An Open Letter To mr. Thunderf00t The YouTube Physicist In Chief For Debunking Bad Science

Dear mr. Thunderf00t, recently you have published a series of videos about melting gold in strange contraptions (or one might say «stupid setups»). This series culminated in the episode called «Will Burning Diamond Melt Gold?». I quote:
Gold melts at 1064 C, Diamond burns at 2700 C — this should be enough to melt gold, will a diamond melt gold?
Then you put a ~0.25g diamond on a 1g golden coin, ignite the diamond in the pure oxygen atmosphere and wait until the diamond burns a hole in the coin. The diamond burned happily to ashes and the coin remained intact.

This «failure» created confusion among yourself and your audience:
How so?! It burnt so HOOOOOOOT! and melted nothing...

Spoiler alert: ENERGY TRANSFER.

Given that few days before you successfully melted a bead of gold that was put in a cavity inside a burning graphite block (What a surprise that this contraption worked!), your confusion is legitimately cringeworthy.

FUCKING SHAME!!!

I want you to understand the magnitude of this shame. Mr. Thunderf00t is not only an official scientist like many imbeciles are, he has a real discovery in his portfolio which is an achievement that the Steven Hawking's portfolio lacks of. Mr. Thunderf00t is a real scientist — not a cosmologist or something — he knows his science and he is capable of conducting meaningful experiments. A man of this qualification was driven astray by the notion of temperature. So much astray, that laymen of ancient Egypt would laugh at his «gold melting» contraptions being so obviously against even the most basic common sense understanding of thermodynamics available for humans since 10 000 years ago… 20 000? Once again, pay attention, a credible scientist forgets to calculate the energy balance of his experiment before burning real diamonds.

I therefore propose to remove the notion of temperature from the middle school physics curriculum, for it is overwhelmingly confusing and marginally useful.



P.S.
make a funny experiment:
calculate «the temperature» of a 10 GEv proton, say X (note the amount of zeroes in the result)
and then ask a patented physicist: will a proton heated up to X Celcius deg melt a hole in a thin golden foil.

The Final Thought On The Minimum Wage

Picture that: You are a farmer.
You have grown a ton of potato and brought it to a marketplace.
You recon everybody sells potatoes for $1 and you decided to set the price to 0.9 so that you can return home earlier.
Presently, a group of well dressed respectable men with baseball bats approached you:
— Nice potato you have here, good sir. Do you know that the minimum price for potatoes here is $1?

QUESTIONS:
1. do you believe these respectable men helped you sell your potato for a better price?
2. do you wish the minimum price to be set higher (e.g. $1.1)?

"Security Management" "Maturity" "Model"

A few days ago I twitted this picture:

RSA model for security management "maturity"
with a comment: guess what's wrong with this picture (hint: EVERYTHING).

Not everyone got the joke, so I think it deserves an explanation (sorry).


At a first glance it makes some sense and reflects quite common real world situation: first you start with some «one size fits all» «common sense» security (antivirus, firewall, vulnerability scanner, whatever). Then you get requirements (mostly compliance driven), then you do risk analysis and then voila, you get really good and start talking business objectives. Right?

Wrong.

It is a maturity level model. Which means a each level is a foundation for the next one and cannot be skipped. Does it work this way? No.

Actually you do some business driven decisions all the time from the very beginning. It is not a result, it is a foundation. You may do it an inefficient way, but you still do. With risk analysis. It may be ad hoc, again, depending on the size of your business and your insight into how things work, but from some mid-sized level you simply cannot stick to «checkbox mentality», you need to prioritize. Then you come with checklists and compliance requirements as part of your business risks.

The picture is all upside-down and plain wrong. I understand they need to sell RSA Archer at some point there and that's why they see it this way, but it does not constitute an excuse for inverting reality.

Anti-Vaxxers vs Vaxxers -- Another False Dichotomy

Undoubtedly we live in the age of false dichotomies… Somehow people are all talking (and fighting) about subjects with no substance.

Dear vaxxers and anti-vaxxers, your fight is ridiculous, and it is not because you are both partially right, it is because you are both completely wrong.

Have any one of you ever tried to DEFINE the subject of your debate? What do you think a vaccine is? And what to you think the category «vaccines» is? How can you make a utility/risk claim about ALL vaccines, piling together a smallpox vaccine that demonstrably saved the humanity and a flu vaccine that have never entered any testing whatsoever! Do these two share any INNATE properties at all? Can you formulate a property that all vaccines possess on their own, a property that can be observed in the vaccines themselves, all vaccines and nowhere else? This would be a characteristic property that gives you the least moral ground to speak about the «vaccines» as an object (entity). Until then, both of you vaxxers and anti-vaxxers, are engaged into a typical case of false entitification — there is no such entity «vaccines» that you pretend to be talking about. Therefore ANY CLAIM ABOUT ALL VACCINES IS GUARANTEED TO BE WRONG.

But there is still more hilarity in the «debate». Here is a logical scheme of the anti-vaxxer standing:
In a government-run hospital my child was given a shot, that was documented as vaccination. Shortly after the event the child became sick (as never before).
Let's assume we have a sufficient amount of the episodes like that (properly documented («there is no evidence» fanboys can go fuck themselves)).

How is this a reason to blame the sickness on vaccines? Let's control for all other factors… all those kids were perfectly healthy before the injection and so on and so on. If we determine beyond reasonable doubt that the sickness was caused by this particular injection, how is it a reason to blame vaccines? In order to blame vaccines on the ground described above, you must assume that the government-run hospital DID NOT lie to you about the injected substance!!!

So the anti-vaxxers' claim of the vaccines' malice is based upon the trust to the govt! The same govt that under a false pretense of vaccination and medical treatment injected kids with plutonium, gave people syphilis, created a polio outbreak (not even for scientific nor military purposes, just for fun). The govt that has broken the trust of the people over 9000 times, this govt the anti-vaxxers trust! — «govt said it was a vaccine, duh, vaccines are bad» — what a joke!

An open letter to mr. John Kelly the Homeland Security Secretary

Dear mr. Kelly,
do you realize that you lose the ability to attribute a suspect's social media account to the said suspect immediately after obtaining a password to the said account?
Once you own the password, the account is attributed to YOU, shithead, thus rendering all your claims about the suspect's alleged activity associated with the account completely inconsiderable.

Resign immediately! You know _NOTHING_ about security nor elementary logic, you are utterly unqualified for the Homeland Security Secretary position.

Internet Works!

First was Brexit, then Trump, now The Italian referendum has happened… and Jean-Claude Junker is calling for EU leaders to infringe on the peoples' right to vote. This is the first manifestation of Internet working as an information system for the people.

LADIES AND GENTLEMEN, INTERNET WORKS! (wikileaks be upon him)

"One Brand of Firewall"

Gatrner sent me an ad of a quite disturbing report ( www.gartner.com/imagesrv/media-products/pdf/fortinet/fortinet-1-3315BQ3.pdf ) which advocates using «one firewall brand» to reduce complexity.

Sorry, guys, one brand of WHAT?

There is no such thing as «general purpose firewall» that fits all. It is a mythical device (and this myth was supported by Gartner for years).
What you call «firewall» is actually one of three (or more) things:

1) A border/datacenter segmenation device. Think high throughput, ASICs, fault tolerance and basic IPS capabilities.
2) An «office» firewall. Think moderate throughput, egress filtering, in-depth protocol inspection, IAM integration and logging capabilities
3) WAF. Enough said, WAF is completely different beast, having almost nothing in common with any of those.

Ah, and a VPN server. It is not a firewall (though it should have basic firewall capabilities). Not falls into any of those categories.

Dear Gartner, have you ever tried to market a pipe-wrench-hair-dryer? You should, you have a talent for that.

The One Thing blackboxvoting.org Has Overlooked

The simplest and most important fact about computers — COMPUTERS ARE TURING COMPLETE

Because of that, we can not know what program runs on a given computer (without disassembling this computer to atoms).

The only possible source of an answer to this question is the computer itself, which in turn can be programmed to give ANY ANSWERS (due to its Turing completeness). A system program+computer can present itself to an observer as anything arbitrarily far from the real internal state of the system.

That's enough for any amount of fraud to be completely undetectable. NO AMOUNT OF REGULATIONS CAN CHANGE IT!!! A program can always be invisibly replaced/altered.

The law defines the elections as a particular process. Computers arbitrarily change this process — this is not legal (in a very literal sense of «legal»). Computers make the regulations inapplicable and the entire electoral process unregulated — lawless!

The computers should be banned from the vote counting process regardless of the actual fraudulent activity of any parties.

The Final Note On The Elections



Synopsis: There are no elections in USA.

It is not a hyperbole and it is not a political nor ethical statement. I am talking specifically about the procedure of elections as an information process. By using a «voting» machine you do not give your vote to any of candidates, you give your vote to whomever controls the machine. Giving your vote away is NOT electing.

In case you are concerned about data security or voter fraud issues: those concerns are irrelevant, the computerized procedure in use does not endanger the elections, it ELIMINATES them from existence. From the InfoSec perspective the information process that has taken place of the elections (be it hacked or not) is NOT the elections — not even a surrogate! — it is something else, that, most importantly, has nothing to do with your vote.
Read more →

Why The InfoSec Discourse Is Entirely Composed Of Fallacies?



The deepest root of all the misunderstandings that constitute the InfoSec discourse nowadays is that the normal people («security experts» included) do not understand what is software, and its fundamental difference from the physical world we live in.

The entire realm of software is purely artificial.

Not only programs and functions, not only bugs and security holes, but also all the notions and intentions, all phenomena in the realm of software, even those perceived as «natural», are created by a man.

There are no natural laws that a program must follow and obey. While your computer does follow all the laws of physics, your programs do not at all. This very distinction makes a computer useful for us. The purpose and the only purpose of your computer's existence is to create a virtual TABULA RASA world, the world devoid of any laws, the world completely disconnected from the physical reality, the world that you are supposed to populate with laws of your own creation.

In other words, a computer can produce any output from any input — this is the definition and the characteristic property of a computer. This is what they always forget, and I stress ALWAYS.

REMEMBER THAT! If you want to improve your «safety», «cyber security», whatever. Every time you assume any expectation to a program of someone else's creation. Remember that! Every time you are disappointed: I gave this stupid machine a perfect input! Remember what a computer is: a machine that produces any output from any input — no restrictions at all. If you remember it well, first you will stop acting surprised when you wonder into a trap, second you will become more challenging prey, third you will stop believing InfoSec selling stories.