I got more and more warnings about long read and write-times on my main file store. It is a VM with two physical “spinning-disk” hard drives using BTRFS and snapshots as a bonehead “oops” protection(actual backups are uploaded to Amazon). I figured I would try defragmenting them:
btrfs fi defrag -rv /srv/storage/Media/
I did this for my main stores and now these wait times are shorter. I think you can see from the graph to the left approximately when I did the defragmenting:
Notice that my backup host samba01(to the right) is very even at 1 ms because it receives no read- or write-requests, being a read-only backup of samba03(yes, I have a different VM on a different physical machine with different hard drives as a read-only backup of samba03 in addition to offsite backups). Only if samba03 goes down will Keepalived move the virtual IP address to samba01, at which point I would expect it to exhibit more of the behavior currently seen on samba03.
Moral of the story: you might need to defragment your BTRFS file systems from time to time.
This annoyed me even before I had a stroke: people are not very clear in their communications. Too frequently do people say something like “He gave him a new project and he thought the deadline was too soon”. If we replace the pronous with actual names, would it be like this:
Bob gave Tom a new project and Tom thought the deadline was too soon.
Or like this?
Bob gave Tom a new project and Bob thought the deadline was too soon.
The second example seems to make less sense. Why would Bob think the deadline was too soon if the details of the project was already known to him? But this isn’t made entirely clear in the statement. We’re not well placed to object if the circumstances are such that Tom sets the deadline for the project; the original statement was vague and matches both eventualities. Just because we assumed that the first interpretation was correct doesn’t mean the statement had only one interpretation.
So any use of pronouns needs to be crafted so as to be unambiguous. This is only made more confusing by current tendencies to choose pronouns arbitrarily for oneself as He and She need not translate as the listener expects and is sometimes omitted entirely in favour of other pronouns entirely. In spoken swedish we rarely separate between They(In swedish: De) and Them(In swedish: Dem) and just use the general form “Dom“. But “Dom” can be used many times in a single sentence and refer to a melange of different groups of people or objects, which often doesn’t relay any information and just makes the listener ask: Who did what to whom?
This might be a hard switch from one case to the other, but we can also see quite an issue in the chat-segment of streamers like Joshimuz and English Ben. We might have the streamer ask some question:
Does the Cheetah spawn in San Fiero or just in Las Venturas?
To which the reply is “Yes”. To what exactly are you answering? Asking simple Yes/No questions seems preferable but it isn’t uncommon for multiple question to be asked and for the answer to be Yes or No. I would suggest that a good answer would be something that clarifies what the answer relates to:
Yes, the Cheetah spawns in San Fiero as well.
Note: I don’t know which cars spawn where, I haven’t played GTA: SA for decades. These questions and answers are merely for demonstration.
While it is only in really critical situations where you have to be clear, even in other situations you probably want to get some point across. You are saying things after all… So it makes sense to avoid ambiguity in most circumstances.
I have several times watched an interesting documentary on why the Soviet OGAS never became a reality. It was heavily inspired by what the Americans were doing and their ARPAnet would end up being the internet as we know it today. It aimed to network all factories in the USSR so that the demands of on plant could be more easily linked to the production at another plant. The USSR economy at this time was in dire staits, so why no OGAS?
First of all, in the US the military spearheaded a lot of technology. It was pretty similar in the USSR. The difference was that in the US military technology trickled down to the civilian sector. Not so in the USSR. “The military will never concern themselves with mere civilian issues” was effectively the conclusion drawn by one proponent of OGAS.
Second, it was really expensive. Like, it would have cost more than the clean-up after Chernobyl. The USSR wasn’t a networked or computerized country in general so introducing OGAS would have required a huge investment.
Third, it threatened a lot of bureaucrats whose jobs were endangered by OGAS. So OGAS needed the support of the very people it was bound to replace.
But this is not what I’m curious about. It seems fairly straight forward why OGAS didn’t happen. There were as noted earlier several reasons why it didn’t go anywhere. What I’m curious about is why OGAS was even on the table? This project seems to have been discussed at the highest levels of the USSR before it was mothballed. So improvements to how the economy was organized were discussed? Why then did they not conclude that they needed proper accounting without falsifications? Why didn’t they introduce proper quality control?
Traditionally you try to solve problems from Least Expensive to Most Expensive. Ideally you can pair that with Most Impactful to Least Impactful. OGAS seems very expensive and moderately impactful. At the same time their poor accounting and lack of quality control constituted existential threats to their economy. Now, accounting and quality control isn’t free but I don’t see how the Soviet economy could have survived with them. OGAS however was a solution to a problem that might have been necessary to solve somewhere down the line but there were more pressing issues that cost a lot less right in front of them.
Now, Breznev was notoriously disinterested in corruption so it would have been out of character for him to pursue accounting and quality control as I suggest, but why then even discuss OGAS? If being ideologically correct was more important than anything else, why think in terms of high-tech and networking in the first place?
Exactly what part of Russia’s invasion of Ukraine indicates that:
Russia is going to win?
Russia is going to capture Moldova?
Russia is going to war with a NATO-member?
NATO isn’t going to back up its member states?
It’s possible that Ukraine falls but we’ve seen Russia try to accomplish that for two years without success so I don’t think we can draw the conclusion that Russia is achieving that goal by looking at the past two years.
Russia got into (apparently) unexpectedly hot water over their invasion of Ukraine, so for them to go after Moldova seems like a big risk. Capturing Ukraine was presumably to seize their areable land and natural gas but Moldova has only areable land so it doesn’t seem particularly enticing even if Ukraine falls under Russian control.
Now, these two points are up for debate. The status of Ukraine and Moldova isn’t written in stone and Russia is no stranger to making decision that are really, really harmful to Russia. But going to war with a NATO country seems like it’s even beyond the poor choices made by Russia. Let’s consider that they haven’t established air superiority, that they rely on unencrypted radio, that they have had to field T62 tanks because they have lost thousands of armoured vehicles and don’t have as many T72’s as they thought, that we haven’t seen a single T14 tank, that they have lost several naval vessels to a navy that exist mostly in theory and that they thought that occupying Ukraine would be viable when occupying Afghanistan failed massively during the days of the Soviet Union. They also seem to have suffered casualties in the 100 000-range.
So what exactly would Russia stand to gain when going up against NATO and its 1000 F35 jets? Sweden donated rocket-propelled grenades to Ukraine and told them NOT to use them against tanks because said RPG’s were only designed to destroy lightly armoured vehicles. Ukraine ignored that and used the RPG’s against Russian tanks to great effect(and to some surprise in Sweden). Russian military hardware is doing very, very poorly against western weapons and have nothing with which to counter western aircraft.
Russia is quite capable of churning out ammunition and manpower to further its war-aims but the past two years have demonstrated how that doesn’t equate to success. They have had their asses handed to them for two years by a country with a lower GDP than Sweden. If Ukraine poses a formidable challenge to Russia, how well would they do against all of NATO?
Now, I agree that Russia is most likely going to use non-obvious measures against NATO countries, making any Russian groupings in the Baltic states into armed insurgents, jamming GPS, attacking pipelines and other infrastructure in international waters, flyovers with aircraft and so on. Countries bordering on Russia are prepared for that and already dealing with it. Nothing about it invites Russia to proceed.
And that ties in to the willingness of NATO to back up it’s members. Let’s consider the hundreds of billions of dollars provided by NATO and EU states to Ukraine over the last two years, to which none of these countries owes anything. The EU’s mutual defence clause was interpreted as sort of vague before(and it is vaguely written) but the EU gives more support to a non-EU member than people thought EU countries would give each other in case of war. Similarly NATO has moved troops into the Baltic states and Eastern Europe and it has expanded to include Finland and Sweden. Where can we find any indication that Russian aggression against the Baltic states will be met with indifference?
I will agree that the US can’t be relied upon as a NATO member. It’s not so much that Trump seems quite opposed to NATO, because the US arms industry would take a nose-dive if the US gave an indication that it wasn’t supporting NATO. So Trump has less room to maneuver in the regard than he might think. No, the reason European NATO countries can’t rely on the US is more a matter of whether or not the US will be functioning entity in the coming decades, which isn’t a certainty. From the many failures of the legislative assemblies, to the chaos on their southern border(the current administration could have at least kept the southern border secure and orderly to rob the Trump-campaign of using that as a rallying-cry), to the opioid epidemic to their ballooning government debt Europe can’t rely too much on the US.
There is more and more reasons for European countries to get nuclear weapons than was the case before but to be honest we’re not quite there yet. I would argue that making nuclear weapons would be entirely sensible for a country that wishes to defend itself against Russia if it isn’t part of a NATO alliance which entails a nuclear deterrent and if Russia seems like a prominent threat. That last part is where I think we find a stop today. If all nuclear-capable nations leave NATO and Russia seems like a viable threat then countries like Sweden should develop nuclear weapons, but Russia has spent the past two years convincing everyone that nuclear weapons aren’t necessary to fight off Russia. I’m sure that wasn’t Russia’s intent but none the less, here we are.
I’m a big fan of Fallout 3 and Fallout: New Vegas. I tried Fallout 4 during a free weekend but it wasn’t for me. I’ve thought a lot about where New Vegas might be headed and my perspective is one of continuing on from where we left off at the outbreak of the third world war. There’s no need to continue with the administrations that lead to the war, but from a technical standpoint we want to go back to the most advanced stuff we know. I think New Vegas is well placed to do that.
Lots of metal working stuff
We see that they have some industrial stuff left around New Vegas. H&H Tools factory, REPCONN headquarters, REPCONN test site, and the Sunset Sarsparilla headquarters for instance. We also see lots of industrial locations in the Capital Wasteland. Starting with these things provides a good way to get our own industry off the ground.
So let’s call pre-war tech Generation 0. Let’s use Generation 0 stuff to make our Generation 1 equipment; lathes, grinders, shapers, presses, mills, drills, surface plates, calipers and micrometers. We make as few of these as needed so we can start making equipment using our Generation 1 stuff. Then we make the best equipment we can using our own components, which we call Generation 2. We’re still interested in lathes, grinders, shapers, presses, mills, drills, surface plates, calipers and micrometers.
We’re going to want plenty of equipment for railroads, quarries, chemical plants, electronics, weapons manufacturing. They should all be made with Generation 2 equipment. So in theory we only need pre-war equipment to make our very first equipment. All our subsequent lathes and drills and stuff we make using our own equipment in a “circular” fashion. We put very little wear on pre-war equipment.
In reality we’re bound to look at our Generation 2 stuff and the parts made from them and say “Well, this isn’t quite right, we forgot to XYZ” and need to go back to our pre-war stuff to make new lathes and drills and so on based on which things we realized we had screwed up. Still, we put as little wear as possible on pre-war equipment, only reverting to it when we have to. Hopefully we can soon make do without pre-war equipment and correct our mistakes within our Generation 1 and Generation 2 stuff.
Pakistan provides an interesting example of how of they making the base for a lathe in with only casting using a crude mold and a shaper. Pakistan is generally a notable source of how one might bootstrap industry but not quite as useful in how to achieve very high precision. A more complete example exists using some store-bought things and using a more full-featured home setup. We can see This Old Tony make just a back plate for a lathe as well.
We need various cutting tools and high speed steel is very attractive and it’s useful to understand why rake and relief-angles are needed. Today we see carbide used quite extensively but it’s not necessary and it’s something that can be introduced as some later stage. Access to Tungsten is needed but to make them into useful tools high heat seems like the biggest requirement.
Speaking of which, we need furnaces obviously to smelt metal but that’s not particularly hard. Doing things with the right atmosphere is harder but doable.
Equipment
Measuring is Alpha and Omega. If we can’t measure the radius, length, width and so on we can make things really well but we wouldn’t know that. Conversely we might have issues in tolerances but if we have a good way of measurement we can try and try again until we get things right. We can measure within a fraction of a millimeter using standard micrometers(with Vernier scales), completely based on mechanics. No electrical or electronic stuff necessary.
Indicators tend to be very useful and I have no idea how they are built(unlike micrometers and calipers that are more obvious in how they work) but I think we can probably think something out. Similarly surfaceplates are important, as they give us a stable reference on which to take measurements using indicators.
Something quite useful has been the gauge block which are pieces of metal with a known dimension and these as used to check and trim measuring instruments like micrometers. Over time they wear so we need our own method of making these things but we probably need to use pre-war gauge blocks for a longer period of time than pre-war drills and grinders. I think the stuff that gives us the highest resolution would be optical flats and monochromatic light-sources. They don’t necessarily give us measurements in clear numbers but are great for measuring flatness on reflective parts. So surface plates made of granite can’t really benefit but if they are made from steel? That could work. And gauge blocks are almost always made of metal so optical flats can measure their flatness really well. I have no clue how to make optical flats though so there’s no telling how long New Vegas would need to start making them. The optical flat-thing is about interference and interferometry is about comparing things in how they cause electromagnetic waves interfere with one another. Laser light is pretty good for this but white light has some benefits in visibility even though the interference patterns aren’t as clear.
Welding is best done with either inert gases or some flux that vaporizes when you do the welding, otherwise the hot metal oxidizes very quickly which is bad so giving weld just a few second to cool off before coming into contact with oxygen is worth a lot. MIG and TIG use inert gases and stick-welding has flux around the metal used as a welding material. I argue that the electrical aspect is easy enough but the chemistry needed is more difficult. I think a flux for stick-welding is a good place to start and inert gases might be put into use some time later. Back in the olden days they used oxy-acetylene and no inert gas which probably works but I hope that stage of development can be skipped.
On the same track we will need rust-proofing for things, like rails for railroads or anything else that we think might be exposed to the elements. For this reason a chemical plant is quite necessary just to get metal-working to work well. We’re obviously going to need it later on anyway for pharmaceuticals so chemical plants are a good investment even if you just have flux and rust-proofing in mind for starters.
Train
A lot of railroad seems to be intact in the Fallout world. Indeed it doesn’t make a lot of sense to target rails with nuclear warheads and they are very robust unless hit with a nuclear warhead directly. So there should be quite a lot of railroad around for New Vegas to use. Some might be stolen, some might be buried under sand or vegetation, some might have passed through a town that got a direct hit from nukes but most should be there.
I argue that New Vegas should make a train with a crane on the front that can lift things up if they have been buried under something or can lift entirely new rails into place when that’s necessary. I strongly recommend having the ability to move the crane between cars to fetch components. You probably can’t have these kinds of tracks between the cars most of the time(or they will be crushed or pulled apart) so they will have to be installed on straight sections, things lifted by the crane and moved back to the driver’s cab, the connections between the cars removed and then the train is driven back to wherever we need the crane to put things into place.
Power is produced by a nuclear reactor as many such are found in the Fallout world. In the long run I think coal is a better fuel but for starters a nuclear reactor providing electricity will work fine. As the image shows, cars are connected with a thick cable that carries electricity from the nuclear reactor. Since reactors tend to irradiate things pretty bad it is placed as far away from the driver’s cab as possible. I imagine there being a lot of lead shielding and the concept of small-ish nuclear reactors isn’t new.
We would need a hot-shop for performing maintenance on the nuclear car. It’s all good when we fuel a new engine compartment but after it has been used things will be neutron-activated and consequently radioactive and the fuel would contain fission products that are super-radioactive. This isn’t a new problem.
The train should have feelers in the front to check rails ahead of it for correctness so that the train doesn’t derail first and then determine that the rails are out of spec(the UK has something called the “new measurement train” which uses lasers and stuff to measure the train tracks with very high precision). This requires the train to move pretty slowly but I don’t really see the rush… It probably takes quite a bit of time to repair the broken stuff too so travelling a few kilometres per hour seems fine.
Radio
I think an important thing for the train to have is a radio. If it should happen to be overrun by raiders at some point at least they can inform New Vegas of where the problem was located. The next party sent there will be big enough to deal with any threat. A train should carry maybe a few armed soldiers and be well reinforced to deal with hostile fauna so most raiders probably can’t be a big threat. Carrying an artillery cannon on a car would make it very effective against targets found some ways away.
Radio can be very important for other reasons. It could be very useful to provide radio transmissions across California, Arizona and Utah as a service. New Vegas needs to be useful to the NCR as a free agent. If the NCR thinks more benefit can be gained by taking over New Vegas and turning it into yet another part of the NCR, then New Vegas is in trouble and it’s not going to develop any further than the NCR has done in its entire existence.
So New Vegas running hubs throughout California, Arizona and Utah where people can send and receive messages for some reasonable cost makes it’s less convenient to just take over. Of course a radio hub can’t be so constructed as to be useful for someone who takes it over or we’re back to a situation where the NCR can just take it. For this reason I argue that the radio hubs should be made sort of like FPGAs. Lots of different components but by themselves they do nothing, it is only some electronic signal that determines how they are interconnected that they actually do something.
This would mean that a radio hub contains lots of wires, amplifiers, encoders and so on but connections are determined based on an electronic signal. Basically amplifier X is connected to 10 different things and it’s a set of electronic signals that control relays that determine which thing amplifier X actually interacts with. This means that if a radio hub loses power then it won’t work when the power is restored again. All electronic signals went away. Only when New Vegas consults its drawings do they know how things work(realistically they already have the needed configuration) and move the correct configuration under guard to a radio hub where it is installed. But it’s still something that is dependent on power. Even as the configuration is moved from New Vegas down through the NCR for instance there needs to be a battery that keeps the ephemeral data in storage. If the shipment is under attack they just power down the configuration-device.
Another important part of this is to have contact with Pittsburgh. We saw in the Fallout 3 DLC The Pitt how they have become a huge producer of steel which will be very useful to New Vegas. With modern equipment this range isn’t too difficult to achieve but I think New Vegas will need pretty big tranceivers to make that communication work. But this needs only be spark-gap technology and it was in the early 20th century that this technology was used across the Atlantic.
For this kind of communication secrecy and authentication seems necessary, unlike the services provided to ordinary citizens as a commercial service. Today we have fancy asymmetric cryptography but I think New Vegas is going to have to rely on maybe a polyalphabetical substitution cipher or more realistically a One-Time-Pad system. Whereas polyalphabetical ciphers aren’t trivial to crack One-Time-Pad is the only thing proven to be secure. The drawback is of course that you have to physically transport the pad to the other party but I argue that New Vegas needs to be able to reach Pittburgh by train anyway so creating a huge tome of random numbers that can be used to encrypt radio traffic seems like a problem that isn’t too hard to solve.
Each message should be of the format PAGE LINE LENGTH MSG So it would be like 0025 08 0020 XALIJHWFGLAIGWLYUWCO The last page of each book should be an emergency page and denoted as XXXX(message decoded for demonstration’s sake) XXXX 01 0068 LAST TRANSMISSION NOT DECODABLE. START OVER AT BOOK 0004 PAGE 0050. Spaces are encoded as well, otherwise it would be easier to do statistical analysis.
For this application it’s possible for people to send and receive these messages, not having any idea what they’re about. The One-Time-Pad would be locked up somewhere and whoever is in charge would take a message its encrypted form, sit down and apply the needed offsets according to the pad, marking which numbers have already been used. This would take some time but for communication from one side of the country to the other? I think a few minutes is doable.
Semiconductors
Real semiconductors seem like a big challenge and in our timeline we had relay-based logic in some railroad applications until the early 2000’s so New Vegas can probably get by using relays for a long time. It doesn’t seem like it would be that difficult to automate radio-sending and -receiving.
Long term viability
Radio is one way in which New Vegas can make itself indispensible to the NCR. Simiarly it’s chemical plants should try to get into fertilisers and pharmaceuticals as soon as possible to increase the importance of New Vegas as a separate entity. New Vegas isn’t a democracy so it would be just fine for the NCR to make everything seem like anything that happens is a big win for them. They get radio, chemicals, fertilisers and machine tools because they have this great little place at the outskirts that comes up with great stuff. Even if behind the scenes it may be that the NCR leadership is gnashing their teeth at New Vegas not being annexed by the NCR, this need not be presented outwards.
In the longer run high-tech seems like a good route forward for New Vegas. It shouldn’t take people that long to get New Vegas machine tools(for a price of course) and make their own machine tools from them, making it less necessary for them to buy those things from New Vegas. But pharmaceuticals and high precision parts and tools need to stay the preserve of New Vegas for as long as possible. People can probably get down to 0.01 millimeters with the use of micrometers, indicators and gauge blocks but interferometry and cleanrooms should be kept under lock and key as much as possible. Bearings is an interesting example of something very necessary but also quite difficult to make with high precision, so New Vegas could supply this initially and it will take some time for other players to catch up.
Similarly New Vegas can be a source of information, science and engineering. Some knowledge is kept local but a lot of useful stuff can be taught to people from all around the area, making New Vegas more important as an independent component.
<?xml version="1.0" encoding="UTF-8"?> <xccdf:Tailoring xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2" id="xccdf_scap-workbench_tailoring_default"> <xccdf:benchmark href="/tmp/scap-workbench-oMQosO/ssg-rl9-ds.xml"/> <xccdf:version time="2024-03-31T21:06:09">1</xccdf:version> <xccdf:Profile id="xccdf_org.ssgproject.content_profile_stig_customized_001"> <xccdf:version>V1R2</xccdf:version> <xccdf:title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US" override="true">DISA STIG for Red Hat Enterprise Linux 9 [CUSTOMIZED]</xccdf:title> <xccdf:description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US" override="true">This profile contains configuration checks that align to the DISA STIG for Red Hat Enterprise Linux 9 V1R2. <snip> <xccdf:refine-value idref="xccdf_org.ssgproject.content_value_var_time_service_set_maxpoll" selector="18_hours"/> <xccdf:refine-value idref="xccdf_org.ssgproject.content_value_login_banner_text" selector="dod_banners"/> <xccdf:refine-value idref="xccdf_org.ssgproject.content_value_var_authselect_profile" selector="sssd"/> </xccdf:Profile> </xccdf:Tailoring>
I should make a new one based on what I’ve learnt from hardering my jumppoints, which are the only nodes on my network reachable from the internet. They only use VPN and SSH and have OSSEC installed to ban anyone that repeatedly trips various rules. They also have SELinux, which was a bit of pain when I installed Keepalived to move a Virtual IP around but I made the requisite type-enforcement:
module newmodule 1.0;
require { type keepalived_t; type systemd_systemctl_exec_t; class file { execute read }; }
So it’s pretty tightly locked down. OSSEC is doing it’s job:
Sat Apr 20 10:43:26 AM CEST 2024 /var/ossec/active-response/bin/firewall-drop.sh add - 218.92.0.XY 1713602606.209438 5752 Sat Apr 20 10:46:08 AM CEST 2024 /var/ossec/active-response/bin/firewall-drop.sh delete - 43.140.225.XY 1712997913.210209 100001 Sat Apr 20 10:46:08 AM CEST 2024 /var/ossec/active-response/bin/firewall-drop.sh delete - 87.248.226.XY 1712997899.208567 100001 Sat Apr 20 10:46:08 AM CEST 2024 /var/ossec/active-response/bin/firewall-drop.sh add - 185.196.8.XY 1713602768.210489 5752 Sat Apr 20 10:49:09 AM CEST 2024 /var/ossec/active-response/bin/firewall-drop.sh delete - 165.227.166.XY 1712998067.212706 100001
But I wanted it to be really secure. In comes OSCAP which checks hosts against known definitions of security standards. When I ran it originally jumppoint02 was so-so:
Generating remediation in the GUI failed so I had to do it via the CLI which in turn required some changes to the oscap-ssh file:
The yml-file needs to be edited since it isn’t valid YAML but I think that’s easy enough to fix. I ran the test again:
I checked things that were Failed and they all checked out so I’m not sure why they show up as failed here. In fairness it sometimes has the wrong path to files(it seems not to understand that /etc/sudoers defaults propagate to defined users).
Not the IDs mentioned in the original file, not even the one we based our tailoring stuff on:
[user@openscap ~]$ oscap info /usr/share/xml/scap/ssg/content/ssg-rl9-ds.xml
Document type: Source Data Stream
Imported: 2024-06-27T17:52:11
Stream: scap_org.open-scap_datastream_from_xccdf_ssg-rhel9-xccdf.xml
Generated: (null)
Version: 1.3
Checklists:
Ref-Id: scap_org.open-scap_cref_ssg-rhel9-xccdf.xml
WARNING: Datastream component 'scap_org.open-scap_cref_security-data-oval-v2-RHEL9-rhel-9.oval.xml.bz2' points out to the remote 'https://access.redhat.com/security/data/oval/v2/RHEL9/rhel-9.oval.xml.bz2'. Use '--fetch-remote-resources' option to download it.
WARNING: Skipping 'https://access.redhat.com/security/data/oval/v2/RHEL9/rhel-9.oval.xml.bz2' file which is referenced from datastream
Status: draft
Generated: 2024-02-26
Resolved: true
Profiles:
Title: ANSSI-BP-028 (enhanced)
Id: xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced
Title: ANSSI-BP-028 (high)
Id: xccdf_org.ssgproject.content_profile_anssi_bp28_high
Title: ANSSI-BP-028 (intermediary)
Id: xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary
Title: ANSSI-BP-028 (minimal)
Id: xccdf_org.ssgproject.content_profile_anssi_bp28_minimal
Title: CCN Red Hat Enterprise Linux 9 - Advanced
Id: xccdf_org.ssgproject.content_profile_ccn_advanced
Title: CCN Red Hat Enterprise Linux 9 - Basic
Id: xccdf_org.ssgproject.content_profile_ccn_basic
Title: CCN Red Hat Enterprise Linux 9 - Intermediate
Id: xccdf_org.ssgproject.content_profile_ccn_intermediate
Title: CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 - Server
Id: xccdf_org.ssgproject.content_profile_cis
Title: CIS Red Hat Enterprise Linux 9 Benchmark for Level 1 - Server
Id: xccdf_org.ssgproject.content_profile_cis_server_l1
Title: CIS Red Hat Enterprise Linux 9 Benchmark for Level 1 - Workstation
Id: xccdf_org.ssgproject.content_profile_cis_workstation_l1
Title: CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 - Workstation
Id: xccdf_org.ssgproject.content_profile_cis_workstation_l2
Title: DRAFT - Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)
Id: xccdf_org.ssgproject.content_profile_cui
Title: Australian Cyber Security Centre (ACSC) Essential Eight
Id: xccdf_org.ssgproject.content_profile_e8
Title: Health Insurance Portability and Accountability Act (HIPAA)
Id: xccdf_org.ssgproject.content_profile_hipaa
Title: Australian Cyber Security Centre (ACSC) ISM Official
Id: xccdf_org.ssgproject.content_profile_ism_o
Title: Protection Profile for General Purpose Operating Systems
Id: xccdf_org.ssgproject.content_profile_ospp
Title: PCI-DSS v4.0 Control Baseline for Red Hat Enterprise Linux 9
Id: xccdf_org.ssgproject.content_profile_pci-dss
Title: DISA STIG for Red Hat Enterprise Linux 9
Id: xccdf_org.ssgproject.content_profile_stig
Title: DISA STIG with GUI for Red Hat Enterprise Linux 9
Id: xccdf_org.ssgproject.content_profile_stig_gui
Referenced check files:
ssg-rhel9-oval.xml
system: http://oval.mitre.org/XMLSchema/oval-definitions-5
ssg-rhel9-ocil.xml
system: http://scap.nist.gov/schema/ocil/2
security-data-oval-v2-RHEL9-rhel-9.oval.xml.bz2
system: http://oval.mitre.org/XMLSchema/oval-definitions-5
Checks:
Ref-Id: scap_org.open-scap_cref_ssg-rhel9-oval.xml
Ref-Id: scap_org.open-scap_cref_ssg-rhel9-ocil.xml
Ref-Id: scap_org.open-scap_cref_ssg-rhel9-cpe-oval.xml
Ref-Id: scap_org.open-scap_cref_security-data-oval-v2-RHEL9-rhel-9.oval.xml.bz2
Dictionaries:
Ref-Id: scap_org.open-scap_cref_ssg-rhel9-cpe-dictionary.xml
It can be important why an argument is put forward. I might put forward an argument because A is true and not because B is true. B might still be true but in this case it is not the basis for my argument. Example: https://deref.se/2024/04/gamification/#phrase In that case it wasn’t so much that A and B was true in and of themselves and more about me arguing that A is true and that even though B is also true, that is at most a corollary.
“That is in line with projections” is a favorite turn of phrase because I don’t like the connotations that we attach to “expect”. If I say “that is in line with expectations” it gives people the impression that I want whatever we’re talking about. That need not necessarily be true, I frequently need to indicate that something is in line with earlier projections but are not actually wanted. The crisis at the southern border the US was entirely in line with projections(have you seen countries like El Salvador or Haiti?) but in no way desirable.
Even when outcomes are wanted, that need not be central to why things were projected to be as they are, so “in line with projections” is a helpful way to express this occurrence.
Corollaries are useful sometimes. Not to be confused for Correlated: that things develop in some way that indicates that they are related. An important thing is to remember that Correlation does not indicate Causation. Which is similar to the warning we get in latin from post hoc ergo propter hoc, which says that just because A happens, then B happens, doesn’t mean that A causes B (the latin phrase actually means “after, therefore because of” which is patently untrue).
A corollary is some adjunct theory which need not necessarily be proven again in the text you’re reading, usually because it’s generally accepted to be true. Another use is to say that that something is a corollary to something. I have a document saved that is dubbed a corollary to the place where I work, as it is related to that employer but sometimes diverges from it where some other technology might seem preferable.
Exacerbated is not the same as exasperated. To exacerbate something is to make a situation worse. To be exasperated is to be frustrated to the point of giving up. They sound pretty similar and it is possible for something to exacerbate a problem, thus making someone exasperated, but they’re not the same thing.
Failsafe doesn’t mean that something is safe from failure, but rather that when it fails, it does so safely. Hardly anything is safe from failure so the best we can hope for is for a component to fail safely. Consider brakes in some trains where there are permanent heavy springs forcing brake-pads onto the wheels of each car, effectively forcing each car to a standstill. Only by using compressed air in a pneumatic system can you lift the brake-pads off each wheel pair. If the fancy-shmancy pneumatic system fails then nothing can push the brake-pads off the wheels and the train comes to a stop. That is perhaps annoying but it is safe, thus making it failsafe.
This isn’t always possible. Modern aircraft are fly-by-wire so the pilot flies the computer and the computer flies the plane. There is no “safe state” like for a train, the plane has to keep moving forward and the pilot needs to have power over the flight control surfaces. These systems therefore have backups to backups to backups because there is no safe alternative.
Subsistence farming is different from sustenance farming. Perhaps this is more commonly uttered as “they live at the sustenance level” when what they mean is “the live at the subsistence level”. Note that people who live at the subsistence level or engage is subsistence farming basically rely on the sustenance that they grow, so the word “sustenance” isn’t entirely foreign to the situation. But “subsistence” and “sustenance” are different things and are used differently.
Provisional is something temporary while provincial refers to things that have to do with a province(or are generally sort of rural). So a “provisional government” is a government in place until some future event and a “provincial government” would be the government of a province. The most common reference to a provisional government would be the post-tsar government which the bolcheviks then overthrew but there has probably been a lot more provisional governments throughout history.
On my daily walks I pass a construction site where they are currently driving down piles and making concrete foundations. Piles don’t necessarily have to make contact with bedrock by the way, the friction between them and soil can be sufficient. They use cranes made of steel. I have no clue how one would calculate whether a building would sink into the soil or if some steel would snap when used in a crane. I have acquaintances who do precisely that but I only have some basic knowledge on how one would calculate forces, not how different materials respond.
I think we should implement this kind of stuff into education in the form of simplified models so that people can learn in a sort of hands-on way how this stuff works. And not just buildings and cranes obviously, this should be done with electrical stuff, maybe even chemistry. I don’t put this forward because I think computers are pretty great(I do think computers are pretty great but that’s not the reason for me putting forward this idea) but because we need more understanding of underlying physics and mathematics. I learnt a lot from trying to make controls for things in GMod/Wiremod. I studied control theory much later and came to understand why my Wiremod stuff didn’t work as I had though. So my control system for Kerbal Space Program worked much better.
Computers today are powerful enough to run these sorts of simulations quite easily. Note that I am suggesting we do this in game form, i.e. we don’t try to do full simulation using FEA(Finite Element Analysis) because that is unnecessarily expensive and might infringe on the work done by professional in this space. I think we’d be OK with 80% or 90% accuracy, even if that wouldn’t cut it for real world use. I could also be interesting for people to be told what makes their software different from the real deal.
I consider my own education to be woefully inept and think it would have been a lot better by demonstrating things in some “real” context. I can praddle on about trigonometry all day but you won’t see any use in it until I start showing electrical circuits where current is expressed as K*cos(wj). The meaning of p=m*v and E=m*v²/2 are also not in any way intuitive so leẗ́’s show people how this stuff works. Let them tinker with it. They don’t have to have physical circuits or actual weights governed by the forces of mechanics, a computer simulation would do just as well and be cheaper and more efficient.
Will I make these demonstrations or games? No, I can get fantastic things set up in Minecraft/Tekkit, Factorio and Wiremod but I don’t think I have the skills to make the implementations. As noted at the beginning, I hardly know how any of this works. I can set up computer-related examples and I’m doing that but I doubt it will be in a school near your any time soon. Partly because I deal in sort of ephemeral stuff that only lasts a few years(whereas schools mostly teach fundamentals that stay the same for much longer) and also because education seems not entirely flexible. But I think the West needs to acknowledge that this view of education isn’t working out all that well.
Not too many months ago an elevator at a construction site in Stockholm crashed to the ground, killing five people. It turns out big parts of what was supposed to keep the elevator together were missing and the company doing to the inspections(who had cleared the elevator) were not allowed to make other inspections for that company.
This brings up an interesting point, that humans are prone to identify things that stay the same. This happens when people get hit by a train, they passed the railroad a millions times before and there was no train so they started assuming that there was never a train on the railroad. Until there was a train and they got hit by it. There was a scandal here in Gothenburg a few years ago where the local hospital had cleared peoples’ tissue samples as being non-cancerous and it turned out that it was cancer.
So whether you never have to recognize the issue(in the case of the train) or just rarely have to recognize the issue it’s easy to not do a proper inspection. I therefore argue that you should introduce known errors for inspectors to catch to keep them on their toes and to normalize that issues are reported. This doesn’t always work, for instance the FIU bridge collapse probably would still have happened as everyone was wholly set on everyone being on track so many issues were simply disregarded. Similarly Chernobyl could have been prevented by even the most basic willingness to learn from the many warnings that preceeded it.
But it’s still an improvement that deals with the inherent weakness of our tendency to assume that “it hasn’t happened yet” means “it’s never going to happen” and our tendency not to check or report things properly. For the likes of elevators you can introduce non-dangerous faults before inspection but this make inspectors only pay attention to aspects that are formally required but not actually dangerous. I think it’s more appropriate to inform everyone on-site that the elevator is not usably since it has not been inspected, that the elevator is clearly marked as “not in use”, which (possibly dangerous) errors will be introduced and when inspection will happen.
This is of course slightly dangerous itself, we can’t rule out someone using an elevator clearly marked as “not in use” and injuring themselves. But this way all inspections ought to be much more robust so even if we people do end up getting injured once in a great while we should have improved safety quite a lot. This is harder for some areas, we can even stay in the construction industry. How do you introduce serious errors in the concrete construction of a floor in a building? You’re pretty much going to have to rebuild things afterwards, which is very expensive. For most sectors however we should be able to find suitable tests to improve the quality and rigor of inspections.
In the case of the tissue samples at our main hospital I think known good and known bad samples should be part of the sum total samples everyone goes through. If any sample is given a conclusion that differs from that which has been recorded it should trigger a warning and the pathologist needs to explain his methodology to the other pathologists. Perhaps the sample was incorrectly labelled from the beginning! Either way people stay on their toes and thinks “how would I explain my conclusion in this case”.
Safety culture
An interesting subject is an organization’s dedication to safety. DuPont has been a trail-blazer in this regard(not without exception) and I think BP is on the other side of that scale. Only an organization that actually wants to achieve high safety even if it costs some money(possibly saving some as well) is going to be helped by introducing errors for inspectors to find. I mentioned Chernobyl before as an example where people could easily find problems but no one wanted to find any so it was only when disaster struck and the entire world noticed that errors became widely known. Trying to solve safety issues stemming from a disinterest is safety by adding more bureaucracy is a fool’s errand. We see this in cases like Williams Olefins’ issues and the aforementioned BP explosion at Texas City refinery, where people check boxes and skip things that are trying to stop them from doing something dangerous. Even the most basic steps towards finding errors are skipped so why would they change how inspections are done to find more errors in the first place?
For this reason accidents like Chernobyl, the FIU bridge collapse and two trains colliding are very useful to us. You can easily create an organization geared towards group-think, ignoring issues and warning signs and using safety overrides to improve efficiency but accidents show us the reality of what we’re dealing with. In the case of an organization that has a safety culture these accidents show us what we’re missing and in other cases it demonstrates the lack of safety culture.
Cost
I really like watching USCSB videos about their investigations but they are entirely focused on safety and they don’t seem to balance that with costs. If all organizations in the US that is in some way involved in processing really had a safety culture and really implemented Process Safety Management, Management of Change and Process Hazard Analysis, how much process industry would they have? If the answer is 90% then I think we should go with what the USCSB is saying. If it’s 50% then maybe not. I don’t see any indication that the USCSB ask these questions and I doubt these questions are within their remit.
But they are necessary for people to ask. We don’t actually improve safety by imposing PSM on US companies that then outsource all that stuff to South East Asia where safety isn’t even attempted. That moves the problem – admittedly – but it actually makes the problem worse. When an organization ignores safety – more or less – we really need to ask ourselves if maybe they know something we don’t. That’s not always going to be true but we can’t always assume that PSM and Safety Culture is some blanket solution that can be applied everywhere to get rid of accidents. Sometimes you just move the accidents.
This is a hard argument to make so I assume BP used to write something like “Safety is of the utmost importance in everything we do” but let every facility work that out themselves. At no point was process safety something that BP demanded of facilities but budget cuts were something they followed up closely. So we can’t take some random statement at face value, even those who are disinterested in safety will claim to be all about safety. We have to look at what they actually do and then we need to understand why. If they are ignoring process safety to make a profit of 5% become a profit of 8% then that’s a great situation to nail people to the wall. If they ignore safety because otherwise their work is done by people in Indonesia instead, then we might want to let things be.
Either way, this is a decision that a democracy needs to make. We can’t afford saying “Safety first” like it’s dogmatic because we can actually makes things less safe in our pursuit of making things more safe. We can’t afford to lose some industry and we shouldn’t pretend like that isn’t on the table. These are the big issues that politicians aren’t inclined to touch because it’s basically a set of bad choices we have. “More safety to save money” is a subset of all safety and not the totality of it. For most examples safety is about making hard choices.
Polish Prime Minister Donald Tusk argues that Europe must prepare for war with Russia. Well, we do need to match Russia in terms of production of ammunition, artillery shells and anti-tank rounds and all NATO countries should meet or exceed the 2% of GDP target for defence spending.
So far so good. But Russia has shown itself horribly incompetent, failing to defeat a country with a smaller GDP than Sweden. It has lost enormous numbers of tanks to the point where they have even deployed T-62’s when everyone assumed they had a bunch more T-72’s left in their stockpile. Their famed T-14 Armata has not been deployed in Ukraine at all and by all accounts they have only produced a few dozen of them. Since tests of the T-14 in China have demonstrated that it is not capable of doing what is advertised to do it is probably wise not to deploy the few T-14’s they do have.
Their air force leaves something to be desired to put it gently. Their Su-75(amusingly nick-named by Russia as ‘Checkmate’) is dependent on western imports and seems to be going nowhere while there are several hundred F-35’s in operation across NATO. They have also lost several naval vessels in the ongoing war(even though Ukraine is fielding no navy on the Black Sea), which isn’t entirely surprising when maintenance and readiness reports on ships have demonstrated that things are barely working at the best of times. In the case of the Moskva their radar interfered with their radio so they usually kept their radar turned off.
So Europe needs to furnish defence contractors to improve it’s production of certain things like ammunition. But Europe would be wise to not furnish defence contractors with more money just to make better weapons, they’re more than adequate as is. Russia has proven the remarkable weakness of its various weapons systems for two years now.
