How Not To Use Github (and many magnetic secrets in one easy PDF)

What’s wrong with this picture, showing results from GitHub’s new search engine? https://twitter.com/brianaker/status/294228373377515522/photo/1 Let me quote the first result: “paypal_production_key_private.pem”

Apparently credentials for the Google Chrome source repository were also exposed.

Github has since blacklisted these results from their search engine, but (IMHO) needs to tell developers during the upload process, “you may not want to be doing that, Dave.” After all, even if it’s not world-searchable, anyone with access to GitHub’s back-end could go through and find credentials for who-knows-what.

Magnetic fields and the human body:
First of all, grab a copy of this PDF: http://www.magnetotherapy.de/fileadmin/downloads/pdfs/E/AMS_Info_Ausland_part_I_to_III_englisch_with_pictures.pdf

It is a perfectly ordinary promotional brochure for a company selling slightly odd-looking alternative medicine devices… some of which affect the mind and body through magnetic fields (in a good way), and some of which create arbitrary medicinal properties in water through electromagnetic treatment.

A few notes:
– The “Heim” theory:
The paper starts off talking about Burkhard Heim’s “unified theory,” previously mentioned here in passing as one theory that included a “fundamental matrix” consistent with the universe being a computer simulation. The English-language Wikipedia article suggests that one prediction of Heim’s theory has been disproven (https://en.wikipedia.org/wiki/Burkhard_Heim#Heim_theory_and_the_physics_community). However, I don’t understand Heim’s theory well enough to say whether it actually made that prediction or whether this result affects its overall validity.

– Real science, as far as I can tell:
Unlike the majority of easily debunked “alternative” types, Ludwig did proper double-blind controlled studies, in one case with a sample size of 2600 (!) patients*. He found that, for the treatment in question, the placebo effect was actually reduced. Presumably this was because people “believed” more in the efficacy of a sugar pill than of a plastic box. The size of his study may have been possible — compared with most other “alternative” things — because rumors suggest the device in that study went on to use as a countermeasure against the physiologic/psychological side(?) effects of Soviet Bloc electromagnetic warfare.

It is, of course, important to keep in mind that Ludwig may have had a business interest in the outcome of the study — I don’t know.

– Homeopathy:
He talks about “homeopathy.” This is presumably a different kind of homeopathy than that which e.g Randi debunks, as Ludwig verified the results of his homeopathy with frequency spectroscopy and UV absorption studies — showing an impedance variation of up to +40 ohms (relative to an identically prepared “placebo”) at a dilution factor of 10^300 (!). He similarly found in his doctoral work that, under the right situations, the dielectric constant of water was dependent on a given sample’s history.

* See also:
W. Ludwig et al, “Infleunce of alternating magnetic fields, 1976 (?)
W. Ludwig, “Placebo effect of fake 10Hz devices.” Zeitschrift für physikalische Medizin, 5.83 (1976) DM (Frankfurt/Main), Heft 11 107 (1974) (?)
Ehrmann W. et al. “Therapie mit ELF-Magnetfeldern.” Zeitschrift für physikalische Medizin, 5, 161-170 (1976)

http://www.scmagazine.com.au/News/330152,passwords-ssh-keys-exposed-on-github.aspx

“Github users have been caught out storing keys and passwords in public repositories.

Search links popped up throughout Twitter today pointing to stored keys including what was reportedly credentials for the Google Chrome source code repository, Chromium.

Scores of other credentials were exposed, some representing serious security blunders.

While the keys are no longer searchable via the GitHub due to technical problems, they remain exposed through normal internet search queries.There is also no mechanisms to prevent users from uploading keys, a point which some security boffins say GitHub should implement.”

Advertisements
%d bloggers like this: