Through A Procedurally Generated Galaxy - Tau Ceti

 After a several orbits of Proxima Centauri B, it was time to start testing out the FTL drives properly. I consulted the galaxy map and decided on Tau Ceti - it's a sun-like star 11.7 light-years from the sun. 

This is the the galaxy map. I've selected T Ceti as my destination and it is highlighted for clarity as shown. The green disc is the average plane of the galaxy. The lines on the disc are 1 light year ticks at this scale. Proxima is located just "to the right" of the solar system in this map. 

I used the "Planetarium mode" on the sim to set up the following informational snapshot from a vantage point that is 2.71 AU above (or below) the star, perpendicular to the system's ecliptic and set orbit markers to "on" 

The circles and diamonds are points of perigee and apogee. Looking at the system summary in the top left, I see planet F is blue, has clouds, and is almost not too hot. I decide to send the ship over to take a look using the in-system drives. The fictional engines these ships have are fantastic - 5g accelerations for days. Similar to the GUT-Drives in Baxter's "Xeelee Sequence". It takes about 18 hours to close distances of 2-3 AU with engines like this. Time acceleration is a must when exploring the galaxy in your free time. 

"Looks like a water world" is what I think. "With rings.... cool". I plan an orbit like the one I took around Proxima B, except this time, I'm going to "land a probe" on this world - which means detaching the sim from the orbiting ship and using "free mode" to go have a look around. So, I head on down to the surface. 

It was indeed a water world. Surface temperature 75 C. Metal-poor, rich in water and silicates. Atmosphere is 624 atm of pressure, 71% CO2, 27% Nitrogen. Not a nice place. The Oceans' depth on average is 52 kilometers. 1% dissolved sulfur dioxide in the water would render it corrosive. Thanks to pressure, the boiling point of this soup is 373 C. 

This is the most Earthlike planet this system has to offer. Besides this world, G is a Venus-analog and the other two are a gas and ice giant (Saturn and Neptune-like) respectively. 

The rings were pretty, though. After a few orbits, my ship recovers it's drone, breaks orbit and starts considering it's next destination.

Through A Procedurally Generated Galaxy (Part 1)

People familiar with the infinite worlds of Minecraft are familiar with procedurally-generated worlds. In a virtual world such as this, the entire world is generated "on the fly", quasi-randomly as the user travels through it. The generation algorithms all generate the same worlds on the same input "seed". 

Enter Space Engine. The author of this software has taken the ideas of the physically-accurate spaceflight simulator (Kerbal, Orbiter, etc.) and married it to a procedurally-generated universe, planets and all. It's not "No Man's Sky" - it's not really a "game", and there are no herds of space-elephants to see. But, it models planetary landscapes down to a 1-m level mesh procedurally, and the planets and locations that I will list in these virtual travelogues can be visited by you, if you have the same software. 

So, on to my travels.

Proxima Centauri (3.9 LY)

My first travels out of the solar system went to the stars closest to the sun that have been marked as possible locations for Earthlike worlds. The FTL drive on this particular ship would boost you around the galaxy at 1 light-year per second. That's about 30,000x faster than the USS Enterprise-D of "Star Trek: TNG". One of the first places I visited was Proxima Centauri as alpha doesn't have any planets in this software. After a rather short burst from the FTL drives, I was there. Space bent, stars got red, things shifted ever so slightly, and then the distortion stopped and I was staring at an orange-ish sun. I used conventional drives to reach the planet Proxima b. 

The planet is tide-locked to Proxima and orbits at a very close distance. The swirling storm you see in the clouds is under the sub-solar point. I planned a trajectory that brought me in close to the planet and "swung me back around" out the way I came. 

The planet has a very thick CO2 atmosphere. ~320 atmospheres of pressure. Terrestrial, with what could only be supercritical water oceans. The airglow and vertical relief of the clouds can be seen. 

 Reminiscent of Venus. 

This was the most interesting thing in the Proxima system. Space Engine reported no life forms on this world. Given the fact that Proxima is a flare star, and the planet orbits Proxima so closely, this isn't surprising. 

The next stop on this particular "mission" was Tau Ceti. 

Sunburst - Part 3

This piece is another follow up to my analyses of the Sunburst intrusion toolchain that was introduced to the SolarWinds software distribution channel in March of 2020, and, which remained undetected for several months while a large number of US government computer systems were compromised. Unless there is a twist from left field, this will likely be the last in this series. 

Part 1

Part 2 

It has been several weeks since my last entry on this topic, and I have to admit, the story has drifted from my attention given the current events in my nation. But, I finally managed to steal a few minutes to do some more collation of source data and I am able to report a bit more. 

Who is doing this and why?

There seems to be a consensus at this point that the actors are a non-state group of malicious programmers (I hate the term "hackers"). They have been dubbed APT29 (Advanced Persistent Threat). 

From https://www.enigmasoftware.com/apt29-removal/

APT29 (Advanced Persistent Threat) is a hacking group that originates from Russia. This hacking group also acts under the aliases Cozy Bear, Cozy Duke, the Dukes, and Office Monkeys. The cybergang traces its origins to the 2008 MiniDuke malware, and they have been continuously improving and updating their hacking arsenal as well as attack strategies and infrastructure. APT29 often goes after high-value targets all over the world. APT29’s most recent efforts have focused on stealing COVID-19-vaccine data from medical institutions across the globe. 

What does it do?

APT29 always conducts two-stage attacks featuring a backdoor Trojan and a malware dropper. The former aims to retrieve personal data and send it back to a remote Command-and-Control server (C&C), while the latter does the actual damage, depending on the targeted organization. The toolkits are subject to regular updates and tweaks for enhanced AV evasion.

Having read the full technical write-up at FireEye, I can summarize a little more about it's capabilities. 

• It checks to see if it's in a possible monitoring environment, and if so,  quasi-permanently disables itself.  
• It uses DNS for a "beacon" mode and once it receives a particular type of DNS response to a query, it starts using HTTPS for Command and control mode, but disguises its communications as legitimate SolarWinds traffic. 
• The following generic operations are available for the C2 server: 
• List processes on host
• Run program
• Write file
• Read file
• Switch state (beacon/active)
• Delete file
• It can be updated dynamically. 

How does it do this?

A very detailed "additional technical details" can be found at the FireEye web site. From the link. 

Before reaching out to its C2 server, SUNBURST performs numerous checks to ensure no analysis tools are present. It checks process names, file write timestamps, and Active Directory (AD) domains before proceeding.

Next, the backdoor only executes if the filesystem last write time of the .NET assembly SolarWinds.Orion.Core.BusinessLayer.dll is at least 12 to 14 days prior to the current time. The exact threshold is selected randomly from this interval. 

The backdoor also determines if the system is joined to an Active Directory (AD) domain and, if so, retrieves the domain name. Execution ceases if the system is not joined to an AD domain. SUNBURST checks the AD domain name against a blocklist and halts execution. 

From this point it gets pretty complicated. I used the flow diagram from the FireEye site rather than having the content of this article be nearly 90% scraped content. 

Complete flowchart for Sunburst malware

It does quite a bit. I had joked at one point that "give me a salary and a half a year I might be able to build something like this". What you should hear in that sentence is quite a large modicum of respect for the architects of this toolchain. They thought of quite a bit. The key takeaways from all of the technical reporting that I have been able to find to date has been

• This is a multi-stage attack, and multiple payloads are dropped on target hosts 
• It attempts to stealth itself 
• It will "suicide" if it thinks it's been detected. 
• It will only remain active on "interesting" domains. 

What is being done about it? 

While clever and creative, the use of the DNS beacon mode may have been a mistake by the architects of this gem of nasty. If you read the "DNS C2 and the C2 Coordinator Protocol" section of the FireEye paper, you'll see it uses DNS heavily in passing messages and locating compromised systems. DNS records were manipulated in a manner to disrupt the C2 protocol. With respect to the flowchart, the part where "CNAME required at this point" is disrupted now. 

FireEye discovered that certain DNS responses cause the malware to disable itself and stop further network activity. With the support and help of GoDaddy’s Abuse Team and the Microsoft Threat Intelligence Center, the domain used for resolving DGA domains was reconfigured to point to a sinkhole server under Microsoft’s control. The IP of this sinkhole server was specially chosen to fall into the range used by the malware to transition from its current mode (New or Append) into Truncate mode where it will be permanently inactive. In other words, SUNBURST infections should now be inoculated due to the killswitch.

What specific organizations are doing to mitigate this threat beyond this "innoculation" with the "killswitch" is beyond the scope of this article.  

Analysis

• My trust in the FireEye analysis is very high simply due to the amount of information they are sharing with the world about this very advanced malware. 
• The complexity of Sunburst is consistent with a seasoned or experienced software development team working on it. 
• Inside knowledge of the SolarWinds corporate network that was leveraged. 
• It appears that the entire SolarWinds software development build process was compromised, as this was spread using compromised DLL files which bore valid signatures. 
• Since multiple payloads were dropped, I still suspect there is more to come. The technical reporting isn't saying anything yet, but I imagine that a compromised system will have a backdoor on it that is not yet known about. This will be exceedingly difficult to prove in the negative, as is a virus infection on a system. If possible all systems affect should be re-imaged. 

Post-event lessons 

• If there wasn't any "inside knowledge" used to gain access, SolarWinds leaked too much about their internal network. 
• Software distribution channels are a "holy grail" for malicious actors, and they will expend considerable time, money and resources to compromise them. 
• The target of the attack is actually a rather run-of-the-mill class of target for this sort of actor - research data or trade secrets. 
• This one turned the thread landscape somewhat on it's ear - instead of the classic story of "the user double-clicked an attachment", the compromise story on this one goes "the software update came down from corporate".
• The development and build workflow can be a very high-value target at a software development company - resources like the subversion or git servers, along with production build systems should probably be treated as we treat internal database servers with sensitive information on them. "It's just a development server" doesn't really ring true anymore. 

A Parabolic View

 

In orbital mechanics, the terms hyperbolic and parabolic have specific meanings related to their mathematical definitions. In a hyperbolic orbit, the orbit is energetic enough to escape the orbiting "system" with room to spare. In a parabolic orbit, the object orbiting is traveling exactly at the speed needed to escape the system. It takes just a little bit of deceleration  to "close" the orbit so that it can return top its origin - or,  acceleration to speed up the trip to where you're going. In the handy little diagram above, e or eccentricity of the orbit is what defines it's open or closed nature, and the nature of the shape of the orbit as well. E=1 is the parabolic case. E=0.5 is a closed orbit. E=0 is a circular orbit.

The reason I am going over this is because I am using it as a metaphor for what I am feeling, and as a guide for what I write. I do not want to declare the sky is falling, all of our freedoms are being abridged, that free speech is in literal danger and is being taken away from us as we speak - but I find it hard to not say those things without hyperbolicity. 

I changed the meaning of hyperbolicity, but the metaphor is apt. Consider a conspiracy theory flight of fancy (lizard people living at the core of a hollow Earth taking over the minds of children via SnapChat, for example) - that orbit has an e value so much greater than one, that it doesn't matter in any analysis. It's straighter than the blue line in the diagram as it passes point F. In the metaphoric translation, the mind considers this initially and discards it immediately (for most people) for reasons too numerous to mention here. 

However, the narrative "A small cabal acted with the assistance of foreign parties and interests to help tip the US election towards Joe Biden, and then acted in a manner consistent with having stolen an election in a 3rd world nation. They then started effectively removing the freedom of speech and association with the help of their friends in business", I don't that statement is hyperbolic. I also don't think it's a closed orbit either - it's "spicy" as I would say. However - I think that the initial implausibility points here aren't all that implausible. Others do. 

I will say this - this actually makes me a little worried. I just downloaded all of my facebook data because there are some photos in there that I don't want to lose. The news of Amazon pulling the servers out from underneath Parler, while not surprising has done nothing to help this feeling. A cabal has decided that the president should no longer be allowed to speak to the American people, and the media has willingly obliged. 

If the president's authority is being usurped, it's a cabal. 

The propaganda is mind-numbing. One of my local CBS affiliates (WRGB Albany, NY) thrice-daily broadcasts adhere to the following template: 

• Intro - COVID case count, worldwide deaths, Cuomo love and latest eeevil Trump hate teaser
• Headline - either COVID or Trump hate
• Local: Murders and kidnappings. "A handful of shootings in the capitol region today". 
• 2nd Big story - either Cuomo love or Trump hate
• Local interest - "In the new normal, here's how we want you to behave..." human interest story 
• Tease the next 30 mins segment, same as above. 

The propaganda is poorly written too. There's spelling errors in the Chiron's, and when they shift from their "reporter voices" into storytelling mode, it's so obvious. A lot of people still watch this stuff. 

Thanks to our holy governor's COVID vaccine policies a significant portion of our state's allotment were wasted - literally thrown in the trash because they couldn't find a "eligible person" to give it to in time. New York's eligibility guidelines involved getting access out to the "medically underserved" - basically, unless the recipient was on the approved population list, you'd be jailed or fined for vaccinating someone with the dose you were about to throw in the garbage. This is par for the course for NY State's at competency level at running a state. And they think we should give them the power for the governors office to detain people who are a "threat to the public health" without due process - seriously! 

Everything that people have been warning about for so many years seems to be coming to pass. It appears that at the moment, the cabal has acted, and the opening salvos in Civil War II are actually under way. At this point, I think its all in information space, but here's what I'm seeing that makes me think this: 

• I haven't heard from the president (live) in days 
• In my mind, there's some doubt as to who actually is running the government 
• The media, acting in conjunction with those who will benefit from his removal, have declared that Trump is silenced. 
• The media is taking extreme and onerous steps to keep him silenced.  

These are not the actions of people who think they are on the right side of history.

It looks like a bunch of folks who were plotting to steal an election got caught - and they're desperate.

America is dead. Long live... ?

 This is the introduction to the Ace Of Spades' morning news round up by J.J. Sefton. (http://ace.mu.nu/archives/392023.php) . I think he summarizes what so many of us are feeling so well, I decided to reprint it in its entirety here. 

 

Good morning, kids. Thursday and I cannot even begin to process what happened yesterday in the Capitol. It was without a doubt probably the blackest day at least since 9/11/01 and probably one of the blackest in our now concluded history. If the nation didn't die on Election Day, it certainly was mortally wounded. Yesterday, the executioner delivered the coup de grace. Emphasis on the word "coup."

I have to now choose my words extremely carefully for obvious reasons, which are going to be a lot more obvious as the coming days and months pass. I abhor violence. I was brought up by kind, honorable, moral and righteous parents who practiced what they preached in terms of tolerance and compassion. This despite a mother who endured the horrors of actual Nazism, and a father who lost a brother on Saipan courtesy of the Japanese emperor. But the combination of their own upbringing and their life experiences did not preclude them from quite justifiably seeing the world as realists, if not in solid black and white then certainly in distinct and deep shades of darks and lights.

Normally in a situation similar to what we saw yesterday (if one even exists) I would say something like "while I cannot condone what happened, I certainly understand why it happened." For sure, this time I certainly understand it, but thanks to the Left and now the GOP, I am a red nether hair's breadth from crossing the formerly bright red line of the former. In the Bible, from Ecclesiastes "there is a time for peace and a time for war." I have to ask myself, what time is it now?

Shifting gears for a moment, something was awfully strange about the storming of the Capitol Building yesterday by supposed Trump supporters. Oh, no doubt once the barricades were breached, quite a number of actual Trump supporters got inside the House and Senate chambers and offices and caused a ruckus. How could that have even been possible? Well, when DC mayor Muriel Bowser told federal law enforcement officers to stand down the day before the protest, you do the math. Ever wonder how Congressional hearings always seem to be invaded by shrieking Code Pinko leftists carrying signs for the benefit of the propagandists' cameras? QED.

Tragically, a victim who has been identified as a Trump supporter was shot and killed in the chaos and confusion. Now the propagandists, the Democrats and the GOP are condemning Trump as well as anyone and everyone who voted for or otherwise support him as traitors, engaging in violent treason and sedition. Given everything we have endured this past year and going back into the Obama years and beyond really, that attitude is risible in the extreme. It's also infuriating beyond my capacity to describe the emotion.

My rage this morning is directed in particular at the GOP. Given everything we have seen and endured, these bastards - with the exception of the handful of patriotic members of the Senate and House who exercised their legitimate Constitutional authority and right to challenge the Electoral College votes - including Vice President Mike Pence stabbed us in the heart. Correction, they along with the state legislatures in question as well as the majority on the Supreme Court stabbed us in the heart weeks if not months ago. Pence et al were just twisting the knife. Meh, it happened the moment President Trump said "so help me G-d" four years ago when the GOP controlled both houses of Congress and sabotaged him at every turn for two years, until Paul Ryno delivered the House to Malig-Nancy Pelosi.

Year after year, election after election, we begged and pleaded with that party to stop what is now inevitable and imminent from happening. I blame them for what happened yesterday. For what happened nine weeks ago. For what has happened to this country for the past 60 years by not opposing the overthrow of America as founded and going along to get along, either out of denial, greed or some combination of both.

Now there is talk of impeaching Trump, with just under two weeks left, which if successful would ban him for running for president again in 2024, as if any election ever again in this country, such as it is, is ever not going to be rigged by the Enemy. And this vile lout Corey Bush is introducing legislation to have those who moved to challenge the Electoral College expelled from office. Looking beyond that, do you think that anyone who donated to Trump or to a Republican is not going to have that information leaked to potential employers, or banks or perhaps to the mostly peaceful protesters of Antifa and BLM who will know where you live?

Funny how city after city can burn to the ground as police either willingly or not stand by and let it happen and that was somehow justified. Yet here we are after a year of having our livelihoods as well as our freedoms destroyed on the pretext of a health crisis that was nothing more than bad flu, and now our only legal and legitimate way to protest this, our sacred right to vote for which thousands of our soldiers, among them my uncle, died to preserve, stolen. And those who had the power and the G-d damn duty to stop it not only abrogated that responsibility but turned around and flamed us for pointing it out and demanding they abide by it.

Regardless of whether it was indeed Trump supporters who started the mayhem or not, I certainly understand how it happened, and G-d help me for saying it, I'm just about to the point of condoning it. It is obvious for anyone with eyes to see and a mind to process it that we no longer have a legitimate government, nor do we have legitimate political institutions or regular order. For anyone on our side to blame Trump or us for what happened is the last straw, along with the certification of Joe-Blow as the legitimate winner of the 2020 election.

I cannot believe what we have witnessed yesterday and really since the national incarceration/lockdowns. I am grateful that I do not have children, mostly because I would have dreaded them having to try and exist in a tyranny or worse, having been brainwashed in the schools into cheering it on.

I'm too enraged to weep. They have sown the wind and they are going to reap a whirlwind.