826 stories
·
8 followers

The Bond villain compliance strategy

2 Shares
The Bond villain compliance strategy

James Bond films have a certain formula to them. It is more interesting when seen from the perspective of the villain.

He has long been adjacent to money and power, but craves more. Several years ago, he successfully escaped his low-on-the-ladder job at an existing institution. He built a base of power that is independent of institutions. From it, he successfully puppets any organization he needs to. He and his organization are from elsewhere, everywhere, all at once. They have no passport and fly no flags; these concepts are thoroughly beneath them. They move around frequently and are always where the plot requires them to be, exactly when it requires them to be there. No law constrains them. Governments scarcely exist in their universe. To the limited extent they come to any government’s attention, no effective action is taken. The villain rises to the heights of influence and power.

This continues for years.

Then we suddenly hear E minor major 9. We begin the film, telling the end of the story, mostly from Bond’s perspective. The villain is just another weirdo who dies at the climax in act three.

Life imitates art

For years I have used the phrase “Bond villain compliance strategy” to describe a common practice in the cryptocurrency industry. 

In it, your operation is carefully based Far Away From Here. You are, critically, not like standard offshore finance, with a particular address in a particular country which just happens to be on the high-risk jurisdiction list. You are nowhere because you want to be everywhere. You tell any lie required to any party—government, bank, whatever—to get access to the banking rails and desirable counterparties located in rich countries with functioning governments. You abandon or evolve the lie a few years later after finally being caught in it.

Your users and counterparties understand it to be a lie the entire time, of course. You bragged about it on your site and explained it to adoring fans at conferences. You created guides to have your CS staff instruct users on how to use a VPN to evade your geofencing. The more clueful among your counterparties, who have competent lawyers and aspirations to continue making money in desirable jurisdictions, will come to describe your behavior as an “open secret” in the industry. They will claim you’ve turned over a new leaf given that the most current version of the lie only merely rhymes with the previous version of the lie.

And then we begin the third act.

So anyhow, Binance and its CEO Changpeng Zhao (known nearly universally as CZ) have recently pleaded guilty to operating the world’s largest criminal conspiracy to launder money, paying more than $4 billion in fines. This settles a long-running investigation involving the DOJ, CFTC, FinCEN, and assorted other parts of the U.S. regulatory state. Importantly, it does not resolve the SEC’s parallel action.

How’d we get here?

A brief history of Binance

Binance is, for the moment, the world’s largest crypto exchange. Its scale is gobsmacking and places it approximately the 100th largest financial institution in the world by revenue. The primary way it makes money is exacting a rake on cryptocurrency gambling, in particular, leveraged bets using cryptocurrency futures. To maintain its ability to do this, it runs a worldwide money laundering operation with the ongoing, knowing, active participation of many other players in the crypto industry, including Bitfinex/Tether, the Justin Sun empire, and (until recent changes in management) FTX/Alameda.

In his twenties CZ worked in Japan (waves) and New York for contractors to the Tokyo Stock Exchange then Bloomberg. In about 2013 he got interested in crypto and then joined a few projects, including becoming CTO of OKCoin, another Bond villain exchange. Being a henchman is an odd job, so he decided to promote himself to full-fledged villain. In 2017 he did an unregistered securities offering (then commonly spelled “ICO”) for Binance. 

Binance rose meteorically from then until recently, essentially gaining share at the expense of waning Bond villains. To oversimplify greatly, it carved up the less-regulated side of the crypto market with FTX, with Binance mostly taking customers in geopolitical adversaries of the U.S. (most notably greater China) and FTX mostly taking them in geopolitical allies (most notably, South Korea, Singapore, and the U.S.). But the cartels did not partition the globe in a way which fully insulated them from each other.

These operations were intertwined and coordinated. How intertwined? Binance was a part-owner of FTX until SBF decided successfully capturing U.S. regulators was a lot more likely if his cap table named more Californian trees and fewer Bond villains. How coordinated? The name of the Signal chat was Exchange Coordination.

This eventually led to grief as CZ (mostly accurately) perceived SBF was using the U.S. government as a weapon against Binance. He retaliated by strategic leaking, leading to a collapse in the value of FTX's exchange token, a run on the bank, and FTX's bankruptcy.

Where was Binance in all of this?

Binance did a heck of a lot of business in Japan in the early years. This officially ended in March 2018 when the Financial Services Agency, Japan’s major financial regulator, made it extremely clear that Binance was operating unlawfully in serving Japanese customers without registering in the then-relatively-new framework for virtual currency exchange businesses.

As an only-sometimes-following-crypto skeptic, this was the thing which brought Binance to my attention. Binance was piqued, saying that they had engaged the FSA in respectful conversations and then learned they were being kicked out of the country from a news report. Having spent roughly twenty years getting good at understanding how Japanese bureaucratic procedures typically work, I surmised  “...that is a very plausible outcome if you start your getting-to-know-you chat with ‘Basically I am a James Bond villain.’” I think that was the first time the metaphor came to me.

The order expelling them listed their place of business as Hong Kong, with a dryly worded asterisk stating that this was taken from their statements on the Internet and “...there exists the possibility that [this information] is not accurate as of the present moment in time.”

That, Internets, is how a salaryman phrases “I am absolutely aware that you maintain a team and infrastructure in Japan.”

Did Binance exit Japan? Well, that depends. Did CZ personally return to Japan? Probably not. Does Binance continue to serve Japanese customers? Yes, though (Bond villain!) it pretends not to. Where does Binance’s exchange run as a software artifact? As a statement of engineering fact: in an AWS data center in Tokyo. ap-northeast-1, if you want to get technical.

 (Someone needs to write an East Asian studies paper on how Tokyo became Switzerland for Asian crypto enthusiasts due to a combination of governance, network connectivity, latency, and geopolitical risk. I nominate anyone other than me.)

Binance also maintained an office in Shanghai, with many executives working there. It was raided by the Chinese police. Binance denied that the office existed. The spokesman’s quote was pure Bond villain: “The Binance team is a global movement consisting of people working in a decentralized manner wherever they are in the world. Binance has no fixed offices in Shanghai or China, so it makes no sense that police raided on any offices and shut them down.”

This was a lie wrapped around a tiny truth. Internet-distributed workforces containing many mobile professionals do not exactly resemble a single building with all your staff and your nameplate on the door.

Of course, on the actual substantive matter, it was a lie.

We know it was a lie, because (among many other reasons) we have the chat logs where the parts of their criminal conspiracy that operated in the U.S. complain that the parts of their criminal conspiracy that operated in Shanghai kept information from them that they needed to do their part to keep the crime operating smoothly. Coworkers, man.

Binance’s Chief Compliance Officer, one Samuel Lim, apparently is not a fan of The Wire and never encountered Stringer Bell’s dictum on the wisdom of keeping notes on a criminal conspiracy. He writes great copy, most memorably “[We are] operating as a fking unlicensed security exchange in the U.S. bro.” He and many other Binance employees have helpfully documented for posterity that their financial operations teams were, for most of corporate history, working from Shanghai.

Binance also operated in the state of Heisenbergian uncertainty, sometimes known as Malta. Malta has a substantial financial services industry, which welcomed Binance with open arms in 2018 and then pretended not to know him in 2020. This continues Malta’s proud tradition of strategic ambiguity as to whether it is an EU country or rentable skin suit for money launderers. ¿Por qué no los dos? Despite this, Binance would continue claiming to customers and other regulators for a while that it was fully authorized to do business by Malta.

Binance operates in Russia, to enable its twin businesses of cryptocurrency speculation and facilitating money laundering. In 2023 it pretended to sell its Russian operations.

Binance operated in many jurisdictions. The U.K.: kicked out. France: under investigation. Germany, the Netherlands, etc, etc, they required non-teams of non-employees at non-headquarters to keep track of all the places they weren’t registered doing their non-crimes.

A core cadre of the Binance executive team is currently in the United Arab Emirates, where CZ hopes to return. He professes that he will await sentencing there, and pinkie swears that he will totally get back on a plane to the U.S. to show up to it. For reasons which are understandable by anyone with more IQ than a plate of jello, the U.S. is skeptical he will make good on this promise, and is currently, as of Thanksgiving 2023, attempting to keep him in the U.S. He is physically present to sign what Binance advocates believe is the grand compromise to put all his legal worries behind them.

A defining characteristic of Bond villains is that they think they are very smart and everyone else is very stupid. To be fair, when you play back the movie of the last few years of their life, they keep winning and their adversaries look like nincompoops.

Then, they get extremely confident and begin to make poor life choices.

How did this work for so freaking long?

Much like the optimal amount of fraud is not zero, the global financial system institutionally tolerates (and actively enables) some shenanigans at the margin. You can think of Binance, Tether, FTX, and all the rest as talented amateurs capable of engaging the services of professionals. They followed advice and grew like a slime mold into the places where shenanigans are wink-and-a-nudge tolerated.

Why tolerate shenanigans? Some shenanigans are necessary to keep the world spinning.

China has grown into an economic superpower via capitalism while also at times officially having private property ownership be illegal. That circle cannot be squared. We, the global we, want Chinese people to not live in grinding poverty. That requires economic growth. Economic growth required making things the world wanted. Selling those things required integration into the global economic order. That required a willingness to ignore things the Communist dictatorship said were crimes, while simultaneously saying “Oh, bankers definitely, definitely shouldn’t facilitate billionaires committing crimes.”

As I’ve remarked previously, we similarly have complicated preferences with regards to Russian oligarchs. In some years, money laundering for them is, how might a gifted speaker phrase this, “[b]ringing our former adversaries, Russia and China, into the international system as open, prosperous and stable nations.” In other years, money laundering for them is described as funding Russia’s war machine.

Finance is messy because the world is messy.

Some of the shenanigans aren’t strictly necessary or planned, but society considers an expenditure of effort required to curtail them to be wasteful or to compromise our other goals. We had all the technology required to CC regulators on every banking transaction years before slow database enthusiasts decided all transactions would eventually be publicly readable and persisted forever. We simply chose not to implement it. It would have been quite expensive and infringed on the privacy of many ordinary people and firms.

But Binance, and others, forgot the critical step, to the annoyance of their engaged professionals: you have to eventually stop growing and keep to a low profile. You have to simply be content with being fantastically rich. If you do, you can continue showing up to the nicest parties in New York, owning expensive real estate in London, and commuting to a comfortable office in Hong Kong or the Bahamas or many other places.

But crypto kept growing until the control systems could not ignore them any longer. And the control systems cannot continue to avoid knowledge of the crimes.

So, so many crimes. Many of them are what crypto advocates consider as utterly inconsequential, like serially lying on paperwork. And also Binance gleefully and knowingly banked terrorists and child pornographers. That’s not an allegation; that has been confessed to. There is no line a Bond villain will not cross. They will cross them performatively.

And, surprising even me, some crypto characters consciously adopt the aesthetic of Bond villains. Le Chiffre, the villain in Casino Royale, owns a fictional house. That house exists in the physical world, where a location scout said “This certainly looks like the sort of place a Bond villain would live.” Jean Chalopin owned that literal, physical house. (c.f. Zeke Faux’s Number go Up, Kindle location 1175.) As previously discussed, Chalopin is a professional bagman, and his largest client was previously Tether.

What happens to Binance now?

Some believe that Binance admitting to being a criminal conspiracy is actually good news, not merely in the memetic “good news for Bitcoin” sense, but because this upper-bounds Binance’s exposure somewhere below “The United States forcibly dismantles the most important crypto exchange and much of the infrastructure it touches.”

The immediate consequences are about $4 billion in fines. Despite being one of the world’s largest hodlers, the U.S. will not accept payment in Bitcoin, and Binance has agreed to pay in installments over the next two years. CZ and Binance will be sentenced in February.

Some people think the grand bargain was to avoid him getting imprisoned. The actual text of the agreement says that Binance gets to walk away from some parts of it if he is sentenced to more than 18 months. (Senior officials told the NYT they are contemplating asking for more than that.)

Probably more consequentially, the settlements are going to force Binance to install so-called monitors internally. Those monitors are effectively external compliance consultants, working at the expense of Binance in a contractual relationship with them, but whose true customer is the United States. The monitors have pages upon pages of instructions as to exactly how they are to reform Binance’s culture by implementing recommendations to bring onboarding, KYC, and AML processes into compliance with the law everywhere Binance does business, and sure, that is part of the job.

But the other part of the job is that they’re an internal gateway to any information Binance has ever had, or will ever have. This can be queried essentially at will by law enforcement, with Binance waiving substantially all rights to not cooperate.

You might reasonably ask “Hey, doesn’t the U.S. typically require a warrant to go nosing about in the business of people who haven’t been accused of a crime?” And, to oversimplify half a century of jurisprudence, one loses one’s presumption of privacy if one brings a business into one’s private affairs. All of Binance’s customers and counterparties gave up their privacy to Binance by transacting with it. The U.S. has Binance’s permission to examine all of Binance’s historical, current, and future records, at will, for at least the next three years. It also secured a promise that Binance would assist in any investigation.

And so, if one were hypothetically not yet indicted by the U.S., but one had hypothetically done business with one’s now-confessed money launderer, one’s own Fourth Amendment protections do not protect the U.S. from hoovering up every conversation and transaction with Binance.

All of this is certainly good news and we can put this messy chapter behind us, say crypto advocates.

How are Bond villains actually regulated?

Was the Bond villain strategy ever going to work? Did Binance have a reasonable likelihood of prevailing on jurisdictional arguments, like telling the U.S. that the Binance mothership had no U.S. presence and so it should not be subject to U.S. law? No. Crikey, no. The system has to be robust to people lying or acting from less-salubrious jurisdictions, at least to the extent it cares about being effective, and at least some of the time it does actually care about being effective.

The U.S.’s point of view on the matter, elucidated at length in any indictment for financial crimes, is that if you have ever touched an electronic dollar, that dollar passed through New York, and therefore you’ve consented to the jurisdiction of the United States. Dollarization is very intentionally wielded like a club to accomplish the U.S.’s goals.

There exist some not-very-sympathetic people one could point to who ran afoul of this over the years who are still much more sympathetic than Binance. Binance intentionally used the U.S. market and infrastructure to make money. The U.S. was essential to their enterprise. Many peer nations can, and will, make a similar argument.

Binance had tens of percent of their book of business in the U.S. They were absolutely aware of this, knew that some of those users were their largest VIPs or otherwise important, and took steps to maximize for U.S. usage while denying they served Americans.

Their engineers didn’t accidentally copy the exchange onto AWS or deploy it to Tokyo by misclicking repeatedly. The crypto industry playbook for doing sales and marketing looks like everyone else’s playbook for doing sales and marketing. They get on planes, present at events, send mail, hire employees (or otherwise compensate agents), open offices, etc etc.

If having an email address meant you didn’t exist in physical reality anymore, the world would be almost empty.

CZ personally signed for bank accounts for some of his money laundering subsidiaries at U.S. banks, like Merit Peak and Sigma Chain. The SEC traced more than $500 million through one of those accounts.

One major rationale for KYC legislation, as discussed previously, is that it makes prosecuting Bond villains easier. Even if compliance departments at banks are utterly incompetent at detecting Bond villains at signup, having extracted the Bond villain’s signature on account opening documents is very useful to prosecutors a few years down the road. Why have to do hard work quantifying exactly how many engineers work on which days at Binance’s offices in San Francisco when you can do the easy thing and say “Hey, fax me the single piece of paper where the Bond villain signed up for responsibility for all the crimes, please.”

Why do Bond villains sign for bank accounts in highly regulated jurisdictions? Partly it is because of beneficial ownership KYC requirements to open bank accounts. Partly it is because finding loyal, trustworthy subordinates is very hard if you’re a Bond villain, and Bond villains (sensibly!) worry that if the only name on the paperwork is a henchman, eventually that henchman might say “You know, actually, I would like to withdraw the $500 million I have on deposit with you.”

(This is why Bond villains frequently have e.g. the mother of their children sign for bank accounts. Bond villains, again, think everyone else is stupid, and that no one will cotton onto this.)

A subgenre of challenges in people management for Bond villains: you have to hire experienced executives in the United States to run the U.S. fig leaf for your global criminal empire. The people you hire will, by nature, be experienced financial industry veterans who are extremely sophisticated and have access to good lawyers. This combination of attributes is the recipe for being the best in the world at filing whistleblower claims. I expect a few previously executives at Binance U.S. are eventually going to take home the most generous pay packages in the entire financial industry for a few years between 2018 and 2022.

To make this palatable to the American public, those whistleblower rewards are not courtesy of the taxpayer; they’re courtesy of money seized from previous Bond villains. A portion of Binance’s settlement(s) will go to pay the whistleblowers at the next Bond villain. It’s a circle of life.

News that will break shortly

Different regulators have differing ability to prosecute complex cases, but they basically all have the ability to read simple legal documents. That is one of the things they are best at doing.

Binance will suffer a wave of tag-along enforcement actions, in the U.S. and globally. Partly this will be for face saving; global peers of the U.S., which Binance has transacted billions of dollars in, will largely not want to signal “Oh we’re totes OK with money laundering for terrorists and child pornographers”, and so they’re going to essentially copy/paste the U.S. enforcement actions. They will then play pick-a-number with Binance’s new management team, who will immediately cave.

The earliest version of this is probably only weeks away, but Binance will deal with it for years.

More interestingly, and likely more expensively, the SEC is going to hit Binance like a ton of bricks. They were one of the few regulators which opted out of consolidating with the DOJ’s deal. They think they have Binance dead to rights (they do), and tactically speaking, the deal makes their life even easier. Binance has waived ability to contest some things the SEC will argue. The SEC can now proxy requests for evidence to Binance’s monitors through other federal agencies.

Binance has had the enthusiastic cooperation of many people who walk in light in addition to their co-conspirators who walk in shadow. Those people, lamentably inclusive of some in the tech industry who I feel a great deal of fellow-feeling for, are going to start cutting off access to Binance. Compliance departments at their corporate overlords, which were either entirely in the dark or willing to be persuaded that a new innovative industry required some amount of flexibility with regards to controls, are (today) having strongly worded conversations which direct people to lose Binance’s number.

Binance has pre-committed to helping with the efforts to cauterize them from the financial system. They also pre-committed to assisting in, specifically, the investigation of their sale of the Russia business. That investigation will conclude that the sale was a sham (a Bond villain lied?) designed to avoid sanctions enforcement. Ask your friends in national security Washington how well that is going to go over.

Binance is going to be slowly ground into a very fine paste.

Many crypto advocates believe the U.S. institutionally wants to see Binance reform into a compliant financial institution. They are delusional. The U.S. is already practicing their lines for the next press conference. This course of action allows them to deflate Binance gradually while minimizing collateral damage, which responsible regulators and law enforcement officials actually do care quite a bit about.

The U.S. is aware that many high-status institutions and individuals, which are within the U.S.’s circle of trust, actively collaborated with Binance. Most of them will escape serious censure.

A few examples will be made, especially in cases where it is easy to make an example, because the firm is no longer operating financial infrastructure. This will take ages to happen and be public but relatively quiet, insofar as senior U.S. regulators will not get on TV to make international headlines announcing it. It will be one of the stories quietly dribbled out on a Friday to the notice mostly of people who draft Powerpoint decks for Compliance presentations. If you want a flavor for these, join any financial firm and pay attention during the annual training; you’re stuck going to it, anyway.

You seem a little smug, Patrick

I’m not breaking out the Strategic Popcorn Reserves yet, but I will admit to a certain amount of schadenfreude here. The world was grossly disordered for many years. It has corrected a relatively small amount.

We are a nation of laws. I’d support reforming some of them; a lot of the AML/KYC regulatory apparatus harms individuals who have done no wrong. Much is not well-calibrated in terms of societal costs versus occasionally facilitating a Bond villain’s self-immolation.

However, in the interim, one cannot simply gleefully ignore the laws because the opportunity to do so allows you to become wealthy beyond the dreams of avarice. Even staunch crypto advocates looking at Binance’s conduct see some things they are not happy to be associated with. Not all of the crimes were victimless crimes.

There exists the possibility that there is some salvageable licit business in crypto. People enjoy gambling. But if you factor out the crime, the largest casino in the world is not that interesting a business relative to the one that Binance et al ran the last few years.

I do not know if we’ll ever have a world with this scale of crypto businesses without the crime. The crime was the product. An opportunity to transform global financial infrastructure was greatly overstated and has not come to pass. I do not expect this to change.

Read the whole story
Flameeyes
99 days ago
reply
London, Europe
Share this story
Delete

Getting the world off Chrome

1 Share

I'm seeing more and more folk post, "we got out of IE, we can get out of Chrome," on social media, referencing the nigh-monopoly Chrome has on the browsing experience. Unless you're using Firefox or Safari, you're using Chrome or a Chromium-derived browser. For those of you too young to remember what internet life under Internet Explorer was like, here is a short list of why it was not great:

  • Once Microsoft got the browser-share lock in, it kind of stopped innovating the browser. It conquered the market, so they could pull back investment in it.
  • IE didn't follow standards. But then, Microsoft was famous for "embrace and extend," where they adopt (mostly) a standard, then Microsoftify it enough no one considers using the non-MS version of the standard.
  • If you were on a desktop platform that didn't have IE, such as Apple Macintosh, you were kinda screwed.

Google Chrome took over from IE for three big reasons:

  • They actually were standards compliant, more so than the other alt-browsers (Mozilla's browsers, Opera, and Safari)
  • They actually were trying to innovate in the browser
  • Most important: they were a megacorp with a good reputation who wanted everyone to use their browser. Mozilla and Opera were too small for that, and Apple never has been all that comfortable supporting non-Apple platforms. In classic dot-com era thinking, Google saw a dominant market player grow complacent and smelled a business opportunity.

This made Chrome far easier to develop for, and Chrome grew a reputation for being a web developer's browser. This fit in nicely to Google's plan for the future, which they saw as full of web applications. Google understands what they have, and how they got there. They also understand "embrace and extend," but found a way to do that without making it proprietary the way Microsoft did: capture the standards committees.

If you capture the standards committees, meaning what you want is almost guaranteed a rubber stamp from the committee, then you get to define what industry standard is. Microsoft took a capitalist, closed-source approach to embrace and extend where the end state was a place where the only viable way to do a thing was the thing that was patent-locked into Microsoft. Google's approach is more overtly FOSSY in that they're attempting to get internet consensus for their changes, while also making it rather harder for anyone else to do what they do.

Google doesn't always win. Their "web environment integrity" proposal, which would have given web site operators far greater control over browser extensions like ad-blockers, quietly got canned recently after internet outrage. Another area that got a lot of push back from the internet was Chrome's move away from "v2 manifest" extensions, which include ad-blockers, in favor of "v3 manifest" plugins which made ad-blockers nearly impossible to write. The move from v2 to v3 was delayed a lot while Google grudgingly put in abilities for ad-blockers to continue working.

Getting off of Chrome

The circumstances that drove the world off of Internet Explorer aren't there for Chrome.

  • Chrome innovates constantly and in generally user-improving ways (so long as that improvement doesn't majorly affect ad-revenue)
  • Chrome listens, to a point, to outrage when decisions are made
  • Chrome is functionally setting web standards, but doing so through official channels with RFCs, question periods, and all that ritual
  • Chrome continues to consider web-developer experience to be a number one priority
  • Alphabet, Google's parent company, fully understands what happens when the dominant player grows complacent, they get replaced the way Google replaced Microsoft in the browser wars.

One thing has changed since the great IE to Chrome migration began, Google lost its positive reputation. The old "don't be evil" thing was abandoned a long time ago, and everyone knows it. Changes proposed by Google or Google proxies are now viewed skeptically; though, overtly bad ideas still require internet outrage to delay or prevent a proposal from happening.

That said, you lose monopolies through either laziness of the monopolist (Microsoft) or regulatory action, and I'm not seeing any signs of laziness.

Read the whole story
Flameeyes
100 days ago
reply
London, Europe
Share this story
Delete

"Industry standard" isn't useful in arguments

1 Share

This is a controversial take, but the phrase "it's industry standard" is over-used in technical design discussions of the internal variety.

Yes, there are some actual full up standards. Things like RFCs and ISO-standards are actual standards. There are open standards that are widely adopted, like OpenTelemetry and the Cloud Native Computing Foundation suite, but these are not yet industry standards. The phrase "industry standard" implies consensus, agreement, a uniform way of working in a specific area.

Have you seen the tech industry? Really seen it? It is utterly vast. The same industry includes such categories as:

  • Large software as a service providers like Salesforce and Outlook.com
  • Medium software as a service providers like Box.com and Dr. Chrono
  • Small software as a service providers like every bay area startup made in the last five years
  • Large embedded systems design like the entire automotive industry
  • Highly regulated industries like Health Care and Finance, where how you operate is strongly influenced by the government and similar non-tech organizations
  • The IT departments at all of the above, which is much smaller than they used to be due to the SaaS revolution, but still exist
  • Scientific computing for things like space probes, satellite base systems, and remote sensing platforms floating the oceans
  • Internal services work at companies that don't sell technology, places like UPS, Maersk, Target, and Orange County California.

The only thing the above have any kind of consensus on is "IP-based networking is better than the alternatives," and even that is a bit fragile. Such out there statements like "HTTP is a standard transport" are ones you'd think there would be consensus on, but you'd be wrong. Saying that "kubernetes patterns are industry standard" is a statement of desire, not a statement of fact.

Thing is, the Sysadmin community used this mechanic for self-policing for literal decades. Any time someone comes to the community with a problem, it has to pass a "best practices" smell test before we consider answering the question as asked; otherwise, we'll interrogate the bad decisions that lead to this being a problem in the first place. This mechanic is 100% why ServerFault has a "reasonable business practices" close reason:

Questions should demonstrate reasonable information technology management practices. Questions that relate to unsupported hardware or software platforms or unmaintained environments may not be suitable for Server Fault.

Who sets the "best practices" for the sysadmin community? It's a group consensus of the long time members, which is slightly different between each community. There are no RFCs. There are no ISO standards. The closest we get is ITIL, the IT Infrastructure Library, which we all love to criticize anyway.

Best practices, which is "industry standard" by an older name, have always been an "I know it when I see it" thing. A tool used by industry elders to shame juniors into changing habits. Don't talk to me until you level up to the base norms of our industry, pleeb; and never mind that those norms are not canonicalized anywhere outside of my head.

This is why the phrase "it's industry standard" should not be used in internal technical design conversations

This phrase is shame based policing of concepts. If something is actually a standard, people should be able to look it up and see the history of why we do it this way.

Maybe the "industry" part of that statement is actually relevant; if that's the case, say so.

  • All of the base technology our market segment run on is made by three companies, so we do what they require.
  • Our industry are startups founded in 2010-2015 by ex-Googlers, so our standard is what Google did then.
  • Our industry computerized in the 1960s and has consumers in high tech and high poverty areas, so we need to keep decades of backwards compatibility.
  • Our industry is VC-funded SaaS startups founded after 2018 in the United States, who haven''t exited yet. So we need to stay on top of the latest innovations to ensure our funding rounds are successful.
  • Our industry is dominated by on-prem Java shops, so we have to be Java as well in order to sell into this market.

These are useful, important constraints and context for people to know. The vague phrase "industry standard" does not communicate context or constraints beyond, "your solution is bad, and you should feel bad for suggesting it." Shame is not how we maintain generative cultures.

It's time to drop "it's industry standard" from regular use.

Read the whole story
Flameeyes
186 days ago
reply
London, Europe
Share this story
Delete

Re-Victimization from Police-Auctioned Cell Phones

1 Share

Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found. In response, the largest online marketplace for items seized in U.S. law enforcement investigations says it now ensures that all phones sold through its platform will be data-wiped prior to auction.

Researchers at the University of Maryland last year purchased 228 smartphones sold “as-is” from PropertyRoom.com, which bills itself as the largest auction house for police departments in the United States. Of phones they won at auction (at an average of $18 per phone), the researchers found 49 had no PIN or passcode; they were able to guess an additional 11 of the PINs by using the top-40 most popular PIN or swipe patterns.

Phones may end up in police custody for any number of reasons — such as its owner was involved in identity theft — and in these cases the phone itself was used as a tool to commit the crime.

“We initially expected that police would never auction these phones, as they would enable the buyer to recommit the same crimes as the previous owner,” the researchers explained in a paper released this month. “Unfortunately, that expectation has proven false in practice.”

The researchers said while they could have employed more aggressive technological measures to work out more of the PINs for the remaining phones they bought, they concluded based on the sample that a great many of the devices they won at auction had probably not been data-wiped and were protected only by a PIN.

Beyond what you would expect from unwiped second hand phones — every text message, picture, email, browser history, location history, etc. — the 61 phones they were able to access also contained significant amounts of data pertaining to crime — including victims’ data — the researchers found.

Some readers may be wondering at this point, “Why should we care about what happens to a criminal’s phone?” First off, it’s not entirely clear how these phones ended up for sale on PropertyRoom.

“Some folks are like, ‘Yeah, whatever, these are criminal phones,’ but are they?” said Dave Levin, an assistant professor of computer science at University of Maryland.

“We started looking at state laws around what they’re supposed to do with lost or stolen property, and we found that most of it ends up going the same route as civil asset forfeiture,” Levin continued. “Meaning, if they can’t find out who owns something, it eventually becomes the property of the state and gets shipped out to these resellers.”

Also, the researchers found that many of the phones clearly had personal information on them regarding previous or intended targets of crime: A dozen of the phones had photographs of government-issued IDs. Three of those were on phones that apparently belonged to sex workers; their phones contained communications with clients.

An overview of the phone functionality and data accessibility for phones purchased by the researchers.

One phone had full credit files for eight different people on it. On another device they found a screenshot including 11 stolen credit cards that were apparently purchased from an online carding shop. On yet another, the former owner had apparently been active in a Telegram group chat that sold tutorials on how to run identity theft scams.

The most interesting phone from the batches they bought at auction was one with a sticky note attached that included the device’s PIN and the notation “Gry Keyed,” no doubt a reference to the Graykey software that is often used by law enforcement agencies to brute-force a mobile device PIN.

“That one had the PIN on the back,” Levin said. “The message chain on that phone had 24 Experian and TransUnion credit histories”.

The University of Maryland team said they took care in their research not to further the victimization of people whose information was on the devices they purchased from PropertyRoom.com. That involved ensuring that none of the devices could connect to the Internet when powered on, and scanning all images on the devices against known hashes for child sexual abuse material.

It is common to find phones and other electronics for sale on auction platforms like eBay that have not been wiped of sensitive data, but in those cases eBay doesn’t possess the items being sold. In contrast, platforms like PropertyRoom obtain devices and resell them at auction directly.

PropertyRoom did not respond to multiple requests for comment. But the researchers said sometime in the past few months PropertyRoom began posting a notice stating that all mobile devices would be wiped of their data before being sold at auction.

“We informed them of our research in October 2022, and they responded that they would review our findings internally,” Levin said. “They stopped selling them for a while, but then it slowly came back, and then we made sure we won every auction. And all of the ones we got from that were indeed wiped, except there were four devices that had external SD [storage] cards in them that weren’t wiped.”

A copy of the University of Maryland study is here (PDF).

Read the whole story
Flameeyes
287 days ago
reply
London, Europe
Share this story
Delete

La Settimana Enigmistica Digitale e la loro nuova app

1 Share

This is the first post in Italian on this blog in over ten years, mostly because it only really applies to readers who would be understanding Italian in the first place. Please see the summary on Mastodon, if you’re curious.

Sono praticamente cresciuto con La Settimana Enigmistica. Non riesco ad immaginare nessuno, in Italia, che non conosca almeno di nome questa rivista, che viene pubblicata da quasi un secolo, ininterrottamente. Quand’ero bambino, mia madre compilava le parole crociate ogni settimana, lasciandomi i giochi più semplici, come La Pista Cifrata, Che Cosa Apparirà? e Aguzzate La Vista — e man mano che sono cresciuto, mi ha insegnato a risolvere le parole crociate, semplici, crittografate e senza schema.

Purtroppo, perché la vita va come viene a volte, mentre da bambino sia La Settimana che Topolino erano dei punti di riferimento settimanali, col tempo sono diventati molto meno regolari. Con l’eccezione dei mesi passati in ospedale, dove almeno avevo a disposizione un’edicola e tanto tempo da perdere. Ma è stato solo quando me ne sono andato dall’Italia che mi sono reso conto quanto mi mancasse La Settimana.

Non è un caso che non abbia più scritto praticamente nulla in italiano da quando me ne sono andato — per quanto fossi sempre stato un bravo studente di grammatica, non sono mai stato portato nello scrivere temi in classe, o in generale nella scrittura creative italiana. Ma in aggiunta a tutto questo, scrivere in italiano è difficile da quando passo praticamente tutto il tempo a pensare e scrivere in inglese. Per dare un esempio, solo dopo aver scritto quasi tutto questo paragrafo mi sono reso conto di andare a togliere la maiuscola da italiano e inglese — vanno maiuscoli in inglese.

La Settimana Enigmistica, e in particolare, ma non solamente, le Parole Crociate, sono un’ottima ginnastica mentale per mantenere almeno un minimo di connessione con la lingua, e con il Paese. Per fare un esempio, ho scoperto che 3 Italia e Wind si fossero fuse… in una delle domende dell’Edipeo enciclopedico!

Ma come ho fatto a leggere la Settimana da Dublino (prima) e Londra (poi)? O per i molti mesi che sono stato in viaggio negli Stati Uniti, Cina, o altrove? Beh, nove anni fa, fu lanciata La Settimana Enigmistica Digitale — una versione completa della Settimana Enigmistica disponibile su tablet, sia iOS che Android. Ovviamente mi ci sono fiondato subito — eventualmente comprando un tablet Samsung con S-pen principalmente per questo motivo!

Negli scorsi nove anni, ho comprato (tra abbonamenti e numeri sfusi) 224 numeri della Settimana digitale. Non li ho sfogliati o risolti tutti, principalmente per motivi di tempo. Ma quando ho avuto tempo, modo, ed energie, sono stati un’ancora verso le mie origini, la mia “coperta di Linus” se vogliamo dirla così. L’applicazione non ha sempre funzionato molto bene a vederla bene, e non ha mai sfruttato le capacità moderne di dispositivi con il supporto per penne EMR per disattivare il touchscreen quando si usa la penna, ma almeno dal mio punto di vista non è stata una pessima scelta.

Purtroppo la rivista ha deciso di abbandonare questa applicazione in favore ad una nuova:

Caro lettore,martedì 9 maggio verrà rilasciata una nuova applicazione, in sostituzione di quella attuale. La nuova App sarà scaricabile dagli store e sarà supportata da dispositivi tablet con sistema operativo iOS 14 e Android 7 o versioni successive.

A causa di questo cambio di piattaforma, per facilitare il passaggio alla nuova App, a partire dal 03/05/2023 verrà inibita la possibilità di sottoscrivere abbonamenti nella vecchia versione.

Al rilascio della nuova applicazione, gli abbonamenti attivi già sottoscritti verranno trasferiti in modo da continuare la fruizione del servizio sulla nuova App. Le riviste verranno pubblicate anche sull’applicazione attuale fino al numero del 8/06/2023 e saranno giocabili fino al 10/07/2023, data in cui essa verrà dismessa definitivamente.

La Settimana Enigmistica — 26 Aprile 2023

Con poco più di una settimana di anticipo dal lancio della nuova versione, La Settimana Enigmistica ha deciso di dare una grossa scrollata di spalle ai lettori di lunga data. Giusto per essere chiari, ho chiesto conferma se fosse previsto che la nuova applicazione avesse a disposizione i precedenti numeri:

Buongiorno,

nella nuova applicazione i possessori di un abbonamento attivo avranno accesso anche ai numeri vecchi compresi nel loro abbonamento.
Saranno però presenti solo i numeri pubblicati negli ultimi 12 mesi, per cui i numeri precedenti al maggio 2022 non saranno sicuramente disponibili.

Ci scusiamo per il disagio, purtroppo l’avanzamento tecnologico ci ha imposto un aggiornamento della piattaforma.

La Settimana Enigmistica — 28 Aprile 2023

Ora, l’ultimo numero che ho acquistato nell’applicazione precedente risale a Febbraio 2022 (non ho comprato numeri recentemente perché onestamente ho accumulato tantissimi numeri che non ho completato) in che significa che, dopo luglio, la vecchia applicazione sarà rimossa e non avrò più modo di completare questi numeri. Ho continuato la conversazione con il supporto, chiedendo se avessero l’intenzione di permettere a chi ha comprato i numeri in precedenza di accedere ai PDF usati dall’app, ma ho ricevuto una risposta negativa, e nessuna offerta per risolvere la questione.

Ora, è verissimo che, da sviluppatore di Software Libero incluso VLC, comprendo benissimo il problema che “l’acqusito” di contenuti digitali provvisti di DRM non sia mai al sicuro, ma non ho mai visto nessun fornitore di servizi digitali suggerire ai propri lettori, con poco più di qualche mese a disposizione, di buttar via fino a nove anni di contenuti. Non stiamo parlando di un film o due o di qualche videogioco — chi si è abbonato al lancio e ha continuato a ricevere numeri finora, andrà a perdere oltre €600 in contenuti!

In tutto questo, temo che la Settimana Enigmistica abbia fatto un errore di fondo, però. Il DRM non è mai uno strumento assoluto, e poiché invece di inventare un nuovo formato per distribuire la rivista digitale, la vecchia applicazione sfruttava dei PDF perfettamente standard, l’unica difficoltà nel poterli utilizzare è la necessità di trovare la password che ognuno di questi possiede — e visto che mi hanno infranto il cuore, mi sono impegnato (neanche tanto) e ho trovato il modo di recuperare tali passwords.

Non pubblicherò il codice per ritrovare le password fino a Luglio! Inizialmente avrei voluto pubblicarlo oggi, ma ho un certo timore per il fatto che, sia in UK dove abito che in Italia dove La Settimana ha sede, la circonvenzione dei DRM anche per copia privata è illegale. In Italia, tecnicamente, è possibile farne una copia analogica, ma non credo sia di nessun interesse andare a stampare La Settimana digitale.

La mia speranza è che La Settimana veda quanto disruttiva sia la loro idea, e decida di caricare tutti i numeri precedenti sulla nuova applicazione — nel qual caso non avrò motivo di pubblicare il codice necessario. Tecnicamente, sono andato a violare le condizioni generali d’uso della vecchia applicazione. Allo stesso tempo, nulla nelle condizioni di vendita fornite da La Settimana Enigmistica Digitale suggerisce la loro capacità di distruggere i miei acquisti senza fornire un rimborso.

Nel frattempo se avete comprato numeri sulla vecchia applicazione vi consiglio di scaricarli tutti, e di fare una copia dei dati presenti. In particolare, su Android, vi servirà l’intera cartella Android/data/com.atono.lasedigitale/files/lase_digitale/Issues (tecnicamente escludendo le anteprime, ma vi consiglio di prendere l’intera cartella). Non so se o come sia possibile fare altrettanto su iOS — e non so se i PDF usati su iOS siano gli stessi usati su Android.

Come, tecnicamente, ci sono riuscito

Anche se aspetterò di pubblicare il codice nel momento in cui l’applicazione smetterà di funzionare (sempre che La Settimana Enigmistica non senta ragioni per cambiare idea), posso almeno fornire una breve descrizione.

L’applicazione Android (e immagino pure la versione iOS) scarica dei semplici file PDF per ogni numero acquistato, in aggiunta ad un file chiamato issue.json (che non è, a prima vista, un file JSON) e ad una quantità di anteprime a bassa risoluzione. Purtroppo tali PDF sono protetti da password quindi non sono direttamente apribili da un lettore PDF qualsiasi — al contrario delle restrizioni su duplicazione e stampa, che sono implementate “a parola d’onore”, i file PDF protetti da password sono cifrati.

Prima ancora di avere un modo di recuperare la password, ho scaricato tutti i numeri che ho comprato negli anni e fatto una copia dell’intera cartella Issues dal mio tablet — nel dubbio, in qualche modo le password potrebbero essere spuntate fuori. Come primo tentativo, ho lasciato il mio PC provare a trovare la password di forza bruta per una notte, senza risultati — come farò vedere fra poco, questa missione sarebbe stata completamente impossibile.

Il giorno dopo, in preda a… non disperazione, ma sicuramente noia, mi sono lamentato su Mastodon della situazione, e il mio amico ed ex-collega Pierre mi ha ricordato di fare una copia dell’applicazione stessa, nel caso in cui fosse più semplice riversare l’implementazione.

Presa la copia dell’applicazione, che non pare essere stata aggiornata dal 2011, c’ho dato un’occhiata veloce — pur sapendo che Android non è il mio forte, e non avendo mai provato a fare reverse engineering di Java in vita mia. Ma appena ho estratto il file APK (è solo un file ZIP con una struttura specifica), mi sono accorto di una cosa abbastanza banale: l’applicazione usa MuPDF.

MuPDF è un’applicazione, e una libreria, al momento sviluppata da Artifex (gli stessi di GhostScript) che permette di includere PDF direttamente in un’applicazione. In particolare, la vecchia applicazione della Settimana Digitale, usa un’estensione JNI per chiamare MuPDF dal codice Java dell’applicazione Android. Questo significa che anziché avere un’implementazione oscura (od oscurata) per decifrare i PDF, l’applicazione deve semplicemente chiamare la funzione authenticatePassword. Anche senza il minimo di esperienza in Java, trovare dove il codice chiama questa funzione dovrebbe essere banale.

Tra l’inizio del mio thread su Mastodon e avere il PDF aperto su Microsoft Edge (conoscendone quindi la password) mi ci sono volute circa cinque ore — di queste ne ho buttate un paio per tentare di far funzionare Flatpak su WSL/Ubuntu (non ha funzionato), ed eventualmente per installare Fedora Workstation su una macchina virtuale (dove Flatpak ha funzionato e Jadx mi ha permesso di aprire il codice molto semplicemente), e un’altra ora persa per via di un refuso che continuava a darmi la risposta sbagliata.

Quando pubblicherò il codice sarà abbastanza ovvio, ma per il momento vi basti sapere che non avrei mai potuto recuperare la password per forza bruta: si tratta di una password con lettere (minuscole e maiuscole), numeri, e simboli, per un totale di 28 caratteri! Secondo Hive Systems, servirebbero oltre ventiseimila miliardi di anni per ritrovare la password!

In realtà, già dal codice è possibile restringere lo spazio di ricerca: la parte centrale della password è fomata da 12 caratteri costanti che includono simboli — mentre i restanti 16 sono presi dall’alfabeto base64 (che, con l’eccezione dell’ultimo carattere, comprende 63 simboli.) Questo significa che, anche conoscendo la parte costante, ogni numero è richiederebbe selezionare la password corretta tra 225787570473400320: CR(63, 15)×64.

Un quarto di milioni di bilioni. Volendo generare una lista di queste possibili password, assumendo 29 bytes per password, avremmo bisogno di oltre 5.6EiB (Exibibyte). Come confronto, i primi 100 trilioni di cifre di π occupano “solamente” 82 Terabyte.

Una volta conosciuta la password, qpdf permette di decifrare i file preservando tutti gli attributi e contenuti.

Cosa si fa ora?

Prima di tutto effettuate una copia di backup dei numeri che avete acquistato! Come ho detto, assicuratevi di copiare l’intera cartella Issues (che in questo caso, se non masticate l’inglese, significa numeri, della rivista, non problemi).

Poi vi consiglierei di mandare una mail alla Settimana, per chiedergli spiegazioni, e per fargli comprendere quanto non sia una bella cosa distruggere gli acquisti di nove anni dei propri lettori. Sarebbe molto più semplice se gli sviluppatori e l’editore cambiassero idea e preservassero gli acquisti nella nuova applicazione.

Io nel frattempo ripulirò per bene il codice per il programma che recupera queste password così che non sia utilizzabile solo da me. Se nulla sarà cambiato, nel momento in cui la vecchia applicazione sarà rimossa o smetterà di funzionare, lo pubblicherò, cosi tutti gli altri lettori potranno recuperare gli acquisti perduti.

E ovviamente, tornerò a risolvere le Parole Crociate dei numeri che già possiedo e non ho completato — eccetto lo farò sul mio ReMarkable 2, anziché con la loro app. È anche più realistico!

Foto di un tablet eInk ReMarkable 2 che mostra la copertina del numero 4307 de La Settimana Enigmistica.
Read the whole story
Flameeyes
290 days ago
reply
London, Europe
Share this story
Delete

Why AI is triggering a gold rush

1 Share

...and why this is different than blockchain/cryptocurrency/web3.

Unlike the earlier crazes, AI is obviously useful to the layperson. ChatGPT finished what tools like Midjourney started, and made the average person in front of a browser go, "oh, I get it now." That is something Blockchain, Crypto currencies, and Web3 never managed. The older fads were cool to tech nerds and finance people, but not the average 20 year old trying to make ends meet through three gig-economy jobs (except as a get-rich-quick scheme).

Disclaimer: This post is all about the emotional journey of AI-tech, and isn't diving into the ethics. We are in late stage capitalism, ethics is imposed on a technology well after it has been on the market. For a more technical take-down of generative AI, read my post from April titled "Cognitive biases and LLM/AI". ChatGPT-like technologies are exploiting human cognitive biases baked into our very genome.

For those who have avoided it, the art of marketing is all about emotional manipulation. What emotions do your brand colors evoke? What keywords inspire feelings of trust and confidence? The answers to these questions are why every 'security' page on a SaaS product's site has the phrase "bank-like security" on it; because banks evoke feelings of safe stewardship and security. This is relevant to the AI gold rush because before Midjourney and ChatGPT, AI was perceived as "fancy recommendation algorithms" such as those found on Amazon and the old Twitter "for you" timeline; after Midjourney and ChatGPT AI became "the thing that can turn my broken English into fluent English" and was much more interesting.

The perception change caused by Midjourney and ChatGPT is why you see every tech company everywhere trying to slather AI on their offerings. People see AI as useful now, and all these tech companies want to be seen as selling the best useful on the market. If you don't have AI, you're not useful, and companies who are not useful won't grow, and tech companies that aren't growing are bad tech companies. QED, late stage capitalism strikes again.

It's just a fad

Probably not. This phase of the hype cycle is a fad, but we've reached the point where if you have a content database 10% the size of the internet you can algorithmically generate human-seeming text (or audio, or video) without paying a human to do it; this isn't going to change when the hype fades, the tech is here already and will continue to improve so long as it isn't regulated into the grave. This tech is an existential threat to the content-creation business, which includes such fun people as:

  • People who write news articles
  • People who write editorials
  • People who write fiction
  • People who answer questions for others on the internet
  • People who write HOW TO articles
  • People who write blog posts (hello there)
  • People who do voice-over work
  • People who create bed-track music for podcasts
  • People who create image libraries (think Getty Images)
  • People who create cover art for books
  • People who create fan art for commission

The list goes on. The impact here will be similar to how streaming services affected musician and actor income streams: profound.

AI is going to fundamentally change the game for a number of industries. It may be a fad, but for people working in the affected industries this fad is changing the nature of work. I still say AI itself isn't the fad, the fad is all the starry-eyed possibilities people dream of using AI for.

It's a bullshit generator, it's not real

Doesn't matter. AI is right often enough to fit squarely into human cognitive biases of trustworthy. Not all engines are the same, Google Bard and Microsoft Bing have some famous failures here, but this will change over the next two years. AI answers are right often enough, and helpful often enough, that such answers are worth looking into. Again, I refer you to my post from April titled "Cognitive biases and LLM/AI".

Today (May 1, 2023) ChatGPT is the Apple iPhone to Microsoft and Google's feature-phones. Everyone knows what happened when Apple created the smartphone market, and the money doesn't want to be on the not Apple side of that event. You're going to see extreme innovation in this space to try and knock ChatGPT off its perch (first mover is not a guarantee to be the best mover) and the success metric is going to be "doesn't smell like bullshit."

Note: "Doesn't smell like bullshit," not, "is not bullshit". Key, key difference.

Generative AI is based on theft

This sentiment is based on the training sets used for these learning models, and also on a liberal interpretation of copyright fair use. Content creators are beginning to create content under new licenses that specifically exclude use in training-sets. To my knowledge, these licenses have yet to be tested in court.

That said, this complaint about theft is the biggest threat to the AI gold rush. People don't like thieves, and if AI gets a consensus definition of thievery, trust will drop. Companies following an AI at all costs playbook to try and not get left behind will have to pay close attention to user perceptions of thievery. Companies with vast troves of user-generated data that already have a reputation for remixing, such as Facebook and Google, will have an easier time of this because users already expect such behavior from them (even if they disapprove of it). Companies that have high trust for being safe guardians of user created data will have a much harder time unless they're clear from the outset about the role of user created data in training models.

The perception of thievery is the thing most likely to halt the fad-period of AI, not being a bullshit generator.

Any company that ships AI features is losing my business

The fad phase of AI means just about everyone will be doing it, so you're going to have some hard choices to make. The people who can stick to this are the kind of people that are already self-hosting a bunch of things, and are fine with adding a few more. For the rest of us we have harm reduction techniques like using zero-knowledge encryption for whatever service we use for file-sync and email. That said, even the hold-out companies may reach for AI if it looks to have real legs in the marketplace.


Yeah. Like it or not, AI development is going to dominate the next few years of big-tech innovation.

I wrote this because I keep having this conversation with people, and this makes a handy place to point folk at.

Read the whole story
Flameeyes
305 days ago
reply
London, Europe
Share this story
Delete
Next Page of Stories