Those of us who grew up in the fifties and sixties will remember Sputnik and the intense fear that permeated the American science and education communities. America could not be permitted to fall behind in the space or arms race and to stay ahead education was to be reformed and supported.
It was the perfect medium for Evelyn Wood and her husband to grow interest and support for her "dynamic" reading program that purported to not only increase reading speed, sometimes up to 25,000 words per minute, but also would increase comprehension and memory they claimed.
It was all bunk. Studies done by NASA in 2000 showed that while speeds supposedly increased comprehension declined. In fact, even an exceptional student whose eye can make four fixations per second, is limited to only 600 wpm and then they have to go back. The Woods' (her husband ran the business part) claimed that the secret was to enlarge the view and increase the number of words per fixation. Sounds good. Unfortunately there was little to it.
They were outstanding at publicity, but they had famous people in their corner, as well. JFK was a big advocate and had even recommended that her course should be required for Congress. (I don't remember any one suggesting it for Supreme Court Justices who do far more reading -- crucial reading -- than anyone else. Then again, JFK didn't write Profiles in Courage, either.)
Even the demonstrations had a catch. Before reading the book, demonstrators were allowed to peruse the cover and the book and take notes before whipping through the novel (rarely was it non-fiction.) Readers were often told to spend twenty minutes or so "previewing" the book before launching in a twenty minute "reading" of the entire book.
There are ways to increase your comprehension but they involve more prosaic tactics like previewing, reading the table of contents, building your vocabulary, reading a lot to increase subject matter, and reading often. It would appear there is a difference between comprehension and retention as well. I can often comprehend and understand the contents of a book, but what is singularly irritating is the inability to retain it all over decades. That's why I started taking notes years ago and writing reviews.
The rights to her "method" were purchased by the Famous Artists Schools in 1967. That organization suffered its own scandal following a Jessica Mitford expose that revealed the famous names associated with each genre had nothing to do with the students and were being paid for the use of their names, but had little other input into the business.
I have never been a particularly fast reader and took a speed reading course in the late seventies. Slowed me down.
Some reviewers have complained about the "digressions" on the Mormon relationship to the Nazi regime and the Woods' experience in Germany leading up to WW II. Both Church and Regime were authoritarian and it does appear that the LDS Church revised its lessons in Germany where there was an active mission and rising number of adherents to be compatible with Nazi doctrine. Superfluous perhaps, but quite interesting, nevertheless.
The Audiobook totally held my interest. The Kindle version is ridiculously overpriced as is typical of University presses. Competently read by Marguerite Gavin.
N.B. The latest reading hype comes from China. Called QSR it proclaims that readers need not even look at the pages as the rifle through a book. See Biederman's blog for more information. https://www.goodreads.com/author_blog_posts/19216101-in-newest-speed-reading-scam-popular-in-china-no-need-to-look-at-the-p
Friday, January 31, 2020
Monday, January 06, 2020
Review: A Lone Wolf by JC Field
Thought it might be a spy novel but even though the novel is littered with CIA, NSA, Mossad, and KGB current and former agents, no one is doing much spying except on themselves. Nadia and Michael, following an abortive mission in Barcelona, realize that someone is targeting them and they set out to determine who is targeting them and why. It then evolves into getting the bad guys in assorted clever ways.
I'm sure the title is intended as a pun although the Michael Wolfe is about as far from a lone wolf as one could get. He has help not only from Nadia, but Joseph, JR, the hacker, and numerous other people both inside and outside of government. I'm sure the ending is supposed to be some kind of twist, but I saw it coming from the moment the character was introduced. Those kinds of "twists" just seem to be emulated all the time.
While I enjoyed the book, I am very troubled by the world portrayed by the author, one in which rogue elements, ostensibly operating in the interests of national security (which often have more to do with their own security than the nation's) operate with relative impunity and send secret operatives off around the world assassinating people they do not like. It seems the antithesis of responsible democratic government and, I hope, represents merely a simplistic fantasy world.
It's certainly very readable, hence the 4 stars even though I hated the world it creates.
I'm sure the title is intended as a pun although the Michael Wolfe is about as far from a lone wolf as one could get. He has help not only from Nadia, but Joseph, JR, the hacker, and numerous other people both inside and outside of government. I'm sure the ending is supposed to be some kind of twist, but I saw it coming from the moment the character was introduced. Those kinds of "twists" just seem to be emulated all the time.
While I enjoyed the book, I am very troubled by the world portrayed by the author, one in which rogue elements, ostensibly operating in the interests of national security (which often have more to do with their own security than the nation's) operate with relative impunity and send secret operatives off around the world assassinating people they do not like. It seems the antithesis of responsible democratic government and, I hope, represents merely a simplistic fantasy world.
It's certainly very readable, hence the 4 stars even though I hated the world it creates.
Review: When the Wolves Bite: Two Billionaires, One Company, and an Epic Wall Street Battle by Scott Wapner
I first became interested in the epic battle over the future of Herbalife by watching a documentary. Bill Ackman had bet enormous sums of money that Herbalife was nothing but a huge pyramid scheme (the more pleasant term with less baggage is "multi-layered marketing" - one is illegal, the other legal. Personally, I find but little difference between them.)
What was astonishing was the amount of money thrown around in pursuit of even larger amounts of money and how each of the titans, Icahn and Ackman (one going long the other short respectively, used huge sums and PR in attempts to manipulate the market to their advantage; small investor and company employees matter for little. The market would move in substantial gains or losses simply by one or the other buying or selling large blocks of stock or by making comments in the press.
Scott Wapner, the author, is a business reporter for CNBC, and one couldn't help but wonder if he wasn't being manipulated by the parties as well. He was eager for the scoop by having "breaking news" on his show and they were eager to use his platform for their own financial gain. It was on his show that the famous verbal brawl occurred between Ackman and Icahn. Lasting almost the entire show they hurled insults at each other. "Apparently, if you have enough cash to spend, it doesn’t seem terribly difficult to weaponize social justice in the cause of your portfolio," said one observer.
Troubling, too, is the outsize influence these billionaires have with federal regulators like the FTC. Their money gives them instant access. Moreover, their decisions, we learn, may be influenced as much by personal animosities as good business, although none of them would ever admit it. Unfortunately those decisions have disproportionate impact on smaller investors.
Fascinating book.
What was astonishing was the amount of money thrown around in pursuit of even larger amounts of money and how each of the titans, Icahn and Ackman (one going long the other short respectively, used huge sums and PR in attempts to manipulate the market to their advantage; small investor and company employees matter for little. The market would move in substantial gains or losses simply by one or the other buying or selling large blocks of stock or by making comments in the press.
Scott Wapner, the author, is a business reporter for CNBC, and one couldn't help but wonder if he wasn't being manipulated by the parties as well. He was eager for the scoop by having "breaking news" on his show and they were eager to use his platform for their own financial gain. It was on his show that the famous verbal brawl occurred between Ackman and Icahn. Lasting almost the entire show they hurled insults at each other. "Apparently, if you have enough cash to spend, it doesn’t seem terribly difficult to weaponize social justice in the cause of your portfolio," said one observer.
Troubling, too, is the outsize influence these billionaires have with federal regulators like the FTC. Their money gives them instant access. Moreover, their decisions, we learn, may be influenced as much by personal animosities as good business, although none of them would ever admit it. Unfortunately those decisions have disproportionate impact on smaller investors.
Fascinating book.
Wednesday, January 01, 2020
Review: Educated by Tara Westover
My wife suggested I choose this book for our next reading club. I won't say too much about it as there are thousands of ratings and reviews, other than to note you should read it. It's a real page-turner and discussion starter. It's sort of like watching a car pile-up in a fog, violent yet riveting. It's not just a memoir, it's a meditation on education, memory, familial relationships, violence, religion, medicine, and self-discovery and awareness. Truly extraordinary and it's unlikely Westover will ever be able to write anything else of much significance after this.
Tuesday, December 17, 2019
Trading One Apocalypse for Another
Just a few months ago, a Netherlands researcher wanted to come to the U.S. to present a paper on the vulnerability of the industrial control system. There are almost 30,000 of these devices that control everything from wastewater plants to the electrical grid. The research, thanks to America's arcane and silly visa system, was not admitted and so unable to present these important findings. Fortunately he was able to post them to his blog. Whether that resulted in a wider dissemination of the information than had he delivered his talk is academic, perhaps. **
Researcher Wojciech, used standard OSINT techniques (the CIA has identified five main OSINT fields: Internet, media, geolocation, conferences, and online pictures) to analyze the exposed ICS devices. Many of these are used in critical infrastructure that would include dams, electrical grid, reactors, health treatment facilities, etc. Critical infrastructure developed by OSINT can be used not just by espionage agencies, but also criminal elements who may seek to gain monetary advantage by holding these devices hostage. OSINT techniques are passive, in that the target remains completely unaware it is being surveilled. Access may be gained by open ports, IP addresses, knowledge of details of the specific devices and how they work -- all freely available online and elsewhere -- and even responses from the device itself.
Here's an example of device information that's available that even includes the phone number:
There are several programs that permit searching the internet for active ICS devices (https://www.shodan.io for example.) The author lays out precisely how to go about searching. Many of these devices have open management ports that are convenient for technicians to access the devices remotely for maintenance. That, however, makes them extremely vulnerable malicious actors. General contractors with government contracts are particularly vulnerable as they have a history of being more open and thus more vulnerable.
That hackers can cause innumerable problems has already been shown in Ukraine, Estonia, and Georgia where the Russians devastated each country's infrastructure. Andy Greenberg in Sandworm documents what happened in several cases. In Ukraine access to the banking system was eliminated.
It took forty-five seconds to bring down the network of a large Ukrainian bank. A portion of one major Ukrainian transit hub…was fully infected in sixteen seconds. Ukrenergo, the energy company…had also been struck yet again…the effect was like a vandal who first puts a library’s card catalog through a shredder, then moves on to methodically pulp its books, stack by stack.
US officials, heads typically in the sand, refused to admit something similar could happen in the U.S. yet we now know that Russian hackers infiltrated the U.S. election system and may well have manipulated the outcome in a variety of unorthodox ways. In 2016, Iranian hackers attacked several US banks causing millions in damages and shut down a dam presumably in retaliation for the Stuxnet attack. The attacks themselves were quite unsophisticated, mostly DDoS attacks that even the most unsophisticated hacker can pull off.
There is software (malware, really) that has been designed for specific purposes; Stuxnet is but one example. Another, discovered by the security firm Dragos, was CrashOverride***, only the fourth example of malware designed to attack and manipulate the controllers in electrical grids. "The functionality in the CRASHOVERRIDE framework serves no espionage purpose and the only real feature of the malware is for attacks which would lead to electric outages."
Greenberg shows that a variety of software is available, even for sale, that permits relatively easy access for anyone, but can also be used to hide the origin of the attacker. To make matters worse, Greenberg wrote in Wired (https://www.wired.com/story/plundervolt-intel-chips-sgx-hack/) of researchers who had managed to access and control Intel processors (a vulnerability that has since been fixed) by manipulating the internal voltage of the processor. You can induce faults by lowering or changing the voltage and once you can do that you can change the output by manipulating the faults. The technique, called Plundervolt, was discovered concurrently by a researcher in Beijing. (Take from that what you will.)
In his book, Greenberg focuses on Sandworm, a group of hackers and software named after the malicious creature in Dune (cyber-analysts had discovered that preference while doing research on the code - don't ask me how.) They determined there was evidence that Sandworm had been infiltrating critical infrastructure—some of it in the United States—since 2011 and had already developed a weapon that could knock it out. When it was used against Ukraine, it had evolved even further.
The hackers had, in other words, created an automated cyber-weapon that performed the same task they’d carried out the year before, but now with inhuman speed. Instead of manually clicking through circuit breakers with phantom hands, they’d created a piece of malware that carried out that attack with cruel, machine-quick efficiency.
The engineers managed to fix the system in about an hour, but the point was made. Another group calling themselves ShadowBrokers made off with a whole set of penetration tools developed by the NSA (supposedly impenetrable) and turned them loose in the wild where virtually anyone with a modicum of knowledge can make use of them. Shadow Brokers caused immense harm when they released EternalBlue, malware that spread faster than anything anyone had seen before. Within minutes it had disabled pharmaceutical companies, and Maersk, the huge shipping company was brought to its knees.
“ 'For days to come, one of the world’s most complex and interconnected distributed machines, underpinning the circulatory system of the global economy itself, would remain broken,” Greenberg writes of the attack on Maersk, calling it “a clusterfuck of clusterfucks.” The company was only able to get its ships and ports back in operation after nearly two weeks and hundreds of millions of dollars in losses, when an office in Ghana was found to have the single computer that hadn’t been connected to the Internet at the time of the attack.' "
I've been reading a lot of books and articles on the possibilities of cyber-warfare. The potential is there for even non-state actors to operate in the shadows and do tremendous harm. Then again shutting down most of our industry might solve the global warming worst case scenarios. One apocalypse preventing another.
**https://www.icscybersecurityconference.com/intelligence-gathering-on-u-s-critical-infrastructure/
***For a review of CrashOverride designed to attack electricity grids, see https://dragos.com/wp-content/uploads/CrashOverride-01.pdf
Researcher Wojciech, used standard OSINT techniques (the CIA has identified five main OSINT fields: Internet, media, geolocation, conferences, and online pictures) to analyze the exposed ICS devices. Many of these are used in critical infrastructure that would include dams, electrical grid, reactors, health treatment facilities, etc. Critical infrastructure developed by OSINT can be used not just by espionage agencies, but also criminal elements who may seek to gain monetary advantage by holding these devices hostage. OSINT techniques are passive, in that the target remains completely unaware it is being surveilled. Access may be gained by open ports, IP addresses, knowledge of details of the specific devices and how they work -- all freely available online and elsewhere -- and even responses from the device itself.
Here's an example of device information that's available that even includes the phone number:
There are several programs that permit searching the internet for active ICS devices (https://www.shodan.io for example.) The author lays out precisely how to go about searching. Many of these devices have open management ports that are convenient for technicians to access the devices remotely for maintenance. That, however, makes them extremely vulnerable malicious actors. General contractors with government contracts are particularly vulnerable as they have a history of being more open and thus more vulnerable.
That hackers can cause innumerable problems has already been shown in Ukraine, Estonia, and Georgia where the Russians devastated each country's infrastructure. Andy Greenberg in Sandworm documents what happened in several cases. In Ukraine access to the banking system was eliminated.
It took forty-five seconds to bring down the network of a large Ukrainian bank. A portion of one major Ukrainian transit hub…was fully infected in sixteen seconds. Ukrenergo, the energy company…had also been struck yet again…the effect was like a vandal who first puts a library’s card catalog through a shredder, then moves on to methodically pulp its books, stack by stack.
US officials, heads typically in the sand, refused to admit something similar could happen in the U.S. yet we now know that Russian hackers infiltrated the U.S. election system and may well have manipulated the outcome in a variety of unorthodox ways. In 2016, Iranian hackers attacked several US banks causing millions in damages and shut down a dam presumably in retaliation for the Stuxnet attack. The attacks themselves were quite unsophisticated, mostly DDoS attacks that even the most unsophisticated hacker can pull off.
There is software (malware, really) that has been designed for specific purposes; Stuxnet is but one example. Another, discovered by the security firm Dragos, was CrashOverride***, only the fourth example of malware designed to attack and manipulate the controllers in electrical grids. "The functionality in the CRASHOVERRIDE framework serves no espionage purpose and the only real feature of the malware is for attacks which would lead to electric outages."
Greenberg shows that a variety of software is available, even for sale, that permits relatively easy access for anyone, but can also be used to hide the origin of the attacker. To make matters worse, Greenberg wrote in Wired (https://www.wired.com/story/plundervolt-intel-chips-sgx-hack/) of researchers who had managed to access and control Intel processors (a vulnerability that has since been fixed) by manipulating the internal voltage of the processor. You can induce faults by lowering or changing the voltage and once you can do that you can change the output by manipulating the faults. The technique, called Plundervolt, was discovered concurrently by a researcher in Beijing. (Take from that what you will.)
In his book, Greenberg focuses on Sandworm, a group of hackers and software named after the malicious creature in Dune (cyber-analysts had discovered that preference while doing research on the code - don't ask me how.) They determined there was evidence that Sandworm had been infiltrating critical infrastructure—some of it in the United States—since 2011 and had already developed a weapon that could knock it out. When it was used against Ukraine, it had evolved even further.
The hackers had, in other words, created an automated cyber-weapon that performed the same task they’d carried out the year before, but now with inhuman speed. Instead of manually clicking through circuit breakers with phantom hands, they’d created a piece of malware that carried out that attack with cruel, machine-quick efficiency.
The engineers managed to fix the system in about an hour, but the point was made. Another group calling themselves ShadowBrokers made off with a whole set of penetration tools developed by the NSA (supposedly impenetrable) and turned them loose in the wild where virtually anyone with a modicum of knowledge can make use of them. Shadow Brokers caused immense harm when they released EternalBlue, malware that spread faster than anything anyone had seen before. Within minutes it had disabled pharmaceutical companies, and Maersk, the huge shipping company was brought to its knees.
“ 'For days to come, one of the world’s most complex and interconnected distributed machines, underpinning the circulatory system of the global economy itself, would remain broken,” Greenberg writes of the attack on Maersk, calling it “a clusterfuck of clusterfucks.” The company was only able to get its ships and ports back in operation after nearly two weeks and hundreds of millions of dollars in losses, when an office in Ghana was found to have the single computer that hadn’t been connected to the Internet at the time of the attack.' "
I've been reading a lot of books and articles on the possibilities of cyber-warfare. The potential is there for even non-state actors to operate in the shadows and do tremendous harm. Then again shutting down most of our industry might solve the global warming worst case scenarios. One apocalypse preventing another.
**https://www.icscybersecurityconference.com/intelligence-gathering-on-u-s-critical-infrastructure/
***For a review of CrashOverride designed to attack electricity grids, see https://dragos.com/wp-content/uploads/CrashOverride-01.pdf
Subscribe to:
Posts (Atom)