RT on the Many Failings of the F-35

Not that you should trust the former Russia Today on, well...anything.  Their story is based upon a damning report from the 'National Security Network' which you can read in its entirety here.

The NSA's Long War on Encryption

How NSA and GCHQ spied on the Cold War world

American and British intelligence used a secret relationship with the founder of a Swiss encryption company to help them spy during the Cold War, newly released documents analysed by the BBC reveal.

...

Crypto AG sold its machines around the world, offering security.

But what customers did not know was that Hagelin himself had come to a secret agreement with the founding father of American code-breaking, William F Friedman.

...

The relationship, initially referred to as a "gentleman's agreement", included Hagelin keeping the NSA and GCHQ informed about the technical specifications of different machines and which countries were buying which ones.

The provision of technical details "is a revelation of the first order," says Paul Reuvers, an engineer who runs the Crypto Museum website.

"That's extremely valuable. It is something you would not normally do because the integrity and secrecy of your own customer is mandatory in this business."

...

In one document, Hagelin hints to Friedman he is going to be able "to supply certain customers" with a specific machine which, Friedman notes, is of course "easier to solve than the new models".

Previous reports of the deal suggested it may have involved some kind of backdoor in the machines, which would provide the NSA with the keys.

But there is no evidence for this in the documents (although some parts remain redacted).

Rather, it seems the detailed knowledge of the machines and their operations may have allowed code-breakers to cut the time needed to decrypt messages from the impossible to the possible.

The relationship also involved not selling machines such as the CX-52, a more advanced version of the C-52 - to certain countries.

"The reason that CX-52 is so terrifying is because it can be customised," says Prof Richard Aldrich, of the University of Warwick.

"So it's a bit like defeating Enigma and then moving to the next country and then you've got to defeat Enigma again and again and again."

Some countries - including Egypt and India - were not told of the more advanced models and so bought those easier for the US and UK to break.

In some cases, customers appear to have been deceived.

One memo indicates Crypto AG was providing different customers with encryption machines of different strengths at the behest of Nato and that "the different brochures are distinguishable only by 'secret marks' printed thereon".

Historian Stephen Budiansky says: "There was a certain degree of deception going on of the customers who were buying [machines] and thinking they were getting something the same as what Hagelin was selling everywhere when in fact it was a watered-down version."

Among the customers of Hagelin listed are Egypt, Iraq, Saudi Arabia, Syria, Pakistan, India, Jordan and others in the developing world.

In the summer of 1958, army officers apparently sympathetic to Egyptian President Gamal Abdel Nasser overthrew the regime in Iraq.

Historian David Easter, of King's College, London, says intelligence from decrypted Egyptian communications was vital in Britain being able to rapidly deploy troops to neighbouring Jordan to forestall a potential follow-up coup against a British ally.

The 1955 deal also appears to have involved the NSA itself writing "brochures", instruction manuals for the CX-52, to ensure "proper use".

One interpretation is these were written so certain countries could use the machines securely - but in others, they were set up so the number of possible permutations was small enough for the NSA to crack.

So the NSA was working to undermine encryption as late as the Second World War.  Good to know.

Cool...and Scary

A new system developed at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) can repair bugs in software using smart processing that imports functionality from other programs, all without access to source code.

Like in all computer programming, removing software bugs that can cause system or application crashes has traditionally been a matter of finding the offending source code and rewriting it; every time you get updates to your operating system or applications, you're actually downloading tools that rewrite source code on your system to patch vulnerabilities the developers have identified.

But the CSAIL system, called CodePhage, takes a very different approach. It borrows functionality from other applications to import into the offending process that causes a crash, assessing how certain tasks are executed and analysing how they do their own security checks to protect from vulnerabilities.

Research scientist Dr Stelios Sidiroglou-Douskos, who led CodePhage's development, describes it as trying to isolate the logic that protects the donor application.

"[It] creates an application-independent representation, and then rewrites that into the name space of the recipient," he says.

The process builds a library of checks the offending program should perform based on how the recipient program behaves, automatically writing them to the recipient program's functions.

Most impressively of all, CodePhage does the above all without having to access the source code of either application, letting it make repairs between applications written in different programming languages.

It merely needs an input that causes the program to crash and one that doesn't, automatically applying the behaviour of the one that doesn't until the offending process is removed from the program.

Sidiroglou-Douskos says it's a little like horizontal gene transfer, the theoretical method of synthesising DNA strands to insert into damaged chromosomes, a technology that makes transposing genes between unrelated organisms possible.

This seems pretty cool.  And may make human coders' lives a little easier...in the short term...till they are automated out of existence altogether.

But can't go into that without being accused of being a Luddite, or a Saboteur (if we bother to note the original meanings of such terms).  One might note, if one bothered, that those who make the arguments that human ingenuity will always prevail over all obstacles, man-made or otherwise, tend to be those (or the lucky descendants of those) who happened to survive and profit even if all their siblings and cousins died, no doubt due to some sort of moral failing on their part.  Not that's it's an evolutionary process, because that would undercut religious belief and their sense in their own inherent rightness.  Carry on, future inheritors of Wasteland Earth.

Always with the Unintended Consequences

So, it seems like the investigation into the Germanwings crash in France is pointing towards the possibility that one of the pilots was locked out of the cabin, and unable to re-enter and prevent the ultimately fatal descent into the mountains.

a) This is horrifying
b) I'd predict that one phrase likely to be popping up sooner or later is 'who could have predicted' or one of the popular variants thereof.  Ya know, as with Condi circa 2001/2.

Were there no warnings of unintended consequences back 'round about 2002, when the FAA was frantically rethinking airport security, specifically to prevent the one particular vulnerability exploited on 11 September, 2001, without so much consideration towards the...entire rest of aviation history ?  This isn't ancient history.  I'm thinking...someone out there probably considered this sort of eventuality, and that's it's only a matter of time before a reporter unearths it.

And as for more recent history, well...

Air Canada, 2006: http://www.canada.com/ottawacitizen/news/story.html?id=37a9dd60-18a9-4155-a6bb-8a8e8976bc04
Air India, 2013: http://www.usatoday.com/story/todayinthesky/2013/05/16/air-india-captain-locked-out-after-cockpit-door-jams-mid-flight/2165305/
Transavia, 2013: http://www.telegraph.co.uk/travel/travelnews/9838956/Pilot-locked-out-of-cockpit-as-co-pilot-slept.html
LAM Mozambique Airlines, 2013: http://en.wikipedia.org/wiki/LAM_Mozambique_Airlines_Flight_470
Air New Zealand, 2014: http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11288373
Ethiopian Airlines, 2014: http://www.flyingmag.com/news/bizarre-ethiopian-airlines-hijacking-ends-copilots-arrest

That's all I found in a fairly brief search, but the prevalence of stories from 2013/4 is interesting perhaps.  Just related to the timing of the uptake of the newer technologies ?

I suspect the plane in the 2006 incident may have not had the current level of fortification, given that the crew in that story were able to 'remove the door from its hinges.'  Has some interesting verbiage nonetheless:

Eventually, the crew forced the door open by taking the door off its hinges completely, and the pilots safely landed the plane -- although in the event that the pilot was unable to access the cockpit, the first officer is also fully qualified to land the aircraft.

Air Canada Jazz said the incident is a first for them. But in Canada, a pilot getting locked out of the cockpit is a "non-reportable" incident, meaning airlines have no obligation to inform Transport Canada about it as they investigate themselves.

However, airline analysts warn that incidents like these are disasters waiting to happen -- both in terms of accidents related to human error and vulnerability to terrorism.

Oh, and one bonus story also from 2006 that may relate to earlier theories of what happened to this flight: http://www.theguardian.com/business/2006/dec/19/theairlineindustry.travel

Disturbingly, there had already been related emergencies on other airlines. After a 2003 Ryanair episode with another Boeing 737, Irish investigators had warned of "the potential for a full-scale accident" in exactly the kind of pressurisation emergency that later caused the Greek crash. They said: "With the locked door policy endeavouring to solve one specific problem, it may be creating another one or more problems that could impinge on aviation safety ... The implications for flight safety in the specific scenario of flight crew hypoxia is not being addressed by a locked cockpit door policy. This is a ... problem."

Similarly in 2004, British investigators described how a fire broke out in the passenger cabin of a British Airways plane taking off from Heathrow. Cabin staff spent time desperately banging on the locked cockpit door to try to attract the pilots' attention. The British investigation report warned that "both the flight crew and cabin crew were initially hampered in their efforts to deal with the incident promptly due to their inability to communicate with each other across the locked flight deck door."

Chris Roberts, a recently retired senior airline pilot and manager, told us: "With the locked cockpit door in place, communications are more difficult." He says: "Some regulators and airlines have dealt with this adequately but in some cases there is still more work and more training needed."

By contrast, shortly before September 11 2001, when cockpit doors were still generally open, an Aer Lingus stewardess was able to save the day by rushing in three times to warn her captain that passenger oxygen masks had dropped. Air conditioning had inadvertently been switched off. The inquiry into that incident found that oxygen deprivation had probably confused the pilots: "The continued persistence of the [stewardess] in keeping the flight crew advised of the deteriorating cabin condition did, without doubt, contribute to the safe conclusion of this serious incident."

As late as January 2001, British Airways was adamant that locked doors were too dangerous to adopt. Following an incident in which a mentally ill passenger attacked the pilots of a jumbo jet, BA chief executive Rod Eddington said: "We will not be locking the door because it does not make sense ... Locking the door would cause more safety problems than it would solve." But September 11 caused a panic reaction. Locked doors were hastily installed on planes all over the world despite a warning from the then US national transportation safety board vice-chairwoman, Carol Carmody. She said in May 2002: "We must be sure that crew communications during emergency systems are not compromised ... Access to the cockpit can be very important in an emergency."

Oh, and I'd almost forgotten this one: http://www.popularmechanics.com/flight/a10270/in-light-of-mh370-evidence-could-plane-cockpits-be-too-secure-16611747/

John Magaw, the first person to head the nascent TSA in 2001, told CNN that an always-locked cockpit was a concern since the outset. He said he told airlines, "Don't lock those doors so that you can't get in from the outside if something happens, and it fell on deaf ears," alluding to a well-publicized case of pilots who "flew past the airport because they were both asleep." However, some pilots scoffed at the idea that a locked cockpit is a serious concern, noting that planes are programmed to fly safely and even land on autopilot in the unlikely event both pilots nod off.

 Former Jetblue CEO and founder David Neeleman, whose airline was the first to install the reinforced cockpit doors system-wide after 9/11, tells PopMech that the latest troubling scenario means that "perhaps there needs to be way to get back in that door."

"But nobody ever thought about having to protect the passengers from the pilots," he says.