Technology

The picture is of a pair of breasts, composed of 32,000 Barbie dolls. 32,000 is the number of elective breast augmentation surgeries in the U.S. in 2006. This picture, along with a partial zoom and closeup and other similar works by Chris Jordan, may be found at his website. The photos depict such things as 2 million discarded plastic bottles (the number used in the United States every five minutes), a skull made from images of 200,000 packs of cigarettes (the number of Americans who die from cigarette smoking every six months), a version of Seurat’s “Sunday Afternoon on the Island of La Grande Jatte” made from 106,000 images of aluminum cans (the number used in the U.S. every 30 seconds), and so forth. Hat tip to Barry Williams, who posted this on the SKEPTIC list. UPDATE (June 11, 2009): Jordan gave a TED Talk about his work last year:

An article in The Progressive by Matthew Rothschild worries that the FBI’s InfraGard program is deputizing businesses, training them for martial law, and giving them a free pass to “shoot to kill.” Rothschild writes: The members of this rapidly growing group, called InfraGard, receive secret warnings of terrorist threats before the public does—and, at least on one occasion, before elected officials. In return, they provide information to the government, which alarms the ACLU. But there may be more to it than that. One business executive, who showed me his InfraGard card, told me they have permission to “shoot to kill” in the event of martial law.Nonsense. I’ve been a member of the Phoenix InfraGard Members Alliance for years. It’s a 501(c)(3) organization sponsored by the FBI whose members have been subjected to some rudimentary screening (comparable to what a non-cleared employee of the federal government would get). Most InfraGard meetings are open to the general public (contrary to Rothschild’s statement that “InfraGard is not readily accessible to the general public”), but the organization facilitates communications between members about sensitive subjects like vulnerabilities in privately owned infrastructure and the changing landscape of threats. The FBI provides some reports of threat information to InfraGard members through a secure website, which is unclassified but potentially sensitive information. InfraGard members get no special “shoot to kill” or law enforcement powers of any kind–and membership in the organization is open to anyone who can pass the screening. As Rothschild notes in the first sentence of his article, there are over 23,000 members–that is a pretty large size for a conspiracy plot. At one point in the article, Rothschild quotes InfraGard National Members Alliance chairman Phyllis Schneck referring to a “special telecommunications card that will enable your call to go through when others will not.” This is referring to a GETS card, for the Government Emergency Telecommunications Service, which provides priority service for call completion in times of emergency or disaster to personnel who are working to support critical infrastructure. There is a similar service for wireless priority (Wireless Priority Service), and yet another for critical businesses and organizations (like hospitals) which need to have their telecommunications service re-established first after a loss of service due to disaster (Telecommunications Service Priority). These programs are government programs that are independent of InfraGard, though InfraGard has helped members who represent pieces of critical infrastructure obtain GETS cards. The ACLU’s concern about InfraGard being used as a tip line to turn businesses into spies is a more plausible but still, in my opinion, unfounded concern. Businesses are not under any pressure to provide information to InfraGard, other than normal reporting of criminal events to law enforcement. The only time I’ve been specifically asked to give information to InfraGard is when I’ve been asked to speak at a regular meeting, which I’ve done a few times in talks that have been open to the public about malware threats and botnets. Check out the comments in The Progressive for some outright hysteria about fascism and martial law. I saw similar absurdity regarding the Department of Homeland Security’s TOPOFF 4 exercise, which was a sensible emergency planning exercise. Some people apparently are unable to distinguish common-sense information sharing and planning in order to defend against genuine threats from the institution of a fascist dictatorship and martial law. Now, I think there are plausible criticisms to be made of the federal government’s use of non-governmental organizations–when they’re used to sidestep laws and regulations like the Freedom of Information Act, to give lots of government grant money to organizations run by former government employees, to legally mandate funding of and reporting to private organizations and so forth. The FBI has created quite a few such organizations to do things like collect information about missing and exploited children, online crime, and so forth, typically staffed by former agents. But personally, I’ve not witnessed anything in InfraGard that has led me to have any concerns that it’s being used to enlist private businesses into questionable activities–rather, it’s been entirely devoted to sharing information that private businesses can use to shore up their own security and for law enforcement to prosecute criminals. UPDATE (February 9, 2008): The irony is that Matthew Rothschild previously wrote, regarding 9/11 truthers: We have enough proof that the Bush administration is a bunch of lying evildoers. We don’t need to make it up.He’s right about that, but he’s now helped spread nonsense about InfraGard and seriously damaged his own credibility. I find it interesting that people are so willing to conclude that InfraGard is a paramilitary organization, when it’s actually an educational and information sharing organization that has no enforcement or even emergency, disaster, or incident response function (though certainly some of its members have emergency, disaster, and incident response functions for the organizations they work for). UPDATE (February 10, 2008): I suspect tomorrow Christine Moerke of Alliant Energy will be getting calls from reporters asking what specifically she confirmed. I hope they ask for details about the conference in question, whether it was run by InfraGard or DHS, what the subject matter was, and who said what. If there’s actually an InfraGard chapter endorsing the idea that InfraGard members form armed citizen patrols authorized to use deadly force in time of martial law, that’s a chapter that needs to have its leadership removed. My suspicion, though, is that some statements about protection of infrastructure by their own security forces in times of disaster or emergency have been misconstrued. Alliant Energy operates nuclear plants, nuclear plants do have armed guards, and in Arizona, ARS 13-4903 describes the circumstances under which nuclear plant security officers are authorized to use deadly force. Those people, however, are thoroughly trained and regularly tested regarding the use of force and the use of deadly force in particular, which is not the case for InfraGard members. UPDATE (February 11, 2008): Somehow, above, I neglected to make the most obvious point–that the FBI doesn’t have the authority to grant immunity to prosecution for killing. If anyone from the FBI made that statement to InfraGard members, they were saying something that they have no authority to deliver on. UPDATE (February 12, 2008): I’ve struck out part of the above about the ACLU’s concern about spying being unfounded, as I think that’s too strong of a denial. There is a potential slippery slope here. The 9/11 Commission Report pointed to various communication problems that led to the failure to prevent the 9/11 attacks. These problems included failure to share information (mainly from the CIA to the FBI and INS), failure to communicate information within the FBI (like Phoenix Special Agent Ken Williams’ memo about suspicious Middle Easterners in flight schools), and failure to have enough resources to translate NSA intercepts (some specific chatter about the attacks was translated after the attacks had already occurred). As a result, the CIA has been working closely with the FBI on counterterrorism and counterintelligence at least since 2001. (Also see Dana Priest, “CIA Is Expanding Domestic Operations,” The Washington Post, October 23, 2002, p. A02, which is no longer available on the Post’s site but can be found elsewhere on the web, on sites whose other content is so nutty I refuse to link, as well as this January 2006 statement from FBI Director Robert Mueller on the InfraGard website, which includes the statement that “Today, the FBI and CIA are not only sharing information on a regular basis, we are exchanging employees and working together on cases every day.”) The slippery slope is this–the CIA is an organization which recruits and develops in its officers a sense of flexible ethics which has frequently resulted in incredible abuses, and which arguably has done more harm than good to U.S. interests. (My opinion on the CIA may be found in my posts on this blog labeled “CIA”; I highly recommend Tim Weiner’s Legacy of Ashes: The History of the CIA.) Some of that ethical flexibility may well rub off on FBI agents who work closely with CIA case officers. (The FBI itself has also had a history of serious abuses, an objective account of which may be found in Ronald Kessler’s book The Bureau: The Secret History of the FBI.) And then, that same ethical flexibility may rub off on InfraGard members as a result of their relationships with the FBI (and potentially relationships with the CIA, as well). The intelligence community seems to have a hunger for more and more information from more and more sources, but it is already awash in a sea of information that it has trouble processing today. (It doesn’t help that the Army fires direly needed Arabic translators because they are gay.) The need is to accurately assess the information that it has, and ensure that bits and pieces aren’t cherry-picked to produce desired conclusions, as well as ensure that information isn’t sought or assembled to serve personal and political ends of particular interests rather than combatting genuine threats to the country and its citizens. My recommendation is that all InfraGard members read Kessler’s The Bureau, Weiner’s Legacy of Ashes, and view the film that won the 2007 Academy Award for best foreign film, “The Lives of Others,” to help innoculate them against such a slippery slope. UPDATE: Amy Goodman interviewed Matt Rothschild for “Democracy Now!” on Wisconsin Public Television, in which it is pretty clear to me that Rothschild is exaggerating something he doesn’t understand–what he cites as evidence doesn’t support what he claims. Here’s a key excerpt, see the link for the full transcript: MR: […] And one other member of InfraGard [Christine Moerke of Alliant Energy] confirmed to me that she had actually been at meetings and participated in meetings where the discussion of lethal force came up, as far as what businesspeople are entitled to do in times of an emergency to protect their little aspect of the infrastructure. AG: But just to clarify, Matt Rothschild, who exactly is empowered to shoot to kill if martial law were declared? The business leaders themselves? MR: The business leaders themselves were told, at least in this one meeting, that if there is martial law declared or if there’s a time of an emergency, that members of InfraGard would have permission to protect—you know, whether it’s the local utility or, you know, their computers or the financial sector, whatever aspect. Whatever aspect of the infrastructure they’re involved with, they’d have permission to shoot to kill, to use lethal force to protect their aspect of the infrastructure, and they wouldn’t be able to be prosecuted, they were told. […] You know, this is a secretive organization. They’re not supposed to talk to the press. You need to get vetted by the FBI before you can join it. They get almost daily information that the public doesn’t get. And then they have these extraordinary, really astonishing powers being vested in them by FBI and Homeland Security, shoot-to-kill powers. I mean, this is scary stuff. MR: The business leaders themselves were told, at least in this one meeting, that if there is martial law declared or if there’s a time of an emergency, that members of InfraGard would have permission to protect—you know, whether it’s the local utility or, you know, their computers or the financial sector, whatever aspect. Whatever aspect of the infrastructure they’re involved with, they’d have permission to shoot to kill, to use lethal force to protect their aspect of the infrastructure, and they wouldn’t be able to be prosecuted, they were told.It looks to me like the following transformation has occurred: 1. At a DHS conference on emergency response, somebody asks if owners of critical pieces of infrastructure should be expected to use deadly force if necessary to protect it (e.g., a nuclear power plant). 2. Somebody at DHS answers yes. They may even add that in some cases the law provides specific justification for use of deadly force (as in the Arizona statute I cite above). 3. Matt turns that into a general right to “shoot-to-kill” in times of martial law by any InfraGard member. 4. The blogosphere turns that into roving citizen patrols unleashed on the nation as the Bush hit squad after declaration of martial law. I don’t see his key source–Christine Moerke–confirming anything beyond #1 and #2. Note other exaggerations and contradictions–Rothschild claims that InfraGard is highly secretive and selective, yet has quickly grown to over 23,000 members and has multiple public websites. He fails to note that most InfraGard meetings are open to the general public, or that it has been discussed in many articles in the national press over the last decade. Rothschild speaks of “business leaders,” which the blogosphere has turned into “CEOs,” yet I suspect the most common “business leader” represented in InfraGard is an IT or physical security manager. UPDATE (February 15, 2008): The FBI has issued an official response to Rothschild’s Progressive article (PDF), which says, in part: In short, the article’s claims are patently false. For the record, the FBI has not deputized InfraGard, its members, businesses, or anything else in the program. The title, however catchy, is a complete fabrication. Moreover, InfraGard members have no extraordinary powers and have no greater right to “shoot to kill” than other civilians. The FBI encourages InfraGard members – and all Americans – to report crime and suspected terrorist activity to the appropriate authorities.The FBI response also states that Rothschild has “refused even to identify when or where the claimed ‘small meeting’ occurred in which issues of martial law were discussed,” and promises to follow up with further clarifying details if they get that information. UPDATE (February 25, 2008): Here’s another blogger with a rational response to The Progressive article. UPDATE (March 2, 2008): Matthew Rothschild has responded to the FBI’s response on Alex Jones’ Info Wars blog, and he stands behind every word of his original article. He doesn’t display any knowledge of or response to any of the criticisms I’ve offered. ...

I’ve seen some speculation (at sites of dubious credibility) that the recent subsea cable cuts, which have apparently reduced Internet connectivity to Iran (though the impact to India has been more prominent), are a prelude to a U.S. attack of Iran. I don’t think so. First of all, subsea cable cuts (and the word “cut” is unfortunately overused to mean a non-functional cable even when it’s not actually severed) occur on a regular basis, and every company that owns subsea cables (such as employer, Global Crossing) contracts with a cable-laying company such as Global Marine (which Global Crossing used to own) to do repairs. Second, in December 2006, there were nine cable breaks in east Asia as a result of earthquakes. In this instance, we are up to only three cable breaks–the first two were FLAG Telecom’s Europe-Asia link and SeaMeWe-4, which were broken by a tanker in the Mediterranean between Alexandria, Egypt and Palermo, Sicily, causing disruption to Internet access in Egypt, Jordan, Saudi Arabia, and India. Those cables follow pretty much the same path, from Mumbai, India, to Djibouti, and from there into the Red Sea, past Egypt, through the Suez Canal, and into the Mediterranean to Sicily. It’s not surprising that both were cut simultaneously by the same tanker dragging its anchor, they are perhaps a quarter mile apart. An offshoot from those cables goes north from just off the coast of India into the Persian Gulf, past Oman, the United Arab Emirates, Qatar, and Bahrain, and lands in Kuwait. In the other direction, it goes to Sri Lanka. The third cable cut was on this offshoot, FLAG Telecom’s FALCON cable, off the coast of Dubai, between Oman and the United Arab Emirates. Some have erroneously claimed that four cables were cut, on the basis of a report that a cable was cut between Sri Lanka and the Suez Canal–that’s the FALCON cable off the coast of Dubai, not yet another cut. None of these cables land in Iran or Iraq, at least on my cable map, though there is apparently a Kuwait-Iran subsea cable, so any impact from these cable breaks to Iran is incidental. I don’t see any evidence that these are anything other than normal accidental subsea cable breaks. (Correction: FLAG FALCON has a segment from Kuwait to Bandar Abbas, Iran, that was built in 2005 and isn’t on my map, which was printed in May 2004.) You can see Telegeography’s submarine cable map of the world for yourself here. UPDATE (February 3, 2008): I didn’t check earlier, but I note that at the moment I have no problem reaching hosts in Iran, such as Mahmoud Ahamdinejad’s official blog, or pinging the primary mail server of the Datacommunications Company of Iran (mail.dci.co.ir). Others have previously noted the continuing availability of Ahamdinejad’s blog, which is hosted by DCI (AS 12880) and gets upstream connectivity from Singapore Telecom and TTNet (a Turkish ISP). I would hazard a guess that Iran’s TTNet connectivity is via terrestrial cable from Turkey. UPDATE: Egypt claims no ships were in the vicinity in the Mediterranean when the cable cuts there occurred. There is now a report of a fourth cable cut, in the Persian Gulf between the Qatari island of Haloul and the United Arab Emirates island of Das. This outage is now being attributed to a power system problem. UPDATE (February 4, 2008): The Renesys Blog has analyzed the breaks from a routing perspective, showing which countries have been affected, in a series of posts. In part one, they look at the first two breaks in the Mediterranean, and show that the most impacted countries were Pakistan and Egypt. In part two, they look at the impact by ISP. In part three, they look at how providers addressed their connectivity before and after the breaks. You’ll notice one country conspicuously absent from the list of impacted countries–Iran. This is because while Iran has had some impact, it has not been significant. In a fourth post, The Renesys Blog discusses the Iran impact and the misinformation about it that has appeared in places like Slashdot and the blog of the first commenter on this post. In a fifth post, they look at how Indian providers weathered the problems. And in a sixth post, they sum up lessons learned. UPDATE: These cuts are all associated with bad weather in the region, which is also delaying repairs. Here’s a report from FLAG Telecom posted by a commenter at the Renesys Blog: Update on Submarine Cable Cut - Daily Bulletin @ 0900 GMT February 4 2008 Bulletin will be updated Daily with Progress. Cut # 1: − FLAG Europe-Asia cable was reported cut at 0800 hrs GMT on January 30 2008. − Location of cut is at 8.3 kms from Alexandria, Egypt on segment between Egypt and Italy. − The Repair ship loaded with spares is expected to reach the repair ground by February 5 2008. − We have received the necessary permits to commence work from the Egyptian Authorities. − FLAG has restored circuits of customers covered under Pre-planned Restoration service. − FLAG has restoration on alternative routes for customers who have requested Ad hoc Restoration service. Cut # 2: − FALCON cable was reported cut at 0559 hrs GMT on February 1 2008. − Location of cut is reported at 56 kms from Dubai, UAE on segment between UAE and Oman. − The repair Ship is loaded with all spares and ready to sail. Awaiting clearance from Port Authorities due to 36 knots winds. − FLAG is executing restoration on alternative routes for customers who have requested Ad hoc Restoration service.UPDATE (February 7, 2008): There have been some additional cable faults on FLAG’s cable systems, to a total of four or five. In addition to the two listed above (FLAG Europe-Asia, 8.3 km from Alexandria and FLAG FALCON 56 km from Dubai), there has been another on FLAG Europe-Asia 28 km from Penang, Malaysia scheduled for repair on February 11, and possibly two faults on FLAG FALCON near Bandar Abbas, Iran, on a segment that runs from Iran to Kuwait, which will be visited by a repair ship around February 19. The current list is this: 1. Consortium cable SeaMeWe-4, 12.334 km from Alexandria, in the Mediterranean. Currently under repair, should be fixed by this weekend. 2. Qtel’s cable from Haloul (Qatar) to Das (UAE), in the Persian Gulf. Probably not a cut, but damaged power system due to weather. 3. FLAG’s Europe-Asia (FEA Segment D), 8.3 km from Alexandria, in the Mediterranean. Currently under repair, should be fixed by this weekend by cable ship CS Certamen. 4. FLAG’s FALCON (FALCON Segment 2), 56 km from Dubai, UAE in the Persian Gulf, on the route to Al Seeb, Oman. Currently under repair, should be fixed by this weekend. This cut was due to a ship’s anchor–an abandoned 5-6 ton anchor was recovered by FLAG at the site (see photo in FLAG’s update, PDF) 5. FLAG’s Europe-Asia (FEA Segment M), 28 km from Penang, Malaysia. Scheduled for repair on February 11 by cable ship CS Asean Restorer. 6. FLAG’s FALCON (FALCON Segments 7a and 7b), two faults on the cable between Kuwait and Bandar Abbas, Iran, scheduled for repair on February 19. There’s an article in Technology Review about the cable breaks. Alex at the Yorkshire Ranter is a breath of fresh air on this subject, his commentary presents some common sense opinions with a factual basis and accompanied by lots of good links. UPDATE (February 11, 2008): The Economist also has an excellent summary. UPDATE (April 16, 2008): Two ships have been identified as the cause of damage to undersea cables in the Persian Gulf. An Indian officer a Syrian chief engineer of an impounded Iraqi ship are being held for trial in Dubai, and the ship owner will have to pay $350,000 in compensation. Another Korean ship was impounded and then released after its owners paid $60,000 in compensation to Flag Telecom. The two ships, the MV Hounslow and the MV Ann, were identified by satellite photos. ...

In a press release yesterday that cites an article I co-authored in Skeptic magazine, a group referring to itself as “Anonymous” has announced that it has declared war against Scientology. The stated justification for the “war” is the Church of Scientology’s attempts to keep a video of Tom Cruise off the net. That video, which is still viewable at Gawker.com, was made for a Scientology awards ceremony. The longer video from which it was taken is also now viewable there. Gawker.com responded to a cease and desist letter with a refusal to remove the video, which it considers to be fair use for news and comment, but I’m not so sure that it has a good legal case for putting up more than short excerpts. (In case you’re wondering about all the Scientology jargon in the Tom Cruise video, MTV has done a good job of explaining it. Actor Jerry O’Connell has also put out a good parody.) The “war,” which is described at another site under the name “Project Chanology” (a reference to 4chan, a popular message board, where most posts are made by people who don’t login and are thus attributed to “Anonymous”), calls for denial of service attacks over the Internet, prank phone calls, spam emails, and personal visits involving vandalism and harassment. Apparently Scientology’s main website was down due to denial of service for at least part of the day yesterday. The press release cites a number of web pages for further information about Scientology, the second of which is the article “Scientology v. the Internet: Free Speech & Copyright Infringement on the Information Super-Highway” which Jeff Jacobsen and I wrote for Skeptic magazine in 1995 after Scientology effectively declared war on the Internet. (A much lesser-known sequel to that article, published only on the web, is “Scientology v. the Internet: An Update and Response to Leisa Goodman.") I completely disagree with the tactics being used here–Scientology has as much right to free speech and protection of their copyrights as anyone else, though I also condemn Scientology’s habitual misuse of copyright to try to suppress fair use of information. To the extent this is a prank designed to get media attention, well done. To the extent it gets taken seriously, though, it’s something that may not end well. Read the material, watch the videos, have a laugh, and tell others about the absurdity and abuses of Scientology. But please, don’t launch attacks on their websites, harass individuals, or engage in vandalism. “Anonymous” previously received coverage for attacks on MySpace accounts on Fox 11 in Los Angeles on July 26, 2007. BTW, the press release gets its facts wrong when it claims that the alt.religion.scientology Usenet newsgroup was “shut down.” Scientology attorney Helena Kobrin issued an rmgroup message, but almost all news servers ignored it. The accurate facts may be found in Jeff’s and my Skeptic article. UPDATE: Wikinews and Xenu.net have more. ...

The Boeing 787 Dreamliner is equipped with systems to provide passengers with on-board Internet access. Unfortunately, the passenger network is also connected to the computer systems that control the plane, as well as communication and navigation systems, which the FAA has complained about in a “special conditions” document that covers issues that are a concern but are not specifically covered by regulations. Boeing says it has designed a solution that it will be testing shortly, and the FAA says that has to happen before any of these will be allowed to fly. A Boeing spokesperson claims that the FAA document criticizing the design is misleading because, as Wired reports, “the plane’s networks don’t completely connect.” She goes on in the article to say that there’s a combination of physical separation and software-based firewalls. Given the fact that software-based firewalls have themselves had vulnerabilities from time to time, I’d strongly prefer to see complete physical separation.

Alan Ralsky, at one time believed to be the top spammer in the world, has finally been indicted today by a federal grand jury. His home was raided back in 2005, and he’s now been charged along with ten other people in “a wide ranging international fraud scheme involving the illegal use of bulk commercial e-mailing.” Those indicted include James E. Bragg, 39, of Queen Creek, Arizona. The indictment alleges that Ralsky’s spam gang “tried to send spam” through botnets and engaged in a “pump and dump” stock scam for Chinese companies. The Detroit Free Press’s coverage reports: “Prosecutors described Ralsky, 52, of West Bloomfield, as one of the most prolific spammers in the nation. Until 2005, when federal agents raided his home and seized his computers, his operation sent tens of millions of unsolicited email messages daily to Internet subscribers, hawking everything from sexual enhancement drugs, weight loss products and worthless stock, the government said. In the summer of 2005 alone, prosecutors said, his operation generated $3 million." The DOJ press release is here. ...

Last night while looking for something else, I came across my copy of the September 1996 issue of Internet Underground, a short-lived glossy magazine promoting interesting things on the Internet. This issue featured an article I wrote for them about skepticism on the Internet, which I present for your enjoyment below. If I had to update it today, I’d need to add information about blogs (like Science Blogs), podcasts, and various online forums that have come into existence in the last eleven and a half years or so (including IIDB, its offshoots like Freethought Forum and Heathen Hangout, and skeptical forums like those of the James Randi Educational Foundation and Richard Dawkins), but everything I described below is still around, despite some name and domain changes (I’ve updated the links) and diminishing significance of Usenet. I’m not sure how I missed the Skeptics Dictionary or Snopes.com, which were both around at the time. You can see a PDF of the article in its original format here. 403 Forbidden: Skeptics Seek the Cold Hard Truth By Jim LippardThe Internet is a place where world views collide. Christianity meets atheist, conventional wisdom meets conspiracy theory, fringe belief meets orthodox science. While most Usenet newsgroups promote particular views and are populated mostly by their purveyors, the critics make up the majority on sci.skeptic. These critics who refer to themselves as “skeptics” have only a tenuous connection to the skepticism of the ancient Greeks, such as Pyrrho, who denied the possibility of knowledge of any kind. Instead, they tend to hold that while knowledge is quite possible, it must be grounded in scientific inquiry and rational investigation. Doubt is valued as a means to reliable knowledge rather than an end in itself. Skeptics often share an interest in the unusual, bizarre, and the seemingly impossible with the denizens of newsgroups such as alt.paranormal, alt.astrology, alt.alien.visitors, and alt.forteana.misc. There are plenty of fans of The X-Files to be found among skeptics. Where skeptics differ from “believers” is with regard to what are acceptable standards of evidence and what constitutes reasonable methods of investigation. A commonly touted skeptical aphorism is “Extraordinary claims require extraordinary evidence,” and testimonials, feelings and handwaving are not considered extraordinary enough to carry the weight. ...

In January 2008 the film “Untraceable," starring Diane Lane, will be released. It looks awful. The premise is that a serial killer is killing people live on the Internet, via an “untraceable website” that is connected to contraptions that kill his victims as more people visit the site. The whole concept of an “untraceable website” or the idea that such a thing would be unstoppable by ISPs and law enforcement is absurd–the immediate upstream provider of the site would merely need to null route the IP address(es) where the website is hosted, and traffic stops. They’d also be able to quickly identify the customer who owns the server in question. Even if that server was compromised and being used to reverse proxy or redirect traffic to other servers, it would still be a relatively simple matter to track that backwards, though it would be somewhat more difficult than stopping the traffic. Even if the domain name pointed to a new server on a compromised host every second, it would still be possible to contact the domain name registrar and get the domain name shut down. If users can get to it, it can be seen how and what they’re getting to, even if that’s only the front end in a chain of successive proxies. If it has a domain name, that provides another path to shutting off access. UPDATE (January 2, 2008): I came across the script online while searching for information about the writers. Let’s just say that my opinion above is not nearly negative enough. In the first 16 pages are at least six or seven scenes that really bring on the stupid. For example, FBI Agent Jennifer Marsh, who works in the FBI’s cyber division, is monitoring machines that are being compromised by hackers (honeypots, essentially, though the script doesn’t use the word). One of her machines gets compromised and she sees that it copies her files including fake financial information. It then accesses eBay to use a stolen credit card to purchase a watch. In reality, the stolen financial information wouldn’t be likely to be used from the same machine, it would be sold to another player in the underground economy. Marsh then types commands to look for the IP address of the connecting host–but if they’ve already got honeypots or honeynets in operation, that should already be logged. She then does the usual CSI-style conversion of an IP address into a name and address without issuing a subpoena to an ISP, and discovers that it’s a home belonging to a 56-year-old woman. She immediately concludes that the actual criminal must be a neighbor using her wireless connection, despite the fact that she has no evidence that the woman has a wireless access point and isn’t just another victim with a compromised machine being used as a proxy. Without doing any more verification, she arranges to get a warrant to knock the door of the neighbor down, and it turns out to be a teenage kid. On p. 16 appears this nice quote: “She types several commands into a unix shell. Trace routing algorithms begin to run. A different screen shows possible IP addresses. The list begins growing, from ten to hundreds to thousands…. Marsh shakes her head at the futility.” There are multiple methods of performing traceroutes and even of adding fake hops to a traceroute, but traceroute is unnecessary to find out the IP address of a website–it’s only useful for finding the path traffic takes to get to that website, e.g., for finding the upstream provider. But getting a list of upstream providers is better done by looking at routing tables rather than doing traceroutes, anyway. The real investigative steps would be to look at the DNS information for the domain, get the IP address or addresses from the authoritative name server (and check to see if those are changing with a short TTL), then find the upstream providers. Funniest exchange I’ve seen so far in the script (p. 26) is this marvel of self-contradiction: [FBI agent] GRIFFIN: I traced it to a Georgetown sophomore named Andrew Kinross. But then I looked closer and saw the post didn’t actually originate from his computer. MARSH: Our guy got into his computer and posted it from there. GRIFFIN: That would be my guess. MARSH: So let’s go after the originating computer’s IP. And so far, I’ve not mentioned how the hacker mastermind hacks into the FBI agent’s car (which features the fictional “NorthStar” instead “OnStar”)–in the preview, the hacker apparently is able to control the steering of her car. I suspect drive-by-wire steering will come soon in the future of the automobile, but I don’t believe it exists today. (Turns out the preview gives a misleading impression of what the script says is happening–the hacker doesn’t actually control the steering, but remotely shuts off the car’s electrical systems and power steering.) ...

Some nice high-definition video images have been taken by the Japanese lunar orbiter “Kaguya," showing the earth setting behind the moon’s surface.

The full source code to the last official release of the Multics operating system has been released to the general public (though full source was always made available to all customers, except for specific “unbundled” applications). Multics, the predecessor system to Unix (and in a number of ways still its superior), was a general purpose commercial operating system best known for its security. That release, Multics MR12.5 (MR = “Multics Release”), was released to customers in November 1992. The last Multics system was shut down in 2000. The software can be downloaded from a website at MIT, though it requires specialized hardware to run on, so don’t expect to be able to run it. My name appears a few times throughout the software, as I worked as a Multics software developer from 1983 to 1988. The MIT site incorrectly states that Multics development was ended by Bull in 1985–that may have been the time when Bull decided to pull the plug, but there was still development (though primarily bug fixing) going on in 1988 when I left. One of the pieces I wrote was a rewrite of the interactive message facility, in some ways a predecessor of instant messaging (except that it operated on a single timesharing host rather than over a network between hosts). Most of the software is in the “ldd” hierarchy (for library directory directory, the directory of directories of libraries). The software is in Multics “archive” format which is similar to Unix tar files. The message facility software is in /ldd/sss/source/bound_msg_facility_.s.archive. Kudos to Group Bull, the copyright holder of Multics, for making the software open source. Bull purchased Multics as part of its acquisition of Honeywell’s Large Computer Products Division in the mid-eighties. ...