Been hearing this is a problem again. Don't be a dick in bookmarks, folks. And yes while I made this image, I'm giving free rein. Take it. Spread it far and wide. Because I'm hearing that some readers don't know that their bookmarks are visible. Editing for clarity, since it's hit 14k notes and I'm tired of repeating myself:

No, I do not care if you think bookmarks are for readers. They're permanently attached to fic- which means authors see them. Authors, you may be shocked to learn... are also readers. So they also read fics- troll bookmark lists for good fics. They check their own bookmarks, perhaps, or stumble upon them in their search for new fic. It is not censorship to ask for respect. Or kindness. Leave your notes, leave your chapter count, leave your additional tags and thoughts, that's all fine. But you can do that without being mean. Because fandom is a gift we give to each other, shared freely. Treat it with kindness.

Bosses of China Town

Banana Fish has a lot of awesome characters but I want to talk about the China Town gang bosses. I was originally going to talk about just Shorter, but he’s one of those characters who took a back seat until shortly before his own death. So I figured I could talk about Sing as well just to extend things a bit. Also I strongly disagree with the Sing is just another Shorter Wong, argument because these two have very different mindsets.

Shorter Wong is first introduced in the Short story “Angel Eyes” the first shot we get of him is Shorter writing his sister Nadia a letter. Ash is brought to the juvenile detention center and Shorter is assigned the responsibility of watching him. “That’s why I wanna put him in Block A with you. You got things under control over there” (pg. 45). This line from the guy in charge tells us Shorter has some authority over the other guys and deals with situations before things get out of hand. From the get go Shorter is presented as a leader who handles things before they get out of control.

Shorter’s first impulse is to try to be friendly towards Ash showing him around while warning the other guys not to try anything when they cat call Ash. “I’m supposed to look after you here, so you need any help with stuff or whatever shoot” (pg. 51). This shows that Shorter takes his responsibility towards Ash very seriously. It’s also kind of interesting how Shorter doesn’t like him at first referring to Ash as a brat in his head and even feeling wary of him. When two guys get into a fight over who gets to claim Ash. Shorter ends the fight by saying “You can duke it out with me Frankie” judging by the fact the guys back off, Shorter is not the kind of guy you want to fight. He also mentions Frankie tried to sexually assault him but Shorter fought him off emphasizing that he’s a good fighter.

There’s also a bit of a duel personality since Shorter tells Ash to let Frankie rape him but thinks about how practical or not this is awful advice and feels ashamed of saying this. “But his eyes said if you can’t or won’t help me, keep your big mouth shut and leave me alone!”(pg. 67). Shorter’s ability to realize Ash is a rape victim show he’s perceptive and suggests he has been exposed to these kinds of stories numerous times. Shorter even casually asks if Ash was arrested for child prostitution. He also tells off the guys for trying to obtain Ash even though he told Ash to just let it happen. This shows Shorter can’t bring himself to let Ash get raped again. Later Ash challenges Frankie and defeats him easily later he tells Shorter he got the idea to challenge the other guy because of him “I didn’t decide to go easy on him but I know how thanks to you” (pg. 83). Ash informs Shorter. This causes Shorter to become rather scared of Ash.

Later its revealed Ash faked sexual interest in one of the other juvie boys to find out if Frankie was actually an assassin sent to kill him. Shorter calls him out for being a user to which Ash gets testy and reminds the other boy Ricardo wanted to use him for sex. Shorter retorts with “Don’t play games with people’s feelings! Cuz if you do that- you’re no different from those assholes you hate!” (108). this seems to be something Ash kind of forgets later on, but this exchange causes Ash to reveal his honest feelings about being objectified, which Shorter listen’s to. I know fans get wrapped in how special Eiji is to Ash and I’m not denying that however Eiji was not the first person to treat Ash with kindness, it was actually Shorter who was the first person to treat Ash like a person. Shorter was the first guy who listened to Ash and dared call him out.

“Angel Eyes” characterizes Shorter as the kind of guy who tries to be practical, but due to his compassion often goes against what makes sense in favor of what he believes is right. This trait of Shorter’s shows up again in Banana Fish vol 4. It’s revealed here that Shorter works under the Chinese Mafia. Hua lee asks Shorter to spy on Ash and his group. “Forget it Ash is my friend and I don’t stab my friends in the back!” (146 pg.) he declares. However, Shorter does agree to work with the Lee’s because Hua gets in his head. “Beautiful words but remember Ash is a white punk and you and I share the same proud heritage” (146). This is important because it seems to imply Shorter’s has a misplaced sense of nationalism.

This is further elaborated on in a conversation between Yut Lung and Shorter, where Yut reminds Shorter of the bloody history of the Chinese families in power. “Often of their own relatives their own children our ancestors in the ruling family of the Ching Dynasty committed murder and assassination” (153). As I stated in my previous piece “The Flying Boy and the Snake” Yut often acts as a guide that encourages other characters to look at the less pleasant aspects of their situation. This suggests that Shorter views his own cultural heritage and the Chinese Mafia in an idealized way. He does not see the complexities of a very complicated cultural history with both good and bad points. Shorter’s idealization is further emphasized by him telling Yut they like Eiji “Because he’s innocent and honest” which is actually a really simplistic view of who Eiji is as a person.

Shorter’s reaction is to pull a knife on Yut because once he finds out the Lee’s are working for Dino his image of them shatters. “I was raised to respect you! To look up to the Lee family” (180). It’s implied that Shorter and his family as American immigrants wanted to view someone as being on their side. “It’s because of the Lee Family that we can be safe here. That we can live and put down roots in this feign soil because the Lee’s are here to protect us” Shorter laments. Though Shorter, Banana Fish seems to express a kind of wary ness towards the idea of complete loyalty to one’s own kind at the expense of everyone else. The Mob is the mob and cultural heritage doesn’t erase that Banana Fish argues. “You’re no better than Papa Dino! Just another Mob! Leeches who live off the blood of others” (181) Shorter declares. These are the kinds of loyalties that bind gangs and mafia together blood, and where you come from your ethnicity from are often manipulation tactics used by those in power to control and use others to their benefit.

Shorter despite dying horribly does so because he goes against what he was taught for the first time in his life. “I’ll protect Eiji with my own life. I won’t let them hurt him”(pg. 31) Shorter declares in vol 5. Trying to protect Eiji no matter how fruit ness it seems is all he can do at this point. While he ultimately fails to shelter Eiji and has him forcefully snatched from his arms. This does show that Shorter has learned the hard way to place friendship above nationalism.

Though unintentionally or not there’s still kind of a flawed ideology in the fact Shorter vows to an unconscious Eiji he’ll kill him to preserve his innocence. “If Dino tries to make you into his pet I’ll take you out before you know what’s happening” (69). Shorter has more traditional values and maybe that’s the point. Shorter’s death maybe a symbolic representation of older pro mafia attitudes rooted in nationalism and blood ties dying out.

After a couple of re watches and rereads of the manga, I realized Sing had to be brought in because despite being Shorter’s successor. Sing Soo ling does things differently from Shorter. Sing offers to team up with Ash’s former gang members to take Dino’s manor. “Our suits did a deal with Dino Golzine but that’s got nothing to do with us” (pg. 179). While Shorter idealized the Lee’s, Sing refers to them as the suits viewing them as a kind of beaurcracy whose dealings are far removed from his gang.

He also shows himself to be more practical then Shorter wanting to actually make a plan before attacking Golzine’s manor. “We’re here to rescue our respective bosses. If we don’t know where we can attack from and how to get out we’ll just die like dogs. And I sure as hell don’t plan on committing mass suicide with you guys” (pg. 50). Sing informs them. Later when he’s told Ash killed Shorter, Sing wants to wait to hear Ash out and receive an explanation. When Ash won’t give him one Sing reverts to rules of the street and tries to take him out.

Later when Sing joins Yut in his helicopter he admits they only reason he put up with the Lee’s bossing them around was out of respect for Shorter. “Because we’re sick and tired of em that’s why! The old guys and all their deals (172). In contrast to Shorter who in Yut’s own words respected his elders. Sing has a disgust for a traditional older generation who he finds oppressive due to their backroom deals that screw people like him and Shorter over.

It’s also of note how Sing behaves towards Yut in contrast to Shorter. While Shorter agreed to obey Yut because of his name and showed subservience towards him at first. His protégée flat out questions Yut a lot. “Or do you just think the lower class doesn’t need know?”(128). In Vol 9 Sing tells Yut “Look I know you saved before but that doesn’t mean you can tell me what to do with it (Pg. 74). Sing is fine working with Yut but he doesn’t want to be his lackey and makes that very clear. When Yut is taken hostage by Eiji in vol 10. Sing goes after them in contrast to Yut’s bodyguard who yells that he’s going against master’s orders. Sing chooses to save rather than obey by going after them. “In case you never noticed I don’t take orders from him!”(pg. 18).

However Sing shares Shorter’s sense of compassion when he realizes Yut wants Eiji to shoot him he tries to communicate with him only to be shut out and told to leave. Sing responds by saying “Easy to say, harder to do” (pg. 31). This implies he doesn’t want to leave Yut but realizes that Eiji is running around a dangerous neighborhood at night and that takes priority. Sing saves Eiji from attempted rapists and nurses him back to health, giving him a safe place to stay. He also saves Yut again later on from an assassin even after he’s cut ties with him.

In vol 13 Sing later follows in Shorter’s footsteps by going against Yut when he finds out he’s working with Golzine. “ If your going to keep up this little partnership of yours- I might end up giving that Japanese kid some backup”(pg. 95). However, it’s not so much a sense of morals it’s more of a street code. If Yut wasn’t working with the guys who killed Shorter I honestly doubt Sing would care. “ Golzine’s the one who was giving Arthur orders and he’s the one who gave Shorter that drug”(pg. 95) Sing emphasizes. I just want to point out it’s not a conflict of morality but one of interests between the two of them. Sing likes Yut but he has obligations as boss to avenge Shorter. Sing’s role as boss often conflicts with his personal feelings. He is obligated to fight Ash to avenge Shorter in the eyes of his gang and must perform this function. Yet its clear Sing does not want to fight Ash not only because he doesn’t want to die but as Sing tells Lao in vol 14 “ The only one who can keep a lid on the downtown turf is Ash got that!” (pg. 53). Sing is the out of all the main bosses the one who thinks of the bigger picture beyond revenge and basic power plays.

Sing is much more concerned with the safety of his gang. Later in vol 15 he wakes up at Ash’s hideout and his first concern is his guys even though Sing himself is injured. “ Because it ain’t your buddies that’re gonna be skinned alive!”(pg. 117). This takes priority for him over who has the most power or pursuit of revenge. Unlike the Lee’s Sing cares about his own people even though it’s never at the expense of other individuals. This is what turns him aginst Yut since the other boy targets others out of jealousy. However unlike Ash, Sing does not pursue revenge in the end. As depicted in vol 16, when Ash gives Sing an out not to fight him Sing takes it. He also can’t bring himself to shoot Yut lung in vol 18 despite his betrayal. “ Cuz your hurt your soul’s bleeding even now”(174) Sing says.

Interestingly enough, Sing claims he too is responsible for the invasion of China Town “ But the bad blood between us created an opening for the Vietnamese and Arbs and I guess that’s my fault as well as yours”(171). This suggests that Banana Fish lays the blame of corruption at the feet of feuding authority figures and that maybe Sing’s rule of the street. As Sing reminds Yut like it or not “ Your still our leader” and convinces the lee heir to help him fix China town since “ China towns gone to the dogs people can’t even walk around safely in broad daylight”(173). These are the reasons it’s Sing and not Shorter who is the one to repair China town. Shorter is a relatively good person, at least by these series standards with a lot of empathy. However he was too willing to bend to the Lee’s whims and never question and challenge anything they did. Even before Shorter is injected with Banana Fish it’s heavily implied he’s given up hope entirely. Thinking the best scenario is for him to kill Eiji and then himself. Shorter exits being used as a tool to get to Ash and anger him being put down like a dog to end his suffering. Sing represents a newer generation that didn’t absorb fully nationalist ideas and loyalty to the mafia. 

While he does still value his own ethnic group and their needs he questions whether the Lee’s are what’s best for the citizens of China Town. Even when he’s willing to work with Yut, Sing makes it clear he’s not going to be a blind lacky. Sing when faced with the messy reality of Chinatown crumbling due to his and Yut’s feud tries to repair the rift between them. He is in the position do something since Sing post phoned and eventually decided not to die because of some honor bound purpose. At the end of the day Sing chooses to survive, repair and unite the different fractions for a common goal. However Sing was very much inspired by and driven by the empathy, sense of responsibility and love he learned from Shorter these are the same lessons Sing teaches Yut. I think both Shorter and Sing have their flaws and both bosses ideologies loyalty to one’s own kind above all else and street code can both be downright be toxic when taken to extremes but I think both are equally well written characters and important to understanding Banana Fish’s theme of unity in the face of oppression.

Citations Yoshida, Akimi. Banana Fish Vol 3. Shogakukan inc,1987 Yoshida,Akimi.Banana Fish Vol 4. Shogakukan inc,1987 Yoshida,Akimi.Banana Fish Vol 5. Shogakukan inc,1987 Yoshida,Akimi. Banana Fish Vol 6. Shogakukan inc,1987 Yoshida, Akimi. Banana Fish Vol 9. Shogakukan inc,1987 Yoshida, Akimi. Banana Fish Vol 10. Shogakukan inc,1987 Yoshida, Akimi.Banana Fish Vol 13. Shogakukan inc, 1987 Yoshida, Akimi. Banana Fish Vol 14. Shogakukan inc,1987 Yoshida,Akimi.Banana Fish Vol 15. Shogakukan inc, 1987 Yoshida,Akimi.Banana Fish Vol 16. Shogakukan inc, 1987 Yoshida,Akimi.Banana Fish Vol 18. Shogakukan inc, 198

Crunchyroll Expo 2019

This is mainly in response to the things I heard at the feedback panel. 1. I have so much sympathy for the staff who were the panelists. I also hope they don't give too much weight to the criticisms they heard there. The panel seems to self-select for the most obnoxious tone-deaf non-central attendees, given that the vast majority of attendees were enjoying themselves elsewhere, instead of bombarding the staff with their hare-brained suggestions. 2. From what I experienced, Crunchyroll Expo has a distinct identity as a large anime convention: succeeding strongly where Japan Expo USA failed, as a convention centered around professional guests, and even moreso around guests from Japan. I'd say all of the panels were associated with people working in the entertainment industry in some form. Thanks to the Crunchyroll origins, they had the connections to be credible to the Japan guests, the clout and name recognition to attract attendees early on, the capital to fund the production value, and very importantly, the local expertise to much better handle location logistics than JXUSA could. I quite like this distinct identity, and CRX shouldn't stray too far from that. It's not Fanime, PAX, or SacAnime, and it shouldn't try to be. There were lots of suggestions at the feedback panel for more community events, and I wouldn't want the con to go too far in that direction. Keep gaming centered on Japanese arcade stuff, with maybe some Japanese game E-sports, but don't go full LAN party with any games allowed. Add a tabletop room, but don't let just any American/US game be there, try to introduce attendees to specific Japan-associated games, like hanafuda, kabufuda, or karuta-based games, and the few translated Japan TTRPGs. The point is, CRX is a con where attendees are funneled towards learning new things about Japan's entertainment industry, through industry professionals, and to experience new anime. Don't let things non-central to that take up too much air. Again, the vast majority of people weren't attending that feedback panel exactly because they were enjoying all of the central content of the con, so the people complaining about the con not being about other stuff, trying to turn CRX into other cons, were atypical attendees. 3. On that note, I was very impressed by the breadth of industry aspects showcased. Previous cons tended to be actor-focused, both in guests and in which panels were popular with attendees. Thanks to work by sakuga enthusiasts, especially the folks behind Sakugabooru, lots of people are paying more attention to technical staff. CRX, too, did a great job making the case to prospective panel attendees why they should be excited to see these guests. The moderators would give the audience context, and the guests themselves would often be just as excited to see the clips of their own work, giving them inspiration for commentary to make, and the live drawings, of course, were just great. Major kudos to the moderators, in general. You could tell that they were all passionate about their guests, had thought really in-depth about the questions to ask, and they often had a nice chemistry with the guests, which helped bring out some less stiff answers than might be expected. (Translator quality varied as usual, but I know that the guests are usually bringing their own, and not something CRX can control. And there were certainly some stellar translators there, too.) But yeah, breadth. There were directors, producers, animators/storyboarders/character designers, mangaka, all sharing their special insights, and I was very pleased by how much music content there was, as someone who tends towards that part of the industry. The only aspect that was arguably underrepresented would be writers (script writing/series composition for shows, or LN authors). 4. I was also very impressed by the scheduling. Guests were almost all slotted for 2-3 events, and events overlapped so that if I missed a particular guest on one day, I could catch them at another event at least once on another day. As with the previous point, the way the breadth was overlapped was that even if I attended all of the music-related panels, I was still attending panels for all of the other aspects of the anime creation process throughout the day. Very excellent scheduling. The only panels that I missed (weeping for missing Junji Ito's kitties) were because I let my guard down after Friday, and didn't camp for some events that ended up full room. And even then, those few panels probably didn't need insane amounts of camping, either, just 15-30 mins. That's a heavenly amount of camping, when I'm used to having to block in 2 hours before anything I want to attend, at other cons. Thanks very much for the large capacities afforded to every panel. 5. Criticism: screenings, of all things, should not ever go off schedule. Panels, I can understand, because panellists might run late, but there's no reason for a screening to start late, unless there was technical difficulties. I had scheduled a particular screening which would end 15 minutes before the next panel I would attend. Instead, the screening started over 15 minutes late, and I missed a good chunk of the end because I had to leave for that other panel. Luckily this screening was for something already released in the US, so I'll be able to finish the movie, but there were a few unique premiere screenings at the con, and that room being off schedule could have soured other attendees' experiences a lot more than it did mine. 6. Minor criticism: The app wasn't accessible on my phone. I was able to get by with internet, as new schedule content was added on the website as well (and thank you for that!), but I wouldn't get updated time stamps as the app users did. Please don't assume that everyone has the newest OSes when writing the app in the future. My phone isn't even that old, only a couple of years. On that note, I wasn't thrilled with the format of the schedule. With the way everything overlapped in offset intervals, sometimes it wasn't obvious where events in different locations were in relation to each other, and I did miss some panel content once because I had misread the time, due to how the single-column scrolling obscured the amount of overlapping. The location filters do nothing to help with that. I understand that a traditional spreadsheet timetable (location columns, timestamp rows) isn't sexy aesthetics, and has very unsexy horizontal scrolling in a smartphone context, but that's actually where the oversized newspaper con guide could shine, or in a traditional booklet, a foldout insert. (Btw, I thought that the newpaper con guide was fine. It gives more space and bigger font size for reading accessibility, and was likely cheaper to print and assemble than a booklet, which needs glossy paper, more pages, stiffer folding, and required stapling.) 7. Very minor criticism that CRX may not be to control: as said before, I tended towards the music content of the con, but only Flow had their music on sale at the con. So there would be all of these artists promoting their work, and I'd be fired up about them after their panels...but there would be nowhere in the con for me to throw money at them. I understand that bringing stuff to sell is on the artists, but maybe coordinate some sort of "music guest merch" table somewhere, so that the logistics burden for selling products is lowered for all of them? Anime NYC did it for their Anisong Matsuri lineup last year, where there was a single merch table, manned by a few cashiers for all of the artists there, so that each artist didn't have to provide their own sales staff, and shipping costs of importing the stuff was also reduced because of consolidation. Even for artists who don't have physical CDs, they could do something like sell a code to redeem the purchase later. But yeah, overall, I had a great time at the con! I learned a lot, laughed a lot, danced a lot, and what more can you ask for?

More Fun Facts

Author’s Note(s):

Story title is referencing the piece I wrote immediately before this one (Fun Facts). If you dislike themed names for meta series, well, I guess you will just have to dislike the title. It wasn’t chosen to offend you. It was chosen to please me.

I am presenting just a list of information. Any conclusions that you come to using the information are your own. Any emotions you feel about those conclusions or the information contained on the list are your own. Conclusions which may be drawn from presented information are not particularly friendly towards certain characters, because canon isn’t particularly friendly to them.

I strongly remind all readers that you are free to conclude whatever you wish from the information listed below. That freedom also extends to ignoring it if that is what would make you feel better. Choosing to ignore it does not require me to do so as well.

Note to All Maximoff Stans/Apologists: I understand that you dislike how your favorites have been portrayed by the MCU. This is understandable, as they are barely recognizable as versions of themselves from other runs of Marvel-verse. I am not the one you should be angry with, however. If you feel that either Maximoff is being “demonized” by the information on this list, I apologize but also empathize that I did not have any part in writing this run of canon. Arguing with me will not change canon.

Content Warning: This list contains references to a lot of disturbing topics such as human experimentation, terrorist organizations, and weapons. Reader discretion is advised beyond this point.

Wanda & Pietro Maximoff were adults when they volunteered for Wolfgang von Strucker’s experiments. The twins knew that other volunteers were dying and they still wanted their turn.

While no attempts were made to hide the bodies from the inhabitants of the base, it is possible that they somehow missed how the other volunteers disappeared to never be seen again. (Not logical, still possible.)

At the very least, the twins later demonstrate no surprise that they were the only survivors of the experiments.

The twins’ stated motivation for everything is not wanting to help Sokovia or the people living there. It was revenge on a single individual for something that had happened when the twins were ten.

Helping Sokovia was a possible motivation put forth by people researching what could be found on the twins when they were not brought into custody with the rest of the base’s personnel. As such, it does not override what the twins said about why they were doing things.

Wanda & Pietro Maximoff knew Wolfgang von Strucker was working for Hydra and was pursuing Hydra’s goals. None of this was hidden from them nor were the twins led to believe something different about the goals of the people they were working alongside.

None of the conversations shown about Hydra and the water-cooler style gossip about their plans among personnel show any attempt at secrecy, indicating that there was no worry about scaring off anyone who might be wandering around the base.

Even if the twins somehow did not hear any of the open discussions going on around them prior to submitting the experimentation, by her own admittance, Wanda’s telepathy does not allow for ignorance of who they were working with & for. Her exact words were “all men show themselves” after she demonstrated surprise that she had met a person whose mind she couldn’t read.

Wanda & Pietro Maximoff were not captives or brainwashed. While human experimentation involves a certain degree of pain and dehumanization, none of it was done without their ongoing consent.

The twins are shown being able to come and go from the facility, being treated as trusted allies with the same freedom of movement as other inhabitants of the base.

Wanda is shown being able to remove the influence of the scepter without the need to resort to "cognitive recalibration” methods.

Neither Maximoff show any sign of the Mind Stone’s control, which has a visual display.

Neither twin exhibits any fear of the other people in the Hydra base nor did they demonstrate any surprise at the automatic response to the morale callouts that the other personnel present participated in.

Both Wanda & Pietro Maximoff were trained to the extent that they were considered to be field ready. Hence why they were allowed to stay in the  combat during the Avengers’ raid of Wolfgang von Strucker’s base in Sokovia.

While deployment against the Avengers was discussed as a reasonable action to take, the twins actually elected to join the fight without being ordered, rendering said discussion as moot. During said combat, they successfully take on three out of six Avengers, nearly killing one. Only a desire to make him suffer prevented the death of another.

The twins had a reputation outside of Hydra. That reputation was attributed to someone else’s firsthand experience of a demonstration of the twins’ abilities.

Both twins were able to use their abilities in chaotic situations and distracting environments with an ease that speaks of experience. Even under emotional distress, Wanda is able to do precision work.

Wanda Maximoff has enough control over her mental manipulation ability to successfully control several blocks worth of people as mindless puppets at the same time. This is considered her main power, not the psychokinesis that allows her to blast things.

Both Wanda & Pietro Maximoff are capable and willing to leave a situation in which someone wants them to use their abilities for a cause or goal they do not believe to be worth it. Hence why they decide to not work with Ultron once they determine that he is planning to annihilate all of mankind, no exceptions, instead of just the Avengers.

At no point does either twin demonstrate regret or remorse for having willingly worked with first Hydra and then Ultron.

Neither twin demonstrate regret or remorse for having attacked and (in some cases) nearly killed the Avengers.

Wanda Maximoff does not demonstrate any regret for having forcefully violated the mental autonomy of the Avengers or that of the multiple individuals referenced as being potentially permanently locked in their nightmares due to her violation of them.

Wanda Maximoff does not demonstrate remorse for having forcefully triggered the Hulk and then violated the Hulk’s entire being (which had canonically shown as protective) by setting him to destroy a city. This is particularly noteworthy as Bruce was not a combatant at the time she targeted him. She specifically sought him out to do this because she “wanted the big one”.

The only authorized purchaser of Stark Weapon Tech was the United States Military Forces. All other organizations or individuals had to have gained the weapons through the black market trading done by Obadiah Stane.

SHIELD falls under the control & command structure of the United States government. This could logically include using resources gained in any defense contracts held by the US government. In sharing the resources, Hydra would also have access to the resources gained from these same contracts.

Hydra had an interest in encouraging the civil unrest of Sokovia. There is no evidence that they did anything more than enjoy the fruits of the opportunity, but they certainly did have motivation to do so and such things are often a part of Hydra’s toolbox.

Repeating for emphasis: there is no canon evidence to suggest that Hydra caused or participated in the Sokovian Civil War, even if they did benefit from the Sokovian Civil War happening.

Also, it is a historical fact that the United States (not individual contractors) sold/loaned weapons and other military sundries to allied countries during various conflicts, including the Vietnam and Korean Wars. While the weapons were supposed to be returned at the end of the conflict, it was not uncommon (in the real world) for various generals and political leaders to sell the weapons to other forces in order to line their own pockets, leading to US military equipment showing up in unexpected places far from where it was originally sold.

Between 1990 and 2018, the United States Armed Forces have not been involved in any conflict which could logically have included the area between Czech Republic & Slovakia where Sokovia would be located if it existed.

Howard & Maria Stark died on December 16, 1991. There is a significant gap of time between this date and Tony Stark taking over Stark Industries as CEO from Obadiah Stane (who stays on the Board as CFO, which allowed him to start/continue his illegal sell of weapons).

Czech Republic is nestled between Germany and Poland. Slovakia is (in real life) the country that borders Czechia to the south-southeast. Sokovia is canonically between these two countries.

The closest real world armed conflict with authorized US involvement during this period (1990-2018) takes place in Serbia, on the other side of Hungary which is on the other side of Slovakia.

All these countries are placed in the Balkans, for those readers who aren’t familiar with the layout of Eastern Europe.

Historical evidence suggests that the US was likely not involved in the Sokovian Civil War at any point.

A civil war is when a country is drawn into a significant conflict with two (or more) internal forces. While outside forces may become involved at the request of one or mores sides, most external organizations try to stay uninvolved since all sides of a civil war belong to the same country.

Tony Stark was considered the foremost weapons designer for many reasons. Primarily, because the malfunction risk was negligible on anything he allowed out of his lab and should any malfunction be reported, SI investigates the reason and recalls any known defective tech. Weapons built to those designs and not tampered with were guaranteed to work every single time. No weapon jams; no missile duds. If he creates a weapon, it is going to let the user kill their target every single time.

That being said, Tony Stark is not the sole population of Stark Industries R&D department. Stark Industries is a multi-national company with employees around the world and a diverse number of interests. The R&D department cannot logically be a single person, especially a single person who is also functioning as the CEO for the company as well as lecturing at science conventions.

Answer to a Repeated Question: Facts are drawn from the movie Avengers: Age of Ultron; the comic tie-ins with particular focus on Avengers: Age of Ultron Prelude - This Sceptre’d Isle; and real world historical facts. If you have any question about the canon, feel free to review it at your leisure.

Final Reminder: Once again, I remind all readers that you have the freedom to ignore presented information if you are uncomfortable with it, regardless of why you are. You don’t have to attempt to validate that decision or justify having a conclusion that isn’t entailed by this information. No, I am not required to explain these things further to you. No, I am not required to justify my tone or provide a conclusion for you.

Edited (2/28/2018): Clarifications of points; addition of subpoints; addition of Read More line Edited (3/13/2018): Stronger reminder that ignoring these facts are fine Edited (6/12/2018): Reworked opening notes; Note to Maximoff Stans/Apologists added; clarification of points Edit (8/17/2019): Addition of subpoints for clarification purposes; Addition of links

(Via: Hacker News)

By:

Linus Torvalds

([email protected]), January 3, 2020 6:05 pm

Beastian ([email protected]) on January 3, 2020 11:46 am wrote: > I'm usually on the other side of these primitives when I write code as a consumer of them, > but it's very interesting to read about the nuances related to their implementations: The whole post seems to be just wrong, and is measuring something completely different than what the author thinks and claims it is measuring. First off, spinlocks can only be used if you actually know you're not being scheduled while using them. But the blog post author seems to be implementing his own spinlocks in user space with no regard for whether the lock user might be scheduled or not. And the code used for the claimed "lock not held" timing is complete garbage. It basically reads the time before releasing the lock, and then it reads it after acquiring the lock again, and claims that the time difference is the time when no lock was held. Which is just inane and pointless and completely wrong. That's pure garbage. What happens is that (a) since you're spinning, you're using CPU time (b) at a random time, the scheduler will schedule you out (c) that random time might ne just after you read the "current time", but before you actually released the spinlock. So now you still hold the lock, but you got scheduled away from the CPU, because you had used up your time slice. The "current time" you read is basically now stale, and has nothing to do with the (future) time when you are actually going to release the lock. Somebody else comes in and wants that "spinlock", and that somebody will now spin for a long while, since nobody is releasing it - it's still held by that other thread entirely that was just scheduled out. At some point, the scheduler says "ok, now you've used your time slice", and schedules the original thread, and now the lock is actually released. Then another thread comes in, gets the lock again, and then it looks at the time and says "oh, a long time passed without the lock being held at all". And notice how the above is the good schenario. If you have more threads than CPU's (maybe because of other processes unrelated to your own test load), maybe the next thread that gets shceduled isn't the one that is going to release the lock. No, that one already got its timeslice, so the next thread scheduled might be another thread that wants that lock that is still being held by the thread that isn't even running right now! So the code in question is pure garbage. You can't do spinlocks like that. Or rather, you very much can do them like that, and when you do that you are measuring random latencies and getting nonsensical values, because what you are measuring is "I have a lot of busywork, where all the processes are CPU-bound, and I'm measuring random points of how long the scheduler kept the process in place". And then you write a blog-post blamings others, not understanding that it's your incorrect code that is garbage, and is giving random garbage values. And then you test different schedulers, and you get different random values that you think are interesting, because you think they show something cool about the schedulers. But no. You're just getting random values because different schedulers have different heuristics for "do I want to let CPU bound processes use long time slices or not"? Particularly in a load where everybody is just spinning on the silly and buggy benchmark, so they all look like they are pure throughput benchmarks and aren't actually waiting on each other. You might even see issues like "when I run this as a foreground UI process, I get different numbers than when I run it in the background as a batch process". Cool interesting numbers, aren't they? No, they aren't cool and interesting at all, you've just created a particularly bad random number generator. So what's the fix for this? Use a lock where you tell the system that you're waiting for the lock, and where the unlocking thread will let you know when it's done, so that the scheduler can actually work with you, instead of (randomly) working against you. Notice, how when the author uses an actual std::mutex, things just work fairly well, and regardless of scheduler. Because now you're doing what you're supposed to do. Yeah, the timing values might still be off - bad luck is bad luck - but at least now the scheduler is aware that you're "spinning" on a lock. Or, if you really want to use use spinlocks (hint: you don't), make sure that while you hold the lock, you're not getting scheduled away. You need to use a realtime scheduler for that (or be the kernel: inside the kernel spinlocks are fine, because the kernel itself can say "hey, I'm doing a spinlock, you can't schedule me right now"). But if you use a realtime scheduler, you need to be aware of the other implications of that. There are many, and some of them are deadly. I would suggest strongly against trying. You'll likely get all the other issues wrong anyway, and now some of the mistakes (like unfairness or [priority inversions) can literally hang your whole thing entirely and things go from "slow because I did bad locking" to "not working at all, because I didn't think through a lot of other things". Note that even OS kernels can have this issue - imagine what happens in virtualized environments with overcommitted physical CPU's scheduled by a hypervisor as virtual CPU's? Yeah - exactly. Don't do that. Or at least be aware of it, and have some virtualization-aware paravirtualized spinlock so that you can tell the hypervisor that "hey, don't do that to me right now, I'm in a critical region". Because otherwise you're going to at some time be scheduled away while you're holding the lock (perhaps after you've done all the work, and you're just about to release it), and everybody else will be blocking on your incorrect locking while you're scheduled away and not making any progress. All spinning on CPU's. Really, it's that simple. This has absolutely nothing to do with cache coherence latencies or anything like that. It has everything to do with badly implemented locking. I repeat: do not use spinlocks in user space, unless you actually know what you're doing. And be aware that the likelihood that you know what you are doing is basically nil. There's a very real reason why you need to use sleeping locks (like pthread_mutex etc). In fact, I'd go even further: don't ever make up your own locking routines. You will get the wrong, whether they are spinlocks or not. You'll get memory ordering wrong, or you'll get fairness wrong, or you'll get issues like the above "busy-looping while somebody else has been scheduled out". And no, adding random "sched_yield()" calls while you're spinning on the spinlock will not really help. It will easily result in scheduling storms while people are yielding to all the wrong processes. Sadly, even the system locking isn't necessarily wonderful. For a lot of benchmarks, for example, you want unfair locking, because it can improve throughput enormously. But that can cause bad latencies. And your standard system locking (eg pthread_mutex_lock() may not have a flag to say "I care about fair locking because latency is more important than throughput". So even if you get locking technically right and are avoiding the outright bugs, you may get the wrong kind of lock behavior for your load. Throughput and latency really do tend to have very antagonistic tendencies wrt locking. An unfair lock that keeps the lock with one single thread (or keeps it to one single CPU) can give much better cache locality behavior, and much better throughput numbers. But that unfair lock that prefers local threads and cores might thus directly result in latency spikes when some other core would really want to get the lock, but keeping it core-local helps cache behavior. In contrast, a fair lock avoids the latency spikes, but will cause a lot of cross-CPU cache coherency, because now the locked region will be much more aggressively moving from one CPU to another. In general, unfair locking can get so bad latency-wise that it ends up being entirely unacceptable for larger systems. But for smaller systems the unfairness might not be as noticeable, but the performance advantage is noticeable, so then the system vendor will pick that unfair but faster lock queueing algorithm. (Pretty much every time we picked an unfair - but fast - locking model in the kernel, we ended up regretting it eventually, and had to add fairness). So you might want to look into not the standard library implementation, but specific locking implentations for your particular needs. Which is admittedly very very annoying indeed. But don't write your own. Find somebody else that wrote one, and spent the decades actually tuning it and making it work. Because you should never ever think that you're clever enough to write your own locking routines.. Because the likelihood is that you aren't (and by that "you" I very much include myself - we've tweaked all the in-kernel locking over decades, and gone through the simple test-and-set to ticket locks to cacheline-efficient queuing locks, and even people who know what they are doing tend to get it wrong several times). There's a reason why you can find decades of academic papers on locking. Really. It's hard. Linus

Original Post from SC Magazine Author: victorthomas

MDM strategies: An embarrassment of niches

It is Christmas Day at 2 a.m. and a new mobile device just connected to your network. Your servers are configured to send a text message to alert you when new devices connect, so you immediately know that something has happened. But you have no policy that requires that new devices be configured with mobile device management (MDM) software before they are allowed to connect so you don’t know if this is an employee playing with their new smart phone or an actual attack. Do you get up and troubleshoot the alert or go back to sleep? This scenario plays out all day every day for security professionals and it is only getting worse.

With mobile and cloud growth soaring and new requirements such as the European Union’s General Data Protection Regulation (GDPR) forcing CISOs to better control access to data, regardless of the physical location of the data or company, mobile device management (MDM) has never been more essential. In some cases, however, it is too popular, with some enterprises housing a dozen or more MDMs, which itself creates new security holes.

Having too many MDMs is only one of the implementation problems that cause anxiety for mobile security experts. Other concerns include wearables being ignored, a lack of consistency and implementation processes that simply make life more complicated than is needed for CISOs, and the practical problems with a bring-your-own-device (BYOD) environment, which itself will force changes to IT’s favorite after-the-fact defense of a mobile remote wipe. And then there are questions about whether CISOs are focusing too much on devices and ignoring the more crucial data and applications. Sometimes CEOs like to weigh in on MDM policies, which is rarely a good thing.

Rob Smith, a London-based research director for Gartner, argues that the biggest concern he has about how Fortune 1000 CISOs uses MDM is that they think through their needs insufficiently, preferring to purchase whatever toprated software they can find and hope it does the job.

“The number one thing they are getting wrong is buying products without knowing what they are using it for, without knowing their use case,” Smith says. “They buy one product and expect it to do everything.”

Smith counsels CISOs to focus on four areas before exploring MDM options:

• Who is the user and what is their role?

• What is the device and who owns it?

• What kinds of apps and data do they   need to access?

• Where in the world are they located?

Different regions have different rules about data protection, Smith says, above and beyond GDPR. “Data for England and Wales can only be stored in England and Wales,” Smith says, adding that even the much-beloved mobile remote wipe might have to be rethought.

The issue with mobile remote wipe is the question of device and data ownership in a BYOD situation. A common kneejerk response to a missing device that is suspected of being stolen is to wipe everything right away. Sort of a “destroy first, ask questions later” approach. But does IT have the right to wipe clean all of that personal information? “Even if IT thinks they have the right because of [an employee agreeing to such wipes due to a form with] a click through, click throughs never hold up in court. [IT] needs a physical release form,” Smith says.

Rob Smith, research director, Gartner

Even physical release forms might not always do the trick, as European courts often insist on a knowing agreement that is non-coerced. Insisting that an employee sign such a form to get access to essential databases might not be considered a true choice in the eyes of the court.

On remote wipe, Forrester Research Analyst Andrew Hewitt adds that companies need to partition off corporate content and use MDMs that support full-device as well as selective wipe, allowing them, in theory, to obliterate only corporate content. That should avoid the legal complications of destroying employee personal data.

But Gartner’s Smith also says that he is very concerned with how many MDMs enterprises have these days. In Gartner surveys of the Fortune 500, Smith says they found that “29 percent had three or more and one guy had 10 different products in production. How do you get to three — forget 10?”

He says there are quite a few reasons a company can accumulate more than 10 MDMs. First, there are inherited software licenses from acquisitions. Second, companies will purchase different MDMs for different operating systems (getting an Apple-specific MDM, for example, is common) along with some for different geographies and different kinds of apps. CISOs seem to be burdening their MDM strategies with an embarrassment of niches. Smith argues that any number of MDMs greater than three is a problem.

Forrester’s Hewitt says that he sees most companies with about four to five MDMs and he also says he would strongly prefer an enterprise to use no more than three. “I don’t think they really need [more than three]. The technology has advanced quite a bit,” Hewitt says. “The best enterprises are doing this with one and maybe two MDMs.”

Avery Chipka, the chief security officer at the Circle Technology Collective International in Rutland, Vt., is willing to tolerate clients having far more MDMs, although he does have a ceiling. “I start having concerns when the number is above 10. When it’s more than 15, something needs to be done about it,” Chipka says. He stressed that having so many MDMs can cause confusion and make it far more difficult to track users.

Sometimes an employee will have “one profile as an executive, another for creative, [and] another if they are doing sales. An individual can only serve so many roles. Does each person really need a separate account for every email account?” Chipka asks. “During an acquisition, MDM profiles are one of the first things IT should be looking at. How many people didn’t make it through the acquisition?” he asks, adding that removing those accounts should be a priority. This is even more important given that some of those who are let go might be quite unhappy about it.

Ajay Gupta, program chair for computer networks and cybersecurity, University of Maryland; CEO of HSR Inc.

Forrester’s Hewitt sees the plethora of MDMs as its own risk. “It is a security hole because they don’t have a coordinated way to look at that employee so they can get that one view of an employee,” Hewitt says.

Ajay Gupta is the program chair for computer networks and cybersecurity at the University of Maryland and he sees a different security hole from an overabundance of MDMs: Attackers leveraging the fact that many MDMs don’t communicate with each other. “It is possible in that situation that a device could sneak in,” he says. This can happen because each MDM knows that it is not alone. Therefore, it might not necessarily block an unrecognized mobile device, as it can legitimately assume that it is authorized via a different MDM.

Each MDM “has to respect them all. They can’t reject because it’s not recognized because the apps don’t talk with each other,” notes Gupta, who also serves as president and CEO of HSR Inc., a non-profit data security organization in the healthcare industry. “The default is usually to allow access. This is the problem with centralization versus decentralization. This is why standardizing on a smaller subset of vendor tools is just a good idea.”

Chipka says that companies can have multiple MDMs but it must address how they are to coordinate, assuming they can. “Which one takes priority? What happens when you have two platforms and one says allow and one says deny? Each platform has a different way of handling it. For some, ‘deny’ is the overwhelming factor.”

Another MDM concern from Gartner’s Smith is internet of things (IoT). “You put a monitor in a conference room and it happens to be running Android firmware. That’s the kind of device that will completely bypass IT. There are so many proprietary solutions, which is a big part of the IoT problem,” Smith says. “That conference room TV running Android should have [a] mobile threat defense. Then you’re stuck with a coffee maker. IT has to be involved because devices often have external communications, a built-in radio. It could be sending data without your knowledge.”

Part of the IT MDM problem, Smith says, is a lack of training and, as always, budget. “IT is trailing whenever you bring in new technologies. Every IT staff is overworked, but that time [and budget] has to be allocated.  [Corporate] is not budgeting to keep up with new technology. They’re not accurately predicting the operational expenses that will be required. Mobile is chaos, a perpetual rate of change. Don’t be surprised when Apple puts out an iOS update that breaks the system or Google makes a change how data is stored on the cloud. You have to ride the chaos.”

Avery Chipka, CSO, Circle Technology Collective International

Gupta has a suggestion for perhaps using the MDM BYOD problem to shake loose a few more IT dollars. He argues that “this whole mobile management bring your own device” trend is solely “to escape the costs of buying devices. CIOs should ask for that [savings] numbers and use that [for example] $15 million to move into the IT budget,” Gupta says. “Otherwise, the CIO should tell management to post an invitation to every hacker in the world to come into our network because that’s what we’re doing by opening up your network to devices that you don’t own and that you don’t know.”

Gupta says another major MDM problem is the lack of CISO follow-through. “They buy the [MDM] product with a set of expectations that are sometimes unreasonable” and then “no one does training for its actual capability. Maybe you should hire the [MDM vendor] to send their engineers to your facility for a week of training. Real engineers, not sales engineers. If you care about security, you may have to spend the [training] money.”

Chipka points to the ability to identify and track unrecognized mobile devices as a key hole in some MDM systems. He describes one offering that paired MDM tracking with digital security cameras. “Security cameras, when paired with access points and known devices, can be used to identify and record unknown devices’ presence in a building, allowing for the security cameras to intelligently track those signals that it is not able to identify. This is just one of many cutting edge impacts that MDM can have on our future,” Chipka says.

Another concern Chipka has is that some systems default to allowing the user to delete their own profile. Although this would make some access from the phone more difficult, it also gets around legitimate security restrictions that IT wants to impose.

“A good portion of end-users know how to configure their own email. I’ve seen profiles deleted because the person was trying to get around the restrictions we put in place. Most [IT and security staff] don’t bother to prevent removal of the profile devices.” Chipka argues that they need to prohibit any changes that are not done using the administrative panel.

On the flip side, Chipka also complains that IT sometimes will impose too many MDM restrictions, thinking that “because the setting option is there, I have to use it. Just because you can do something doesn’t necessarily mean you should.” As an example of overreach, he points to some MDM systems that control which screen saver the user can select.

Forrester’s Hewitt agrees that some CISOs overreach when making setting selections through MDM. Many are “building way too heavy-handed policies on MDM profiles,” he says, specifying “annoying security practices such as ‘every three months, we are going to change your 6-digit phone password.’”

ABI Research Analyst Stephanie Lawrence says one of her top MDM concerns involves wearables. “Businesses often overlook wearables and forget to add wearables to their EMM (enterprise mobility management)/ MDM plans, particularly as the devices are added after the EMM/MDM is in place, so it is important that these devices are more strongly considered,” Lawrence says.

Today, many wearables have no authentication capabilities, such as the ability to key in a PIN/password or to perform biometric authentication. That should limit those devices from being able to get into a network on their own, analysts warn. But as wearable devices get a larger market share and as their capabilities expand, they almost certainly will ultimately be able to access restricted networks. By that time, it will be too late to go back and generate profiles for all such devices retroactively. Therefore, it is not a bad idea to start adding wearable devices today.

Forrester’s Hewitt sees another MDM problem being an excessive focus on the hardware at the cost of paying too little attention to apps and data, which is more likely where the bigger dangers lurk. “A lot of enterprises believe that MDM is the only thing they need to use for mobile security. They focus way too much on the device side,” Hewitt says. “Let’s say a [registered] phone is jailbroken. There nothing that is protecting them from [a cyber thief] getting that data out.”

Hewitt also says that he is seeing fewer companies using mobile VPNs due to the VPN’s well-earned reputation of slowing down devices. Using cloud security gateways and “traffic inspection are doing [security] in a much faster way” than a traditional VPN could, he says.

A concern of some MDM specialists is a lack of simplicity with deployments. “One of the biggest mistakes we’re seeing in MDM deployments is that they are overcomplicated. Many organizations are rolling out mobile app management or containerization when only mobile device management and monitoring is needed,” says John Sprunger, a senior technical architect with consulting firm West Monroe Partners.

“Another mistake is overbearing deployments,” he continues. “Tech leaders need to ensure that security policies are aligned based on data sensitivity and apps used, not using separate policies for BYOD versus corporate devices. Half-hearted deployments are another issue, as some organizations enforce device enrollment but don’t fully implement or enforce security policies or don’t enforce device enrollment at all, thus allowing a bypass of security policies.”

Peter Meuser is a Munich-based independent IT consultant at iTlab Consulting who also expresses frustration at companies having too many MDMs. Meuser offered tips for determining if your company has too many MDMs.

“You know that you have to reduce the number of MDM instances in your enterprise if you have to carry multiple mobile devices because you do not have the necessary access to all corporate assets from your single device,” he says. “Only one MDM can be the master of your device and control access to backend services. You do not want to build multiple channels into the same datacenter just to support multiple MDMs. Avoid data silos.”

Other indications that a company has too many MDMs, according to Meuser, include, “your operations and support teams are not able to develop the necessary deep skills to drive your mobile workforce at the edge of innovation because they spent most of their time trying to organize external vendor support they depend on for all these different MDM solutions. These days, qualified MDM engineers are a rare species. Or you are doing the same thing with different tools?”

Why should you manage thousands of iOS devices with multiple MDMs, Meuser asks rhetorically. Choose the best one for your situation and then unify across all subsidiaries. But remember, not every MDM is the right product for every use case. For example, he says, there is a story about Microsoft integrating Jamf, a management application for Apple products, with Microsoft’s own Intune for macOS management. Apparently, he notes, Microsoft had no other thirdparty macOS MDM product to integrate into Intune so that was the company’s only option. Ultimately, Meuser says, JAMF dropped its Android support to focus only on Apple’s operating system.

There are other examples where niche MDM products gained a foothold because of their specialized capabilities, he notes.

Meuser’s also suggests that you need to reduce your number of MDMs when “all of your bigger subsidiaries run their own MDM system because the products are not able to carry the combined load or does not offer the necessary separated administration.”

Stephanie Lawrence, research analyst, ABI

Meuser also complains of CEO involvement, which can undermine MDM goals. “Stories like this often begin with: ‘Why can’t I have these Office apps on my corporate iPad? Even my son is able to install them on my private device. Why is our IT not able to do this and why is security blocking all innovations?’

“It’s not all about installing just a small app but introducing a whole service to the IT infrastructure,” Meuser says. “The mobile device is what your boss sees, MDM is the middleware to connect the device to the backend services. If the backend services are not well implemented and integrated, MDM can’t fix what’s broken.”

If the middleware is not implemented to meet the IT department’s security requirements, it could create security vulnerabilities in the network, and it is exactly these vulnerabilities in the apps the potential attackers see. Just because an Office application can be installed on an iPad, for example, that does not mean that it should be.

“I also see CISOs still relying on security policies that are not built for the mobility age. They go back in times where firewalls, virus scanner and smart cards ruled corporate security,” he continues. “These times are gone with cloud services and corporate devices that are also enabled for personal use. Enforcing outdated security policies for MDM not only impacts user experience, but also lowers security in many cases,” Meuser says.

“Products will not be integrated as they are designed and the resulting solution gets so complex that operations is challenged to maintain the system and keep it updated. Times are over where an IT system is introduced and not changed for years. Progress in mobile development and security threads requires an agile management of all components,” he notes.

Ultimately, the choice of which and how many MDM systems is as much a personnel management consideration as it is a technical consideration. If companies make managing personal devices too cumbersome and intrusive on employees, the company’s security team might not have the user buy-in to be secure. As Forrester’s Hewitt notes, “There’s a limit to how many employees are going to get MDM enrolled. Some would rather not have access on mobile, rather than go through” too many security hurdles.

The post Handcuffing the mobile octopus appeared first on SC Media.

#gallery-0-5 { margin: auto; } #gallery-0-5 .gallery-item { float: left; margin-top: 10px; text-align: center; width: 33%; } #gallery-0-5 img { border: 2px solid #cfcfcf; } #gallery-0-5 .gallery-caption { margin-left: 0; } /* see gallery_shortcode() in wp-includes/media.php */

Go to Source Author: victorthomas Handcuffing the mobile octopus Original Post from SC Magazine Author: victorthomas MDM strategies: An embarrassment of niches It is Christmas Day at 2 a.m.

Browsing Without a VPN

Network environments are growing increasingly hostile. Freedoms of speech, religion, and press are being diminished. The right to privacy is challenged globally on multiple fronts. For these and other reasons, you may find it valuable to add an extra layer of security and privacy to your Internet connection.

This is typically done using VPNs, SSH tunnels, or just regular ol’ HTTP proxies. However, they each have their problems:

VPN: When used primarily for anonymized/proxied browsing, VPNs are less than ideal. VPN traffic is fairly obvious on the wire, especially with deep packet inspection, which is why governments are able to block (most) VPNs if they try to. VPN providers often advertise anonymity and protection while running sketchy operations that log your activity or don’t properly secure your traffic. To make matters worse, setting up your own VPN correctly can be difficult. Conflicting, incompatible protocols sometimes require installing extra software depending on the VPN you connect to.SSH tunnel: SSH is available on most Linux machines (and Macs), but like VPNs, SSH traffic is pretty easy to identify — mostly because it runs on port 22. Running services on a different port is not always an option because of firewall restrictions. Even if you multiplex multiple protocols on the same port, SSH traffic looks different from HTTPS. Also, SSH is known for being unreliable when the network drops out (“broken pipe” anyone?), and slow every other time. But at least SSH tunnels are much simpler to create than setting up a VPN.HTTP proxy: The obvious requirement here is for HTTPS at the very least, but unless you properly automate a Let’s Encrypt certificate, you have to go to some work to maintain the HTTPS server. Pretty much all HTTP proxies these days do not support HTTP/2, and it’s pretty easy to tell (from the client-side) if a server is acting as a forward proxy. I should not even have to mention that trusting random HTTP proxies on the Internet isn’t a great idea.

This article will show you how to secure your Internet connection in a way that overcomes these weaknesses. You will learn how to set up the Caddy web server as a secure forward proxy using the http.forwardproxy plugin, which has these advantages:

HTTPS enabled by default. All certificate maintenance is automated. It just works!Full-duplex HTTP/2. This proxy speaks HTTP/2 both ways, which gives you faster page load times.End-to-end encryption. For sites that use HTTPS, your connection to the origin is E2E encrypted. Even the proxy server cannot decrypt your connection between your computer and the origin site. Once the HTTPS tunnel is established with the proxy, it simply shuttles bytes in a two-way stream. Underlying TLS connections remain intact. (Even a nefarious proxy can’t read the content of your underlying HTTPS traffic, but you should still only use proxies you trust. There’s more to traffic than its contents.)Probe resistance (experimental).This feature hides the proxy behavior of the server from everyone except to those who already know how to access it and are authorized to use it. Only a secret link specified by you (the server operator) exposes the authentication prompt.Innocuous traffic patterns. Since this proxy is not a VPN or SSH tunnel, it blends in better with the rest of HTTPS traffic.Standard ports. Where VPN ports and SSH port 22 are blocked by firewalls, port 443 is almost always allowed because accessing the Web is so standard for most use cases. (But you can still customize the port.)Hides your IP address. With just one line of config, this proxy will not add the user’s IP to the HTTP “Forwarded” header. (Note that there are ways around this out of the proxy’s control, like WebRTC in browsers.)Access controls. You can specify users and passwords to restrict access to the proxy, as well as a port whitelist for the proxy.Easy to set up! Best of all, this proxy is easy to get running and hard to get wrong because of sane defaults and automatic HTTPS. Caddy is designed to be easy to use to reduce the potential error surface of misconfigurations.

In particular, we’re interested in exploring how helpful this software software could be in circumventing censorship. It definitely needs more careful vetting (read on) but we hope people will try it out in low-or-no-risk scenarios.

This plugin was developed by Sergey Frolov while interning at Google and the source is available on GitHub.

Presented “As-Is”

I make no guarantees; use this tutorial and the server software at your own risk. There are a number of edge cases that ultimately depend on your client and your threat model; see especially the warning in the client configuration section below.

This technique is still fairly new. We want to make it even safer. So we do not recommend using it in high-risk situations. If you find a way to improve it, though, please contribute your feedback, issues, and pull requests!

Setting up the Server

First, you’ll need a machine that is accessible with a public IP address. Home servers can work if you forward the port(s) properly. You can also rent a cloud instance from any reputable cloud provider for a few dollars per month. Once you have such a machine, here’s what to do:

Download Caddy with the http.forwardproxy plugin included. To do that, make sure you select it in the plugins list on the download page!

Install Caddy; this is as easy as extracting the archive and putting the binary in your PATH, or using the one-line auto-installer script shown at the bottom of the download page after you select the plugins you want.

Make a file called Caddyfile that looks like this:

example.comroot /path/to/your/site forwardproxy { basicauth user pass probe_resistance secret.localhost hide_ip }

You must replace:

example.com with the actual domain name pointed at your machine/path/to/your/site with the actual path to the root of your site (or an empty or decoy folder if you have no site)user pass with a username and password of your choice (otherwise anyone could use your server!)secret.localhost with a custom, secret hostname to enable probe resistance; strongly recommended to end with “.localhost”

Then run caddy in the same folder as your Caddyfile. After a few seconds, your probe-resistant, IP-hiding, full-duplex, HTTP/2 proxy will be running with a fully-managed TLS certificate from Let’s Encrypt!

The default port is 443 (the HTTPS port) unless you specify otherwise. Read more about the Caddyfile if you want to customize further.

Setting up the Client

Now how do you use your proxy server? With a client, of course!

There are several ways to do this. For example, if you want to secure your web browsing in Chrome, you can use an extension like Proxy SwitchyOmega to configure the connection. Firefox has some network options built into its settings. You can also configure your entire OS or mobile phone to use the proxy for all applications (except those that are specifically configured to not use your OS’ proxy settings). However, we found only Chrome+SwitchyOmega to be reliable, which we explain below.

** WARNING! A weakness in any part of the proxy configuration could leak information. Even if your proxy server is secure, your client may not be. Clients which do not honor the proxy settings for all network traffic could put you at risk. This includes major browsers and operating systems. For example, browsers don’t put WebRTC requests through the proxy (by design, sigh). One way to mitigate this risk somewhat is to use a VM that tunnels all traffic across a virtual NIC. This is obviously more involved, so act according to your threat model. If you just need basic public Internet cafe privacy to check your email, maybe the VM is overkill. That’s up to you.

Chrome + SwitchyOmega

This was the most reliable and simple client configuration I tried.

Install SwitchyOmega. It comes with an example proxy profile (on the left) which you can modify, or you can create a new one. In the table, select “HTTPS” for the “Protocol” field and type in your domain name and the port:

Click the lock icon by the port and enter your username and password:

After save your credentials, click the green “Apply Changes” button to the left:

You can turn on the proxy by clicking it from your menu:

Congrats! Now all your Chrome connections are proxied securely through your server.

Firefox

Like Chrome, Firefox also has a SwitchyOmega extension. I would suggest using extension first, since you are likely to have more success than with Firefox’s built-in network settings. The instructions are nearly the same as above.

Using Firefox’s built-in network configuration settings, I was not able to get this working in Firefox (on macOS 10.12.6) for a server with probe_resistance enabled. It appears to be a bug in Firefox. Firefox hangs when loading the page, for several minutes — and spins the CPU at 100%. Even after closing the application, my computer ran sluggish for almost a day until I found the firefox process still running in the background still using 100% of my CPU. Other than using the SwitchyOmega extension, there are two other workarounds on Mac: Use Chrome, or disable probe resistance.

To change Firefox’s built-in network configuration, go to Menu -> Preferences:

Then Network Proxy, and click “Settings…”:

Here you have a few options. You can “Use system proxy settings” which should use your operating system’s proxy settings. You can specify a “Manual proxy configuration” where you enter the hostname and port your proxy is listening on (EDIT: As noted in a comment, this will not utilize TLS-to-proxy. So don’t do this, use the PAC file instead — next sentence). Or, if you use the serve_pacserver setting, you can specify its URL:

Save your settings, and you should be good to go. Maybe. Good luck!

macOS (and/or Safari)

This will change the proxy settings for the entire system. Make sure this is really what you want to do instead of using the proxy only with your web browser!

Unfortunately, I was not able to successfully get macOS’ system-wide proxy configurations to work reliably, even with probe resistance / authentication turned off. I’ve also been told that some previous version(s) of macOS (or OS X) could even kernel panic when using a TLS proxy. (But I was able to get Firefox and Chrome using the proxy successfully, as described above.)

If you want to experiment with getting system-wide proxy config working, open System Preferences and go to Network. Choose your active network interface on the left and click the “Advanced” button in the lower-right. Click the “Proxies” tab. I tried both the “Automatic Proxy Configuration” (where you give the .pac file URL) and the “Secure Web Proxy (HTTPS)” options. Both had different but equally disappointing levels of support in various applications.

Linux (Ubuntu 16.04 Desktop)

Good news! Setting Linux’s system-wide proxy settings worked fairly well in my testing.

Open Network preferences and select “Network Proxy”. Choose “Automatic” for the Method, and type the configuration URL of the .pac file. (You’ll have to enable serve_pac on your server configuration inside the forwardproxy directive; choose a secret URL to serve the file on, so it doesn’t defeat your probe resistance). If you don’t want to use a .pac file, you can choose “Manual” for the Method and enter your hostname and port (443 probably) — use it for all protocols.

Since there isn’t a way to configure the system proxy to send credentials, you need to use your secret link to authenticate. Only the secret link will prompt the browser to enter credentials. You may have to do that every time you re-open your browser.

So open your web browser (maybe double-check its network configuration if you’re not sure) and go to your secret link. Enter your credentials, and you’re good to go!

Android

This method works for WiFi networks. I haven’t looked into how to set a proxy for the cell network. It requires using a .pac file. If you haven’t already, enable the serve_pac option within the forwardproxy directive. For probe resistance, I recommend specifying a secret URL to serve it on, rather than the default /proxy.pac.

Go to your WiFi settings and long-tap on the current network. Choose “Modify Network”:

Under Proxy, choose “Proxy Auto-Config” and type the URL to your .pac file:

Save settings. With probe resistance enabled, you’ll have to navigate to your secret link in your browser to expose the authentication prompt. Then you should be good to go. Remember: this doesn’t apply to the cell network.

Windows

These instructions are for Windows 7, but the same basic idea works in more recent versions of Windows. I’m borrowing these instructions from Sergey’s blog (with permission) because I don’t have Windows:

Control Panel → Network and Internet → Internet Options → Connections → LAN settings → Check “Use a proxy server…” and paste your “https://yourserver.com” in Address and “443” in port. Don’t lose “https://” in Address, Windows likes to remove it when you open LAN settings window again.

Image borrowed with permission from Sergey Frolov: http://ift.tt/2A2ZRSL

Conclusion

Caddy’s http.forwardproxy plugin is a promising alternative to using VPNs or SSH tunnels for certain tasks and for certain threat models. We hope this technology will help provide greater access to the Web to more people because of its unique properties and ease of use. However, client support for TLS-to-proxy must improve and become more reliable and predictable. We hope that client support for secure proxying will improve and become more robust in the future.

Thanks to Eric.

via Blogger http://ift.tt/2z9ZI0O