A view into Old America and thoughts on Veteran's Day

It is the Soldier, not the minister
Who has given us freedom of religion.
It is the Soldier, not the reporter
Who has given us freedom of the press.
It is the Soldier, not the poet
Who has given us freedom of speech.
It is the Soldier, not the campus organizer
Who has given us freedom to protest.
It is the Soldier, not the lawyer
Who has given us the right to a fair trial.
It is the Soldier, not the politician
Who has given us the right to vote.
It is the Soldier who salutes the flag,
Who serves beneath the flag,
And whose coffin is draped by the flag,
Who gives the protester the right he abuses to burn the flag.

― Father Dennis O'Brien, USMC 

Today is Veteran's Day in the United States, a day where we recognize what veterans have done for this nation, and for the world.  In other countries it's a day of sadness, reflecting on the loss of those young men and women who served in Flander's Fields and other places.  Here, we we reflect on this on Memorial Day in May - originally called Decoration Day after the War Between The States, and chosen in May because there were flowers in bloom everywhere, suitable for decorating the graves of the loved and lost.

But today we recognize the accomplishments of veterans, living and dead.  This video popped up in my video feed, and while at times sounding a bit propogandistic, it seems to me to be (as the Mythbusters used to say), plausible.

How Americans introduced WWII German POWs to Thanksgiving dinner. 

I say plausible because while I haven't verified any of the claims in the video, I've posted before about LTC Gail Halvorsen:

He was a kid who liked to fly, joining the Civil Air Patrol in 1942 and then the brand new US Air Force when he was old enough to sign up.  He missed World War II because of his age but found himself in the left hand seat of a C-54 in Germany, 1948.  That's when Stalin cut Berlin off from the Free World and the Berlin Airlift started.

[Then] Lt. Halvorsen was at Tempelhof Airport one day when he saw some kids standing on the other side of a chain link fence.  They told him not to worry if the weather was bad and he couldn't bring in food.  You see, they said, they could live on very little food but if they lost their freedom they thought they would never get it back.  Smart kids.

Halvorsen wanted to do something for them and told them that he'd drop some gum from his plane.  They'd know it was him because he'd wiggle his wings.  He and his co-pilot pooled their candy rations for the next day's flight.  Because it was heavy, they made little parachutes out of handkerchiefs.

...

They called him the "Candy Bomber" and when the word got to the Press it became a sensation back in the States.  School children and candy manufacturers donated candy for the children of Berlin.  In just a few months Lt. Halvorsen couldn't keep up with all the candy and handkerchief parachutes that were arriving in the mail.  Pretty much everyone in his unit was now a Rosienbomber (as the German kids called them - "Raisin Bomber".  Halvorsen himself was known as "Uncle Wiggly Wings" because of his signal that he was about to drop sweets.

Operation "Little Vittles" dropped 23 tons of candy in a quarter million handkerchief parachute loads.  Halvorsen was awarded the Großes Bundesverdienstkreuz, Germany's highest award.

Like I said, plausible.  American veterans came from the pool of American citizians, and pretty much returned to that pool of Americaness.  One of the seldom considered accomplishments of the Greatest Generation was not just that they won the war, but that they won the peace afterwords.  At least with Western Europe, although post-1992 it seems like Eastern Europe as well.

They did it because they were Americans.  Yes, they could afford to be generous to the defeated, but they did it more or less unconsciously because that was who they were.  In my mind, this was the greatest hour of American veterans, and the Americans who stood behind them. 

And so while this is a day of sadness overseas, let me be the first to wish you a happy Veteran's Day.  Thanks to all who served, including Grandpa, Dad, Uncle Dick, nephew Daniel, The Queen Of The World's son, our Son-In-Law (just retiring from the Navy), and last but by no means least our very own ASM826. The citizens - of whom you were once part and to which you returned - are proud indeed that of the members of its own Armed Forces.

England's hidden WWII beach pillbox

Things looked bleak for Great Britain in 1940.  France had fallen and even with the "Miracle of Dunkirk" the British Army didn't really have the hardware to fight the Nazi war machine.  All that stood between them and Hitler was the Royal Navy and the Royal Air Force, but everyone expected an invasion at any time.

And so a whole bunch of pillboxes were built on likely landing beaches.  The problem, of course, is that a pillbox looks like, well, a pillbox, and the Luftwaffe would target them as a matter of course.

And so the Brits built a disguised one. 

It looked like an old ruined cottage but was newly built from reinforced concrete with gun ports instead of windows.  Pretty cool.  And what's also cool is that it's Grade II listed as a historic building.

Bohuslav Martinů - Thunderbolt P-47

Via a wikiwander, I ran across this fabulously strange classical music tip o' the hat to the Republic P-47 Thunderbolt.  No joke.

Bohuslav Martinů was a Czech composer who like many others fled to the United States to escape the Nazis.  While there, he wrote this in tribute to what was America's finest fighter-bomber and the role it played to free his people.

Road Trip I - First, A Little Background

The map in the last post shows all but two of our camping stops. I made that with Mapquest and they have a limit of 26 (A-Z) stops on any planning map. So there's a couple of stops in the long straight stretches that I took out so I could show the main loop.

Two of the stops are to visit family, although we did stay in a campground at one of them.  

This is the second long trip we have made. Two years ago we made a trip of similar distance and time. That was on different roads with different destinations. The planning for this trip was deliberately structured to take us to new locations. For example, this trip went to the Michigan UP and out across the northern states. The previous trip included Utah, Arizona, New Mexico, and Texas. Some of the upcoming posts will likely be from the first trip as well.

Our route was roughly planned and the parks were picked months in advance. We went out in August, when parks are busy, and had to make our reservations through Labor Day at a minimum. Later in the trip we were in more remote areas, with parks mostly empty, and we were free to roam. We carried a paper atlas in addition to having the internet. Looking at the larger map of a state gives a perspective that a set of directions in a phone or GPS lacks. We went out to see something of America, to not try to rush anywhere, and to explore as deeply as possible the places we happened to choose.

Wherever you go, however long you stay on the road, you only see a minuscule fraction of the country. For every road you take, there are hundreds you do not. For every town you stop in, there are thousands you drive past. For every park you choose to camp in, there are dozens you didn't visit. If you pick a trail to hike or ride, the rest of the park remains unexplored. When you are in a town, if you pick an old diner for lunch, you didn't visit every other restaurant you might have chosen.

We ate out rarely, it was scarcely any harder to cook in the campsites than it is at home. The camper has a microwave/convection oven, a two burner stove, a small fridge and a sink. In addition, I have a Coleman stove to cook outside with and there are always grills available.

America has an amazing state park system. Every park we visited was a gem. 

My next post is going to start in the middle of the trip, in the middle of the country. It was while we were exploring the nearby town on our first trip that I began paying attention to how much of America is still out there. It's going to start with a little place called "Mom and Pop's Burger Stop".

 

As We Remember It

We have just returned from a two month, seven thousand mile, road trip across America.

 We traveled on two lane roads as much as possible, avoiding interstates, and made a point of stopping and exploring small towns and cities along with the parks we were camping in. Our transportation was a mid-size pickup pulling an eighteen foot mini RV.

 We stayed in state parks almost every place we stopped. Our routine was to travel no more than three hundred miles at a time and to stay at least two nights at every park. This gave us time to stop when something seemed interesting and a full day to unhook the camper and go exploring the local area.

We went looking and what we found was that America is still there.

This is the first in a series of posts on our adventure. 

 For any American who had the great and priceless privilege of being raised in a small town there always remains with him nostalgic memories... And the older he grows the more he senses what he owed to the simple honesty and neighborliness, the integrity that he saw all around him in those days. 

          Dwight D. Eisenhower

Skynet has arrived

Um, I've seen this movie:

Nation-state goons and cybercrime rings are experimenting with Gemini to develop a "Thinking Robot" malware module that can rewrite its own code to avoid detection, and build an AI agent that tracks enemies' behavior, according to Google Threat Intelligence Group.

In its most recent AI Threat Tracker, published Wednesday, the Chocolate Factory says it observed a shift in adversarial behavior over the past year. 

Attackers are no longer just using Gemini for productivity gains - things like translating and tailoring phishing lures, looking up information about surveillance targets, using AI for tech support, and writing some software scripts. They are also trialing AI-enabled malware in their operations, we're told. 

It seems that the Bad Guys are using all the old malware tricks (obfuscation, hidden files, etc) plus some new ones (sending commands via LLM prompts, i.e. the malware queries (prompts) other LLMs to get commands.

The security model for AI/LLM is hopelessly broken, and the design is defective.  I mean heck - the designers didn't consider two decade old attack techniques.  I don't know if it's correct to label this broken as designed but it's not far off.  This is software engineering malpractice.

I can't wait to see what happens with this and one of Elon's humanoid robots ... 

Back Soon

Chasing Ghosts.  And Ghosts I don't want to catch.

Damn Ghosts. 

I would have throught that German IT Security teams would be more competent than this

I was not expecting this:

Germany's infosec office (BSI) is sounding the alarm after finding that 92 percent of the nation's Exchange boxes are still running out-of-support software, a fortnight after Microsoft axed versions 2016 and 2019.

While the end of Windows 10 updates occupied most of the headlines, Microsoft's support for Exchange and a bunch of other 2016 and 2019-branded products ended on October 14, as scheduled a year earlier.

Alternate title: 90% of German firms fail their SOC 2 audit.  Look, this isn't landing a man on the moon, and you had a whole year.  You just couldn't be bothered.

Was ist los? 

 

AI Browsers considered unsafe

OK, that post title is more than a bit inflammatory, but who on earth would want to use something like this?

Several new AI browsers, including OpenAI's Atlas, offer the ability to take actions on the user's behalf, such as opening web pages or even shopping. But these added capabilities create new attack vectors, particularly prompt injection.

Prompt injection occurs when something causes text that the user didn't write to become commands for an AI bot. Direct prompt injection happens when unwanted text gets entered at the point of prompt input, while indirect injection happens when content, such as a web page or PDF that the bot has been asked to summarize, contains hidden commands that AI then follows as if the user had entered them.

This is unbelievably bad.  How bad?  This bad: 

Last week, researchers at Brave browser published a report detailing indirect prompt injection vulns they found in the Comet and Fellou browsers. For Comet, the testers added instructions as unreadable text inside an image on a web page, and for Fellou they simply wrote the instructions into the text of a web page.

When the browsers were asked to summarize these pages – something a user might do – they followed the instructions by opening Gmail, grabbing the subject line of the user's most recent email message, and then appending that data as the query string of another URL to a website that the researchers controlled. If the website were run by crims, they'd be able to collect user data with it.

Surely they must be exaggerating, I hear you say.  Nope - the author of the post at El Reg recreated the exploit his very own self, simply by creating a web page with the commands hidden in it.  FYI, that's 1996 technology right there.

Now look, I may be an old crabby security geezer (no comments, Glen Filthie!) but the problem of sanitizing user input is a really old one.  So old that it was old when XKCD did it's classic "Bobby Tables" cartoon:

There have been over 3000 XKCD cartoons; that one was number 327.  Yeah, that long ago. 

My opinion about anything regarding AI is that the hype is so fierce that the people developing the applications don't really focus much on security, because security is hard and it would slow down the release cadence.  And so exploits that wouldn't have surprised anyone back in 2010 keep popping up.

Le sigh.  Once again, security isn't an afterthought, it wasn't thought of at all.  My recommendation is not to touch these turkeys with a 100' pole.