Most of Trump's critics have reacted to his decision to end the American intervention in the war in Syria by assuming that it was another of Trump's whimsical, spur-of-the-moment notions that just occurred to him while he was tweeting. I don't think so. My guess is that the true story is something more like this:
“Trump Scores, Breaks Generals' 50-Year War Record”
Gareth Porter, The American Conservative, December 29, 2018
In early April 2018, Trump's impatience with his advisors on Syria boiled over into a major confrontation at a National Security Council meeting, where he ordered them unequivocally to accept a fundamentally different Syria deployment policy.
Trump opened the meeting with his public stance that the United States must end its intervention in Syria and the Middle East more broadly. He argued repeatedly that the U.S. had gotten “nothing” for its efforts, according to an account published by the Associated Press based on interviews with administration officials who had been briefed on the meeting. When Dunford asked him to state exactly what he wanted, Trump answered that he favored an immediate withdrawal of U.S. forces and an end to the “stabilization” program in Syria.
Mattis responded that an immediate withdrawal from Syria was impossible to carry out responsibly, would risk the return of the Islamic State, and would play into the hands of Russia, Iran, and Turkey, whose interests ran counter to those of the United States.
Trump reportedly then relented and said they could have five or six months to destroy the Islamic State. But he also made it clear that he did not want them to come back to him in October and say that they had been unable to defeat ISIS and had to remain in Syria. When his advisors reiterated that they didn't think America could withdraw responsibly, Trump told them to “just get it done.” …
Trump is now well aware that it is virtually impossible to carry out the foreign policy that he wants without advisors who are committed to the same objective. That means he must find people who have remained outside the system during the permanent war years while being highly critical of its whole ideology and culture. If he can fill key positions with truly dissident figures, the last two years of his term in office could decisively clip the wings of the bureaucrats and generals who have created the permanent war state we find ourselves in today.
The Global War on Terror, under that name, began in August, 1998, with an American attack, using cruise missiles, on a pharmaceutical factory in Sudan. We destroyed the main source of therapeutic drugs for more than half the country, resulting in the deaths of thousands of men, women, and children who were not terrorists.
Perhaps we're seeing the beginning of the end of this decades-long, self-destructive exercise in futility.
“Mattis Marks End of Global War on Terror”
Peter Van Buren, The American Conservative, December 24, 2018
Since 2001, the United States has spent some $6 trillion on its wars, and killed multiple 9/11s worth of American trooops and foreign civilians. The U.S. has tortured, still maintains its gulag at Guantanamo, and … has lost on every front. Afghanistan after 17 years of war festers. Nothing was accomplished with Iraq. Libya is a failed state. Syria is the source of a refugee crisis whose long-term effects on Europe are still being played out.
“Massive Data Leaks Keep Happening Because Big Companies Can Afford to Lose Your Data”
Erik Sherman, Motherboard, November 15, 2018
Large corporations spend about 0.1% of the money they take in on computer and network security and another small fraction on insurance against data breaches. They won't spend more, because data breaches (a) don't occur that often and (b) aren't very expensive.
Executives focus on things that make a big difference to the company. Breach and protection costs are so small that they get little attention. Insurance is likely to be on the same scale or less. When management doesn't see something as an important financial priority, it doesn't get done.
What interests me most is observation (b). Data breaches aren't expensive to corporations because most of the consequent costs are borne by the corporation's customers and by innocent bystanders. I think that it should be possible to sue corporations when data breaches reveal that have been irresponsible data custodians.
The Chrome browser now logs itself in automatically to your Google account whenever you use it to log in on any other Google service, such as Gmail. This exposes all of the data that the browser has collected to Google.
“Why I'm Done with Chrome”
Matthew Green, A Few Thoughts on Cryptographic Engineering, September 23, 2018
Google has transformed the question of consenting to data upload from something affirmative that I actually had to put effort into — entering my Google credentials and signing into Chrome — into something I can now do with a single accidental click. This is a dark pattern. Whether intentional or note, it has the effect of making it easy for people to activate sync without knowing it, or to think they're already syncing and thus there's no additional cost to increasing Google's access to their data. …
Trust is not a renewable resource.
An advocate of functional programming walks through several implementations of the Sieve of Eratosthenes. The first is a typical implementation using the imperative model of computation, but the rest use higher-order functions and other apparatus of the functional model with varying degrees of success.
I enjoyed reading through the various approaches and thinking about their strengths and weaknesses, but it was a little surprising to see that, even though all of his implementations were written in Java, he never considered any implementation that used the object-oriented model of computation in any significant way.
“The Functional Style — Part 4: First-Class Functions II: Filter, Reduce and More”
Richard Wild, Codurance: Craft at Heart, September 19, 2018
A great new way to use Facebook!
Benjamin Grosser, September 19, 2018
Safebook is a browser extension, for Chrome or Firefox, that suppresses all text, images, video, and audio content on the Facebook site, leaving intact the borders around and between panels, the (now blank) menus, drop-down submenus, pop-up windows, and other navigation elements.
The destructive effects of high-interest student loans on the lives and families of borrowers are terrible and widespread. Defaulting on the debt is even worse, but increasing numbers of borrowers have no alternative — 38% of borrowers default within the first twenty years of the loan, and that percentage is increasing.
My guess is that soon prospective students will just stop accepting admission offers if the accompanying "aid" packages include large loans. Some will decide not to attend college at all. I suspect that that's what my family and I would have decided if the same situation had existed when I was applying to colleges. We were all strong believers in education and aspirants to the professional classes, but we were also strong believers in staying out of debt.
“Ending the Secrecy of the Student Debt Crisis”
Daniela Senderowicz, YES! Magazine, September 5, 2018
With an average debt of just over $37,000 per borrower for the class of 2016, and given that incomes have been flat since the 1970s, it's not surprising that borrowers are struggling to pay. Student loans have a squeaky-clean reputation, and society tends to view them as a noble symbol of the taxpayers' generosity to the working poor. Fear of facing society's ostracism for failure to pay them back has left borrowers alienated and trapped in a lending system that has engulfed them in debt bondage.
“The Looming Student Loan Default Crisis Is Worse Than We Thought”
Judith Scott-Clayton, The Brookings Institution, January 11, 2018
The national intelligence services of the United States, the United Kingdom, Australia, Canada, and New Zealand have joined forces to support legislation requiring makers of encryption software to incorporate defects into their products so as to allow surveillance agencies (such as law-enforcement and espionage operations) to seize and decrypt communications between users of the software.
“Statement of Principles on Access to Evidence and Encryption”
Department of Home Affairs, Australian Government, August 29, 2018
The Governments of the Five Eyes encourage information and communications technology service providers to voluntarily establish lawful access solutions to their products and services they operate in our countries. …
Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.
Of course, in the United States, any government access to private communications is unlawful, indeed unconstitutional, unless it is supported by a warrant, endorsed by a judge of the relevant jurisdiction, “upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” Unfortunately, in this context, ‘lawful’ is simply a stylistic variant of ‘government’, not referring to any actual law. The threat to resort to system cracking if backdoor entries to encryption systems aren't provided reinforces this obvious indifference to the rights of citizens and subjects.
“Five-Eyes Intelligence Services Choose Surveillance over Security”
Bruce Schneier, Schneier on Security, September 6, 2018
To put it bluntly, this is reckless and shortsighted. I've repeatedly written about why this can't be done technically, and why trying results in insecurity. But there's a greater principle at first: we need to decide, as nations and as society, to put defense first. We need a “defense dominant” strategy for securing the Internet and everything attached to it.
This is important. Our national security depends on the security of our technologies. Demanding that technology companies add backdoors to computers and communication systems puts us all at risk. We need to understand that these systems are too critical to our society and — now that they can affect the world in a direct physical manner — affect our lives and property as well.
Cory Doctorow, Boing Boing, September 5, 2018
It is impossible to overstate how bonkers the idea of sabotaging cryptography is to people who understand information security. If you want to secure your sensitive data either at rest — on your hard drive, in the cloud, on that phone you left on the train last week and never saw again — or on the wire, when you're sending it to your doctor or your bank or to your work colleagues, you have to use good cryptography. Use deliberately compromised cryptography, that has a back door that only the “good guys” are supposed to have the keys to, and you have effectively no security. You might as well skywrite it as encrypt it with pre-broken, sabotaged encryption. …
Cryptography [is] the basis for all trust and security in the 21st century.
“Nation Stunned That There Is Someone in the White House Capable of Writing an Editorial”
Andy Borowitz, The New Yorker, September 5, 2018
Millions of Americans were startled by the revelation on Wednesday afternoon that there was someone working in the White House capable of writing an entire editorial, reports indicate. …
Davis Logsdon, a professor of linguistics at the University of Minnesota, said that a team of language experts under his supervision has studied the Op-Ed word by word and is “in a state of disbelief” that someone currently working for Donald J. Trump could have written it.
“There are complete sentences, there are well-structured paragraphs, there is subject-verb agreement,” he said. “This does not appear to be the work of any White House staffer we're familiar with.”
“Security Risks of Government Hacking”
Riana Pfefferkorn, Center for Internet and Society, Stanford University, September 4, 2018
This paper addresses six main ways that government hacking can raise broader computer security risks. These include:
* Creating a disincentive to disclose vulnerabilities that should be disclosed because other attackers might independently discover them;
* Cultivating a market for surveillance tools and 0-days;
* Risking that vulnerabilities exploited by the malware will be identified and used by other attackers, as a result of either law enforcement's losing control of the hacking tools, or discovery by outsiders of law enforcement's hacking ability;
* Creating an incentive to push for less-secure software and standards; and
* Risking that malware will affect innocent users.
There's also the possibility that government cracking might discourage the use of free software, which would be extremely disadvantageous even if it were not a security risk.