AGAH : Chuck, during the break, the Director called. Many important people are calling him complaining about ‘eggs’. ??
CIO : Boss, you have several memos from us on that topic, we have seen it coming, nothing we can do about it. It is another one of the patriot’s psyops campaigns. The same jerk who did Bunny Bangers wrote another subversive post about drones. Both have the ‘warning’ “One problem with the technology is, it could be mis-used to extents only limited by the imaginations of the smartest, most knowledgeable and most imaginative people.” So good of him to have pointed that out.
This one immediately resulted in Youtube videos showing how to subvert each of the quadcopters and drones, then egg bombing cars.
Some of the cameras on those drones are really good. The better videos they have put up on Youtube focus on the egg all the way down. These are done by teams, so there are always people recording the car from a few angles, the expressions of drivers as their windshield is covered by egg is entertaining, the videos are getting a lot of attention. ‘Vicarious vengeance’ I guess. Drone pilots are learning to aim, the altitude record for an egg bomb in traffic is 1000 feet, but climbing fast as people share tips. It is another online game, people make $ renting their quadcopters. Most put their success videos on the net, people can take turns, etc.
AGAH : They are doing it to everyone in a fancy car?
CIO : No, those are targeted to individuals. The first egg-bombs were at people’s home, those were more or less public knowledge from public records. Then the celebrity spotters and license plate readers added to the knowledge. The smart phone app that checks license plates against the ‘bad guy’ list it downloads lets kids on the street tell the drone pilot there is a candidate at cross/streets, kind of car, etc. They don’t have to be very high to smash an egg, so the drone can be above the traffic immediately. Some streets have dozens of bombings per day. Traffic patterns are changing.
AGAH : Someone has to be behind something that happened everywhere in the same week!
CIO : Maybe so, but we don’t know who. We don’t believe any of the drone or camera companies are behind this, although their quadcopters are selling as fast as they can deliver them to stores. Real popular, so the price of eggs is up, but we don’t suspect chicken farmers or egg wholesalers.
No, our best estimate is that these psyop memes are popular, and people like games and teams and are willing to make political points as they play them.
Of course, the games have been the basis for other games : down the street from the bombers are the helpful kids willing to clean your window at the long stop light. If you refuse, their battery powered heat guns are the alternative.
People with egg on their cars pay them, because otherwise kids and some adults further down the street ‘pile on’ and egg cars with egg on them, drivers can’t see. We heard about CEOs in limos coming in to the city going through 3 bombing and cleanup cycles. Costs them $60 and an extra 30 minutes to get to work. ‘Rage’ doesn’t begin to describe their state, so I guess the psyops is working.
Cops can’t do anything about it, chasing kids for standing beside the street scanning license plates and hunting for caches of eggs somehow doesn’t engage them. Besides, enraged CEOs are entertaining and people buy them beers for the telling. The Youtube genre of ‘enraged CEO’ videos includes a lot of footage from police bodycams, we believe.
AGAH : Is that what the patriots intended?
CIO : Who could say? It is 5th generation warfare. There is no central command we could ask, no one to negotiate with to make it stop.
The people on the web discussions doing the discussing are almost certainly not the people who put up the videos showing how to modify the quadcopters and aren’t the kids running the bombing games. But the discussions say the goal was to make the elites know that surveillance works both ways, they are as vulnerable as anyone else in society.
Also, for anyone who thinks a bit, it makes the point that our society depends on there being very few people willing to do really bad damage, and you can’t identify them or their works until after the fact, so it isn’t worth screwing up the functioning of your society to try.
They say that the message the leadership needs to act on is “You can’t run a coercive society in a modern world, stop trying” and “Start repealing laws, we will let you know when you can stop.” They promise to keep increasing the public pressure until Congress repeals enough laws. “Our imaginations against yours”, they claim to be winning.
AGAH : You said ‘Kickstarter projects’ were key?
CIO : Yes, they did a set of projects that stepped them completely into the black, so far as us actually knowing anything. The projects produced a box containing a secure exit node on one or more of the secure overlay networks, and a very secure link to your smart phone or a tablet. Each box could have its hardware, bios, software and enclosure verified at any time. There were many different open source projects just waiting to be integrated, the Kickstarter projects pulled them together. Hardware is simple enough in the low-end versions you can do them at home from kits, so long as your printer has the ability to print layered circuit boards. Photo-comparison was a powerful security trick, useful at every level to verify that the physical objects you are using have not been compromised. That stopped NSA’s backdoors.
These were run by professionals, were mostly on-time.
The ‘finger-nail sparkles’ seal allowed the development of an entire manufacturing infrastructure that guaranteed nobody of nefarious intent had access to any component, starting from the chips’ design files. So the patriot’s servers and networks don’t have backdoors or exploitable flaws.
They changed the login security model. The weakness of the current model is the password, people can’t choose good ones given the way they are stored and used, and most people don’t want to go to the trouble of doing it well, despite the many instructions of how to do it on the web. Also, the fewest-bugs part of the system is the base server code and services provided by OpenBSD. The buggy stuff is the window manager and applications at that level. The login process is a holdover form the days when the highest technology for interactively using a computer was ASCII or EBCDIC terminals over a serial cable or modem circuit. Not much information could be exchanged, so name/password was efficient. Processor performance was limited, so simple algorithms. The situation is very different in 2016 : everyone is logging into servers from PCs or tablets or smart phones, all of which have plenty of memory and processor power to manage a more complex model. So those run the UI code and the server talks to one of the standard UI interfaces.* Also, their login process runs another layer of encryption at each end of the link unique to that login, so ‘man in the middle‘ attacks are no longer useful.**
Those guys write paranoid software and execute it from paranoid systems, often using a paranoid tablet or cell phone as the only interface allowed to connect. Their paranoid systems spend a lot of overhead checking every single little thing. The systems’ security checks don’t miss much, and their paranoid users are quite good about using all of it. Those guys are disciplined in their security, a matter of personal honor and integrity for each of them. Careful and paranoid and honest, we don’t get anything.
But the biggest advantages were that they made security the highest priority, no compromises, built security into the foundations of everything and had a clear ownership-of-data model, all of it right from the beginning. If you get those right, you have a chance of peaceful social and economic exchanges on your net. The TCP/IP network didn’t have that, security was added onto the most popular OSs, so those systems never had a chance. The patriot’s financial and other information-based systems have insurmountable advantages, they just out-compete the base world. All that was designed-in to the Kickstarter projects, there were a lot of eyeballs on all that as it progressed, so it is quality code.
Combine that with low-cost maintenance of the security, selling services on the patriot’s nets is easy. Hemp Road software makes running a business in overlay space easy, Kiki’s makes deliveries easy and secure — a great cutout for business you don’t want recorded anywhere. Presto, an entire ecosystem of tax cheats and a private place for patriots to play their PsyOps games.
AGAH : There must be high-value targets, worth rolling a van?
CIO : Sorry, no remote monitoring, either. Some prepper pointed out that EMPs and solar storms would kill your solar panels, whether they were hooked up or not. So the prepper community built a lot of Faraday cage shelters and put all their electronics into them. So that was normal when this new wave of networking came along, and people realized that the gov could read their cell phone screen from the moon, if they have a big enough antenna.
The paranoias combined nicely, everyone has 3 or more breakers between their equipment and the outside, at least 2 of those full AC->DC –> DC–>AC –> computer conversions with plenty of filtering. And at least one layer of Faraday cage.***
As soon as Snowden validated the tinfoil hat brigade, patriot’s smartl phones and tablets all had little Faraday cages, the hand would ground it enough we couldn’t see any radiation except from the person’s view. Then they set with their back to something conductive, maybe the big Faraday cage that is their living room or office.
All that combines to move ever-more traffic onto patriot nets, and at the same time, the take from inside their nets is zero. Even when we get a login device and password, one of the biometrics sensors catches us, typing patterns or the person in the camera doing the typing or a voice check or any of the other cleverl checks people have invented. Cell phones and home computers aren’t sentient yet, but their dim AIs can ask a lot of questions if a security sensor is tripped, and get very alarmed quickly if your answers aren’t right.
AGAH : How did they pay for all that? So quickly? Startups take that long to get funded.
CIO : That was another bit of cleverness. People’s standing in the patriot community fringe is based on their success in the Tall Tale festivities, work with un-schooling and Kiki’s Delivery Service kids, and on what Kickstarter projects they helped fund and when.
So a bunch of people on the net saw the opportunities that darknets provided for patriots, especially starve-the-beast tax dodges, so headed up the groups to write the specifications, negotiated with the experts doing the work, and funded the development. A few seriously-thoughtful people have permanent bragging rights, and will have their drinks bought in any bar forever, because they put $50 into each of the 20 early developments of the secure servers and burner phone overlay network technology. Total, those cost less than $TBD, no gov or corporation could have done the requirements analysis for that.
AGAH : The original network has taken 45 years to get to this level of complexity. How could that be done so quickly?
CIO : It isn’t as complex, yet. Computer systems evolve, their’s are no different. Some of the standard OS/network complexity ‘just happened’ due to independent decisions over time. Some of that complexity wasn’t worth the cost, so they didn’t need to develop that.
Their big advantage was the usual combination of factors making a new environment. Things are easier when people have a lot of experience in the area, and also when they are given a blank slate to begin with. The experience lets them work through designs and code quickly, the blank slate avoids the bugs and designs that were perfect for some previous environment, but are now a source of bugs and limitations. Blank slates are more work because an entire library may need to be written instead of just an interface to it, or translation layer, but is generally easier work.
Also, by using better design elements and/or languages, software can be more modular and thus each piece is less complex. For example, separating software modules via ‘publish-subscribe queues’ makes systems easily scaleable, and is another security check point for “who really can access this data?”. Code of lower complexity has fewer bugs, can be developed exponentially faster.
AGAH : How did that work? How can a bunch of dissidents develop and run a major communications network and security operation?
CIO :The job is a lot easier when you don’t have many emergencies because of bugs and few serious security alarms.
The secure server products were and are really secure. We don’t have any backdoors and have not yet found holes in the code for breaking their security. OpenBSD was a very good foundation for all that.
Then on that secure system, you run router software and management for a software-defined network. More very solid software on a very solid system. So their data centers are hard to hack into. The system hackers have tried USB sticks, the paranoid USB driver stops that. Software-defined networking + validated servers, a much higher level of network security, even with buggy stuff someone has to have a link into a server that allows them to exploit the bug.
Also, the ultra-secure networks give them a new way of isolating older systems : they don’t need to replace all their Windows and Linux server and software immediately, just put them behind a gateway to the overlay network and not allow any TCP/IP connections.
But distributed management of networks is they way they all get started : the BBSs started this entire line of sharing code, data and blogs 30 years ago. The entire TCP/IP core network was run by network admins deciding on who they would allow to peer with them up to about 2005. The overlay networks were built from people running beta releases and went on from there.
*Standard UI APIs are IBM3240, VT100, HTML and XML.
**As an example of a less-good design, but one easy to explain, every user can use the same password as everyone else and the same password on every system, and it doesn’t matter, as that is only an index into a shared set of random values from which the actual key is constructed. ‘123’ is a perfectly find password when it indicates the 123rd block in a DVD of 16KB of random numbers to be used as the seed for a crypto-quality pseudo-random number generator, the output of which is xored with the stream. Use a different such for the receiving side, and both sides encrypt every byte sent and decrypt every byte received.
***A warning about assumptions. In college, I was setting up some equipment for a scientist’s single-neuron recording experiment. 10MOhm pipette electrodes and millivolt signals, so noise was an issue. We shielded all of the equipment and electrical cables. Didn’t fix anything. We shielded the room on ceiling and sides, as 5 sides is OK theoretically, the floor was concrete and we were in the basement. Didn’t help at all. Finally, I tried grounding the bench, a half inch steel plate resting on rubber balls. Noise dropped immediately –> the radiation was coming up from below. Turned out the tunnel carrying electrical power to the rest of the campus ran under our lab. Sometimes Faraday cages need their 6th side.