Search This Blog

Populære indlæg

Wednesday, October 15, 2014

Liberal Socialism (anarchy with a friendly face)

liberal socialism - freedom and choice

how to replace the wellfare-state with the growth-society? you start by recognizing that growth demands opputinity for the single indivdual. it means that the state have to ensure the corporate sectors earning possibilities. this requires that every single citizen have the means and oppotunity to educate themselves. or find their own potential and exploit it. the solution is liberal socialism.

the easiest solution is to implement a citizens-pay. a minimum-amount that is required to have an acceptable lifestyle in modern society. this includes money for insurances. for example isn't it a problem if the disabled can afford the required insurances for medical care, dentist, it should even cover the nodding shrink. the amount should allow for a bit of entertainment. the system should stop paying if a certain maximum limit is reached. this allows for poor people to save up money for an education.  this also makes it possible to live on a low-income job.

isn't it nice to have 50.000 on your account? wouldn't it be nicer to have 50 million? you can! if you choose to use the money for beer and weed it is your problem. if you choose to take an education it is your choice. the state guarantees a life of opputunity. not luxury. that is one's own responsibility.

taxation! it is unjust and unfair to put tax on property. when you have paid for your house it is yours. but does this leaves with only paychecks to tax? no. we can put a tax on the consumption of money. maybe 10% to 15% on every incoming money transfer not originating from ones own account. this means that businesses do not pay tax for internal transfers. this way we can lift taxes on peoples paychecks. limits on bonusses should be lifted and instead the bonus is taxated heavily, like 25% to 50%. this is to redistribute wealth. this should ensure that money is always circulating in the society which in turn gives a more stable economy. local merchants doesn't loose to much business in the aftershock of a financial crisis. an anticipated side-effect is a (very) low but stable growth in society generally.

the voting process will be of direct democracy. this is in both the state and municipal system. the voter has to vote for a named - their choice - politician and the one with the most votes chooses position first. then the one with the second-most votes. this will make the government reflect the peoples wishes and motivate coorporation.

the world of today demands quickness and agility in government. and since the people have a direct influence on the constellation of their government and parliament the government (not the municipal system) should be able to decide what international agreements the country should enter. we - the people - exchange a (very) little form of influence regarding public polls but gain a lot more individual freedom.

we have a choice pertaining google, facebook, microsoft and all those i was too lazy to mention (sorry guys ;-) we do not when it comes to the dealings of our governemnt. we do not have a choice when it comes to the municipal system. if we the people should trust a government with such freedom in handling the affairs of the state at least we should be able to follow every step of every policy implemented. an open and transparent government is essential in a free world. we crave freedom and choice not corruption and greed.

the state concerns itself with the long-term goals like the environment, education, healthcare, justice (police) and military branches of state. they govern by setting limits for how much polution is acceptable. what types of side-effects in medicine can be tolerated. foreign-policies and such.

the municipal serves the businesses in the local community. for example: a company can ask the municipal system to arrange for extras busses for a period of time if production requires around the clock operation. if people can't get to work they can't work. judicial affairs, rights of the individual and so on is handled by members of the industry in question and ngo's with an interrest in the matter.

the system should emphasize on freely agreed contracts between the industry and the consumer. here the consumer is represented by an ngo member. example: monitoring, logging, google, human rights watch. if the consumer doesn't feel violated and the company has a sustainable business plan then the politicians should not interfere. cookie laws, anyone? a judge represents the state and thereby the people and have one foremost priority: to ensure that the law is upheld. that it doesn't violate any of the limits set by the state government. it is a system that clearly seperates the state from the municipal. *** it is a system where one individual can become a member of parliament simply by getting enough votes. ***

this gives for example a bank a much broader spectrum to design the product to the customer. a factory producing insect repellant have some limits imposed by the state government as to what levels of environmental protection they should satisfy but how they do so is their choice entirely. local circumstances may allow for a more lenient enterpretation of the law or a much harder. but the municipal system have a much better eagle-eyes view of the local area. and the judge ensures that a permit doesn't violate the longterm goals. this system makes it possible to bend the rules taking the local society into account.

the justice system should emphasize that money doesn't mean a thing in the eyes of the law. this to counter the effect of rising unequality. financial unequality isn't nessecarily a thing of evil. if the state in coorporation with the business world ensures that poor people still can afford to exist. even take their kids to the cinema once in a while. give people the means to make a brighter tomorrow for themselves and they will. wouldn't you?

the state should employ private subcontractors and these contracts should be administrated by the municipal. the demand to take the lowest offer is unhealthy for competetion because it leaves only one means of getting the contract: lowest price. the system should choose the offer they believe to be the best. anything else contradicts the spirit of freedom. and an open governance should ensure that every pro and con is known. after all! we all get to go the hospital or the school or take the bus so we'll find out what the deal was sooner or later, right?

this is a society that encourages the individual to make something of itself. and moreso! presents the opputunity and means to do so. yes, it is a society that allows the individual to do steroids and get beaten up or beat someone up in a cage for a living. it is a society that tries to diminish the effects of growing unequality. it is a society wherein the disabled can afford medical insurance and health care. it is a society that allows corporations much broader freedom in securing their goals and the environment. in short a society based on the fact that every member sees themselfes as a single unique individual always membering a community. it is a society that says: rematch! there is always one more try!

"my ideas are out of phase? it's anarchy with a friendly face!", anthrax [mutated]

the state generates income by licitation. an example: the state offers a prison contract of 7000/month/inmate. the local municipal allows that a local prison can charge each inmate 10000/month for food and shelter. and since the state deposits 15.000 each month if you have under 100.000 it is not unfair to charge people to be in prison this way. this example leaves plenty to set aside and have a good time. there is no need for a cruel prison-system. schools could be licitated this way too. hospitals. you name it.


as you can see the state cuts expenses by outsourcing more than just the job. and people above the "poverty"-line contributes to the state and those below gets their share paid by the state which in turn pays the company.

the state wants 200/child/month. one municipal wants 300/child/month totalling 500/child/month. another wants 200 totalling 400, yet another 500 for a total of 700. how to profit is up to the company. this system allows for different schools to compete not only on price but product as well. but if the state charges 10.000 and the municipal charges 100.000 no one will be able to make any money. it is a new way of looking at taxes.

human rights watch and google agree that a certain way of doing things on a computer system doesn't violate privacy. a judge ensures it does not violate state law and then signs it. it is now legal for facebook to use the same technology. 2 years later a new tech emerges and amnesty sees this as a problem when used with the tech mentioned before. they raise the case with a judge. the judge sees if this is in fact basis for a new trial or... a new law and if so the two parties try to reach a settlement. if they do then this is the new law. if they don't. the department of justice must make a ruling. this ensures a more dynamic way of passing a law. a system more consistant with the world of today.

a chemical plant gets a no on a specific production. a couple of years later a new method of production emerges. if this makes it safe for the environment it is easy for the company to get a license to produce the chemical. and it makes it legal for every other plant to produce the chemical using the same method.

it goes for both examples - of course - if it is not in violation of someones ip, patent and such. this responsibility also falls upon the judge.

and yes, this system allows for a prison with a pricetag of a million a day. the logic is that the punishment is to be confined to a limited space for fixed amount of time with specific alloted rules for contact with family and friends. it is the certain individual that is being punished for a specific crime. that is what the sentence is based on. not the amount on a bank account.


a company gets a contract for a school. they have several. now they can negotiate a better price on books because of a larger volume.

the state dictates that co2 should be minimized 2%. how is up to the individual municipal system. and in turn it is up to the single copmpany how to do so.

Tuesday, October 14, 2014

What do I want?

A job. Basically I want to design hi-tech weapons for the EU or NATO. Sorry Russia and China but i'm sure you can relate to me being a patriot. We can still do business together because it is some nice projects.

i would like to work with data forensics, anti hacker systems, analysis and design too. i' not that pickish. just stubborn :-)

I don't know jack about running or even starting a company that's where the rest of the world comes in. I don't demand nothing else but a job and a fair deal.

i am going to work as a guy. won't remove my 4 discrete piercings. Helene is too important to me to share so she'll be appaering at my personal will in my sparetime. 

i think that what i have written is some very teasers as to what i'm offering. 

Drone of the Norse Gods

drone project

compact. small.

that can be used multiple aircraft types, such as: glider (silent) helicopter. propeller. you can also make a flat sturdy tracked vehicle to "sneak" into, turn off the engine and wait. an exotic version could be a drone based on insects that can climb.

sense: area microphone (omni)
orientation-specific (can be remotely controlled)
dirverse cameras

all information is sent to the central office

own physical network

drone's network acts as a server so that the drone does not contain information that can be traced back to the panel.

joint control

opportunity to alrmere operator in the case of sound (eg. broken branch hit, run) or a sudden flash of light and the like. could be combined with something that detect temperature differences

Manual control: arrow makes speed up desired direction changed, keep the left mouse button and moving the mouse in the direction you want. the maneuvers which could roll right button is used

Swarm mode: a group of drones assigned to a control-drone controlled by the operator. this could be selected with ctrl + s

formation mode: the operator can choose between # preset formations or design your own. These could be: line, sawtooth, triangle, square, etc. you could use ctrl + f to select formation

patrol / recon mode: using ctrl + p, and then select the waypoint you want patrolled. Double-clicking a waypoint produces a small menu where you can enter blah gps coordinate more accurately

one could imagine an auto-swarm mode where you select the x drones and select an area on a map and they will find themselves out of the patrol or whatever you want.

overview where the drone position shown on the map or seen from the nose. in the overview could possibly show a satellite map below. otherwise a virtual card is used. can you combine the two you can mark points. with a common controller every operator can see the interassante points.

what I'm trying to point out the key combinations is a pattern. ctrl = change drones fly fashion. everything could be used for automated tasks. it's just examples.

use screens with a good solution. HD is probably the best choice price / resolution. but ultra-HD on a big screen would give better opportunities in terms of visibility.

To get started quickly with automation could be looking at the "RoboCup Soccer Simulator". a game where you have to programere a team of robots to play soccer. it is very similar to the programming to be used to get a group of drones to attack a common goal. even very similar.

** Rekusive algorithms to distribute the "squares"

I aim at is to make a liquid development. that can be built in layers.

you can connect conventional units on. just by putting a tablet in a tank, staff can access the information the drones will. directly from the control panel.

in the longer term, the system is seen as a military overview of the battlefield.

I in no way intended to make it look like a computer game. I have used the game to inspire the user interface.

I am opposed to arm a partially self-governing structure, since I think that there are too many uncertainties associated with the technology now. but a drone capture a sound and turning a microphone toward the sound, it can also measure the distance with a laser. it can put a laser dot can send a projectile or Missile afterwards.

but at that point I feel that I have it when I've helped people start hacking. I am not in favor of "use it only for the good." it is people's own knowledge and they decide what they will do with it.


the system is comprised of several components:

- a central controller

- plug'n'play drones

- simplicity in use and design

- total control for the human operator

- each drone is optimized specifically to the task it performs

- intuitive gui

- swarm-based (the drones help each other)

- shared memory

- open source

- quality (example 4k resolution)

- first time a drone is initialized it must be done with a cable to pair controller/drone

military version only:

- closed circuit (includes own radar system)

- prgrammable attack plans

- the militairy initialization process is done from scratch upon system restart

usage examples:

the design philosofi of custom building each drone to the specific task is borrowed from every day tools for instance you don't use a hammer on a screw. you could be inclined to on a screw ball but that's not the subject for today. that's drones.

and the operator knows what action the drone performs when he holds down that button and he can see exactly what he hits. no computer overrule the human operators decicion. it just makes it easy for him to terminate his target.

when a drone is activated it appears on every central it is allowed to appaer on. the military version do not have this feature instead you use a cable and when the drone becomes online it is automatically added to the central where any operator can take control of it. once controlled the drone disappear from the shared pool.

the central of the military version makes sure drones do not get out of reach. since the system uses shared memory a drone that comes out of range the central orders the drone back in range.

you don't order the drone to attack by firing its weapon. you allow it to execute its program. so you hold down the "trigger" and the drone attack the targets it is allowed to attack (this is achieved with a tagging system) and if the operator wishes to call of the attack he just releases the attack/action controller

the drone-system is not able to make its own decisions pertaining target-selection and decision to terminate.

the civilian controller is a merely piece of software running on a server and connecting using wi-fi.

take a hospital. with this system the cleaning drones (comprised of several drones) work together to clean faster and better. the operator plots in a course that is in sync with the daily routine so the cleaning doesn't interfere with the the coming and goings of that particular day. he starts by doing a check round and plots the areas he wants cleaned on a tablet. then he send in the drones. first the vacuum cleaner and when the operator is satisfied with the task he sends the drone further on. and when it has turned around the corner he can start the floor-washing drone. a polishing drone.

take a football field. you can set the lawn-mover drone to patrol the football field ie cut the grass and when it's done you send in a paint drone that has the exact measurements and layout of the field.

Some examples (and i have more):

weapon system "gungner"

crew: 6

a commander oversseing the overview-drone
one scout using the recon-drone
4 pilots each using 2 - 4 fighter-drones

it gives you an air-defence comprised of 8 - 16 fighters with only 6 men

off course you need someone to change the batteries, fuel and ammo but with such a system where you just put in a new tank is pretty agile

overview-drone (hugin)
elecgtrical engine
high altitude
sensors: high resolution, good for movement and light
it doubles as a real-time overview of the battle-field and as a forward transmitter system

recon-drone (munin)
both jet and electrically fueled
omni-microphones top and buttom and 1 directional mic in the nose. all send a 3d spatial audio signal. when the drone is put into action-mode or attack-mode, whichever is prefferably - it automatically changes from jet to electrical engine system. deactivating automatically puts you back on jet power
sensors: micropohones (omni and directional), high resolution, good for movement and light
fast there, silent in, silent out, fast back

fighter-drone (fenris)
laser-guided (when a laser is locked on a target it is followed)
1 or 2 jet-engines (i aim for someting between mach 7 and 8)
1 single gun with a very high firerate would be optimal. range 500 - 800 meters
speed is more important than fuel economy

weapon system "valkyrie"

crew: 6

a commander oversseing the overview-drone
one scout using the recon-drone
1 with 3 artillery/mortar-drones (medium range is important)
1 with 2 tank-drones
1 with a gunship drone
1 with an armored peronel carrier (you could call this the behemoth of trojan horses)

the system has 3 primary functions. the first is to secure wounded personel. get suplies through a blockade.
the last is the ability to enter any place on land with a group of troops enjoying "safe" transport. you could secure a group of hostages being held by pirates. a terrorist leader.

mandskabsvogn-drone "mjølner"
one heavily armored APV where it is more or less only vulnerable through the bottom. mainly because of the belts. maybe a hydralic suspension could make it possible to perform life-or-death surgery? it should make it more pleasant to travel in
inertnally it only has some screens showing whats around. top, bottom and all 4 sides (the system can always get the information from the overview-drone). and 2 buttoms. 1 for the lights and 1 for the door.

tank-drone "tyr"
strong armor and good coverage
fast shooting auto loading cannon
the size is dependant on how powerfull an engine is required for a acceptable speed

artillery-drone "odin"
thick armor is not a priority. it is used to lay down suppressing fire when you withdraw the APV
it must be able to move and fire continously

gunship-drone "thor"
small, compact, manaurable
2 rocket launchers

And some programming examles:

subrutine Attack( target ) {
  if( target_is_tagged( target ) ) {
    if( can_hit( target ) }
  } else {
    new_vector = get_shortest_line( target );
    set_vector( new_vector );

subrutine Autopilot( waypoint[] ) {
  waypoint.current = 1;
  with( waypoint[] ) {
    if( current_position == waypoint[waypoint.current] )
    if( waypoint.counter >= waypoint.current ) {
      waypoint.current = 1;

subrutine Patrol( waypoint[] ) {
  loop until( key_pressed( ESCAPE ) ) {
    Autopilot( waypoint[] );

subrutine find_closest_target( targets[] ) {
  targets.current = 1;
  closest_target = targets[].current();
  with( targets[] ) {
    target_distance = get_shortest_line( targets[targets.current] );

subrutine activate() {
  if( landing_gear() == down ) {

  landing_gear = up;

subrutine deactivate() {
  if( landing_gear() == down ) {

subrutine Action() {
  if( action == attack ) {
  if( action == pursue ) {
    weapon_status =; = on;
    Attack(); = weapon_status;

for example one drone could be designated "squad leader" and the orther drones under the operators control keeps formation. this is swarm or group mode. if precision is required the operator enters the drone-shell and execute "goto(longitude,lattitude,altitude)" and the drones figure out how to get to the desired gps coordinate. in formation if that is selected. but each drone can run its own script if desired. this is also why each operator is limited to four drones each. otherwise i think you'd loose some overview - ie control - and won't be able to exploit the versatility of the system. also on the big or status screen 4 drones showing what they see and info relates to flight like speed and so on will clutter the display. remember simplicity is a virtue. 

to program you use the enter command instead of execute. this allows for some very flexible maneuvers on the tactical level.

the system is fully oo. every part of the drone is an object knowing about itself and nothing else. the controller just reads/stores info and invokes methods on these obects. be it a camera, a gun or just the landing gear. 

i wasn't specific enough: that's how the operator programs the drones. not the droneOS itself.

to make it work i'd have to create or learn a real world physics environment and i'm too lazy to do that when reality's already done that for me. 

the display - off course - adapts to the type of drone it controls. so that a recon drone has another setup than a squad of fighter drones. 

Monday, October 13, 2014

homemade railgun

don't go for big. go for something that can be mounted on a vehicle or a tripod (that would be an awesome sniper-rifle exceeding the xm2010).

with a variable power selection it could be used as a conventional gun or a balistic misile.

my idea is to use 3 - 5 lightning rods to maintain precision and they conduct electricity just fine. and with the right speaker (as your hiend stereo) cables (cf cobber or better) should give you the low resistance your magnetdriven bullet need.

i haven't made the calculations on powerconsumptance but i would say a couple of tractor or truck batteries each putting out something in the 40 - 50 amps should give a nice blast

i think such a prototype could be build pretty cheap. it may not smash a city but i think armour is of little value when hit by a 3 - 6 inch steel ball at up to 20000 km/h.

this wasn't made on illicit drugs but painkillers and other doctor prescribed stuff :-)

besides one placed in space could send out probes. and maybe even ship minerals from the moon or mars. if it works. low to no gravity is the key. all you need to do is calculate a course and then collect the goods. now to ship a container you do need to go for very big. but it's a simple calculation to set the right trajectory and velocity to get it near old big blue. 

Sunday, October 5, 2014

social engineering attack on dk militairy

this was sent before Snowden. translate and give me your opion

Uopfordret ansøgning til Forsvarets Efterretningstjeneste som “CyberKriger”.

Hvis jeg havde undersøgt tingene før jeg skrev ansøgningen ville jeg have vidst at forsvaret ikke modtager uopfordrede ansøgninger. Men jeg tvivler på at man overhovedet laver et stillings-opslag til den type job jeg søger. Derfor har jeg valgt at sende den til jer, forsvars-ministeriet. Jeg tog testen på men it-supporter, nej tak. Jeg har intet imod at hjælpe min familie og kammerater med it-problemer men det er efter devisen: giv mig computeren og lad mig kigge på det i fred. Jeg foretrækker selv denne model. Hvis jeg har et problem med for eksempel min forstærker griber jeg ikke skruetrækkeren og går i gang. Jeg har ikke nogen ide om hvordan man reparerer en rør forstærker blot fordi jeg har en ide om hvordan den virker. Og hvis det er noget større der har været problemet vil jeg ikke forstå den tekniske forklaring. Så det er blot spild af min tid men - og hvad er værre - ekspedientens. Det handler om tålmodighed og min er lille selv uden adhd. Jeg er oprigtig bange for at jeg enten taler ned til folk eller bruger formuleringer der ryger hen over hovedet på folk. Derudover mener jeg at offensive evner altid bør høre under militæret.

Jeg blev inspireret af at vores forsvars minister sagde at Danmark skal have en effektiv cyberhær så jeg gik i gang med at undersøge mulighederne i dag. Og der er sket meget siden jeg sidst beskæftigede så intensivt med hacking. Hvorfor har det taget mig over 20 år at finde ud af hvad jeg vil bruge mit liv til? Jeg har såmænd hele tiden haft interessen og flair for computere. Men der har ikke været de muligheder for en som mig, som der er i dag, før nu. Og da jeg i dag - den 24. maj - læste på version2 at FET arbejder på deciderede offensive evner kunne jeg ikke modstå fristelsen.

Jeg er overbevist om - gennem bekendte der har og gør aktiv tjeneste - at det Danske forsvar værdsætter mennesker der kan og tør tænke selv. Jeg tager de store beslutninger inden jeg står i det. En af dem jeg allerede har taget er når det omhandler en ordre jeg finder problematisk. Det er min pligt at gøre opmærksom på problemet - kort og præcist. Og det er min pligt at udføre mine ordrer.

Jeg ved godt hvad og hvem jeg er. Jeg har accepteret det og jeg skammer mig ikke. Jeg skal være den første til at indrømme at jeg ikke er et godt menneske. Jeg har en rigtig god ide om mine sindslidelser. Hvordan de interagerer med mig som menneske. Nu ved jeg også at jeg skal lytte til min krop og sige stop før den gør. Jeg har også lært at jeg ikke kan gøre alt selv. Jeg skal ikke engang prøve. Og så skal jeg have et job hvor jeg brænder for indholdet. Det er opgaverne der motiverer mig. Det at lære noget nyt. Ikke lønnen. Så længe mit rådighedsbeløb er højere end det jeg har nu. Men til at starte med er jeg interreseret i en praktik periode. Jeg skal ind i en fast rutine og det tager tid. Når det drejer sig om min medicin og hash - som jeg bestemt ser som medicin - er jeg kommet til den konklusion at det drejer sig om livskvalitet kontra bivirkninger. Og jeg har valget mellem kriminalitet og blive meget mere syg end jeg er. Bivirkningerne inkluderer flere episoder hvor jeg besvimer om dagen. Jeg kan kaste op i flere dage. Nogle gange uger. Distriktspsykiatrisk har ikke været villige til at søge om dispensation så jeg kunne få Marinol eller tilsvarende. Og tålmodighed er ikke en af mine styrker. Vedholdenhed er.

CyberKrig handler om deception og stealth. Et eksempel er den “mindre” udveksling USA og Iran havde midt i 2012. USA og Israel, rygterne siger det var sidstnævnte der modificerede stuxnet og forsøgte at udløse en atom-katastrofe i Iran ved at lukke for kølevandet i et skjult atom-anlæg. Iran svarede igen ved at lukke bankers hjemmeside i USA. Spørgsmålet er så om det bare var en advarsel eller et fejlslagent forsøg på noget langt værre? Den frie presse har det med at være for fri en gang i mellem, syntes jeg. Det går alt for stærkt i forhold til at være først med den gode nyhed og have styr på sin historie.

Hvis de (Iran) virkelig havde ønsket at skade USA’s økonomi havde de i stedet lavet en trigger i bankernes underliggende dbms-systemer der bytter om på indholdet i felterne, f.eks. de tabeller der tager sig af overførsler og indestående på konti. Bare en gang per business-transaktion tror jeg ville være meget destruktiv over et par timer.

*** selv-censureret kode ***

Hvis man ønsker at skjule den og gøre det tæt på umuligt at rekonstruere ved hjælp af log kan man attache den til en eksisterende trigger og så også ramme log-systemet. Selvfølgelig kræver det et indgående kendskab til opbygningen af de forskellige databaser men det er nu ikke umuligt at “komme ind” og når man tænker på mængden af trafik er det umuligt at opdage at der er en der sidder og kigger i det inderste. Medmindre der sidder folk og aktivt overvåger alt der foregår i databasen. Dette er ekstremt mandskabskrævende så reelt er det ikke en mulighed. Og jeg tvivler på om det vil have en indgribende eller præventiv virkning.

Dette er en meget effektiv metode da mængden af transaktioner i dbms-laget i dag reelt betyder at når backuppen er færdig er den næste backup betydeligt større. Og skal der rydes op efter et sådant angreb skal der reelt være papir udskrifter af samtlige transaktioner. Jeg tror nu stadig at det vil tage sin tid at gå hele systemet i gennem og rette op igen.

Man kunne også argumentere for at en variant der i stedet lægger for eksempel 0,01% til tilfældige transaktioner i et finansielt system. Jeg tror at det ville være ødelæggende hvis det er et lands økonomiske systemer der er målet.

Og for at forøge konsekvenserne kan man plante historier i pressen, f.eks. ved hjælp af blogs og derved sikre at historien i pressen bliver at på trods af bankernes høje indtjening, gigant bonusser til direktionen så vil de ikke bruge penge på at sikre folks data (deres indestående i banken). Man kan gå et skridt videre. Jeg kan i hvert fald godt se at der er yderligere skridt man kan tage men personligt vil jeg mene at man allerede har gået langt over stregen med det jeg lige har beskrevet. Men stadig, man kan sagtens forværre situationen for målet. Bare for at slå det fast: man ansætter ikke en med mine kvalifikationer for at teste sikkerheden på egne systemer. Man ansætter en som mig for at ødelægge fjendens. Og kan man ikke det er det altid en god ide at skabe så mange problemer at fjenden er tvunget til at hæve sikkerhedsniveauet. Det har den konsekvens at det lægger beslag på ressourcer og alt andet lige gør det sværere for fjenden at operere “normalt”. Forhøjet sikkerhed sænker hastigheden for helt almindelige dagligdags opgaver. Man kan ikke gøre det umulige men man kan gøre det svært. Irreterrende. Stress er et våben. De små ting i hverdagen der ikke fungerer rammer hårdere end de store ting man ikke kunne forestille sig før det skete. Det er lidt den samme taktik terrorister bruger. De bruger vores frygt imod os. Vi er bange for hvad de kan finde på at gøre. Ikke hvad de reelt er i stand til. Og det medfører at alt for mange beslutninger baseres på frygt og panik. Til det punkt at vi er bange for vores naboer.

Da jeg mener at et gode angrebs evner ikke eliminerer nødvendigheden af forsvar har jeg også nogle ideer her men da jeg altid har satset på at forholde mit antal og identitet skjult har jeg ikke haft det store behov for forsvar. Selvfølgelig bruger jeg både anti-virus/malware og avancerede firewalls og er også begyndt at kigge på IDS og muligvis en lokal proxy til at filtrere trafikken.

Og det er en del af vores virkelighed at stats-sponsorerede cyber-angreb absolut hører til blandt enhver nations forsvar og angreb. Og det her er ikke teknologi der kan beskyttes gennem ikke-sprednings aftaler… Som jo så heller ikke har haft den ønskede effekt. Se bare på Nord Korea og Iran. Atomvåben. Læren er, at alt hvad man selv kan, kan alle andre meget sandsynligt også. Men uanset hvad foretrækker jeg at have en ide om mulighederne fremfor at frygte det ukendte.

Cyberkrig adskiller sig fra konventionel krig ved at det er en meget offentlig krig forstået på den måde at fjenden ikke kan holde det skjult for sin egen befolkning eller verden at man er blevet angrebet. Alt det man ikke ønsker ens allierede, ens egen civil befolkning ved om en. Det er det man taber på i det lange løb. Men det handler også i høj grad om deception og stealth.

Man burde informere om it-sikkerhed så helt almindelige mennesker uden det store kendskab til computere har en ide om havd det er det handler om. Bare se på hvor mange Mac brugere der mener at antivirus ikke er nødvendigt. Folk uden kendskab til den slags tror at for eksempel et ddos angreb er svært at lave. Men når de får at vide at det svarer til at trykke refresh 1.000.000 gange i minuttet ryger noget af mystikken. Og styrken. Og sikkerheds-forskellen på Windows, Linux og Mac OS måles i minutter for en dygtig hacker. Faktisk er forskellen på en it sikkerheds specialist og en hacker først tydeligt når et givent system er kompromitteret. Indtil da anvendes samme metoder og værktøjer. Men hvor en sikkerheds specialist skriver en rapport går en hacker - eller cyberkriger - først i gang med at arbejde. En it sikkerheds specialist følger også en bestemt plan. En hacker er mere dynamisk. Det er et udtryk for den anarkistiske friheds-trang der for mange hackere nærmest er religion. Og for en hacker er kaos bare det der omgiver os - med udgangspunkt i internettet - det ubestemmelige, uoverskuelige, uforudsigelige. I naturvidenskab også det uberegnelige. Det er af samme grund at jeg ikke er god til skak. Jeg foretrækker at sætte spillet op på en sådan måde at mit første træk altid er skak-mat. Jeg foretrækker at have et resultat at arbejde ud fra. Det her er, hvad jeg vil have der skal ske.

Et eksempel: Forsvaret opretter en “public” server for cyber-enheden. Denne server er fysisk placeret ved siden af forsvarets andre servere. Den er dog adskilt fysisk - hvilket betyder absolut ingen adgang - bortset fra en dedikeret internet forbindelse. Den administreres også herfra. Først og fremmest skal den bruges til at informere, for eksempel om de trusler der er på nettet lige nu. Måske endda beskrive teknikker. Der er jo ingen der er i tvivl om om hvordan enheden arbejder. Serveren vil være et oplagt mål for visse hackere. Det vil sige det giver en del real-life og real-time data om et hacker angreb. Den form for viden må være værdifuld i forhold til at forudse hvordan det foregår. Der er altid et mønster. Og når der er et mønster er der en plan. Det vil sige man kan differentiere den enkelte hackere ud fra deres systematik. Deres identitet, ip-nummer, er jo så nemt at skjule at det er ressource-spild at forsøge. Den eneste løsning er overvågning og forbud mod krypterede forbindelser af Nord Koreanske dimensioner. Alternativt er en mere realistisk løsning nok teknologien selv. Det er muligt at bygge en computer der er kraftig nok til at lave real-tids brydning af kryptering. Men tænk på hvor mange der skal bygges når man ser på antallet af internet brugere.

Og man kan jo bare se på effekten af den DNS-blokering ISP’erne blev pålagt at udføre. Ungerne så blokerings-siden og tænkte “Hell, no!” og fandt ud af at omgå den. Og når først en af dem har fundet en løsning spredes det hurtigere end den sorte pest i middelalderen (dog uden anden sammenligning). Og i dag med Data Retention lovene: Nu anser de (også mig) VPN som en naturlig del af kommunikations budgettet på lige fod med internet og mobil.

I nyere tid har jeg holdt mig til at hacke mine egne computere men det giver ikke det reelle billede da det foregår via localhost interfacet og derfor bypasser en del af operativ systemets sikkerhedsfunktioner, Virtuelle maskiner giver selvfølgelig et mere realistisk billede men det er svært at ddos’e sin egen computer på denne måde. Men det er da lykkedes mig at få Mac OS (Lion og Mountain Lion) til at “smide” alle services bortset fra de essentielle, for eksempel antivirus, firewall men ikke netværks-delen så maskinen er tilgængelig men ikke beskyttet. Og jeg tror at sikkerheds forskellen på Windows, Linux og Mac OS måles snarere i minutter for en dygtig hacker. Der er forskelle i de forskellige standard opsætninger, men det er også det. Og når man siger at der “vandtætte skodder” i mellem vores system og nettet. Nej! Den holder heller ikke. Er der en forbindelse til nettet kan maskinen hackes så det eneste 100% sikre er at maskinen ikke er forbundet til nettet. Men det er jo blot java-historien om igen. Det er for kedeligt at undvære i det lange løb.

Mine udtalelser giver måske anledning til at tro at jeg ikke bekymrer mig om teori. Det er ikke rigtigt. Jeg mener det er vigitigt at vide hvad man kan gøre. Hvordan man gør det. Og hvorfor det kan lade sig gøre. Jeg har den største respekt for teori men har ikke en formel uddannelse så jeg har svært ved at forklare mine teorier simpelthen fordi jeg ikke kender de akademiske begreber. Det meste jeg kender til har jeg lært mig selv. Så jeg kender det engelske udtryk men ikke den terminologi der bliver brugt på dansk. Dog vil jeg sige at jeg ofte har hørt udtrykket “det kan ikke lade sig gøre”, hvorefter jeg har set at det kan det. Nogle gange har jeg selv bevist at det godt kan lade sig gøre.

Mine løsninger og metoder er enkle og effektive. Det samme kan ikke 100% siges om mig som person. Jeg foretrækker også at angribe årsagen til problemet og ikke konsekvensen af det. Mine primære “våben” som hacker har været forvirring og mangel på information hos målet. De ved ikke hvad der skete, hvordan, hvorfor, hvor mange har deltaget, kommer der mere. Men det værste må være at stå over for en fjende der tilsyndeladende hved alt om dig. Og hvordan forhandler man med en fjende der aldrig giver sig til kende på nogen måde. Man ved ikke engang hvorfor? Og hvis man sørger for et veludført angreb fra tid til anden så vil fjenden ubønhørligt blive mindet om din tilstedeværelse og kontrol over situationen. Den eneste reelle begrænsning i cyberkrig er ens egen forestillingsevne. Fantasien. En anden af mine styrker er at jeg er god til at overskue store komplicerede systemer. Min indlæringsevne hører også til i den bedre halvdel. Og ærlig talt: hvad er det værste? At vide at præcis hvilken person der er efter dig eller bare vide at det er en fra internettet?

Det eneste der har afholdt mig fra at gøre nogle af de ting jeg har haft lyst til at gøre er etik. Jeg er kreativ nok til at få ideen. Jeg er intelligent nok til at designe det. Jeg er endda vedholdende nok til at planlægge det til det punkt at jeg bare skal aktivere min plan. Dette er jeg så ikke altid kynisk nok til at gøre. Jeg kalder det strategisk planlægning. Det vil sige at et program er færdigt når produktet er opfylder de kriterier jeg opsat i krav specifikationen. Ikke fordi vi er kommet til et bestemt tidspunkt. Jeg er god til at få ideer. Har en livlig fantasi. Men for at den gode ide bliver en brugbar god ide kræver det en gruppeindsats. Og jeg nægter at tro på at målet altid helliger midlet men man kan stå i situationer hvor man må acceptere at man ikke kan løse opgaven indenfor lovgivningens rammer. Specielt med den type projekter man kan komme ud for indenfor cyberkrigs feltet. Og jeg har flere gange - en hel del flere end jeg har lyst til at indrømme - ladet begreber som rigtigt og forkert vige for personlige behov.

Jeg er ikke den store tilhænger af konspirationer, indrømmer dog at de har deres underholdningsværdi. Som paranoid skizofren syntes jeg at jeg har haft rigeligt af det i mit liv. Jeg prøver at forholde mig til det jeg ved. Det jeg ser, hører, læser. Og hvor mine oplysninger kommer fra. I vores verden går det så stærkt - specielt med nyhederne - og nogle gange falder udtalelserne for hurtigt. Og selvfølgelig er jeg i stand til at lægge 2 og 2 sammen. Og med den verden vi har i dag er det muligt at resultatet er alt andet end 4. Med det i mente kan man argumentere for at det også er en del af en den Danske Cyberhærs ansvar at beskytte folk mod mange af de tåbeligheder der foregår på nettet. Det være sig forsøg på at franarre folk’s pinkoder til at opfordre til religiøst had. For det er jo angreb på vores måde at leve på. Vores kultur. Vores frihed. Og det er værdier der er værd at kæmpe for. Udfordringerne er mange og store. Og det her er jo et helt nyt område i militær historie men en logisk følge af behovet for god og rigtig information.

Og de store udfordringer lige nu? Arabiske hackere har rigeligt at lave med Israel/Palæstina konflikten. Og så er det “det arabiske forår”. Ruslands laissez-faire holdning overfor de grupper russiske hackere der konstant stjæler fra vesten er et problem der med stor sikkerhed vil brede sig til europa også med europæiske cyberkriminelle. Det har den reelt gjort i og med at man kan leje et hackernetværk i en måned for ingen penge. Man kan blot konkludere at der ikke sker noget. Kina. Kina har altid været et problem når de går ud over Kina’s grænser. Og når det gælder internettet er Kinesernes gamle holdning “Internt Kinesisk anliggende - bland jer uden om. Det foregår uden for Kina - det er ikke vores problem” ikke eksisterende. Jeg tror at den Kinesiske regering hacker alle virksomheder i vesten for at få viden om teknologi, designs og så videre. Disse oplysninger sælges til Kinesiske virksomheder. Men det er min personlige holdning.

Da jeg er førtidspensionist og skal bruge lidt tid på at komme i gang igen vil jeg mene at en praktik-periode på 6 måneder til et år er det rigtige sted at starte. Men selvfølgelig er mit første mål en samtale. Og vil sige at mit sidste ophold på en psykiatrisk afdeling (R3 på Sct. Hans) fik mig til at indse at nu var det enten eller. Man kan sige at jeg fik et meget velkomment indblik i hvad min livsstil ville føre til, ultimativt. Jeg genkendte alt for meget af mig selv omkring mig.

Med hensyn til mit politiske standpunkt betegner jeg mig som liberal-socialist da de partier i Folketinget jeg har flest fællestræk med er Enhedslisten og Liberal Alliance.

Rent historisk vil jeg hævde at 1. verdenskrig reelt var korstogene fra cirka 1200 − 1400. Flere stater sponsorerede krigene fra begge sider - Gud mod Gud. I dag har vi 4. verdenskrig. Cyberkrigen. Og den foregår 24/7. Og ved en cyberenhed indenfor militæret, er militæret nødt til at anse selve enheden for at være i reel krig. Ikke at det rejser de helt store moralske eller etiske spørgsmål. Det er på dette punkt at cyberkrig adskiller sig fra en konventionel krig.

Man kunne forestille sig de soldater der er blevet invalide - 2 øjne og 10 fingre i behold - kunne indgå som cyber-soldater. Nogle vil have potentiale til top100 men de fleste vil udemærket være i stand til at lære at bryde kryptering, port-scan, ddos og lignende. Det er kun svært at bryde kryptering hvis man ønsker at forstå matematikken bag. For at kunne bruge et program skal man i realiteten bare vide hvad man skal gøre for at få den ønskede effekt. For at deltage i et ddos-angreb skal man bare have målets ip-nummer. Her kan alle være med.

Min livsfilosofi er: “Og sådan går det altid. For idioterne skal altid have det bevist.”, jeg kan jo bare se på mit eget liv og trække på smilebåndet.

Og ja. Jeg er “net-junkie”. Jeg slår dog ikke mine meninger og holdninger op på nettet.

Med venlig hilsen

*** mine kontakt-oplysniger jeg ikke ønsker at dele med hele Danmark :-) ***

Jeg foretrækker at kommunikere skriftligt.

safe servers network

safe servers network

*** edit: “safe” implies “less unsafe” ***

every desktop machine has exactly the same software (even if not used by the user) in the same versions. cuts down 2nd-line support. and if a problem is solved on one machine it is solved on them all. example: an exploit becomes known. fix it one place and it’s fixed all over. also makes adding new machines easy as 1-2-go

two “dead-man-switches”
1. cuts connection to the grid (kills routers). this way key-loggers etc don’t call home
2. cuts bridges to server farm. if a virus is loos on the intra protect the servers. data is vital. not desktops.

this cannot be emphasized enough: there are no automatics on a secure network. none! it's always a good idea to lookup problems before installing an update.

servers who needs to be accessible from outside should be isolated on their own connection. this means that all machines on the inside of the network (lan) will have their own connection. so, at least 2 connections are required. this is a public/private seperation. it may seem like overkill but it allows that the router (internet access point) on the private part can have it's dmz redirect inbound traffic to a non-existing ip. administration on the public part is done through 22h ot a webbased interface.

no wi-fi allowed. no equip leaves building. none gets in (people must lock their cells in).
these will very soon be the really big exploit in the very near future (it’s already happening) and the potential for a major fuck-up is ludicrous

each server-function is located on ONE server each (i.e. web on one, maybe 4 * 1 dbms).
only mandatory ports are open on each firewall. if a machine does not need to do dns-lookups udp/tcp53/993 etc is sealed. also fw’s should be in stealth mode not answering icmp request.
if an extra measure is required use different versions of the software. every software has holes. but every version has different holes. no vm’s. if the vm is compromised, the host and every vm on it is compromised too.

a public server should be made completely cut-off from the real intra. all adm, updates, etc should be made through the internet. any public facing server is a drop of guard that is not needed. it will be hacked. a web-server alone is paramount to be compromised. add an underlying dbms and all bets are off. there is none. also it could be useful for data gathering of just how clever these little sob’s have gotten. kids are getting smart these days. just for the lulz

a multi-line internet connection would be nice too. the more ip’s the merrier. it still has to go through one tiny hole to get in or out

oh yeah. a couple of 3g/4g connections would be apt to have in store in case of a full-scale breach. why cut totally off. cunning panic is not panic. merely vigilance

** edit ***

it is impossible to uphold a directive that nothing comes in contact with the outside world. any device that has left the building - unlike Elvis who’s still ghosting around somewhere - that device becomes contaminated. before going in and back out it must be cleansed. that means that any documents stored locally will not enter servers. instead one must apply cloud-tech and very heavily encrypted connections. speed is not an issue so i guess that leaves pretty much up to the imagination. i think there are some american laws that prohibits too strong encryption, i think it boils down to that they want to ensure their experts can crack it. but i don’t see any right of anybody to interfere how an organisation or a group of individuals run their private networks.

have a hardware based system where the machine shuts down if the webcam is blocked

nothing is done automatic on a secure network. not updates. not access (no saved passwords). not nothing. and i literally mean the void of total absence of anything remotely not caused by a human

*** end edit ***

*** for those wearing tin-foil hats ***

do not equip the servers with conventional drives (incl sad)
instead have the configured system on a dvd and boot from that
all data is kept in memory or on a ram-drive
if someone tries to take the servers away they sure will be disappointed. its the only way
to make sure no info is »left behind«

*** end edit ***

*** dbms ***

no pw needed to access. auth is handled by a bridge in between.
open source big-data with flat structure.
every field has history (done by making delete disable the field altogether and update really inserts a new line)

*** end dbms ***

*** encrypted dns ***

i think the time has come to encrypt dns lookups

*** end dns ***