Previous IndexNL Next

Sep 8, 2011           

Browsers and security

As I said earlier in Nederlog, I am presently mostly using SeaMonkey as "my number one browser", because I like it the best, for several reasons, such as its including a good WYSIWYG-editor and a mail-program. Also, it looks well and it performs well.

Being Dutch, I have heard and read over the last few days about the DigiNotar scam, that struck the Dutch states' official websites, and possibly a lot more:

The brief of it is that DigiNotar is a Dutch enterprise that sells so-called "security certificates", that somehow are supposed to "guarantee" (in some vague sense of that anyhow slippery and ambiguous term) that people surfing to sites with such a certificate, that include(d) many of the sites of the Dutch government, are somehow safe(r) than sites without such certification - except that this is not so, because DigiNotar has been hacked, it seems from Iran.

This means that you or I may have been hacked as well, especially if you're Dutch and surf sometimes on sites owned or controlled by the Dutch government. I am and I have - and no, I am not really amazed that the Dutch state's sites, and possibly much more, has been hacked by Iranian hackers.

Let me explain why and give some background.

Being Dutch, I have heard and read some about this in Dutch, from various sources, and especially from ministers and from their professional PR-liars (Dutch: Voorliegers) speaking for the government, which happens in this country since decades all and exclusively in the style and lingo explained here by George Carlin:

So... it is very difficult to make out what these people tell you, except that you are evidently being lied to at length and with dedication by experts with lots of "media-training", all with trained professional smiles, and all paid from Dutch taxpayers' money, who treat you - the citizen, the taxpayer - as if you are the one who is the despicable shit and the moron in these communicative exchanges, who deserves being addressed as a toddler in bureaucratic Newspeak, by the descendants of O'Brien, who currently rule the Dutch government, bureaucracies, schools, and security firms.

The two things that I could infer from what I heard with some rational certainty are that (1) the spokespersons for the government, including the minister, don't know at all what they are talking about, which doesn't keep them from extensive lying, flanelling, astro-turfing and bullshitting, and (2) the DigiNotar firm's certificates, like the firm itself, seem completely fraudulent: the certificates are hacked, and the firm was internally a mess for a long time, according to ex-employees quoted in the papers.

Happily, I got yesterday a SeaMonkey update to version 2.3.3 that is mostly about this DigiNotar scam, and that does explain some, and shows the folks at SeaMonkey (and indeed at Mozilla) have been doing their best to cope with it in a reasonable way:
Here is the start of that, to show that it also may be relevant to non-Dutch:

Earlier this week we revoked our trust in the DigiNotar certificate authority from all Mozilla software. This is not a temporary suspension, it is a complete removal from our trusted root program. Complete revocation of trust is a decision we treat with careful consideration, and employ as a last resort.

Three central issues informed our decision:

1) Failure to notify. DigiNotar detected and revoked some of the fraudulent certificates 6 weeks ago without notifying Mozilla. This is particularly troubling since some of the certificates were issued for our own addons.mozilla.org domain.

2) The scope of the breach remains unknown. While we were initially informed by Google that a fraudulent *.google.com certificate had been issued, DigiNotar eventually confirmed that more than 200 certificates had been issued against more than 20 different domains. We now know that the attackers also issued certificates from another of DigiNotarís intermediate certificates without proper logging. It is therefore impossible for us to know how many fraudulent certificates exist, or which sites are targeted.

3) The attack is not theoretical. We have received multiple reports of these certificates being used in the wild.

So... DigiNotar knew they had been hacked since the beginning of July, but did not notify Mozilla, and presumably nobody else either, and indeed in the Dutch news there were reports based on interviews with former employees of that firm, stating it was one big security mess there anyway, and nothing worked as it should anyhow. (Which, being Dutch myself, and surviving in a country that is one big moronified, lying posturing moral and intellectual crapulent mess, basically because the Dutch decided in the Sixties that since everyone is equivalent no one does a decent education, not on any level, not in any school or university, because supplying this would be 'elitarian', which would be 'fascistic', does not amaze me at all: Being civilized or intelligent has been regarded as a moral misdemeanor for decades in the country I survive in; being or desiring to be well-educated 'fascistic'; and the average postmodern academic has an IQ barely above 100 (*), and can't spell nor do basic arithmetic, for these have not been taught in schools for decades, on the principle "you don't need to: the computer can do it for you".)

Also, for those who care for such things (I do), there is a bug report and discussion by the SeaMonkey developers:
This is clear enough, and shows them doing their best, trying to solve the problem that both Firefox and SeaMonkey had included code that effectively implied, on the strength of guarantees from the Dutch State, that again derived from the claims of DigiNotar folks, that Dutch governmental websites were secure while in fact they were hacked.

As far as I can see, this strongly testifies to the need and to the benefits of open source browsers, and indeed from my point of view, that includes some relevant knowledge about Holland, Dutch officials, and the ludicrously bad education and and all Dutch "intellectuals" and all Dutch received the past 40 years, Mozilla is the only participant in this security scam - next to: the Dutch state, the DigiNotar firm, and their (Iranian?) hackers - who write and speak sense and can be trusted (and who indeed put up the material - the open source code and the developers' discussions - to show this).

The others parties mentioned can't be trusted at all, and that certainly applies to the speakers for the Dutch state, the public relations folks for DigiNotar, and indeed also for much of the Dutch press, where very few journalists have any decent real knowledge of computer science. (If they had, they wouldn't be journalists, for the most part.)

I suppose the specific security leak the last link is about now has been fixed, and indeed was fixed by withdrawing the false DigiNotar security certificates that had ended up as part of the code of the Mozilla browsers, it seems because the Dutch State "guaranteed" they were "secure", because DigiNotar said they were. (Circular reasoning and begging the question, if ever there was!)

Meanwhile, it is not clear what this implies for those - like me - who have been the last months on sites certified to be safe by the Dutch state on the strength of the false assurances of DigiNotar.

As it happens, I don't worry much about my computer, because it is not interesting for the hackers of the DigiNotar security certificates - but then I would not be amazed at all if, meanwhile, all or most of the Dutch government's secret computer files are being studied in Iran, while I am quite confident that if this is so, it will be denied in the tones and terms mentioned by George Carlin in the above link by any and all of the intensively media-trained Dutch government officials - who in any case won't really know what they are talking about, and in the rare cases they might, talk Orwellian doublespeak anyway, for else they can't work for the Dutch government.

It is a safe bet that there will be major security problems involving states or banks, and it also wouldn't amaze me at all if much of e.g. the Dutch government's secret files are being read in China before they are read by Dutch ministers, for the Chinese did not stupefy the academic education of their  academics in the name of universal equivalence for the last four decades, whereas the Dutch did, with pride and dedication, for four decades, in the hallowed names of Equality and Democracy. (**)


(*) The reference I gave was written and published over two decades ago, when I found that the average IQ of students in the University of Amsterdam was, in 1984, all of 115. Twenty years before that it was very probably around 125, as it had been, at least, between 1865 and 1965. Since 1984 it must have declined, for it then still was and remained for decades THE moral principle in Holland that everybody is equal or should be equalized; that high intelligence is elitarian and fascistic; that intellectuals anyway are offensive for self-respct of the democratic majority; and that the computer can do anything for you, including reading and arithmetics, that Dutchmen didn't have to learn in the schools for precisely that reason.

The average Dutch postmodern academic is a guaranteed and graduated moron, and proud of it, since not being a moron would be 'elitarian', which is a Dutch refined curse, implying fascism, moral depravity, and lack of all humanity. (This does not at all keep Dutch 'intellectuals', with IQs of 115 at most, from insisting that folks with their degrees, that are the highest the society assigns, are entitled to being highly paid, of course, and indeed they are.)

(**) This does not mean that there are no capable Dutch physicists, mathematicians, bio-chemists or sinologists, for the few studies that require real talent did draw the real talent - that since mostly emigrated, as especially the most talented did, and as I would also, if I were healthy, for there is little that is attractive about a country where being a moron is the moral ideal of the democratic majority, academically graduated or not, and where it has been the moral ideal and end of Dutch education for forty years: Let's level all to the democratic average, so that nobody stands out as better than anybody else, intellectually or in terms of real knowledge.

What this does mean in practice is that the few intellectually capable well educated folks that still are present in Holland are being ruled by managers and bosses with Ph.D.s in sociology, political science, media studies or law, most of whom do have IQs of around 115 or so and have no civilization or real rational knowledge whatsoever, and indeed may have become Ph.D.s without having finished reading any decent book in their lives, and who are as a rule so stupid that one cannot even successfully explain to them how stupid and ignorant and incompetent they really are: They also lack the wherewithall for that, though they may have a university degree in law, media studies and philosophy.

Then again, this state of affairs still makes most native Dutchmen feel very proud of the Dutch nation, for in Holland the democratic majority feels that one should not feel one is anything special if one happens to be born intelligent, for in Dutch moral principle then one urgently deserves to be levelled. The Dutch are allowed by the Dutch to excel only in soccer, being a model, or singing popular songs, and in other things the democratic Dutch majority approves of, but not in anything the democratic average cannot understand, does not like, or does not see the utility of.

P.S. Corrections, if any are necessary, have to be made later.

As to ME/CFS (that I prefer to call ME):

1.  Anthony Komaroff Ten discoveries about the biology of CFS (pdf)
3.  Hillary Johnson The Why
4.  Consensus of M.D.s Canadian Consensus Government Report on ME (pdf)
5.   Eleanor Stein Clinical Guidelines for Psychiatrists (pdf)
6.  William Clifford The Ethics of Belief
7.  Paul Lutus

Is Psychology a Science?

8.  Malcolm Hooper Magical Medicine (pdf)
 Maarten Maartensz
ME in Amsterdam - surviving in Amsterdam with ME (Dutch)
 Maarten Maartensz Myalgic Encephalomyelitis

Short descriptions of the above:                

1. Ten reasons why ME/CFS is a real disease by a professor of medicine of Harvard.
2. Long essay by a professor emeritus of medical chemistry about maltreatment of ME.
3. Explanation of what's happening around ME by an investigative journalist.
4. Report to Canadian Government on ME, by many medical experts.
5. Advice to psychiatrist by a psychiatrist who understands ME is an organic disease
6. English mathematical genius on one's responsibilities in the matter of one's beliefs:

7. A space- and computer-scientist takes a look at psychology.
8. Malcolm Hooper puts things together status 2010.
9. I tell my story of surviving (so far) in Amsterdam/ with ME.
10. The directory on my site about ME.

See also: ME -Documentation and ME - Resources
The last has many files, all on my site to keep them accessible.

        home - index - top - mail