Each choice of material or shape has a cost and a benefit. The genetic algorithm finds hundreds of good designs. Adaptation comes nearly for free: When the cost or benefit of a component changes, Qualls enters it, and reruns the genetic algorithm. No tears and no prejudice.
- Natural Computing at Dr. Dobb’s
By Dennis Shasha and Cathy Lazere
March 5th, 2010
Humanity engineered itself out of the solution thusly.
Actually, if you are reading this, you are not presently a resident fossil in the brand-new Operator Speaking Tar Pit.
… but watch yourself – you never know …
Tar Pit Operation
Tar Pit Administration
Review MySQL database for suspicious / undesirable hits and insert bans accordingly.
What this means for those I have banned: this site simply will not work the way you’d expect. Strange things will happen. Binary will be served (very slowly) instead of the text that you were anticipating. Your feed monitoring software will let you down.
I was plotting to release a WordPress plugin when I realized that the tar pit script is simple enough to work with just about any PHP-driven application… so I’ll have some source code to post as soon as I come up with a working administrative interface (though if you really want to play around with the code and you’re comfortable using SQL, e-mail me and I’ll send something your way).
For now, the MySQL schema:
SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
CREATE TABLE IF NOT EXISTS `ban_agents` (
`ban_agent_id` int(11) NOT NULL AUTO_INCREMENT,
`ban_agent_name` varchar(150) COLLATE utf8_bin NOT NULL,
`ban_level` enum('deny','poison') COLLATE utf8_bin NOT NULL DEFAULT 'poison',
`ban_agent_reason` varchar(150) COLLATE utf8_bin NOT NULL,
`ban_agent_timestamp` datetime NOT NULL,
PRIMARY KEY (`ban_agent_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
CREATE TABLE IF NOT EXISTS `ban_ips` (
`ban_ip_id` int(11) NOT NULL AUTO_INCREMENT,
`ban_ip_name` int(11) NOT NULL,
`ban_level` enum('deny','poison') COLLATE utf8_bin NOT NULL DEFAULT 'poison',
`ban_ip_reason` text COLLATE utf8_bin NOT NULL,
`ban_ip_timestamp` datetime NOT NULL,
PRIMARY KEY (`ban_ip_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
CREATE TABLE IF NOT EXISTS `ban_ranges` (
`ban_range_id` int(11) NOT NULL AUTO_INCREMENT,
`ban_range_start` int(11) NOT NULL,
`ban_range_end` int(11) NOT NULL,
`ban_level` enum('deny','poison') COLLATE utf8_bin NOT NULL DEFAULT 'poison',
`ban_range_reason` varchar(150) COLLATE utf8_bin NOT NULL,
`ban_range_timestamp` datetime NOT NULL,
PRIMARY KEY (`ban_range_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
CREATE TABLE IF NOT EXISTS `hits` (
`hit_id` int(11) NOT NULL AUTO_INCREMENT,
`hit_context` enum('page','feed','feed-atom','feed-rss','feed-rss2','sitemap') COLLATE utf8_bin NOT NULL DEFAULT 'page',
`hit_ip_address` int(11) NOT NULL,
`hit_user_agent` varchar(150) COLLATE utf8_bin NOT NULL,
`hit_timestamp` datetime NOT NULL,
`hit_disposition` enum('pass','tested','deny','poison') COLLATE utf8_bin NOT NULL DEFAULT 'pass',
`ban_reason_table` enum('none','ban_agents','ban_ips','ban_networks','ban_ranges') COLLATE utf8_bin NOT NULL DEFAULT 'none',
`ban_reason_id` int(11) NOT NULL,
PRIMARY KEY (`hit_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
One might argue that information services (and clients) have followed an evolution not unlike that of competing organisms in the wild.
At first it was enough to simply provide the most accurate and direct data possible, just as it was once sufficient for an organism to simply acquire nutrients and reproduce.
When organisms began deriving nourishment from other organisms (a very efficient way to acquire nutrients, after all – and, in the case of e-mail spammers or intruding upon vendors’ databases, a way to make some money or get free services at virtually zero cost) it became necessary to develop defenses: IP block lists and security auditing might be the equivalent of a poisonous, bitter taste or a tough, bony shell in the animal kingdom.
… blocking IP addresses, however, will only get you so far. My understanding is that an evolved organism’s answer to the constant threat of attack may take one of a handful of forms:
Granted, there is much improvement to be made but I find it to be a fun analogy. Consider the prognosticative power of evolution’s lessons to the organism: every security problem has already been solved in one way or another (and the ones which could not be solved have a long record in the fossil history – failure to adapt to sudden change often represents an insurmountable problem for survival in organisms and information systems).
Parasitizing Spam Operations
The idea of poisoning the well suits my scorched earth aesthete:
All you have to do is link to this page so that whenever a spammer’s robot scans your page, it will be sucked into this one. To link to this page, just use this simple code…
… These links will redirect email harvesting bots to trap sites that will feed it with an almost infinite loop of dynamically generated fake email addresses, mostly on known spammer owned domains! This will render their harvested lists practically useless and of no commercial value.
- Fight Back Against Spammers
SpamPoison.com
I do so love this poisoned SPAM
I could use it – would use it – to wreak mayhem.
Sometimes, however, you may not be able to get in touch with a site’s webmaster, or they may refuse to take down the content in question. For example, if someone posts a negative review of your business on a restaurant review or consumer complaint site, that site might not be willing to remove the review. If you can’t get the content removed from the original site, you probably won’t be able to completely remove it from Google’s search results, either. Instead, you can try to reduce its visibility in the search results by proactively publishing useful, positive information about yourself or your business. If you can get stuff that you want people to see to outperform the stuff you don’t want them to see, you’ll be able to reduce the amount of harm that that negative or embarrassing content can do to your reputation.
- Managing your reputation through search results
by Susan Moskwa
2009-10-15
Plain English Translation
If there is any material bearing your name on the ‘net that you do not agree with… good luck.
While I understand that you need to check identification, I do not consent to having my personal information stored in your computer systems for any length of time. I value my privacy and I do not want my location or purchasing habits tracked. Moreover, my personal information is valuable and you have provided me with no assurances regarding the security of your systems.
- Swiping Your Identity [ID recorded at liquor store checkout]
by Sherri Davidoff of Philosecurity
2009-09-12
Problem: There are legitimate reasons a commercial entity might ask for your identification card, however, tracking your name, address, and license number is not one of them.
This seems like a novel practice – one that’s sure to catch on elsewhere – for getting your details for data mining’s sake if you should decide to pay cash (the store owner can already do as much data mining as desired if you’re paying with plastic).
Solution: Ask how your identification will be used before handing it over and, if you don’t approve of what is about to occur, shop elsewhere.
Yes, it is a hassle and some people will look at you as though you’re mad… some may even complain about the hold-up in line.
Perhaps they’ll bleat as loudly in the line to the slaughterhouse?
Activities conducted on information networks have a proven history of potentiating real-world violence: the internet is no different, though the ways in which civilians – often unwittingly – participate represent new threats to individual and national security.
Consider the vast amount of information you’ve willingly provided to a corporate-owned Human Terrain Mapping System, a recent US-based DDoS attack directed against Iranian government, and the likelihood that the less technologically-savvy are donating their resources to a criminal’s botnet.
Ubi amicitia, ibi oculus.
In all fairness to the realization of instant connections between people and the auxiliary benefits associated with maintaining close contact with one’s clique, the usefulness of modern networked applications – particularly social networking applications – is balanced by a counterpoint: should your willing (and, for most, plentiful) contributions to MySpace, Facebook, or any of the myriad resources for “connecting friends” be used to your detriment the unanticipated effects you neglected to consider when you opted out of private citizenship will become immediately apparent.
It’s not about over-sharing, it’s about whether your links to others earn you a place on a kill chain.
This military concept consists of target identification, force dispatch to target, decision and order to attack the target, and finally the destruction of the target.
- Kill Chain at JargonDatabase.com
Whereas the US Army’s Human Terrain Mapping System has wasted taxpayer money and participants’ lives, web-based social networking applications require comparatively little resources, are continuously updated (by you), and are owned by private corporations who can co-opt your information for marketing purposes, sell it to the highest bidder, or share it with government.
“Because Facebook is so addictive, even if a high-school kid decides to run away with a college boyfriend and they’re three states away, they can’t keep themselves from checking Facebook,” Kelly says. Since the site tracks the geographic locations of log-ons, he says, “on a number of occasions, we’ve helped reunite families.”
Web-based social networking is far more efficient than traditional Human Terrain Mapping Systems – and it is already being employed to the same ends:
On passing through the immigration control at the airport in Tehran, she was asked by the officers if she has a Facebook account. When she said “no”, the officers pulled up a laptop and searched for her name on Facebook. They found her account and noted down the names of her Facebook friends.
- Are Iranian authorities more sophisticated than we think?
by Evgeny Morozov
Update 7/14/2009: … and don’t blow your cover like the head of the British MI6…
In dubiis non est agendum.
If you had the opportunity to influence events in another country – a place which you have never set foot, know no one, and do not stand to profit or lose any material thing you value – and you simply had to click a button… would you?
Matthew Burton, a contributing editor for the Personal Democracy Forum, writes of his experience participating in a Distributed Denial of Service (DDoS) attack against Iranian government websites:
… after a few minutes of letting the attacker run in the background, I stopped it. I don’t know why, but it just felt…creepy. I was frightened by how easy it was to sow chaos from afar, safe and sound in my apartment, where I would never have to experience–or even know–the results of my actions. All I had to do was click a button. And while my intentions were honest, there is something inherently wrong with the ability to so easily cause harm, without bearing any of the ill effects. I could have been causing the failure of emergency services that I was not relying on. I wouldn’t even suffer the guilt of knowing what I’d done, as it’s unlikely I would ever find out.
- On the Weaponization of the Collaborative Web
by Matthew Burton
Participating in an attack of this nature – however justly conceived – should impart some measure of guilt to those who give the action a second thought.
Parasītĭcam cænam quærit.
A trend in network-enabled malicious software turns the infected system into a “zombie” which completes commands received from the botnet – rather than simply compromising a system, the malicious user (or criminal organization) responsible for building the botnet has the ability to pilfer passwords and sensitive data from every zombie machine and issue overwhelming attacks against target networks.
Are you one of them?
If the applications on the list below are not familiar to you, give them a try:
Let the purge[s] begin.