Schneier on Security
A blog covering security and security technology.
« Man-in-the-Middle Attack Against SSL 3.0/TLS 1.0 |
| Tor Arms Race »
September 23, 2011
Friday Squid Blogging: Sex Life of Deep-Sea Squid
There's evidence of indiscriminate fertilization in deep-sea squid. They mate with any other squid the encounter, male or female.
This unusual behaviour, they said, may be explained by the fact the squid is boosting its chances of successfully passing on its genes in the challenging environment it lives in.
In the Royal Society paper the team writes: "In the deep, dark habitat where O. deletron lives, potential mates are few and far between.
"We suggest that same-sex mating behaviour by O. deletron is part of a reproductive strategy that maximises success by inducing males to indiscriminately and swiftly inseminate every [squid] that they encounter."
Basically, they can't tell males from females in the dark waters, so it just makes sense to mate with everybody.
The press is reporting this as homosexuality or bisexuality, but it's not. It's indiscriminate fertilization. PZ Myers explains.
Posted on September 23, 2011 at 4:28 PM
• 34 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
A NOAA "service assessment" looking at the Joplin tornado (PDF) goes into a lot of detail about the various signals that a tornado was coming (not just official warnings, but also observations of weather, social signals like closed restaurants, and so forth) and how they were interpreted by the residents. The headline finding is that warning sirens, which are supposed to be the primary indicator, have become useless because tornado prediction is so iffy and the threshold for using them is so low. There's lots more interesting stuff in there, though.
Don't know where this is originally from, but it's an interesting look back at what people though cybercrime might look like...
Nick Helm's password joke:
"I needed a password eight characters long so I picked Snow White and the Seven Dwarves."
You know, that's actually a pretty good passphrase.
Wiredog: except that it has been posted and now it's unusable...
the problem is that seven of those eight are very short!
I guess that's one way to escalate a problem.
I guess you could always use "Snow White's" real name (I don't think it's ever been published ;)
Did anyone else notice the absence of RSH? Is he capable of keeping silent for this long? Afflicted with recent health problems? Got the ban hammer on a post I didn't read? Any guesses?
RSH did indeed get the ban hammer. It was no joking matter, either.
Do the exiled have this right?
They're implying that a service called CloudFlare, which protects against DDoS attacks, may have links to US intelligence agencies.
(Also, per your post on Tor, is there a link between Tor and the intelligence community? If so, is it something to worry about?)
Oh, and just to clarify - I don't use Tor and I'm not a conspiracy theorist. It's only that I've read a couple of articles suggesting that there is some connection and I've always been curious about it.
"RSH did indeed get the ban hammer. It was no joking matter, either."
And I missed the thread. Just my luck. Extreme anarchist trying to back an authority figure into a corner on the blog he manages. The result was a long time coming and all too predictable. History repeats. Repeatedly. ;)
@ Nick P,
It was not just RSH but Tommy as well. They both got the cutomary warnings before being asked not to post any longer.
@ Clive Robinson
I was digging through old articles looking for new comments and insights when I ran across this gem of yours:
"I also have the Amstrad PPC640D "lugable" that I still use for generating printed One Time Pads on three parrt stationary in a dot matrix printer. "
This raises a few questions:
1. This blog is often very against the use of One Time Pads. What are you doing that justifies OTP protection and who would be doing that with you?
2. Why are you using that burdensome old machine to to print them? (I know the old printer prevents certain information leaks.)
3. Isn't such a bulky machine with large parts inherently easier to sabotage with tiny components to cause EMSEC leaks? And didn't old gear like that produce more (and high quality) leaks anyway?
Just curious. Personally and professionally.
@ Clive Robinson
"It was not just RSH but Tommy as well. They both got the cutomary warnings before being asked not to post any longer."
Actually, tommy voluntarily left with a hilarious piece of flamebait. I figure RSH was more or less ordered off the blog against his will. This is much more shameful.
@Nick P (And Clive): Darn, when I read PPC 640, I thought that was some variant of the PowerPC 604, used on early PPC Macs and other workstations (Turns out there was a 641 however). That puppy's an XT , almost like a full sized keyboard version of the Compaq Portable.I've seen an old Compaq Portable 386 in a corner at work (early network test machine) that I would love to boot one day. What one-time pad SW runs on MS-DOS? (is that what you are running? I suppose Xenix required at least a 286)
On topic: I'm guessing the press is referring to the squid as Bisexual because they don't really have anything to compare it to within human sexuality. I'm not terribly familiar with many of the squid species, but I presume most of them are like most other animal species, where they don't mate out of pleasure but rather instinctual needs?
The Amstrad PPC 640 is mine and has a lot of advantages in use, being a "quiet" old XT is just one of them ;)
The software I run on it for printing out the OTP's I wrote myself in "Small C" (a form of K&R C pre second addition "C Book") compiler that produced 8086 ASM output you can check by hand and is in DOS compatible ".com" format (and yes it also will run on CP/M86). It was a re-write of an earlier program writen in Fortran that I had running on my Apple ][ (which I still use very occasionaly).
It does not "generate" the entropy (I currently use dice for that) it does however do some simple statistical stuff to ensure that things are working correctly and staying in bounds.
However I guess at some point something is going to break (like the dot matrix printer) So I should look to becoming a little more upto date (I've a couple of 486's hanging around ;).
It's odd you should mention Xenix (the illegitimate child of AT&T's USL's pact with the MS Devil spawned in a garage in Santa Cruz), I was "dusting down" the "home museum" shelves (an unkind "other" refers to as "junk central") the other day as my "gentle exercise whilst recuperating" and there is a copy of Xenix on 5&1/4 floppies tucked away along with some SCO Unix (for 386 and above) and a copy or two of Consys SysVr4 with X11 (for 486 and above that came on 80 x 1.4MByte floppies...).
Some of my "museum pieces" are actually in better condition than some I've seen on display in the London Science Museum (as my son has "kindly" pointed out to me).
@ Nick P,
Your idea about using disagreeing jurisdictions for proxying appears to have been lost on some (read the comments section of),
Secondly back to your questions.
A1, It's for emergency EOW usage. For all it's problems OTPs don't require anything more than the One Time Pad, a pencil and a lighter (a sheet of glass is also usefull but you should have one on your desk as a necessity).
There are times when even the best crypto cells suffer a power outage and as a rule KeyMat should not be stored in a "high risk crypto cell". So the OTP can be used to get a temporary key to make the comms secure again untill KeyMat can be got to the cell. Likewise a high risk crypto cell can run out of KeyMat when it is effectivly besieged etc. For instance some countries embassies have standing orders to destroy all network KeyMat at the first sign of trouble and switch to "relay through Home HQ" operating with the KeyMat negotiated by OTP etc.
A2, For what it's being used for it's not particularly burdensom, importantly all the chips are of known origin and it has no semi-mutable memory, the bios is in ROM not Flash-ROM etc.
A3, Unlike most modern laptops etc it's RF signiture is way down in the HF band, not VHF,UHF or Microwave. This has certain advantages both for radiation and suceptability.
Further without going into the precautions it is actually not that easy to sabotage for a number of reasons. From a practical point of view anyone cracking the case is going to leave very obvious clues, a simple visual inspection of the mother board etc would also show any tampering as would the dual combi-lock file cabinet it and the printer and stationary it's kept in.
Finaly there is a bit of a myth about old equipment generating more RF noise than newer kit. If you fire them up in a TEM cell you will find that the radiated energy by modern kit is usualy larger, it's just spread over a greater frequency range so it can meet a lower emissions mask. But at the end of the day the two important things are total energy (not energy / Hz) and radiation efficiency at any given frequency which varies by considerably more than 40db in the spectral outputs (HF and down for old kit, UHF and up for new) for the sort of conductor lengths involved. This leaves the issue of "Near Field Coupling" which although favouring HF is generaly not an issue if both conductors are less than 1/16 of a wavelength long and atleast 1/4 of a wavelength apart.
But in practice it's not something I tend to worry about as it all lives in an RF cage that is more generaly used for high power MF-UHF transmitter R&D work that gets a full check more frequently than I use the PPC 640.
Oh and there is another thing to remember a number of my more interesting equipment designs use pure CMOs like the 1802 processor and 4000 logic clocked below 100Khz with lowpass filter components actually in data and other busses along with inline 1K resistors between segregated areas...
With regards Australia and the "cyber-war" ANZUS update you might find the AU newspaper article on APT of interest,
Especialy as it puts the US UK France and Israel well in front of the Chinese when it comes to cyber-espionage...
@ Clive Robinson
On OTP hardware
I appreciate the answers.
On jurisdiction-based anonymity
Haha! It's no surprise that the anonymizing relay gave the information over to the authorities. This is pretty common with most such groups. Swiss servers used to be favored because the Swiss will ignore a US court order & don't cooperate if the investigation is BS. (drug cases an exception) Many are popping up in places like the Bahamas, but may be honeypots.
The best cheap option is to get a Panamanian or Chinese company to host the relay in their own country if it's a one server setup. That alone would have prevented this. For better results, my multi-hating-jurisdiction approach should produce pretty nice results. It's ideal if the messages are asynchronous, like email.
As some of you know I keep a wary eye on SCADA systems for various reasons.
One of which is their security is virtually none existant and much work carried out by people working in the field relies upon very very poor security practices (like needing the default password in Siemens systems because so much breaks if you change it...).
Well it appears that the DHS has decided to lift the corner of the rug and dust the whole embarrassing issue under the carpet.
How well they have decided that ICS-CERT will no longer report anything other than a very very limited subset of what most would consider "vulnerabilities".
So a simple and obvious and easily fixable"bug" will get reported, anything considered to be a "design issue" will not.
Well not to you and me, but one or two of the "favourd few" will get told.
Thus real SCADA vulnerabilities are now DHS "state secrets"...
Which if you think about it lends credence to the "US made Stuxnet" and "US Cyber-arsenal" claims people make.
The net effect is that I suspect for SCADA systems "reasonable disclosure" will go out the window in favour of "Hit-n-run exposure with full exploit code".
Oh and the only winners will be the lawyers (as usual).
@ Clive Robinson on SCADA issue
Why is it that every time I'm feeling safe or content you gotta bring up another major issue?
The SCADA situation makes sense. The government knows, like all security experts, that the only way to improve SCADA security is good design & implementation. The way to improve infrastructure's SCADA security is updating them or replacing them. Instead, the government initiates programs where they insert monitoring and control cables at all these spots. Then, they stop reporting SCADA design issues. The obvious goal in both cases is they want control over SCADA systems, domestic and foreign. It's no surprise that Stuxnet was created using vulnerabilities NSA found, yet didn't report. They are 100% untrustworthy now. Must find a new source for reporting SCADA vulnerabilities.
New risks from the Large Hadron Collider
The other scare this week was leaked internal documents from LHC showing they're lying about risk of strangelets & micro black holes. Publicly, they say there's no way one would be stable, it would take this energy amount, this timing would be safe, etc. Then, privately they say the opposite in almost every area. They also have a strangelet detector built into the LHC, which isn't on the web page. Why the secrecy & lying? Well, I think the self-serving reason is obvious at this point.
So, we finally invented something that may destroy the earth itself. And they're turning it on w/out realistic safety assessments because it will make for some interesting atomic fireworks that *may* help out some theoretical physicists. We'll survive 2012, laugh about all the dire predictions, and then be converted to strange matter five years later. Just... f***ing... great...
Yes, it's all about the species survival calculations (or rather, whoever manages to evolve the most efficient way of propagating). Apparently in this case, taking the time and effort to work out the gender of the other squid isn't worth it.
@Petrea: yup. Of course, glad it doesn't work that way for humans. I'm guessing there aren't really any STDs for these squid. Imagine how our survival would hinge if this were our behavior.
Of course for an even more odd species that are vertebrates, you have parthenogenic species such as the New Mexico Whiptail, or the lesbian lizards. Only females in that species who somehow figured out how to do it without males. They actually engage in simulated mating in order to stimulate ovulation. Like the O. Deletron, I winder if their ancestors started out selectively mating with the opposite sex and then adapted to the circumstances. Of course, in the case of the lizards, not reproducing sexually is also a weakness, since sexual reproduction has proven the best way to diversify the gene pool naturally.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.