Don’t Feed the Trolls

That inflammatory news blurb in your Facebook feed that’s got your dander up?  Or the one some acquaintances are circulating that’s got you thinking they’ve lost their minds?  Hold up a bit.  There’s this recent column in The Atlantic:

“We’ve since learned that Russian trolls organized anti-immigrant rallies in two states, and posed online as Black Lives Matter supporters in one instance and as members of a Muslim American organization in another. They hoped to spark discord among factions of our fellow citizens. So if you’ve ever felt at a loss to understand how some of your neighbors could possibly reach certain conclusions, consider that they could have been targeted by teens in a Macedonian village bent on duping them.”  Source: Don’t Forget to Adjust for Russian Trolls

What is going on here is a good deal more sophisticated most of what is commonly thought of as activity by trolls.  These are full-on disinformation campaigns by a hostile foreign power.  The objective is destabilization, and as such, they don’t appear to be all that picky about the side of the dispute they happen to be stoking.[*]  The content being disseminated is divisive propaganda intended to set Western Europe and the US on fire.

Garden-variety trolls, in contrast, are merely sadistic anti-social misfits who are still single (or ought to be), probably addicted to porn, and are 30+ and have been living with a parent since birth.  They are like that tomato that’s been left on the vine in the greenhouse a bit too long.  A bit squishy to the actual touch.  In another context they might be tormenting a neighbor’s cat.  Or shooting out streetlights.  Or using a drone to peep in your bedroom window.  There is not much difference between the online behavior of this type of troll and some idiot keying cars in a parking lot.

But the effect both types are rather similar.  Fires are being set.  Some with a malevolent, well-considered purpose.  Others because the arsonists are addicted to the chaos they create.  And we react rather to readily to the rumor and hoaxes being served up by both.  And find ourselves at war with each other.

So step back from that incendiary comment thread and take a breath, particularly if you can’t independently verify what is being asserted.

It is best to just move along.  Or better yet, just get off Facebook and go get coffee.

—————-

[*] For actual examples check out this post at The VergeHere are the Russia-linked Facebook ads released by Congress.

 

Backyard gene editing risks creating a monster | New Scientist

While we were all being distracted by cat videos and meaningless tweets by celebrities and politicians:

“Biohackers have already signalled their intention to use CRISPR, which poses a big problem for the authorities.” 

Source: Backyard gene editing risks creating a monster | New Scientist, 15 March 2017.”

The US Food and Drug Administration is allowing a dog breeder to use  CRISPR to fix a harmful mutation.  We are told that the FDA is trying not to stifle innovation.

By a dog breeder.

Why aren’t we reacting to this?  An article in the Atlantic suggests it might have something to do with the innocuous acronym for the tool used to fiddle with genetics.

Why does a revolutionary gene-editing technology sound like a candy bar? 

Source: CRISPR Has a Terrible Name – The Atlantic, April 11, 2017

Close your eyes and imagine it is 1938.  The German chemists Otto Hahn and Fritz Strassmann have just discovered nuclear fission.

Now give the process of Uncontrolled Nuclear Fission an innocuous acronym like UNUFI, something that sounds a bit like a stuffed animal.  And imagine those chemists also discover ways to make it happen within reasonable reach of private parties at manageable costs.  Who can then use the process in a barn somewhere out in the woods.

The world might look more like this:

__

An Idolatry of Politics

We are seriously doing this?

People working in ministry, music, and nonprofit advocacy are facing pressure for their political beliefs.

Source: These Conservative Christians Are Opposed to Trump—and Suffering the Consequences – The Atlantic

On the one hand, employees have a responsibility to exercise some sort of reasonable care and compartmentalize political activities from an employer’s business activity.  But once reasonable care has been exercised regarding that boundary we should be free to speak our minds.  And not be abused by other Christians.

If we are trolling fellow believers because of their political opinions our allegiance is no longer to the risen Christ.

It is to the idol of politics.

 

 

 

How Twitter Is Changing Modern Warfare – The Atlantic

Here’s an eye-opening article from The Atlantic on the weaponization of social media:

Most of us did not associate Twitter with terrorism until the Islamic State stormed into Mosul. We have given similarly scant thought to what might happen if the wondrous tools of the 21st century are ever paired with the scale and intensity of the conflicts that defined the 20th.  Source: How Twitter Is Changing Modern Warfare – The Atlantic

The article lays out how bad actors exploit social media for propaganda purposes at large scales, serving up deliberate falsehoods to manipulate divisive national conflicts.

At least some of the trolls we encounter may not all be maladjusted losers living in their parents’ basements.

 

 

Some Unusual Central Heating

Now THIS was interesting (to an ancient history buff).  We take modern climate control technologies very much for granted:

“I built a hut with a tiled roof, underfloor heating and mud and stone walls. This has been my most ambitious primitive project yet and was motivated by the scarcity of permanent roofing materials…” Source: Building a hut with a kiln-fired tiled roof, underfloor heating and mud pile walls.

I recently added this site to my list after seeing the video of the construction  process.  Do go there and have a look.

The author’s use of fired clay is impressive enough but the heated floor is what really caught my attention.  It works the same way as the Roman hypocaust and Korean ondol.  I was some way though viewing that portion of the build before it dawned on me what I was looking at.

The Roman designs heated large surface areas and large masses of masonry, leading to the need for a lot of labor to feed the furnace.  Although this was probably not a big deal from the Roman point of view because of the prodigious use of slaves.  But the author’s use of large stones in the floor covering a heating channel should provide a source of radiant warmth for the entire living space long after the fire went out.  And would require less labor for the resultant heat.

 

 

on another site before reading the author’s post.

Practical Passwords for Regular People

“Dadada.”  According to the article below this was the password for Mark Zuckerberg’s hacked LinkedIn account.  I found this astounding.  And I am just a regular guy who works in an office full-time, not some super-geek.

seeker.com

“A group of hijackers known as OurMine, possibly from Saudi Arabia, briefly took over Facebook chairman and CEO Mark Zuckerberg’s Twitter and Pinterest accounts yesterday.” – Source: Seeker.com – How Not to Be Mark Zuckerberg About Your Passwords

But Zuckerberg is ridiculously wealthy.  He can afford to pay people to clean up the mess.

For the rest of us poor schmucks the article has some suggestions which are worth perusing.  I got my AOL account in the late 80s and have used hundreds of various online accounts since then..  I probably have at least 50 active user passwords.  It would be nice to have a reasonable way to manage that.  Unfortunately the suggestions are not packaged for users in the real world.  And the article fails to engage real-world questions that need to be asked about any website you use before deciding which to use:

  • Are you famous or do you otherwise have some sort of highly visible public profile?
  • Is the information you need to protect important?
  • Would theft of the information affect anyone besides you?
  • Is the data valuable?

If the answer to all these questions is “no” then pick any junk password you like.  If you answered with a strong “yes” to any, then find someone with actual expertise and don’t fool around with trying to do this on your own, particularly if you need super-secure options like hardware tokens.  But most people will likely answer “no” to the first and a mild “yes” to one or more of the rest.  So here is my stab at a rework of the suggestions, in order of priority:

  1. Turn on basic two-factor authentication (2FA) for every site that provides it.  Two-factor (or multi-factor) means something besides your user name and password is required to sign in.   The easiest version to use sends a text to your mobile phone with an access code when the site fails to recognize you.  A slightly more complicated but more reliable variant installs an app on a smart phone (which most people have these days).  Basic 2FA means most thieves will need your crappy password and physical possession of your phone.
  2. Lock all your computers, tablets, and smartphones.  A basic four-digit pin or pass-code is probably fine, provided that the device does not connect to a corporate network, and has no remote access capability (or remote access is turned off).  This is basic stuff.  You lock your residence and car, don’t you?

This should keep out casual thieves and provides reasonable security for most of us.  But if a thief gets both your passwords and access to your computer and mobile phone you have bigger problems.  You might now be some hacker’s personal project.  Or you might be bound, gagged, and in the trunk of a car bouncing along a dirt road.  As one writer has pointed out, your potential threats boil down to “Mossad or not-Mossad[1].”  If it’s the first one you are pretty much screwed.

For sites that don’t provide two-factor authentication, do the following:

  • Create unique and reasonably complex passwords.  Passwords should contain at minimum mixes of upper case letters, lower case letters, and numbers.  Special characters should be added if the site allows.  But as long as you do not spell out actual dictionary words, your passwords need NOT be super long or super complex.  Eight characters is good enough for most purposes.  Whether to use more depends on how much damage unauthorized access will do.  Passwords for your bank need to be longer than passwords for your streaming media.
  • Long passphrases can be easier for most people to remember than completely random sequences.  Just don’t use components that you have posted on social media.  Use something obscure, like the combination of a partial childhood address and the name of a childhood pet.  Or the long name of a band you would never admit listening to.  Then mangle it with numbers and mix the upper and lower cases.
  • If you have too many passwords to remember, then create a secured list to build a barrier between where you record them and where you use them.  A plain, old paper notebook is just fine, provided you keep it somewhere reasonably safe.  An encrypted Microsoft Office or Evernote document, or something equivalent will also work.  Or if you are at least slightly geeky you can use a password manager app[2].  The point is to find something that works for you and create the barrier.   So when your device gets stolen and/or hacked the thief doesn’t get your passwords.

The article had some additional suggestions, which are distilled below to something normal people might actually use:

  • Don’t let websites retain information that connects to your financial accounts.  This means debit cards, account numbers, or anything else that points directly to your bank.  The only exception I can see to this is the website of another bank.  Charges on a stolen credit card can be high-order nuisances.  But stolen bank balances are something else entirely.
  • If you let your web browser store your login information, then use a browser that encrypts the data and requires a password to access it.  And never allow storage on a computer you don’t own and completely control.

Oh, and if your passwords are stored on your computer or smart phone please remember these gadgets are not immortal.  Back up the list to a flash drive or printout and hide that  somewhere you can find it.  And be sure to include those stupid security questions and answers.  You might need them a year from now.

—————-

[1] James Mickens. This World of Ours. “;login: The Usenix Magazine.” January 2014
https://www.usenix.org/publications/login-logout/january-2014-login-logout

[2] If you want to really lock your stuff up and need a suggestion for a password app I use KeePass.  It’s highly configurable and open-source (and free).  I’ve also heard good things about LastPass but I’ve never used it.

December 4, 2017 update:  Thank you to a reader who pointed me to a secure password generator at this site: https://www.vpnmentor.com/tools/secure-password-generator/.  She rightly pointed out how easy it is to slip into making weak ones.

 

Did Jesus Have a Wife? – The Atlantic

Harvard historian Karen L. King ignited a controversy at a 2012 conference in Rome when she presented a papyrus fragment which appeared to refer to Jesus’ wife.   An article in the July/August 2016 Atlantic details a subsequent investigation into the fragment’s provenance:

“A hotly contested, supposedly ancient manuscript suggests Christ was married. But believing its origin story—a real-life Da Vinci Code, involving a Harvard professor, a onetime Florida pornographer, and an escape from East Germany—requires a big leap of faith.”  Source: Did Jesus Have a Wife? – The Atlantic

An interview with the  Boston Globe  echoed the Atlantic article.  King has acknowledged that material given to her in support of the fragment’s provenance appears to have been fabricated.  And King’s source has denied forging the papyrus or any knowledge regarding its authenticity.

It is possible that the fragment might be an old fraud.   But King clearly believes she has been lied to (see follow up Atlantic column), so this seems unlikely.

The article is quite long but well worth reading.  It lays out the anatomy of what increasingly appears to be an elaborate deception.  In fairness King never ruled out the possibility of fabrication.  But I am not an academic so I really don’t understand why the document was presented publicly in the first place, given the very large blank space where the provenance ought to have been.  The scholarship is summarized by the Harvard Divinity School here.

The most effective deceptions are indirect. The perpetrator presents a fragmentary context buttressed primarily by misdirection and a few strategic lies.  The core falsehood is misstated, as if the con artist doesn’t actually believe it, and is trusting the mark to help sort the matter out.  It helps if the deception fits into something the mark really wants to believe.  Then the mark is allowed to fill the very substantial blanks with whatever facts and opinions may happen to fit.

And even otherwise knowledgeable people get sucked in.

Hacking Your Phone – CBS News

Well, this is a problem.

“Sharyn Alfonsi reports on how cellphones and mobile phone networks are vulnerable to hacking

Source: Hacking Your Phone – CBS News”

 

It appears that a hacker with no more access than your cellular number can exploit a hole in network security to turn on your camera, read your email and texts, and listen in on your calls.  And who knows what else?

Makes me want to run right out and do my banking on a mobile phone.

The video is behind a paywall but it is definitely worth watching.

 

New Evidence on When Bible Was Written: Ancient Shopping Lists – The New York Times

Researchers from the University of Tel Aviv have found the following:

An analysis of handwriting on ancient pottery suggests that literacy may have been more widespread than previously known in the Holy Land around 600 B.C.

Source: New Evidence on When Bible Was Written: Ancient Shopping Lists – The New York Times

Analysis of writing on pottery shards at the site of a small fort (at at the time remote) showed at least six different hands in the lettering.

The does appear to show that a basic level of literacy was available in the culture to support the composition of Biblical texts before the deportation to Babylon.

Gadget-enabled Sloth.

According to researchers this kitchen gadget “…solves one problem (physically having to get up and switch your kettle on!) and creates a whole bunch more.”

Source: New Wi-Fi kettle, same old security issues? Meh. Pen Test Partners

This is an example of a completely stupid idea birthed in the rush to the “Internet of Things.”  Apparently the security flaw in the appliance can allow a hacker to gain access to your wifi network.

Perhaps it is time to step back and ask a broader question.  Why does anyone actually need network-connected kitchen appliances?  Is this gizmo going to root around in the pantry and find the coffee beans for me?

I’m thinking I should just get my sorry butt out of bed and go make coffee.