Tuesday, March 12, 2013

Tuesday Links

  • China is now the largest oil importer in the world, having surpassed the US.
  • If I was a South Korean, I'd be feeling this way too.  When your neighbor is openly talking about incinerating your cities with nuclear weapons, and they have nuclear weapons, it's pretty hard to sit there and not respond.  In general, North Korea seems pretty worrying at the moment.
  • That said, the commander of PACOM, Admiral Locklear, who is in charge of worrying about North Korea and China both, says he's most worried about climate change.
  • On the third hand, the Director of National Intelligence has now elevated cyberattacks to the number one threat to the US.
  • Krugman (relevant to yesterday's GDP graph): "Mario Draghi’s actions, by stabilizing markets and bringing down spreads, bought Europe quite a lot of time; Europe is determined to waste all of it."
  • Somebody reminded me yesterday of this paper I did with some collaborators back in 2004, causing me to reread it again.  It concerns how fast a computer worm could infect a large population of vulnerable computers spread all over the Internet - the answer turns out to be well under one second.  I think it's my favorite of my published papers (both because I love thinking about really big bad stuff that could happen, and because the actual analysis was a lot of fun).  Abstract: 
Flash worms follow a precomputed spread tree using prior knowledge of all systems vulnerable to the worm’s exploit. In previous work we suggested that a flash worm could saturate one million vulnerable hosts on the Internet in under 30 seconds. We grossly over-estimated.

In this paper, we revisit the problem in the context of single packet UDP worms (inspired by Slammer and Witty). Simulating a flash version of Slammer, calibrated by current Internet latency measurements and observed worm packet delivery rates, we show that a worm could saturate 95% of one million vulnerable hosts on the Internet in 510 milliseconds. A similar worm using a TCP based service could 95% saturate in 1.3 seconds.

The speeds above are achieved with flat infection trees and packets sent at line rates. Such worms are vulnerable to recently proposed worm containment techniques. To avoid this, flash worms should slow down and use deeper, narrower trees. We explore the resilience of such spread trees when the list of vulnerable addresses is inaccurate. Finally, we explore the implications of flash worms for containment defenses: such defenses must correlate information from multiple sites in order to detect the worm, but the speed of the worm will defeat this correlation unless a certain fraction of traffic is artificially delayed in case it later proves to be a worm.
This has still never been done in the wild, but I bet that, at some point in coming decades, someone will do this somewhere.

Update (1pm eastern): A Japanese research drilling vessel has apparently successfully tapped undersea methane hydrates for the first time.

4 comments:

sunbeam said...

"Update (1pm eastern): A Japanese research drilling vessel has apparently successfully tapped undersea methane hydrates for the first time."

I read that article. Skimpy on details. I guess they all are when they appear in any mass market publication though.

The devil is in the details, details which 99.999% of us don't have the knowledge and experience to evaluate.

"In onshore tests, Japanese researchers explored using hot water to warm the methane hydrate, and tried lowering pressure to free the methane molecules. Japan decided to use depressurization, partly because pumping warm water under the seabed would itself require a lot of energy. "

Depressurization. What exactly does that mean in this context? I could guess, but it would make a lot more sense with drawings. And do you need special geology to make it work?

Anything from a blip, to a world changer. No idea what to make of it myself. Still there is an assload of this stuff out there, some of it conveniently situated reasonably near established distribution networks.

Of course something like this could send our CO2 emissions past what I personally was thinking we would see.

stravinsky7 said...

Hey Stuart, have you seen the CDC director's release about the NDM-1 mutated CRE's?

hippa hippa hippa. Was that you who posted to the uni study about that 8 months ago?

Greg said...

More awesomeness from Google today: they're closing down Reader in July.

Time to start thinking about a new blog host, perhaps?

This is annoying, to put it mildly.

Unknown said...

A couple days ago I had a curious idea, tell me if I could be wrong.

Let's imagine a piece of code that would have just three elements: a library of all programming instructionsn, an engine generating random additional code which has just the property of making it syntaxically correct and a life-span after which it self deletes.

Now let's imagine that this program makes a hundred copies of itself after executing for a certain amount of time, all of which contain a different version of this random additional code and then self deletes itself.

Naturally here we would need a principle whereby the maximum copies of the program on a machine stops growing at a certain point to avoid overwhelm the machine / attract attention. Note also that we could even imagine a code that would look into programs on the machine to copy randomely existing pieces of their code (horizontal heredity).

The next generation will contain a lot of code that does mostly nothing but eventually after a while, the code that does replicates itself the most effectively would emerge and its capabilities grow. All of which are perfectly unpredictable.

Of course on a single machine it could take ages to see the emergence but imagine if "per design" that code was given a head start, i.e. a good contamination capability on the internet...

We would then have the emergence of a truly autonomous "artificial" form of "life" which effect on any IT network would be absolutely unpredictable and which mutation rate would prevent any definitive eradication.

The problem is that it is so simple to think of and build that I'm a bit afraid it is going to be done one day or another.