focused an equal amount of love on the engines at the ship’s rear…
Nebulon_2_full_engine
And he’s made sure there’s an accurate scale representation of the Millenium Falcon docked in the right place…
 Nebulon_2_full_sideview
According to Morten’s post on Eurobricks detailing his construction process, the model is built from thousands of bricks taken from a selection of over 500 different types! Brilliant stuff — a new benchmark for Star Wars LEGO scale modelling.

16 Apr 03:25

Slay demons with a 20 pound LEGO Doom BFG 9000

by Nick
Markku.lempinen

Lego BFG 9000? Wonderful :D

Doom returns to popularity in gaming with a new installment to the series next month. What better time than now for YouTube LEGO builder ZaziNombies to build one of gaming’s most infamous weapons, the BFG 9000 (“Big F***ing Gun”) from Doom (1993), in 1:1 scale. Weighing over 20 pounds and built from over 5000 LEGO pieces, ZaziNombies’s detailed replica of the BFG more than lives up to the name. See it hauled around, discussed, and shown from the first person perspective in this three minute video.

14 Apr 21:02

Worshipping the Flying Spaghetti Monster is not a real religion, court rules

by David Kravets
Markku.lempinen

I personally don't see the difference between one the level of trueness between one religion and another...

(credit: aaditya sood)

Inmate Stephen Cavanaugh

A Nebraska inmate who has professed his allegiance to the divine Flying Spaghetti Monster lost his bid demanding that prison officials accommodate his Pastafarianism faith.

A federal judge dismissed the suit (PDF) Tuesday brought by Stephen Cavanaugh, who is serving a 4- to 8-year term on assault and weapons charges at the Nebraska State Penitentiary. US District Judge John Gerrard ruled that "FSMism" isn't a religion like the ones protected under the Constitution.

"The Court finds that FSMism is not a 'religion' within the meaning of the relevant federal statutes and constitutional jurisprudence. It is, rather, a parody, intended to advance an argument about science, the evolution of life, and the place of religion in public education. Those are important issues, and FSMism contains a serious argument—but that does not mean that the trappings of the satire used to make that argument are entitled to protection as a 'religion,'" the judge ruled. (PDF)

Read 4 remaining paragraphs | Comments

06 Apr 17:40

First Windows 10 preview with bash support is out now

by Peter Bright
Markku.lempinen

I still don't intend to touch w10, no matter what :|

It's bash, and it's on Windows. (credit: Microsoft)

The first Windows 10 Insider Preview build that includes support for native Linux bash on Windows is now out. This was some of the biggest news to come out of Build last week, as Microsoft works to make Windows even more attractive to developers.

The full install process is described on Microsoft's blog post, but the important part is that in order to use the Windows Subsystem for Linux, the system will have to be put into developer mode through the Settings app (instead of its default sideloading mode). Then the feature will need to be added from Windows Features, and finally the runtime environment will have to be fetched from the store. This process is a little convoluted, but it underscores that Microsoft is positioning the Linux support as a developer feature, not meant for production deployments yet.

The new build looks to be the most significant update since the release of the November Update last year. In addition to the Windows Subsystem for Linux, a bunch of other changes are included. Cortana is smarter, able to sync phone status and notifications between Windows and Android phones and Windows on the PC. She can also help you find your phone by making it ring when you've lost it, and if you look up directions on your PC, she can beam them to your phone for you.

Read 3 remaining paragraphs | Comments

23 Mar 17:41

The latest innovation from the media

by CommitStrip
Markku.lempinen

Pretty much, yes :p

16 Mar 18:49

Watch a hydraulic press crush Barbie

by Rob Beschizza
Markku.lempinen

Unplaceable but heavy accent? Hmmm... He sounds very much like a Finnish rally driver :D

x 2016-03-16 at 2.50.45 PM

On YouTube, a gentleman with an unplaceable but heavy European accent crushes things with his hydraulic press. Above, he crushes Barbie. ("Beautiful… but for how long?") (more…)

10 Mar 23:17

Microsoft pushes ads for Windows 10 in a security update

by donotreply@osnews.com ()
Markku.lempinen

I just can't wrap my mind around this pos...

Security update package MS16-023 for Internet Explorer doesn't only contain security patches, but also a few other things, including: "This update adds functionality to Internet Explorer 11 on some computers that lets users learn about Windows 10 or start an upgrade to Windows 10." Ghacks.net writes: Microsoft does not reveal what this means, or what this has to do with Internet Explorer. According to Woody Leonhard over at Infoworld, the update pushes a banner on Internet Explorer 11's New Tab Page advertising the company's new operating system Windows 10. Unfortunately the ads can't be uninstalled without uninstalling the whole security update package.
09 Mar 15:55

French Parliament votes to imprison tech execs for refusal to decrypt

by Cory Doctorow
Markku.lempinen

I refuse to believe that even the cheese-eating surrendermonkeys are idiotic enough to pass something like this...

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x982

Amendment 90 to France's penal reform bill provides for five year prison sentences and €350,000 fines for companies that refuse to accede to law enforcement demands to decrypt devices. (more…)

04 Mar 14:15

Epic CEO: “Universal Windows Platform can, should, must, and will die”

by Mark Walton
Markku.lempinen

I approve of his message. Anything by MSFT should die, in general.

In a scathing editorial in the Guardian, Epic Games co-founder Tim Sweeney has spoken out about Microsoft's Universal Windows Platform (UWP) initiative, calling it a "fiasco" and "the most aggressive move Microsoft has ever made."

"With its new Universal Windows Platform (UWP) initiative, Microsoft has built a closed platform-within-a-platform into Windows 10, as the first apparent step towards locking down the consumer PC ecosystem," says Sweeney. "Microsoft has launched new PC Windows features exclusively in UWP, and is effectively telling developers you can use these Windows features only if you submit to the control of our locked-down UWP ecosystem."

"PC UWP can, should, must and will, die as a result of industry backlash."

Read 14 remaining paragraphs | Comments

04 Mar 23:23

Tony Dyson, Creator of R2-D2, Has Passed Away

by Caleb Kraft
Markku.lempinen

I met him last year, he was a fun chap... sorry to hear of his passing

new-slide-4R2-D2 is recognized and loved by Star Wars fans around the globe. Today, his creator Tony Dyson has passed away.

Read more on MAKE

The post Tony Dyson, Creator of R2-D2, Has Passed Away appeared first on Make: DIY Projects and Ideas for Makers.

26 Feb 18:30

Friday Facts #127 - Steam Status III: Thank You

by Tomas
Markku.lempinen

Factorio is awesome 8)

what a week. Let's see what has happened. The game launch at Steam has obviously been a highlight of the week (well not just the week=)). However quite a few other "launches" have happened as well. As for the game, together with Steam launch we have launched the game [...]
25 Feb 19:40

Disney CEO asks employees to chip in to pay copyright lobbyists

by Joe Mullin
Markku.lempinen

Are they serious? wtf...

Oh, hey, do you work here? Mickey could use a little extra cash. (credit: Loren Javier)

The Walt Disney Company has a reputation for lobbying hard on copyright issues. The 1998 copyright extension has even been dubbed the “Mickey Mouse Protection Act” by activists like Lawrence Lessig that have worked to reform copyright laws.

This year, the company is turning to its employees to fund some of that battle. Disney CEO Bob Iger has sent a letter to the company’s employees, asking for them to open their hearts—and their wallets—to the company’s political action committee, DisneyPAC.

In the letter, which was provided to Ars by a Disney employee, Iger tells workers about his company's recent intellectual property victories, including stronger IP protections in the Trans-Pacific Partnership, a Supreme Court victory that destroyed Aereo, and continued vigilance about the "state of copyright law in the digital environment." It also mentions that Disney is seeking an opening to lower the corporate tax rate.

Read 16 remaining paragraphs | Comments

17 Feb 23:22

Warren Spector returns to game development for System Shock 3

by Kyle Orland

Warren Spector

With nearly 17 years having passed since the well-remembered launch of System Shock 2, we've been having some trouble believing that newly launched studio Otherside Entertainment could recall the series' former glories for the recently announced System Shock 3. Our skepticism is at least a little reduced today, though, with the news that original System Shock producer Warren Spector has joined the Otherside team as studio director.

Spector, who's also known for his work on the Deus Ex, Thief, and Epic Mickey series, was already serving as a creative advisor for Otherside along with his current academic role at the University of Texas Austin. As Spector told GamesIndustry.biz:

"I've loved working with students as Director of the Denius-Sams Gaming Academy in the University of Texas' Moody College of Communication," Spector said. "But when the opportunity to have a bigger role in bringing Underworld Ascendant to life, as well as playing in the System Shock universe once again, helping to bring these games to a 21st century audience, I just couldn't say no. Working on System Shock was one of the most fulfilling things I've done in my career and it's hard to describe how much I'm looking forward to sharing with players what SHODAN has been up to since the last game was released."

While there are still precious few details known about System Shock 3, the array of well-known names being lined up behind the game's development is certainly starting to impress. At Otherside, Spector joins studio founder Paul Neurath, whom he worked with on games like Thief and Ultima Underworld at Looking Glass.

Read 1 remaining paragraphs | Comments

09 Feb 17:41

Copyright trolls who claimed to own "Happy Birthday" will pay $14M to their "customers"

by Cory Doctorow
Markku.lempinen

At long last 8)
"Now Warner/Chappell has settled a claim brought by many of the companies that had paid it for a license over the years and years that they were running their fraud. The music publisher will pay $14 million in penalties and fees."

4232029536_52267cd7ef_b

For decades, Warner/Chappell Music claimed to own the rights to the Happy Birthday song, despite the reams of copyright scholarship and historical research showing they had no legitimate claim. (more…)

04 Feb 19:32

DIY smart bathroom mirror

by David Pescovitz

1*k31CzsZOtqA89PBVNN5zWA

Smart bathroom mirrors with Internet connections and integrated displays have been fodder for futurists (including me) since the early 1990s at least. Google engineer Max Braun decided to build his own from a two-way mirror, display panel, and Amazon Fire TV Stick running an Android application package for the UI. He posted about the project on Medium:

To the right of where my face would be we have the time and date. To the left is the current weather and a 24-hour forecast. Below are some recent news headlines...

Other concepts I’m playing with are traffic, reminders, and essentially anything that has a Google Now card. The idea is that you don’t need to interact with this UI. Instead, it updates automatically and there’s an open-ended voice search interface for anything else.

"My Bathroom Mirror Is Smarter Than Yours" (Medium)

1*Mr98gx75cau7dt06hrW3Aw

02 Feb 20:10

Ready or not, here comes Windows 10

by donotreply@osnews.com (Thom Holwerda)
Markku.lempinen

"Windows 10 will be the most popular Windows version of all time! Just look at all those people upgrading!" sums it up nicely :p

Public service announcement: as announced October last year, Windows 10 is now a recommended upgrade in Windows Update, meaning the installation will automatically start. As announced last October, the free Windows 10 update has been promoted from an "optional" update to being a "recommended" one. This means that with the default Windows Update settings, the new operating system will be downloaded automatically, and its installer will be started. The operating system will not actually install itself unattended; Microsoft says that users will be able to reject the upgrade or reschedule it for a time that's more convenient. The company has also described a variety of registry settings that suppress the upgrade. Windows 10 will be the most popular Windows version of all time! Just look at all those people upgrading!
02 Feb 17:36

Exclusive: Snowden intelligence docs reveal UK spooks' malware checklist

by Cory Doctorow

Sherl

“I’d tell you, but I’d have to kill you.” This is what I shout at the TV (or the Youtube window) whenever I see a surveillance boss explain why none of his methods, or his mission, can be subjected to scrutiny. I write about surveillance, counter surveillance, and civil liberties, and have spent a fair bit of time in company with both the grunts and the generals of the surveillance industry, and I can always tell when one of these moments is coming up, the flinty-eyed look of someone about to play Jason Bourne.

The stories we tell ourselves are the secret pivots on which our lives turn. So when Laura Poitras approached me to write a piece for the Astro Noise book -- to accompany her show at the Whitney -- and offered me access to the Snowden archive for the purpose, I jumped at the opportunity.

Fortuitously, the Astro Noise offer coincided perfectly with another offer, from Laurie King and Leslie Klinger. Laurie is a bestselling Holmes writer; Les is the lawyer who won the lawsuit that put Sherlock Holmes in the public domain, firmly and unequivocally. Since their legal victory, they've been putting together unauthorized Sherlock anthologies, and did I want to write one for "Echoes of Holmes," the next one in line?

The two projects coincided perfectly. Holmes, after all, is the master of HUMINT, (human intelligence), the business of following people around, getting information from snitches, dressing up in putty noses and fake beards... Meanwhile, his smarter brother Mycroft is a corpulent, sedentary presence in the stories, the master of SIGINT (signals intelligence), a node through which all the intelligence of the nation flows, waiting to be pieced together by Mycroft and his enormous intellect. The Mycroft-Sherlock dynamic perfectly embodies the fraternal rivalry between SIGINT and HUMINT: Sherlock chases all around town dressed like an old beggar woman or similar ruse, catches his man and hands him over to Scotland Yard, and then reports in to Mycroft, who interrupts him before he can get a word out, arching an eyebrow and saying, "I expect you found that it was the Bohemian stable-hand all along, working for those American Freemasons who were after the Sultan's pearls, was it not?"

In 2014, I watched Jennifer Gibson from the eminent prisoners’ rights group Reprieve talking about her group's project to conduct a census of those killed by US drone strikes in Yemen and Pakistan. The CIA conducts these strikes, using SIGINT to identify mobile phones belonging to likely targets and dispatch killer drones to annihilate anything in their vicinity. As former NSA and CIA director Michael Hayden once confessed: "We kill people based on metadata."

But the CIA does not specialize in SIGINT (that's the NSA's job). For most of its existence, the CIA was known as a HUMINT agency, the masters of disguise and infiltration..

That was the old CIA. The new CIA is just another SIGINT agency. Signals Intelligence isn’t just an intelligence methodology, it’s a great business. SIGINT means huge procurements -- servers, administrators, electricity, data-centers, cooling -- while HUMINT involves sending a lot of your friends into harm's way, potentially never to return.

We are indeed in the “golden age of SIGINT”. Despite security services' claims that terrorists are "going dark" with unbreakable encryption, the spooks have done much to wiretap the whole Internet.

The UK spy agency GCHQ really tipped their hand when they called their flagship surveillance program "Mastering the Internet." Not "Mastering Cybercrime," not "Mastering Our Enemies." Mastering the *Internet* -- the very same Internet that everyone uses, from the UK's allies in the Five Eyes nations to the UK Parliament to Britons themselves. Similarly, a cursory glance at the logo for the NSA’s Special Source Operations -- the fiber-tapping specialists at the NSA -- tells the whole story.

These mass surveillance programs would likely not have withstood public scrutiny. If the NSA’s decision to launch SSO had been attended by a nightly news broadcast featuring that logo, it would have been laughed out of the room. The program depended on the NSA telling its story to itself, and not to the rest of us. The dotcom boom would have been a very different affair if the major legislative debate of the day had been over whether to allow the surveillance agencies of Western governments to monitor all the fiber cables, and harvest every click and keystroke they can legally lay claim to, parcel it into arbitrary categories like “metadata” and “content” to decide what to retain indefinitely, and to run unaccountable algorithms on that data to ascribe secret guilt.

As a result, the entire surveillance project has been undertaken in secrecy, within the bubble of people who already think that surveillance is the answer to virtually any question. The surveillance industry is a mushroom, grown in dark places, and it has sent out spores into every corner of the Internet, which have sprouted their own surveillance regimes. While this was happening, something important was happening to the Internet: as William Gibson wrote in 2007's "Spook Country, "cyberspace is everting" -- turning inside out. Computers aren’t just the things in our bags in the trunks of our cars. Today, our cars are computers. This is why Volkswagen was able to design a car that sensed when it was undergoing regulatory inspection and changed its behavior to sneak through tests. Our implanted defibrillators are computers, which is why Dick Cheney had the wireless interface turned off on his defibrillator prior to its implantation. Everything is a networked computer.

Those networked devices are an attack surface that is available to the NSA and GCHQ's adversaries -- primarily other governments, as well as non-government actors with political ambitions -- and to garden variety criminals. Blackmailers, voyeurs, identity thieves and antisocial trolls routinely seize control over innocents' computers and attack them in every conceivable way. Like the CIA and its drones, they often don't know who their victims are: they find an exploit, write a script to find as many potential victims as possible, and harvest them.

For those who are high-value targets, this lurking insecurity is even more of a risk -- witness the recent takeover of the personal email accounts of US Director of National Intelligence James Clapper by a group of self-described teenagers who previously took over CIA Director John Brennan's email account.

This is the moment when the security services could shine. We need cyber defense and we need it badly. But for the security services to shine, they'd have to spend all their time patching up the leaky boat of networked security, while their major project for a decade and more has been to discover weaknesses in the network and its end-points and expand them, adding vulnerabilities that they can weaponize against their adversaries -- leaving these vulnerabilities wide open for their adversaries to use in attacking us.

The NSA and GCHQ have weaponized flaws in router operating systems, rather than telling the vendors about these flaws, leaving the world’s electronic infrastructure vulnerable to attack by the NSA and GCHQ’s adversaries. Our spies hack core routers and their adversaries' infrastructure, but they have made themselves reliant upon the continuing fragility and insecurity of the architectures common to enemy and ally alike, when they could have been making us all more secure by figuring out how to harden them.

The mission of making it as hard as possible for the enemy to attack us is in irreconcilable tension with the mission of making it as easy as possible for our security services to attack their adversaries.

There isn't a Bad Guy Internet and a Good Guy Internet. There's no Bad Guy Operating System and Good Guy Operating System. When GCHQ discovers something breakable in a computer system that Iranians depend upon, they've also discovered something amiss that Britons rely upon. GCHQ can't keep that gap in Iran's armor intact without leaving an equally large gap open in our own armor.

For my Sherlock story, I wanted to explore what it means to have a security methodology that was all attack, and precious little defense, particularly one that proceeded in secret, without any accountability or even argument from people who thought you were doing it all wrong.


The Documents

Though I reviewed dozens of unpublished documents from the Snowden archive in writing my story, I relied upon three documents, two of which we are releasing today.

First, there's the crux of my Sherlock story, drawn from a March 2010 GCHQ document titled "What's the worst that could happen?" marked "TOP SECRET STRAP 1." This is a kind of checklist for spies who are seeking permission to infect their adversaries' computers or networks with malicious software.

It's a surprising document in many regards. The first thing that caught my eye about it is the quality of the prose. Most of the GCHQ documents I've reviewed read like they were written by management consultants, dry and anodyne in a way that makes even the famously tortured prose of the military seem juicy by comparison. The story the authors of those documents are telling themselves is called something like, “Serious grownups, doing serious work, seriously.”

"What's the worst..." reads like the transcript of a lecture by a fascinating and seasoned mentor, someone who's seen all the pitfalls and wants to help you, their protege, navigate this tricky piece of the intel business without shooting yourself in the foot.

It even tells a kind of story: we have partners who help us with our malware implantation. Are they going to help us with that business in the future if their names get splashed all over the papers? Remember, there are clever people like you working for foreign governments -- they're going to try and catch us out! Imagine what might happen if one of our good friends got blamed for what we did -- or blamed us for it! Let's not forget the exploits themselves: our brilliant researchers quietly beaver away, finding the defects that the best and the brightest programmers at, say, Apple and Microsoft have left behind in their code: if you get caught, the companies will patch the vulnerabilities and we will lose the use of them forever.

On it goes in this vein, for three pages, until the very last point:

“Who will have direct access to the data resulting from the operation and do we have any control over this? Could anyone take action on it without our agreement, eg could we be enabling the US to conduct a detention op which we would not consider permissible?”

That's where the whole thing comes to something of a screeching halt. We're not talking about Tom Clancy net-wars fantasies anymore -- now we're into the realm of something that must haunt every man and woman of good will and integrity who works in the spy agencies: the possibility that a colleague or ally, operating without oversight or consequence, might descend into barbarism based on something you did.

Reading this, I thought of the Canadian officials who incorrectly told US authorities that Maher Arar, a Canadian citizen of Syrian origin who was suspected of being connected to Al Qaeda.

Arar was detained by the United States Immigration and Naturalization Service (INS) during a stopover in New York on his way home from a family vacation in Tunis. The Americans, acting on incomplete intelligence from the Canadian Royal Canadian Mounted Police (RCMP), deported Arar to Syria, a country he had not visited since his move to Canada, and which does permit the renunciation of citizenship.

Arar claims he was tortured during his imprisonment which lasted almost a year, and bombarded with questions from his torturers that seemed to originate with the US security services. Finally, the Syrian government decided that Arar was innocent of any terrorist connections and let him go home to Canada. The US authorities refused to participate in the hearings on the Arar affair and the DHS has kept his family on the no-fly list.


Why did Syrian officials let him go? "Why shouldn't we leave him to go? We thought that would be a gesture of good will towards Canada, which is a friendly nation. For Syria, second, we could not substantiate any of the allegations against him." He added that the Syrian government now considers Arar completely innocent.

Is this what the unnamed author of this good-natured GCHQ document meant by "a detention op which we would not consider permissible?" The Canadian intelligence services apparently told their US counterparts early on that they'd been mistaken about Arar, but when a service operates with impunity, in secret, it gets to steamroller on, without letting facts get in the way, refusing to acknowledge its errors.

The security services are a system with a powerful accelerator and inadequate brakes. They’ve rebranded “terrorism” as an existential risk to civilization (rather than a lurid type of crime). The War on Terror is a lock that opens all doors. As innumerable DEA agents have discovered, the hint that the drug-runner you’re chasing may be funding terror is a talisman that clears away red-tape, checks and balances, and oversight.

The story of terrorism is that it must be stopped at all costs, that there are no limits when it comes to the capture and punishment of terrorists. The story of people under suspicion of terrorism, therefore, is the story of people to whom no mercy is due, and of whom all cunning must be assumed.

Within the security apparatus, identification as a potential terrorist is a life sentence, a “FAIR GAME” sign taped to the back of your shirt, until you successfully negotiate a kafka-esque thicket of secretive procedures and kangaroo courts. What story must the author of this document have been telling themself when they wrote that final clause, thinking of someone telling himself the DIE HARD story, using GCHQ’s data to assign someone fair game status for the rest of their life?

Holmes stories are perfectly suited to this kind of problem. From "A Scandal in Bohemia" to "A Study in Scarlet," to "The Man With the Twisted Lip," Holmes's clients often present at his doorstep wracked with guilt or anxiety about the consequences of their actions. Often as not, Holmes's solution to their problems involves not just unraveling the mystery, but presenting a clever way for the moral question to be resolved as well.

The next document is the "HIMR Data Mining Research Problem Book," a fascinating scholarly paper on the methods by which the massive data-streams from the deep fiber taps can be parsed out into identifiable, individual parcels, combining data from home computers, phones, and work computers.

It was written by researchers from the Heilbronn Institute for Mathematical Research in Bristol, a ”partnership between the UK Government Communications Headquarters and the University of Bristol.” Staff spend half their time working on public research, the other half is given over to secret projects for the government.

The Problem Book is a foundational document in the Snowden archive, written in clear prose that makes few assumptions about the reader’s existing knowledge. It likewise makes few ethical assertions about its work, striking a kind of academic posture in which something is ”good” if it does some task efficiently, regardless of the task. It spells out the boundaries on what is and is not ”metadata” without critical scrutiny, and dryly observes that ”cyber” is a talisman -- reminiscent of ”terrorist” -- that can be used to conjure up operating capital, even when all the other government agencies are having their budgets cut.

The UK government has recognized the critical importance of cyber to our strategic position: in the Comprehensive Spending Review of 2010, it allocated a significant amount of new money to cyber, at a time when almost everything else was cut. Much of this investment will be entrusted to GCHQ, and in return it is imperative for us to use that money for the UK’s advantage.


Some of the problems in this book look at ways of leveraging GCHQ’s passive SIGINT capabilities to give us a cyber edge, but researchers should always be on the look-out for opportunities to advance the cyber agenda.


The story the Problem Book tells is of scholars who’ve been tasked with a chewy problem: sieving usable intelligence out of the firehoses that GCHQ has arogated to itself with its fiber optic taps.

Somewhere in that data, they are told, must be signatures that uniquely identify terrorists. It’s a Big Data problem, and the Problem Book, dating to 2010, is very much a creature of the first rush of Big Data hype.

For the researchers, the problem is that their adversaries are no longer identifiable by their national affiliation. The UK government can’t keep on top of its enemies by identifying the bad countries and then spying on their officials, spies and military. Now the bad guys could be anyone. The nation-state problem was figuring out how to spy on your enemies. The new problem is figuring out which people to spy on.

"It is important to bear in mind that other states (..) are not bound by the same legal framework and ideas of necessity and proportionality that we impose on ourselves. Moreover, there are many other malicious actors in cyberspace, including criminals and hackers (sometimes motivated by ideology, sometimes just doing it for fun, and sometimes tied more or less closely to a nation state). We certainly cannot ignore these non-state actors".

The problem with this is that once you accept this framing, and note the happy coincidence that your paymasters just happen to have found a way to spy on everyone, the conclusion is obvious: just mine all of the data, from everyone to everyone, and use an algorithm to figure out who’s guilty.

The bad guys have a Modus Operandi, as anyone who’s watched a cop show knows. Find the MO, turn it into a data fingerprint, and you can just sort the firehose’s output into ”terrorist-ish” and ”unterrorist-ish.”

Once you accept this premise, then it’s equally obvious that the whole methodology has to be kept from scrutiny. If you’re depending on three ”tells” as indicators of terrorist planning, the terrorists will figure out how to plan their attacks without doing those three things.

This even has a name: Goodhart's law. "When a measure becomes a target, it ceases to be a good measure." Google started out by gauging a web page’s importance by counting the number of links they could find to it. This worked well before they told people what they were doing. Once getting a page ranked by Google became important, unscrupulous people set up dummy sites (“link-farms”) with lots of links pointing at their pages.

The San Bernardino shootings re-opened the discussion on this problem. When small groups of people independently plan atrocities that don’t require complicated or unusual steps to plan and set up, what kind of data massaging will surface them before it’s too late?

Much of the paper deals with supervised machine learning, a significant area of research and dispute today. Machine learning is used in "predictive policing" systems to send cops to neighborhoods where crime is predicted to be ripening, allegedly without bias. In reality, of course, the training data for these systems comes from the human-directed activity of the police before the system was set up. If the police stop-and-frisk all the brown people they find in poor neighborhoods, then that's where they'll find most of the crime. Feed those arrest records to a supervised machine algorithm and ask it where the crime will be and it will send your officers back to the places where they're already focusing their efforts: in other words, "predictive policing" is great at predicting what the police will do, but has dubious utility in predicting crime itself.

The part of the document I was most interested in was the section on reading and making sense of network graphs. They are the kind of thing you’d use in a PowerPoint slide when you want to represent an abstraction like "the Internet". Network graphs tell you a lot about the structures of organizations, about the relative power relationships between them. If the boss usually communicates to their top lieutenants after being contacted by a trusted advisor, then getting to that advisor is a great way to move the whole organization, whether you're a spy or a sales rep.

The ability of data-miners to walk the social and network graphs of their targets, to trace the "information cascades" (that is, to watch who takes orders from whom) and to spot anomalies in the network and zero in on them, is an important piece of the debate on "going dark." If spies can look at who talks to whom, and when, and deduce organizational structure and upcoming actions, then the ability to read the content of messages -- which may be masked by cryptography -- is hardly the make-or-break for fighting their adversaries.

This is crucial to the debate on surveillance. In the 1990s, there was a seminal debate over whether to prohibit civilian access to working cryptography, a debate that was won decisively for the side of unfettered access to privacy tools. Today, that debate has been renewed. David Cameron was re-elected to the UK Prime Minister's office after promising to ban strong crypto, and the UK government has just introduced a proposed cryptographic standard designed to be broken by spies.

The rubric for these measures is that spies have lost the ability to listen in on their targets, and with it, their ability to thwart attacks. But as the casebook demonstrates, a spy's-eye view on the Internet affords enormous insight into the activities of whole populations -- including high-value terrorism suspects.

The Problem Book sets up the Mycroftian counterpoint to Sherlock's human intelligence -- human and humane, focused on the particulars of each person in his stories.

Sherlock describes Mycroft as an all-knowing savant:

The conclusions of every department are passed to him, and he is the central exchange, the clearinghouse, which makes out the balance. All other men are specialists, but his specialism is omniscience.

While Sherlock is energized by his intellectual curiosity, his final actions are governed by moral consequences and empathy. Mycroft functions with the moral vacuum of a software: tell him to identify anomalies and he'll do it, regardless of why he's been asked or what happens next. Mycroft is a Big Data algorithm in human form.

The final document I relied upon in the story is one we won't be publishing today: an intercepted transcript of a jihadi chat room This document isn't being released because there were many people in that chat room, having what they thought was an off-the-record conversation with their friends. Though some of them were espousing extreme ideology, mostly they were doing exactly what my friends and I did when I was a teenager: mouthing off, talking about our love lives, telling dirty jokes, talking big.

These kids were funny, rude, silly, and sweet -- they were lovelorn and fighting with their parents. I went to school with kids like these. I was one of them. If you were to judge me and my friends based on our conversations like these, it would be difficult to tell us apart from these children. We all talked a big game, we all fretted about military adventurism, we all cursed the generals who decided that civilian losses are acceptable in the pursuit of their personal goals. I still curse those generals, for whatever it's worth. I read reams of these chat transcripts and I am mystified at their value to national security. These children hold some foolish beliefs, but they're not engaged in anything more sinister than big talk and trash talk.

Most people -- including most people like these kids -- are not terrorists. You can tell, because we're not all dead. An indiscriminate surveillance dragnet will harvest far more big talkers than bad guys. Mass surveillance is a recipe for creating an endless stream of Arars, and each Arar serves as inspiration for more junior jihadis.

In my fiction, I've always tried to link together real world subjects of social and technological interest with storytelling that tries to get into the way that the coming changes will make us feel. Many readers have accused me of predicting the future because I've written stories about mass surveillance and whistleblowers.

But the truth is that before Snowden, there was Wikileaks and Chelsea Manning, and Bill Binney and Thomas Drake before them, and Mark Klein before them. Mass surveillance has been an open secret since the first GW Bush administration, and informed speculation about where it was going was more a matter of paying attention to the newspaper than peering into a crystal ball.

Writing a Sherlock Holmes story from unpublished leaks was a novel experience, though, one that tied together my activist, journalist and fiction writing practices in a way that was both challenging and invigorating. In some ways, it represented a constraint, because once I had the nitty-gritty details of surveillance to hand, I couldn't make up new ones to suit the story. But it was also tremendous freedom, because the mass surveillance regimes of the NSA and GCHQ are so obviously ill-considered and prone to disastrous error that the story practically writes itself.

I worry about "cybersecurity," I really do. I know that kids can do crazy things. But in the absence of accountability and independent scrutiny, the security services have turned cyberspace into a battleground where they lob weapons at one another over our heads, and we don't get a say in the matter. Long after this round of the war on terror is behind us, we'll still be contending with increasingly small computers woven into our lives in increasingly intimate, life-or-death ways. The parochial needs of spies and the corporations that supply them mustn't trump the need for a resilient electronic nervous system for the twenty first century.

Astro Noise: A Survival Guide for Living Under Total Surveillance, edited by Laura Poitras, features my story "Sherlock Holmes and the Adventure of the Extraordinary Rendition," as well as contributions from Dave Eggers, Ai Weiwei, former Guantanamo Bay detainee Lakhdar Boumediene, Kate Crawford, and Edward Snowden.

The Astro Noise exhibition is on at New York City's Whitney Museum from February 5 to May 1, 2016.

Henrik Moltke contributed research to this story.


Source documents

What-Is-the-Worst-That-Can-Happen-March-2010 (PDF)
What-Is-the-Worst-That-Can-Happen-March-2010 (Text)


Problem-Book-Redacted (PDF)
Problem-Book-Redacted (Text)
29 Jan 18:21

The Daily Stand-up

by CommitStrip
Markku.lempinen

Looks annoyingly familiar... :|