Category Archives: Technology

Posted on
by

On Sunday, myself and a few friends went to the TEDx event in Oxford.

TEDx, for those who don’t know, are TED style events organised by interested parties. They happen all over the world, and are usually pretty popular. This one packed out the New Theatre in central Oxford, which is no mean feat.

The speakers spoke on a number of subjects; from neuroscience to artificial intelligence. Some speakers were inspiring, others were… confusing… but all were interesting.

Interestingly, the speaker that sparked the most conversation over lunch and after the event was probably Laura Bates from the Every day sexism project. The stories she relayed shocked us all; with the men in the audience seeing this as new, but with the women nodding along in bitter recognition.

Myself, I was aware of similar horrors through the various “Women in Technology” conversations I have had, where every single woman I spoke to could relay situations where an actual crime had been committed, but pretty much shrugged it off as something that “happens”. Still, it was still shocking, and through our discussions after it seems that there is a variation of the observer effect going on for the men in our group – that is, the very act of us being present, means that the acts won’t occur to the women around us.

A new trend that was highlighted in the talk, which I found interesting, is that now the abuse seems to be often couched in a joke (which is clearly not funny), but means that the perpetrator can play the victim when the woman objects. I’ve seen this a couple of times in tech circles, but it’s clearly a growing trend.

One thing I wish was covered in her talk (although, perhaps it’s a complex subject for 15 minutes), is what can we actually do to address this? Particularly, what can we as men do? This is clearly a massive problem, and I know we seem to be losing ground in the tech world, but it seems the equality cause is losing ground elsewhere as well.

Depressing stuff. How do we fix it?

Posted on
by

In computer science, a genetic algorithm is an optimisation/search/sort algorithm that uses genetic and evolutionary selection principles to solve computational problems.

The weasel program, aka Dawkin’s weasel, is a thought experiment that demonstrates evolutionary principles using a computer program to “evolve” a random string of characters into a target piece of text, over a series of generations, optimised by selecting the offspring of each generation that closest matches the desired outcome.

Why is this useful?

Well, it’s not really, but it generates a basic principle that is very useful.

Provided that you have a mechanism of detecting the desired outcome, and which of the generated children is closer to it, you can use this tool to solve remarkably complicated problems, and to do so surprisingly quickly. It doesn’t scale well to massively complicated domains (e.g. designing aeroplanes), but can be used quite successfully in smaller, more focussed domains (optimising video compression, sorting strings, modifying seed values in procedurally generated terrain, etc).

Anyway, it kept me entertained while I finished my beer.

The code

Posted on
by

So, we’re on the cusp of 2014, and I was going to write a yearly review of some of the things I’ve done, places I’ve been etc. I might do that later, but right now I thought I’d draw your attention to this absolutely terrifying talk on the scope of the NSA and GCHQ’s surveillance and information warfare capability, by Jacob Applebaum.

It’s fairly long, and somewhat technical, but in short, every paranoid fantasy that we in the IT security world have had, appears to be true, and it gets much much worse…

Militarisation of the Internet

The full capabilities of what has been deployed, in the wild, against ordinary citizens is still coming to light, but here are some highlights, in no particular order:

  • Computer hardware and components have been compromised on mass; including wireless cards, hard drive firmware, Ethernet cables (!!)
  • Your ADSL router can be used to spy on you (natch), but also to perform attacks on those geographically near you, and routinely is.
  • Practically every piece of communication infrastructure has been subverted, which can put lives at risk (for example, the box they use to pretend to be a cell tower and record activity while, say, spying on the Ecuadorian embassy or flying over a city in a drone, doesn’t appear to route 999/112/911 calls).
  • Ordering hardware over the internet? There’s a good chance it has been intercepted and bugged without your knowledge.

The list goes on, seriously, watch the video…

Yes, you are owned

So, some of the capability discussed doesn’t fall under “mass surveillance”. Flying a drone over your house, intercepting your mail, or giving you Cancer so that they can read what’s on your computer screen (and you were worried about the back scatter X-ray at the airport), doesn’t scale. These techniques would likely only be deployed against people of interest – security researches, journalists, democracy advocates, Muslims etc, and then, only if they couldn’t get you another way.

Of course, they almost certainly already have you.

The back doors placed in the computer hardware and software products that every one of us owns need only be switched on, and then they can record your entire life (and keep it for 15 years). Even if you believe that the NSA/GCHQ will never abuse this capability, by accident or design, the documentation presented proves that some of these back doors have been discovered and exploited independently. It is therefore the height of naivety (and I’d go so far to say it’s criminal negligence) to assume that foreign governments, criminals or terrorist organisations won’t be able to use the same exploits to similar effect.

I’m scared, what can I do?

Not a lot at the moment, but the first step to finding a solution is admitting you have a problem.

The fact that many of these exploits could not have been created without the criminal complicity of various US companies is worth noting (it would be good to have a full list), and if you’re in charge of purchasing decisions, it might be worth boycotting these companies. Few things will affect change faster than the market punishing this kind of collaboration.

It’s clear that proprietary software and hardware is a major problem, especially in networking equipment, so the importance of projects like the open router project can not be over stressed. You may also like to consider the surveillance capability of any new hardware you buy, and perhaps you might want to leave your cell phone at home or not buy that internet connected TV?

I also think that detection of these attacks needs to be looked at more closely, and developing new forensic tools for widespread use should be a priority, since raising the risk of detection has a herd immunity/deterrence effect. I think that the fact that the bad guys seem to love RC6 encrypted UDP is interesting, and it is something that we can start actively looking for, and report anything suspicious.

Remember, a secure internet secures everybody, and we as technologists have a moral obligation to do everything we can. This means developing tools and technologies to protect people, and helping our less technical friends and family to use them to protect themselves, and it means building countermeasures against these sorts of attacks into the architectures and platforms we build.

It also means not collaborating with organisations that seek to attack our freedom, saying no to that NSA/GCHQ recruiter, and it means blowing the whistle when you see abuses taking place.

Be safe out there.