Netflix has a new series called Squid Game, about people competing in a deadly game for money. It has nothing to do with actual squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Clive Robinson • October 2, 2021 6:56 AM
@ name.withheld…,
It seems a major portion of the public has become indoctrinated with propaganda and have seen Assange as they wish to see him
You’ve kind of fallen into the “english is a lazy language trap”, as your statment does not sound right.
It should not be,
“as they wish to see him”
but,
“as the propagandists wish him to be seen by the public”
There is a reason why he is being held in incommunicado in a UK jail, and against all norms of justice.
It is to put him in what the US federal system calls “Special Administrative Measures”(SAM). If you look it up[1], you will find despite the rhetoric of “National Security” and similar nonsense to justify SAM, it is in reality “politically sanctioned” and in effect directly under the control of the US Executive via the Presidents political appointee “The US Attorney General”[2].
Whilst there is not such a clear political control path in the UK, it’s there, and the current UK political appointee who over sees it is “The Home Office Minister” who is currently “Priti Patel”[3] who makes Genghis Khan look like a moderate.
She has been rebuked for her behaviour not just by judges but by various standards committees and has been sacked for it. However like the proverbial “bad penny” she keeps turning up in ever higher office. No doubt she is already planning how to put the knife into BoJo’s back, as she did to a previous Conservative Prime Minister who had supported her “David Cameron”.
[1] Just read the first sentance of,
https://wikispooks.com/wiki/Special_Administrative_Measures
Then go follow it up in other places to get other corroboration.
[2] Read the first sentances of,
https://en.wikipedia.org/wiki/United_States_Attorney_General
[3] This is a “sanitised” version of her,
https://en.m.wikipedia.org/wiki/Priti_Patel
You can be sure there is a lot more under her corner of the carpet. As she clearly has no sense of right or wrong, just who she can use, then cut down to progress her warped ambitions.
Freezing_in_Brazil • October 2, 2021 8:33 AM
@ All
Re very short term weather forecast
Some time ago I had this insight[1] that, just before a summer rain[2] starts, the ambient luminosity always drops in a similar way – albeit at different rates – and reaches consistently similar minimum values[3].
I set out to formulate a hypothesis about it and, after measuring a number of events, I have an indication that it is possible to accurately estimate the probability of rain in the very short term at a given location with over 95% accuracy by measuring the local ambient lighting drop. There seems to be a local daylight threshold below which rain is imminent[4], within 10 minutes – peaking at 5.
I still have some work to do before presenting my musings in full.
Use case: a method for objective quantification would be useful to assist in things like the decision to call a race car into the pits to change tires [“we have 2.5 laps before the rain starts; come in now.”] – and in other scenarios where you have to plan to contend with the rain or use it in your favor at precise moments.
A propos de>>
Skillful precipitation nowcasting using deep generative models of radar
hxxps://www.nature.com/articles/s41586-021-03854-z
[Which my idea is totally unrelated to – but could be combined with]
(*) Link doesn’t seem to be paywalled – it wasn’t for me.
[1] Not claiming it is original
[2] Both convective and frontal
[3] Adjusted for the Sun’s apparent motion/position
[4] In amounts established by other variables
JonKnowsNothing • October 2, 2021 8:40 AM
@ Clive, @ name.withheld…
re: sense of right or wrong, just who she can use
During my working tenure in Silicon Valley, I had the opportunity to meet with a great number of interesting individuals. Lucky for me, most of them were on the “brilliant side” of the scale and after the white-shirt-pen-pocket-protector days passed, there were many from all over the globe.
I had occasion to interact with a person who had a most interesting view of how they fit into the working environment. They came from a culture with very strict hierarchies and very strict social norms. Although other people I’d met from the same culture were able to relax these views in order to work cooperatively on a project, this person was unable to set aside their lattice-ladder.
Once this person decided someone was on a rung-below, they would no longer work cooperatively or perform any tasks given out or follow any directives. Made it really hard for the team-lead, manager, etc etc if the person decided the leader-manager was a low-runger.
It was long before medical labels for persons with such views came into common use.
There must be quite a bit of this lattice-ladder view point in governments and in agencies, it allows a “ImaSuperiorToYous” view, that enables these folks to perform the same actions in one jurisdiction, that we convict and sentence for when it’s done in another.
Clive Robinson • October 2, 2021 12:31 PM
@ Freezing_in_Brazil,
Some time ago I had this insight[1] that, just before a summer rain[2] starts, the ambient luminosity always drops in a similar way
It’s not just luminosity, the spectral colour changes to, and the air preasure and temp.
It’s the last two people notice when they talk about “pains in the old war wound” etc[1].
I usually sense a change in weather because certain places I have broken bones or got deep scars ache.
Likewise, I can tell when it’s likely to be rather more than rain, more like a storm. Because of the colour shift. The light sort of makes many things look like they have a touch of bright mustard yellow, and greens become more pronounced. Dull trees that normally are dull green, become more vivid and lush looking like the moist greens of jungle flora.
[1] Over the years evidence has been collected, and yes people realy do suffer aches and pains in their joints, old bone brakes and scars. It appears that damage to the nerves causes them to become sensitized to fast changes in air pressure and temperature. A bit like tooth ache where if you press down hard on the tooth it realy hurts but when you take your finger off you get no ache for a little while.
SpaceLifeForm • October 2, 2021 1:45 PM
@ Freezing_in_Brazil
As someone who has been following WX for decades, and can predict as good or better than local pro meteorologists, my recommendation to the pros is simple:
Go outside, look around, and smell the air and stop basing your local forecast solely on the computer models.
The computer models are not updated fast, and they can not deal with local conditions that can change rapidly.
They are useful for ‘big picture’ overview, at least for a few days.
Over 40 years ago, was camping and fishing. Was to be last day. Sun rising. I said, we need to break camp now, it’s going to pour rain. The others argued that there is not a cloud in the sky, and it could wait. I said no, it’s not going to be good. Broke camp. 90 minutes later it was pouring.
They asked me, how did I know.
Because I could smell the air.
name.withheld.for.obvious.reasons • October 2, 2021 3:09 PM
@ Clive, JonKnowsNothing
Thanks for the comment, but I am attempting to put the burden of work on the individual irrespective of the propagandistic nature of the narrative. If you are too lazy to understand the evidence about the topic, please don’t bother in attempting to discuss anything substantive in the way of comments. Of course not many here are guilty of such indulgences, engineering and scientific enterprises tend to take that behavior right out of people, and quickly.
Didn’t Jeremy Corbin come out in support of Julian recently? I know Amnesty International was way late to the party. Several journalism guilds have signed on and there are some petitions from other professional organizations.
And as we here know, the trial was nothing more than a shambolic exercise in state power (US/UK/Sweden/Ecuador, not Spain) with their middle finger raised to the public. The UN called for his release from unlawful detention in 2018. What criminals and charlatans. A brilliant mind is being burnt to the ground by those that would do well by being better educated. What a waste. I challenge everyone here to put themselves in Assange’s place (metaphorically) and consider your fate.
vas pup • October 2, 2021 3:28 PM
BepiColombo: Europe’s mission to Mercury returns first pictures
https://www.bbc.com/news/science-environment-58754882
Good short video (2 min) inside.
You’ll find out in it how post related to this blog.
SpaceLifeForm • October 2, 2021 4:26 PM
@ Freezing_in_Brazil, Clive
This may be dependant upon location, so I am curious if you have observed this.
It is my primary local WX predictor.
If I see (yes, one must go outside and look around), clouds at different levels moving in different directions, then I know rain is imminent. Possibly minutes away.
JonKnowsNothing • October 2, 2021 5:01 PM
@name.withheld.for.obvious.reasons, @Clive
re: understand the evidence about the topic
Unless you are sitting on an active jury, in an active jurisdiction under a recognized form of judicial process…
&emps; You do not know the evidence
Even if you fulfill the above criteria,
&emps; You do not know the evidence
because the evidence is selected and selective in presentation and patterned to fit the local jurisdictional requirements.
There is no work to be done by anyone because no one outside of the above processes knows the evidence presented and many of them do not know the what evidence is not presented.
You might want to have a go at bmaz on this concept.
vas pup • October 2, 2021 5:11 PM
Britain capable of launching ‘offensive’ cyber attacks against Russia from new £5bn digital warfare center
https://www.yahoo.com/news/britain-capable-launching-offensive-cyber-182805590.html
“The agency, which will be jointly run by the Ministry of Defense and GCHQ, will develop the ability to attack critical national infrastructure, such as power stations, in “hostile states” that carry out similar assaults on Britain.
Mr Wallace said: “Some foreign states are waging cyber warfare on us every single day. And we have a right under international law and among ourselves to defend ourselves. We will defend ourselves from cyber warfare if that warfare is dangerous, corrupting, or damaging.
“And one of the ways you can do that is to dismantle the tools that are used against you. For example, if a hostile state is using a server to deploy ransom ware against you, or spyware or using disinformation, you could use offensive cyber to deal with those servers.”
He added: “Offensive cyber can do a range of things, including going after pedophiles and their networks, going after terrorism and their networks, and obviously going after hostile states, should we choose to do so where they use capabilities.”
Read the whole article for more info.
JonKnowsNothing • October 2, 2021 5:12 PM
@ SpaceLifeForm, @ Freezing_in_Brazil
re: smelling the air for rain
While this doesn’t work well in smog or polluted areas, in the southwestern US desert it was quite common to be able to “smell the storm”.
You can also feel a change in the air, before the lightening and thunder even reach you or the sky’s start to darken.
iirc(badly) it’s the ozone
It’s also a warning to stay out of the washes because the flood waters from the mountains will be barreling down faster than a horse can gallop across the wider ones.
===
ht tps://en.wikipedia.org/wiki/Arroyo_(creek)
ht tps://en.wikipedia.org/wiki/Ci%C3%A9nega_Creek
SpaceLifeForm • October 2, 2021 6:03 PM
@ JonKnowsNothing, name.withheld.for,obvious.reasons, Clive
You do not know the evidence
One does not need to know the specfic Grand Jury evidence to know that there is an active Grand Jury investigation going on.
Years ago, I told bmaz that I suspected 13 active Federal Grand Jury investigations. I listed Phoenix,
He lives in Phoenix area. He said I was nuts.
Next day, existence of Federal Grand jury in Phoenix was revealed.
Dots.
SpaceLifeForm • October 2, 2021 9:37 PM
I don’t think so Google.
You can afford to pay much better Bug Bounty.
hxtps://security.googleblog.com/2021/10/introducing-secure-open-source-pilot.html
name.withheld.for.obvious.reasons • October 2, 2021 9:45 PM
@JonKnowsNothing
I get what you are saying, but as I have been privy to the transcripts from proceedings, the litany of witness testimony both before and at trial, for the prosecution and defense. There was even a witness guideline provided by the prosecution for witnesses in this case. Have followed for example Gestola and Craig Murray’s work and other journalist’s reports from the trial proceedings. Much of my research involves having gone through as many sources as possible with respect to Assange’s legal team and advocates. The letters and recommendations for release, the UN report on the unlawful detention, and the work of Nils Melzer–both at the UN and his personal statements respecting the case. I understand that I may have a grasp on the issues and dynamics with respect to Assange’s case. What I can’t get over is the lack of strength of his defense team. I am certain Assange could represent himself but we know where that would go…
As you well know, the procedural mockery of a trial, a kangaroo court show trial, has been quite disappointing. The charges, the witnesses, the evidence have all been wrapped in a nice little BS bow and the prosecution believes it has done its job. The brains behind this are not so bright and have hobbled together a joke of a case. The DOJ needs to drop the extradition request now…release Julian Assange.
name.withheld.for.obvious.reasons • October 2, 2021 9:53 PM
On a side note on Assange’s legal/illegal proceedings, I have all the U.S. charging documents, memos from the DOJ, British and Swedish communications and other materials that were gathered from a FOIA by an Italian lawyer working independently of the legal team. Nils Melzer has also gathered evidence, again privy to that, detailing the sequence of events, communications, and charging documents. There are many public sources of information related to the case. But the one piece of evidence not called for by the prosecution, the Collateral Murder video.
lurker • October 2, 2021 11:58 PM
@JonKnowsNothing
because the evidence is selected
could be a problem with the adversarial system; then a similar problem arises if you go inquisitorial: how do you guarantee independence of the inquisitor?
And yes, I was wondering why Assange’s defense appeared to be asleep at the wheel. Were they selected too?
justpassingby • October 3, 2021 11:11 AM
Interesting article about the use of cell phone location information in a murder trial.
Clive Robinson • October 3, 2021 4:33 PM
@ justpassingby,
Interesting article about the use of cell phone location information in a murder trial.
From the article it looks like they have no other evidence and that whilst it provides a time line for his phone being in the general area it is upto a mile and a bit in error (the article did not say if it was radius or diameter from the cell tower). Also the time line track is broken because the phone is assumed to have been “out of range” of towers at more than one point.
Other things not indicated are if he is a regular “day off road tripper” or not. Some people do just get in cars or on bikes and go off to somewhere new. They do it just for the journey, excercise, or to give the mind thinking time etc. I used to do it some weekday evenings and most weekends on my push bike when I was younger. However I turned the phone off not just because I wanted the thinking time as well as the excercise, but because battery life used to get chewed up when you went out of city/suburbs back then.
The other thing not said is how come if they have no other evidence they picked him up?
The answer to that could be they just pulled up all cell data in the area and picked one set that looked “odd” enough to grab.
I guess we are going to have to wait for more reporting.
JonKnowsNothing • October 3, 2021 5:57 PM
@Clive, SpaceLifeForm, All
re: localized information uses that voids cop intervention
A MSM story about a family being harassed by a neighbor but the local police are unable to intervene in any significant manner. It’s an odd story but has some interesting tech-bits that are in play.
According to the story:
Family (F1)
Neighbor (N1)
Other Groups or Persons (F2)
An interesting conjecture is to guess how N1 is setting up his system, unless N1 is spending 24×7 watching out N1’s front door peep hole, there may be some automation involved.
I propose
N1 has set the equivalent of a “ring tone” for each of the F1-IDs and runs that either through a speaker system or boombox or has an old computer with the audio content set to a voice-command or signal from the RING system.
eg the RING ID issues a “ring tone” audio phrase assigned to F1-A and the computer running a Voice Assistant like SIRI responds to the audio by playing something off a playlist on the device.
vmmy as to accuracy but it’s an interesting puzzle.
Such puzzles were used in various US Military and Agency Facilities but they were not clandestine in usage. The cells and headphones were hard wired and the targets could only endure the sessions or until they lost their hearing rendering the loud volume ineffective.
===
partial title: “… family says police told them they can’t act on neighbor… “
name.withheld.for.obvious.reasons • October 3, 2021 10:50 PM
@JonKnowsNothing
I do not wish to speak past you good sir, have great respect and you have been a frequent, knowledgeable, and well and thoughtful contributor to the works at Bruce’s corner. Probably about three quarters of a dozen such persons that can lay claim to this status. I don’t consider myself in that realm, a mere infrequent troublemaker of sorts (also a professional canary).
Your observation, respecting evidence, made a rather striking impact in my consideration when or if Assange is successfully extradited to the United States. The district court in Virginia, were all cases involving national security are conferred, has a history of 100% successful prosecution. In addition, like Clive mentioned with SAMS, the state secrets umbrella (more like cone-head of silence) will blanket the courtroom proceeding. Assange’s own attorneys may not have access to prosecutorial evidence and could be subject to “invented”, “fabricated”, or “nothing” types of evidence.
Again, I understand where you are coming from but this case has had a deliberate scoping that is intended to keep others from accessing the proceedings (I understand this to be your point). The Crown Court put Julian in a “display case”, behind and away from his counsel. The proceeding is more administrative in nature, but in this case we have a good old “turkey shoot”. Five press seats, three were reserved for major publications that were no shows, left two available for pre-requested access. Amnesty International, the legal analysis group, was denied access to the court. Off-site access to the courtroom was hampered by technical difficulties, must have been some problem with the internal workings of–oh, wait, it probably was deliberate. Hearings for extradition are mere legal formalities and can range in there scope and charge. The judge is this case was appointed by the upper chamber and given specific objectives. It can be seen how political this whole case is and they are ignoring the extradition treaty with the United States where such cases cannot be successfully concluded (i.e. resulting in extradition) for more than one political reason(ing).
Also, I understand that countries form their own institutional procedural standards and practices, both in practice and in statute. Civil and criminal cases can have substantial variations in procedural and legal codes. Standards for evidence (rules of evidence) and the weighting of said evidence can go from zero, to some large scope, to less than zero depending on geographical and national characteristics.
JonKnowsNothing • October 4, 2021 12:38 AM
@name.withheld.for.obvious.reasons, All
re: evidence vs knowledge
IANAL
There are a number of aspects to be mindful of when reviewing high-vis or even low-vis proceedings and the reports there of.
Knowledge may or may not be evidence. Having knowledge about an action or activity can be personally informative. In the case of Mr. Assange there has been a plethora of articles written, some more informative than others and some providing insights and knowledge about what’s going on in front of and behind the scenes.
Evidence may not be knowledge. Evidence, factually or otherwise is often a hidden aspect retained behind strict rules of conduct. That does not mean the rules of conduct are always adhered to or that the accepted evidence is factually accurate.
Knowledge and Evidence have specific legal definitions as to When,Where,How, Who and Why that intertwines with public knowledge, which is informational, about a topic. Even presidents get caught out with “Depends on what IS is”.
There’s a bucket load of evidence that gets tossed into the dumpster over time and things that are common knowledge turn out to be incorrect knowledge.
That you’ve had access to the evidence as presented in many of the encounters that Mr Assange has been involved in, puts you in a better situation to comprehend what sorts of knowledge maybe presented going forward and perhaps insight into which parts will remain in sealed dockets.
Another thing to be mindful of is that Mr. Assange is being held in a different country with different rules and legal procedures. That other countries do things differently is often skipped over and then tripped over because one might think they do things like “at home”. Even at home, things can be different in some places. You can trip over a “right turn after stop at a red light” that in some places is OK and others will get your a “moving violation” ticket with a big dollar fine.
Not too long ago Barret Brown traveled to the UK and found the UK cops were not US cops and he had no rights to speak his views there. I dunno what happened after the initial encounters but I am certain it was not pleasant and not a pleasant outcome in “In Englands green & pleasant Land”.
There are many possible outcomes and then there are none.
History is paved with the gravestones of bad outcomes. Galileo waited 400 years. Others are still waiting.
Jan Doggen • October 4, 2021 1:44 AM
CERTIFICATE EXPIRED
It is now 4 Oct, the cert is valid until the 30th.
I’m using the RSS Feed at http://www.schneier.com/blog/index.xml
ResearcherZero • October 4, 2021 1:49 AM
Bootholes and Bootkits
Any device that uses Secure Boot with the industry standard Microsoft Third Party UEFI Certificate Authority found in most Linux and Windows-based laptops, desktops, and servers.
hxxps://eclypsium.com/2020/08/21/securing-the-enterprise-from-boothole/
The issue is that since the vulnerable bootloader is signed and allowed on a system, an attacker or malware could replace a system’s existing bootloader with the vulnerable version.
hxxps://github.com/eclypsium/BootHole
Demo of a hard to detect implant running on Windows that bypasses Windows Defender and Windows Secure Boot
implants by email – rootkits for everyone
hxxps://www.youtube.com/watch?v=Ca8NRYT-HZA
All machines infected with the UEFI bootkit had the Windows Boot Manager (bootmgfw.efi) replaced with a malicious one. When the UEFI transfers execution to the malicious loader, it first locates the original Windows Boot Manager. It is stored inside the efi\microsoft\boot\en-us\ directory, with the name consisting of hexadecimal characters. This directory contains two more files: the Winlogon Injector and the Trojan Loader. Both of them are encrypted with RC4. The decryption key is the EFI system partition GUID, which differs from one machine to another.
hxxps://www.theregister.com/2021/09/28/kasperky_finfisher_spyware_report/
name.withheld.for.obvious.reasons • October 4, 2021 4:14 AM
@JonsKnowsNothing
I have repeatedly commented on contextual, informational, and the legal elements; investigations and preliminaries, discovery, motions, trials, and findings or summaries in my writings on this topic. I posted to this site, 9 Sept 2021, my translation of a talk given at a journalist forum in Germany by Nils Melzer quoting from his reading of the introduction of his latest book “Der Fall Julian Assange”. Possibly the first available English text from his latest book, I did so understanding the importance of what Nils had expressed, under fair use as part of reporting out relevant facts respecting Assange’s predicament[s]. The book will be available in February of 2022 in the United States. Nils has written several seminole books, including the topic at hand, I commend it to anyone interested in international law and human rights but especially Melzer’s “The Oxford Handbook of the International Law of Global Security”
It was interesting that in Assange’s case, Chelsea Manning was held in contempt of the grand jury for coercive purposes. The hope was to establish a criminal charge based on newly acquired evidence from Manning whilst Manning insisted that his conviction and trial transcript were the complete record. It was only on her threat of suicide and the simultaneous “kidnapping” of Assange that the grand jury was dismissed.
The persecution of Assange is something unique in the annuals of history, Pinochet’s legal travails don’t come close to the level of juridical malfeasance and miscarriages. Currently, many in the UK believe that the U.S. is not reciprocating with respect to the 2003 extradition treaty, the U.K. would like to have the CIA agent responsible for the death of a cyclist, Harry Dunn, after fleeing the country under diplomatic cover, to be made available to U.K. authorities for trial. The U.S. flatly refused. A nearly consistent harmonic cord can be registered for the conduct of both the UK and US governments when in comes to the subject of administering justice on either side of the pond.
I suggest on this basis only, Assange should not be extradited to the U.S., what’s good for the goose…
name.withheld.for.obvious.reasons • October 4, 2021 4:27 AM
Oops, wrong pronoun in the “whilst Manning insisted that his conviction”, correction should be:
“whilst Manning insisted that her conviction”
Robin • October 4, 2021 7:28 AM
@JonKnowsNothing, @ SpaceLifeForm, @ Freezing_in_Brazil
re: smelling the air for rain
Petrichor?
h ps://en.wikipedia.org/wiki/Petrichor
JonKnowsNothing • October 4, 2021 7:50 AM
@name.withheld.for.obvious.reasons, all
re: Manning is not Assange
There is near zero correlation between the treatment of Chelsea Manning and Julian Assange. Their cases are intertwined but their legal situations are completely different.
Ms Manning was held by US Military and then US Legal system and afaik never held by a foreign country.
Mr Assange has been pursued through a number of jurisdictions and numerous countries with entire ranges of differing legal systems.
afaik Mr Assange has not been held in a dog crate, nor subjected to the degrading and humiliating treatment that Ms Manning endured.
Other than what is available via public discourse and informational opinions on their respective legal situations, they are not equivalent situations and their treatment however legally defined is not the same.
consider: Paul Robeson and the many others who have run afoul of such legal shenanigans used and still in use by governments including the USA.
consider: All the Prisoner Xs facing similar legal limbos in other countries.
consider: The cases of the Met Police SpyOps, decades in action, and only recently given a small tip of the hat, “that maybe something was wrong but of course, it wasn’t really wrong ’cause we are The UK Met Police and we only do good things…”
Mr. Assange and Ms Manny and Ms Winner are members of a long list.
FSF JShelter project • October 4, 2021 9:43 AM
by Greg Farough — Published on Sep 30, 2021 04:41 PM
BOSTON, Massachusetts, USA — Thursday, September 30th, 2021 — The Free Software Foundation (FSF) today announced the JShelter project, an anti-malware Web browser extension to mitigate potential threats from JavaScript, including fingerprinting, tracking, and data collection. The project is supported by NLnet Foundation’s Next Generation Internet (NGI) Zero Privacy & Trust Enhancing Technologies fund. Collaborators include Libor Polčák and Bednář Martin (Brno University of Technology), Giorgio Maone (NoScript), and Ana Isabel Carvalho and Ricardo Lafuente (Manufactura Independente). The JShelter browser add-on is in development and the first release is available.
Most modern Web sites contain a growing number of programs that the user’s Web browser downloads and runs automatically as pages are loaded. While these JavaScript programs can provide functionality to a site in conjunction with native browser features, they are also a significant liability both from security and privacy perspectives. Moreover, the software is typically licensed under unethical terms by the FSF’s standards, disempowering users and hampering learning and security. With a thirty-six year history of defending software ethics, The FSF recognizes the importance and urgency of both aspects of the problem and its role in solving this significant challenge. In response, the FSF has been working on an ambitious new initiative, the JShelter browser extension. This browser add-on will limit the potential for JavaScript programs to do harmful actions by restricting default behavior and adding a layer of control. JShelter is a significant next step in the FSF’s “Free JavaScript Campaign,” providing a new tool that can be used in conjunction with another related extension, GNU LibreJS, which allows the user to identify and run only freely licensed scripts.
FSF campaigns manager, Greg Farough said: “Besides providing much-needed protection for users, JShelter will help the FSF demonstrate the power and usefulness of free ‘as in freedom’ software, serving as a conversation starter about the ethical necessity of free software and the dangers of nonfree software while using the Web. We thank NLnet Foundation for recognizing the importance of free software and investing in the FSF’s strategy for free JavaScript on the Web.”
Accessing cookies, performing fingerprinting to track users across multiple sites, revealing the local network address, or capturing the user’s input before they submit a form are some examples of JavaScript’s capabilities that can be used in harmful ways. JShelter adds a safety layer that allows the user to choose if a certain action should be forbidden on a site, or if it should be allowed with restrictions, such as reducing the accuracy of geolocation to the city area. This layer can also aid as a countermeasure against attacks targeting the browser, operating system, or hardware levels.
The JShelter project is a freely licensed, anti-malware browser extension to mitigate potential threats from JavaScript. The project’s website is at https://jshelter.org/. It will ask — globally or per site — if specific native functions provided by the JavaScript engine and the Document Object Model (DOM) are allowed by the user. It will also link to an explanatory page for each function, to raise awareness of related threats. Depending on the function being addressed, the user will have the option to allow it, block it, or have it return a custom value.
“JShelter will help protect users from critical threats now, and contribute significantly to progress on the necessary longer-term cultural shift of moving away from nonfree JavaScript. This is a project I’ve been looking forward to for years, tired of dealing with all kinds of potential antifeatures in the browsers I use and distribute, and having to figure out some countermeasure for them with configuration changes, patches or extensions,” shared Ruben Rodriguez, former FSF chief technology officer. “Being able to wrap the JavaScript engine in a layer of protection is a game changer.”
“Our browsers have become perhaps the most critical of tools we depend on, and yet the browser environment is far from healthy,” says Michiel Leenaars, director of strategy at NLnet Foundation and coordinator of NGI Zero. “Dominant corporate behavior from a small amount of actors has been aggressively reshaping the evolution of the Web, and that is starting to wreak havoc. Despite an enormous systemic dependency, we as users have very little control over what browsers allow and share — leading to significant risk as the most powerful tools in the shed are essentially left unprotected for every casual Web site to abuse. JShelter is a great initiative to help empower us all, to help us gain better understanding and to better safeguard ourselves from obvious and otherwise unavoidable harm.”
The effort is part of a larger, multi-year campaign from FSF on JavaScript on the Web started in 2013, which among others includes the development of GNU LibreJS and outreach to users and developers about nonfree software inside the browser. The GNU LibreJS extension detects JavaScript web labels and assists users with running only JavaScript distributed under a free software license, according to their ethical convictions and individual preferences.
JShelter will form a core part of the FSF’s general recommendations for how to use the Web without ethical compromise. In conjunction with the GNU LibreJS extension, a fully free distribution of the GNU/Linux operating system, and a Respects Your Freedom (RYF) certified computer, it will help users move toward the FSF’s vision of a world where computing upholds, rather than diminishes, their individual rights.
Freezing_in_Brazil • October 4, 2021 10:40 AM
@ Clive, SLF, JKN
Interesting the bit about spectral changes. I’ll de observing it with care [the rain season is starting so there will be ṕlenty of opportunities]. Come to think of it, it seems an important data point to consider, if one wants to perfect the technique.
Yes, I can smell the rain too. At the end of the dry season, the new rains bring dramatic scents. But smells seem to vary too much to be of practical utility.
Still, I think luminosity drop [along, maybe, with the aforementioned spectral changes] is a better quantifier and, ultimately, predictor.
Thanks for your feedback. 🙂
Winter • October 4, 2021 1:13 PM
Whistleblower: Facebook is misleading the public on progress against hate speech, violence, misinformation
Ht tps://www.theverge.com/2021/10/3/22707860/facebook-whistleblower-leaked-documents-files-regulation
One study she found, from this year, says, “we estimate that we may action as little as 3-5% of hate and about 6-tenths of 1% of V & I [violence and incitement] on Facebook despite being the best in the world at it.”
….
Haugen says Facebook understood the danger to the 2020 Election. So, it turned on safety systems to reduce misinformation—but many of those changes, she says, were temporary.
Frances Haugen: And as soon as the election was over, they turned them back off or they changed the settings back to what they were before, to prioritize growth over safety.
0.6% of violence & incitement in the world is a lot. Remember the genocide on the Rohinya? Add to this the Lynch campaigns in South Asia, e.g., in India.
@Lurker:
@ALL:
Face-crook have deplatformed themselves as @Lurkers link points out, which is not so much a shot in the dark but shooting yourself in the foot.
But, as the CTO of Cloudflare points out just a little while ago in,
https://mobile.twitter.com/jgrahamc/status/1445066136547217413
“Now, here’s the fun part.
@Cloudflare runs a free DNS resolver, 1.1.1.1, and lots of people use it. So Facebook etc. are down… guess what happens? People keep retrying. Software keeps retrying. We get hit by a massive flood of DNS traffic asking for http://facebook.com”
So not just FaceCrook shooting themselves in the foot, they also shoot other people in the foot.
Makes you wonder if Google are feeling the pain about it as well.
SpaceLifeForm • October 4, 2021 1:45 PM
@ Jan Doggen
The problem is in your RSS Reader software.
Set your clock back prior to 2021-09-30 and it will work. The Certificate Validity check occurs in the Client.
Freezing_in_Brazil • October 4, 2021 1:57 PM
@ Robin
Petrichor
Yes. Exactly, my friend. Thank you.
Excuse the delayed reply {i hadn’t seen the post]
SpaceLifeForm • October 4, 2021 2:38 PM
@ Robin, JohnKnowsNothing, Freezing_in_Brazil
No, not Petrichor. The incident I described was not and could not be that. There was no wind and no rain in sight.
What I observed, was high humidity, high pollen levels, no wind, and the sun rising. I can smell pollen very well due to hayfever.
The pollen, mold spore levels, dust, or even pollution particulate levels, are a thing that the WX computer models can not address well. Too local and change too fast. But they are critical factors in rain production. Nucleation. Ever observed a dirty rain?
The sun rising, stirred up the pot, fired up the storm, which formed directly overhead.
That is typical for Kansas, but I was not in Kansas anymore.
lurker • October 4, 2021 2:54 PM
@SLF
but I was not in Kansas anymore.
It must have been those ruby shoes, Toto…
SpaceLifeForm • October 4, 2021 3:06 PM
@ lurker, -, ALL
Facebook down? That’s a shame.
The Great Hack Back
hxtps://www.wikipedia.org/wiki/The_Great_Hack
SpaceLifeForm • October 4, 2021 3:35 PM
@ lurker, -, ALL
The Great Hack Back
Badges? Badges? We don’t need no steenkin badges!
You need your badge to enter the building. Oh, OK.
Years later…
Badge Reader: I’m sorry Dave, I’m afraid I can’t do that
MarkH • October 4, 2021 4:18 PM
.
Sorry, something went wrong.
We’re working on it and we’ll get it fixed as soon as we can.
========================
That’s what facecrook.com just showed me. Most satisfying web experience in years …
SpaceLifeForm • October 4, 2021 4:25 PM
@ lurker, -, ALL
The Great Hack Back
So, Facebook, how is that two-factor authentication working for you today?
hxtps://www.vice.com/amp/en/article/z3xpm8/company-that-routes-billions-of-text-messages-quietly-says-it-was-hacked
Syniverse handles billions of text messages a year, and hackers had unauthorized access to its system for years.
SpaceLifeForm • October 4, 2021 4:50 PM
@ lurker, -, ALL
The Great Hack Back
Rumour is that a team is heading to a datacenter in California, to break in, and reset the servers.
I suspect it is too late.
The servers have probably been wiped in the last 4 hours.
Maybe Facebook can reboot from paper.
MarkH • October 4, 2021 5:04 PM
Maybe Facebook can reboot from paper.
Only if they heeded Clive’s repeated admonition:
Paper, Paper, NEVER data
Of course, they would have stony indifference to any anguish their customers might feel about the vanishing of family photo archives, histories of events, or conversations with friends …
But if FaceCrook lost their Big Brother / Panopticon ultra-intrusive databases on billions of people, then they would tear out their hair, beat their chests, wear only sackcloth and cover their heads in ashes …
========================
Sadly, they’re back.
SpaceLifeForm • October 4, 2021 5:07 PM
The Great Hack Back
Apparently, starting to come back online now.
Guessing Facebook has no OPSEC. Feature, not Bug.
JonKnowsNothing • October 4, 2021 5:33 PM
@Freezing_in_Brazil, Clive, SpaceLifeForm, All
re: Yes, I can smell the rain too. At the end of the dry season, the new rains bring dramatic scents. But smells seem to vary too much to be of practical utility.
iirc(badly) tl;dr
A long while back there was a documentary about nomadic herd people and how they managed to survive for centuries without reading, writing and no tech. They were not without knowledge which was passed via oral tradition from elder to younger.
In a particular sequence, the elder had sent a younger to check a distant pasture to see if it was “time to move”. The younger made the multi-day trek, looked at the green grass and trudged home.
On arrival, the elder began to ask questions about what the younger could see and you didn’t need to speak the lingo to figure out the elder was Not Best Pleased at the response. The younger was lucky not to get cuffed hard over the lack of observation.
During the exchange the caption translation indicated the elder kept asking about “life force” or a similar concept. “Was there life force?” the elder repeated over and over.
Finally the elder attempted to explain to the younger that green grass was not enough to mark the time for moving camp. There needed to be “life force” at the new camp otherwise it would be a disastrous move.
I didn’t get it either until a LED went on what the elder was going on about.
Grass alone is not enough. Grass might be sour tasting or tough or too fibrous or it can be the wrong sort of grass. Herbivores like different sorts of grasses and they will select the ones they like best. Sometimes these grasses overlap specie’s tastes but some grasses are preferred by specific groups of animals (Darwin and Vegetation Selection).
When the younger went to the far pasture all they saw was green grass and no other animals grazing there. There were no antelopes or other grazers nor wild birds or creatures that follow the herds. Just open grass vistas.
There was no life force.
The next time the younger made the journey, the fields were full of animals and birds and assorted creatures. Life force clearly in evidence.
Your ability to smell the weather changes, may be more powerful than you think. You are smelling Life Force. Your nose is telling you about things you have forgotten in our modern environment.
The nose knows.
SpaceLifeForm • October 4, 2021 6:38 PM
@ JonKnowsNothing, Freezing_in_Brazil, Clive, All
Your ability to smell the weather changes, may be more powerful than you think. You are smelling Life Force. Your nose is telling you about things you have forgotten in our modern environment.
The nose knows.
Well said.
Can you smell that Pollen?
Can the animals notice the lack of nutrient vegetation that is not there due to lack of Pollen or flying seeds?
Of course they do.
SpaceLifeForm • October 4, 2021 6:53 PM
The Great Hack Back
If you do not understand BGP and DNS much, you may learn some dots here.
This is not an endorsement.
hxtps://blog.cloudflare.com/october-2021-facebook-outage/
JonKnowsNothing • October 4, 2021 8:56 PM
@ SpaceLifeForm, Freezing_in_Brazil, Clive, All
re: Can the animals notice the lack of nutrient vegetation …
They sure do. Grazing animals, horses, cows, buffalo etc. taste each blade and they can smell the difference as well as taste it.
Consider: Heads down, nose in dirt, eyes are focused for predators. They cannot always see what’s under their nose. Their nose, whiskers and tongue tell them what’s good and what’s not.
If you watch a horse turned out in a new field after they have some fun running around their heads go down and they start to browse. They will take a chomp of grass and if you watch they will spit out the stuff they don’t like and eat only their preferred forages.
What is sad is that some humans do not know or bother to learn, that not all grasses are edible to certain grazers. It’s not uncommon to see skinny horses in a pasture were they have eaten the good grass down to the roots while there are huge clumps of other grasses scattered in the paddock.
Those huge clumps are not edible by the horses but their human owners think there is lots of forage and don’t feed them.
Then there are the problem forages where the animals like it but it’s not good for them and can create serious vet bills in short order. Fiddleneck is one of many and grows everywhere in California. Huge pastures of orange flowers on tapered stalks with curled tips.
===
ht tps://en.wikipedia.org/wiki/Amsinckia
JonKnowsNothing • October 5, 2021 1:27 AM
@Clive, SpaceLifeForm, All
re: New Zealand waves goodbye to safe shores and welcomes DELTA+34s
It appears that the PM of NZ has announced that NZ will abandon their ZERO-COVID strategy and move to the SUPPRESS-SUSTAIN (HIP) version of virus management.
With extremely low levels of infection and a death rate far lower than the ~2,000 deaths in the backwaters of California, they have decided “It ain’t happenin’ “.
NZ has been a shining example of what could have been done however, MSM reports that the @30+ cases are driven by “social groups that do not interact with official groups well” (gangs, indigent, hidden population) and a report that an infected truck driver delivered his Delta+34Mut to another city, just too difficult to overcome.
It will be a sad viewing watching DELTA+34Muts blast thru their population. Even with “new” vaccinations with 6months of semi-protection, a good part of their of their country has yet to get 1 jab much less the 2 or now 3 they will need.
The gravediggers know to start prepping 30 days after an super-spreader event. It may take a bit longer but in 6-8 weeks there will be some unhappy days.
Their only hope is Gen2 or Gen3 in Q4 21/Q1 22 but that will be too late for many.
lurker • October 5, 2021 4:15 AM
@JonKnowsNothing
New Zealand has not “decided it ain’t happening”. We know it’s happening, but a lot of people have got lockdown weary, and have started non-complying, not just the “social groups that do not interact with official groups well”. The popular meme is that Delta is sneaky, when we know it’s people that are sneaky. And yes it’s a mystery to some of us how normal people after a test are required to isolate until the result comes in, but truckies somehow can jes’ carry on truckin’. There’s been two cases of drivers returning a positive test, but are actually way down country.
The Suppression regime is predicated on a minimum 90% vaccinated population. A Vaccine Passport/Certificate will be required for air travel, to enter large crowd entertainment venues, and some commercial premises have said they will demand it for entry. From audio reports it seems like it may have a QR code on it; it can be carried on a phone or device, or it can be printed out and carried on good ole paper.
There had been a problem getting vaccine out to the boondocks, but mostly covered now. A pretty strong team is working on the antivaxxers, but they don’t have an answer for the likes of myself, who will willingly take a shot, just not an mRNA shot; yes, Pfizer is the only brand available so far…
JonKnowsNothing • October 5, 2021 5:22 AM
@lurker
re: NZ going HIP
I suppose one bright but ugly light on the situation is that NZ will now be the RL Sandbox for COVID-Watchers, as the entire country lights up DELTA+34s positive.
In the original screenplay “STOP THE PLANES” (SpaceLifeForm) we got blasted without much planning and a good deal of improv guessing like social distancing: 3ft, 5ft, 6ft, 6 roos, 4 peacocks, 1 water buffalo …
In the case of NZ, we can watch the reruns as the truck drivers haul it across the country (ala HIV trucker transport). Since HIP is the New Norm, the 30K stranded kiwis will be able to hop home and bring the latest editions of EU/UK DELTA+34Muts with them. The kiwis may have headed out for a nice holiday in EU and are bringing back the Cov-Bugs with them. So nice of them to share with the rest of the country.
Maybe PThiel or LPage will ask for refunds and return their citizen/residency permits-for-cash. They were only interested when NZ was the last clean place on the planet. THAT would be worth it.
===
The local burnt sequoia ashes weekend count just to get you started:
Area population 1Mill
Last updated: October 1, 2021 at 1:15 PM (Includes 9/25/21 – 10/1/21)
Total Cases: 128,450 (+2,151)
Total Deaths: 1,964 (+37)
Freezing_in_Brazil • October 5, 2021 8:32 AM
@ MarkH
<blockquote>That’s what facecrook.com just showed me. Most satisfying web experience in years</blockquote>
Ditto the sentiments.
The lesson remains for entrepreneurs, who have been held hostage to a service over which they have no control. I never miss the opportunity to point out how important it is to control your own data and your company’s data.
Make a website dedicated to your business on your own domain. Talk to your customers and partners through blogs like this one. People should never forget that such “cloud” is just someone else’s computer. Use social media only for what they were created for: talking to daddy, mommy, and auntie.
@ JonKnowsNothing
Great read! Thanks.
@SpaceLifeForm
Rains are capable of eliciting veritable olfactory symphonies [and each one has its nuances, but the measurement is tricky]. For a commercial weather “nowcast” system I would rather be working with light and related parameters.
Cheers!
lurker • October 5, 2021 12:25 PM
@JonKnowsNothing
MIQ still applies to inbound until December, then proof of full vaccination will be required. The sad part about this is the govt trying to persuade the ppl that the vaccine will save us all…
Apparently the Passport will require PII on application, ie. as I’ve just heard for the Scottish version, it will require uploading a picture of Drivers Licence or real Passport: oops! Already this week I’ve stopped a different web application in its tracks when it asked for those pix.
luker • October 5, 2021 2:11 PM
Friday Squid Blog:
Here’s one from Aunty Beeb – 30 Animals that Made Us Smarter- The Squid
R2-D2 • October 5, 2021 4:08 PM
https://news.yahoo.com/captured-killed-compromised-cia-admits-184027771.html
Massive CIA intelligence failure. Numerous foreign agents + informants killed or captured for informing, obviously on foreign activities of interest to the U.S. CIA.
Other explanations? Probably INTERPOL caught them. Whose fault is this now for “backing the blue?” The International Association of Chiefs of Police?
1&1~=Umm • October 5, 2021 6:06 PM
@ R2-D2
Your “Yahoo link” looks like it’s a re-boil of a NYTimes article,
https://www.nytimes.com/2021/10/05/us/politics/cia-informants-killed-captured.html
If you can please avoid Yahoo links, the corporate behind it is extreamly rapacious when it comes to PII. They sell it on to over two hundred organisations directly –at last count– and it’s anybodies guess how many other hostile data aggregators around the world.
@ ALL
If you read the NYTimes artical it leaves out or misidentifies certain ‘cultural asspects’ that get ‘agents’ killed by the CIA.
Since the CIA’s formation they have had two very severe problems,
1, A ‘gung-ho’ attitude.
2, A distain for science and technology.
The latter is known to be the root cause of the very severe loss of life in both China and Iran of agents recruited by the CIA.
Put simply the CIA failed to understand the security risks of using Internet based technology for agents to report to their handlers / case officers.
What is not known publically is if Iran discovered it and told China or if it was the other way around. My guess is it could easily have been either as both are quite technologically advanced when it comes to the Internet. Whilst many accept that China is ‘advanced’ many more have trouble believing that Iran could be as advanced, which is a significant mistake to make.
The simple fact is when it comes to the ‘information side’ of technology you do not need vast resources and huge budgets, just a few smart people who are self motivated enough to get their heads around technology almost with religious passion.
As has been remarked on this blog before in the information domain ‘an army of one’ can defeat whole battle groups of thousands of personnel and billions of dollars of weapons that are in the physical domain.
The reason is kinetic and similar weapons by and large are a compleate waste of resources, unless you have reliable information on where to target them. The statistics from the Vietnam war which was the first ‘computer driven’ war indicate that it took around ten thousand rounds of ammunition to kill just one enemy combatant. Obviously this needed hundreds of guns to fire them, and it’s anybodies guess what vehicles and how many non frontline personnel to get the bullets to the guns and maintain / repair / replace the guns (it takes as little as a thousand shots fired to ‘shoot out the accuracy’ of a rifled barrel).
Anyone who can disrupt the information turns ‘smart weapons’ into over priced under powered money and resource sinks.
The way to disrupt information is to develop code, then get the opponents systems to run it (malware 101).
As can be seen by the success of malware especially ransomware defending against information attacks is hard very hard, but it’s relatively easy for a single smart person to find a vulnerability and weaponise it…
It is almost the most extream form of asymetric warfare there is.
Imagine if you will that the cause of Facebooks ‘blown off the map’ issue yesterday had been caused by an outsider? It could easily have been so.
There are many many organisations that are extreamly vulnerable because of ‘disdane for technology’ and the terrible 1990’s ‘Make it so”‘corporate managment attitude. Where risks were ignored and anyone suggesting caution and care soon had to find new employment. Whilst not as bad as it was, it is still very much there. The CIA attitude to science and technology is effectively the same and realistically is unlikely to change no matter how many ‘agents’ get executed in public as warnings to others. The gung-ho attitude is ‘institutional’ and clearly present at the highest levels, so is unlikely to change for thirty to sixty years…
Winter • October 6, 2021 5:00 AM
Now for practical relevant stuff regarding Privacy and Security:
Google’s New Spyware in Chrome 94
Google Chrome’s new API, Idle Detection, knows when you’ve been sleeping, it knows when you’re awake, and it knows if you’ve been bad or good.
“The Idle Detection API notifies developers when a user is idle, indicating such things as lack of interaction with the keyboard, mouse, screen, activation of a screensaver, locking of the screen, or moving to a different screen. A developer-defined threshold triggers the notification,” the company said on a web page devoted to all of the gee-whiz stuff that’s included in its [ad serving platform] web browser.
The API goes outside of operations of the browser itself to look at the users keyboard, mouse, and such, and makes that information available to any website leveraging the API. Google says that’s necessary because, “Applications which facilitate collaboration require more global signals about whether the user is idle than are provided by existing mechanisms that only consider a user’s interaction with the application’s own tab.”
ht tps://fossforce.com/2021/10/googles-new-spyware-in-chrome-94/
SpaceLifeForm • October 6, 2021 9:19 PM
@ Winter, Clive
I know approximately where your Faraday Bag has been, and what devices you had inside.
Lack of signal is signal.
Clive Robinson • October 7, 2021 1:43 AM
@ SpaceLifeForm, Winter,
Lack of signal is signal.
Of only “one bit in the data domain” but “As many bits as you need in the time domain”…
As I’ve pointed out before, battery powered devices such as mobile phones have their problems.
The one many “feel” with them is that they are “dog leads” used to restrict their freedom. So they look for reasons to “not conceal carry” them. The need for having a “full battery later” is a perfect excuse as many a lunch-hound escapee can testify.
The trick to “slipping the lead” is,
1, Schedual a meeting prior to lunch.
2, Go to meeting and put mobile into call divert to desk phone at beging of meeting.
3, After meeting put phone on charge in desk draw and lock draw (office theft being what it is).
4, Go to lunch unencumbered by the dog lead.
Likewise at home you can have “ecological paranoia” or “fire paranoia” where you compulsively unplug chargers or if you have “switched sockets” turn them off over night etc. You thus turn them on only to use for charging which you do not do overnight because of paranoia…
So you,
1, Get home from work and put phone on charger first.
2, Then turn charger on.
3, Then put phone in silent, or press off button.
4, Go and turn on radio or other such as electric oven.
5, Sit down or go out “to get milk” etc, etc unencumbered.
6, About an hour or more later “check charge”.
7, Repeat 6 a number of times…
Most modern “Smart Phones” are actually turned off, and these days “Airplane mode” is not what it once was, so “allways on” is increasingly common. In short they can and many do maitain contact with the network and report the phone status in often quite thorough detail even when you think they are off.
Due to “Profit factor” some very expensive phones store a great deal of data about “charging” they know not just exactly when you put your phone on charge, the type of charger that was used even in some cases which one (USB being what it is). Some even know if you have pluged in the charger when it is not turned on, and how long before you turned the charging device on (so know you pluged in a USB lead from your computer and then turned the computer on etc).
The Smart Phone industry rule of thumb appears to be,
“If you can come up with a new metric on users implement it, because some one will pay money for it, and you don’t leave money on the table”
Those more switched on in the ICTsec / surveillance industries know that sooner rather than later the various branches of “Guard Labour” will catch on to them and so in time all collected metrics will be used as evidence against someone.
So it’s not just “lack of signal” that is a signal but “Change in Signal” that is a signal as well, and as the “Guard Labour” does “Time Lines” as a primary activity, they reap the benifit of the “extra bits” the “time domain” gives over the “data domain”.
Which is why “being a creature of habit” can be both good and bad. You need “lazy habits” not “OCD clockwork”. It is said “variety is the spice of life” but “a good cook knows spice should be used sparingly and with care, as over spiced is worse than underspiced”.
Thus you need the habits you form, to be like a nice jacket, you can wear when you chose, that makes you look good, but importantly is neither rigid nor constraining of your movments.
Sut Vachz • October 7, 2021 10:05 AM
A knockout punch requires a good throw from each hand, and a compliant referee helps.
https: //www.theregister.com/2021/10/05/facebook_whisteblower_congress/
Clive Robinson • October 7, 2021 12:02 PM
@ ALL,
It’s not just Facebook borking their applications ability to communicate…
Apparently Microsoft has borked Teams PSTN –land line and mobile phone– connections as “Direct Routing” is now pear shaped for reasons yet to be identified…
https://www.theregister.com/2021/10/07/teams_pstn/?td=keepreading-btm
“Microsoft Teams’ Public Switched Telephone Network (PSTN) integration has fallen over.
The integration is a key part of Teams in the enterprise, and permits the use of phone calls with Microsoft’s messaging platform. The afflicted service in this case appears to be Direct Routing.”
So far it’s fun fun fun this week…
Will Google or Amazon squeeze in a compeating SNAFU by the end of play tommorow?
After all AWS is generaly a good place to see all sorts of OMG activity bubbling along. As for Google they have been off of my radar for quite some time, so your guess will probably be better than mine…
Any other suggestions? I know there is rumblings about iOS 15 being “Surveillance unlimited by off” but hey norhing realy new there.
Over in the UK though the jungle drums are beating over NSO and some Saudi Prince spying on his Ex with their Pegasus spyware,
https://www.theregister.com/2021/10/07/pegasus_malware_princess_haya/?td=keepreading-top
SpaceLifeForm • October 7, 2021 4:48 PM
@ Clive
Will Google or Amazon squeeze in a compeating SNAFU by the end of play tommorow?
It’s too late for Amazon.
hxtps://blog.twitch.tv/en/2021/10/06/updates-on-the-twitch-security-incident/
Sut Vachz • October 7, 2021 5:02 PM
Who might be using the distraction provided by all this borkage to do things in the shadows ?
Give the principle parts of the verb bork-
borko, borkare, borkavi, borkatus sum
JonKnowsNothing • October 8, 2021 12:15 AM
@All
Odd MSM report that Canada invited Ms Manning to visit just so their Border Patrol could throw her out of the country…
per the articles, Ms Manning has been denied entry to Canada for some time, so it’s odd that they would issue an invite just so they could be more rude.
But then again, apparently their PM Trudeau decided his family vacation was more important than their country’s Inaugural National Day for Truth and Reconciliation over the treatment of Canadian indigenous persons.
THAT must of been some family exchange:
kiddos: I want to see BEARS! Not Indians! Bears!
reports indicated that Ms Manning declined the Canadian offer…
Zho, where’s the beef and why?
If Ms Manning crossed over into Canada and was nabbed in no-persons-land, she could be renditioned anywhere. If she managed to get onto the Canadian side she could be deported to any jurisdiction the Canadians want to send her and not necessarily back to the USA. (1)
The CIA Black Sites are still active. A recent photo journal showed a walk thru of the Salt Pit in Afghanistan. The CIA attempted to demolish it but a good archeologist or two will dig it up and forensically evaluate it. If science can pull viable DNA from an ice age mammoth, the CIA chappies and chappettes will have some thing to look forward to when they hit 100yo.
===
SpaceLifeForm • October 8, 2021 12:37 AM
@ mmasnick, name.withheld.for.obvious.reasons
Interesting ruling
There is no dilemma if you use FLOSS.
hxtps://curia.europa.eu/juris/document/document.jsf?text=&docid=247056&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=5940685
Article 5(1) of Council Directive 91/250/EEC of 14 May 1991 on the legal protection of computer programs must be interpreted as meaning that the lawful purchaser of a computer program is entitled to decompile all or part of that program in order to correct errors affecting its operation, including where the correction consists in disabling a function that is affecting the proper operation of the application of which that program forms a part.
Article 5(1) of Directive 91/250 must be interpreted as meaning that the lawful purchaser of a computer program who wishes to decompile that program in order to correct errors affecting the operation thereof is not required to satisfy the requirements laid down in Article 6 of that directive. However, that purchaser is entitled to carry out such a decompilation only to the extent necessary to effect that correction and in compliance, where appropriate, with the conditions laid down in the contract with the holder of the copyright in that program.
Sut Vachz • October 8, 2021 12:42 AM
@ JonKnowsNothing
Re: no-persons-land inside a terminal
How do the involuntary inhabitants support themselves financially ?
SpaceLifeForm • October 8, 2021 1:53 AM
Smell any popcorn?
hxtps://therecord.media/yubico-debuts-fingerprint-based-security-keys/
Clive Robinson • October 8, 2021 3:33 AM
@ SpaceLifeForm,
Smell any popcorn?
In this case I smell the scorched flesh of burnt fingers from grabing the essentials of the process without caution.
Or more correctly, bio-metrics have a fundemental problem of coercion.
In the past there has been occasional mention of crooks cutting of or riping out body parts to bypass bio-metric security. Horrific as it sounds I’ve not yet read of a case where this has happened (if some one has a link to such I would be interested in seeing it).
The current reality though is coercion by compulsion backed by loss of liberty by state controled guard labour and others payed for from the public purse (ie money raised from the persons legal and natural within the jurisdiction).
So if an employer in jurisdiction A gives an employee X such a device, to use in jurisdiction B whilst traveling and acting for the employer we can get an unfortunate series of events happening…
First a little history. Some years ago now an employee of a European Crypto company was sent to a Middle Eastern nation on business. Relating to that business the employee was detained by the nation and effectively ransomed through no fault of their own. The employer finally freed the employee, but on the employee’s return subjected them to significant legal proceedings.
It does not take much of an imagination to see that any employee accepting a finger print or other bio-metric key is being put in a position by their employer of taking responsability for a potential failure where the employee has no ability or control in the matter, yet can be left suffering significant consequences…
But as has been demonstrated finger print scanners on phones can be used when the owner of the finger is not concious. That is when they are just asleep in bed…
So it does not need to be an Evil Maid to perform an “evil maid” style attack, just a friendly face and one to many drinks in a bar or similar.
So when it comes to bio-metrics the old US Executive’s wife inspired saying of,
“Just say no”
applies.
Winter • October 8, 2021 4:07 AM
The question has been raised why our local Troll-tool is so persistent in spamming this blog. Here might be (part of) the answer:
High-profile Western media outlets repeatedly infiltrated by pro-Kremlin trolls
ht tps://www.cardiff.ac.uk/news/view/2547048-high-profile-western-media-outlets-repeatedly-infiltrated-by-pro-kremlin-trolls
Researchers from the Crime and Security Research Institute have found evidence that 32 prominent media outlets across 16 countries have been targeted via their reader comments sections.
Websites which have been repeatedly subjected to these activities include: The Daily Mail; Daily Express and The Times in the UK; America’s Fox News and Washington Post; Le Figaro in France; Der Spiegel and Die Welt in Germany; and Italy’s La Stampa.
The team identified 242 stories where provocative pro-Russian or anti-Western statements were posted in reaction to articles of relevance to Russia. These comments were then fed back to a range of Russian-language media outlets who used them as the basis of stories about politically controversial events.
…
“The Western media outlets we investigated are especially vulnerable to this kind of manipulation, with no security measures in place to prevent, deter or detect this kind of activity. Trolls have been able to easily switch between personas and identities, which is something the technology actually enables.”
…
Detailed forensic behavioural analysis of account profiles posting pro-Kremlin comments identifies that some of these users are repeatedly changing their personas and locations; one account of interest had 69 location changes and 549 changes of name since its creation in June last year.
Many of these do ring a bell with respect to our local Troll-tool. Remember that its working hours concurred with those of Saint Petersburg.
@Winter:
“Remember that its working hours concurred with those of Saint Petersburg.”
Whilst that could have easily been faked, there were other “tells” as well. Which I won’t go into because they are “fragile”.
However there were other tells that did amuse and can be talked about.
One of which was the Troll-Tools response times.
Primarily the Troll-Tools behaviour was “dump and run” untill comments calling out the behaviour started to appear.
The time delays suggested the Troll-Tools dumping behaviour was initially a “manual posting” excercise by cut and paste from prepared / generated nonsense. That is whilst the content was generated the actual posting of it was not automated and the delivery was by bashing away at the keyboard.
Importantly that once the Trool-Tools load had been dumped they then went off to do other things.
So suggesting it was part of a work based activity even though the content was little more than not even up to the lowest level of “script kiddy wanabe”.
But one of note was the rude behaviour to those puting up posts detailing or working around the Troll-Tools efforts. The Troll-Tools time responses suggested an automated way was used to monitor.
Unfortunatly for the Troll-Tools mentality they got “captured” by their own ego… So got caught up in a profitless series of exchanges in which they failed to prove they had any superiority.
In fact all they showed was how fragil their ego was, and how easy they were to be manipulate and have their chain yanked.
But behaviours changed… Which tends to indicate more than one individal is involved. Further the type of message changed to one where large sums of money are available if you know where to sign up for it.
The later aim appears to be to “poison the robots” or web-crawlers of the search engine sites. Thereby taking advantage of the time between Troll-Tools posting and @Moderator deleating, to get artificial statistics into the search engines.
JonKnowsNothing • October 8, 2021 10:25 AM
@ Sut Vachz
Re: no-persons-land inside a terminal
How do the involuntary inhabitants support themselves financially ?
iirc(badly)
The longest terminal resident was ~30 years. Entire families have been trapped by changing political situations. Access to bank funds is dependent on the political and banking situation. If there’s a international freeze on your account or the fiat paper you are carrying is no longer “valid currency” or your credit-debit cards are locked, begging is all you can do.
One of the interesting vagaries of international laws is that many countries have specific requirements if you wish to apply for residency or asylum and that you MUST be INSIDE their territorial boundaries to apply or to physically present yourself at a designated location. You cannot do this from no-persons-land. If you do not have a valid passport, transit document, visa or other required identifications you cannot exit the airport to do that, so the person is left with Catch22.
The many thousands of globally COVID-Travel-Blocked is that they all had valid documentation and status at the time of initial travel but they became becalmed when their respective governments blocked their return(s) and return attempt(s). These countries have done nothing significant to help these people return and some of them are more than a year waiting for a slot(s) to open. They have booked and rebooked and spend $$$ in paperwork trying to return home. Some of them were granted emergency visas in the “host country” where they were blocked and many of these are expiring. The emergency visas may allow the persons to exit the airport or they maybe required to domicile in one of the airport complex hotels.
The irony is: Business Travelers have no problem getting in and out of these same countries. Airlines restrict the number of seats for the abandoned returnees which they have to pay for each time they book. There is a de-facto auction To The Highest Bidder for these seats. So, just because you had a seat today, does not mean you have one 10 minutes later or on the day of departure.
A recent MSM report of people trying to book a private plane from NZ to AU is that it costs upwards of $40,000. Private planes have fewer restrictions on transit than the commercial airlines and they have their own suites of quarantine rooms ready and available in their perk package.
For those who have “host country” emergency visas that are expiring they are facing the Deportation Rules for Illegal Immigration. It’s a tough way to get home and it pretty much blocks any future travel.
Once on the list, no one cares how you got there, only the robot AI/ML reads the list and does the sorting for future travel and passport applications.
===
ht tps://en.wikipedia.org/wiki/List_of_people_who_have_lived_in_airports
SpaceLifeForm • October 8, 2021 4:10 PM
@ Clive
Whilst it appears you did indeed smell the popcorn, you did not enter the Security Theater and partake in the full aroma.
I will take a Chewbacca Defense angle here and plead that your morning tea had not kicked in yet.
Because we both have hammered on the requirement to separate the comms from the crypto.
This USB Fingerprint device violates this separation requirement.
Literally, a Digital Fingerprint possibly can be leaked via the USB channel. Or maybe hidden radio.
Get Digital Fingerprint. Clone device. Or, possibly create a plastic fingerprint to authenticate to a different fingerprint reader/computer. I do not recall the name of the movie, but, it’s not a new idea.
Also, see
hxtps://www.bankinfosecurity.com/google-says-russian-apt-targeting-journalists-politicians-a-17708
Following the news of Fancy Bear’s reported targeting of high-profile individuals, Google said in a blog post Friday that cybersecurity features in its APP program will protect against certain attacks, and that it was partnering with organizations to distribute 10,000 free security keys to higher-profile individuals. The keys are two-factor authentication devices tapped by users during instances of suspicious logins.
[sumptin, sumptin bout free and product]
Clive Robinson • October 8, 2021 6:57 PM
@ SpaceLifeForm,
sumptin, sumptin bout free and product
Ahh, yup if memory serves gift horses, mouths and lunches… There was also something about not accepting wooden ones as well as you’ll pay for it in the end, but they never say in the end of what.
But,
… you did not enter the Security Theater and partake in the full aroma.
Since being discharged from hospital after a week or so of being fed rat poison I find I don’t go out socialising as much as I used to. Apparently it thins the blood as well as stopping it clotting, so you feel the cold and damp more… Something the aches from old scars and breaks tell me to much about as it is especialy as being a human barometer was not on my childhood list of desirable superpowers. So as a minimum I’ll pull the Chewie hight defence and claim not enough oxygen getting to the brain which must also be the reason my hair is fall out ={
As for the morning cupper, no I’ve not been drinking it as I’m having so many “fasting blood tests” at the hospital I don’t get to eat, or drink anything other than water untill lunch time. Then there are the heart tests where “no caffeine for 24hours prior” or other stimulants is a requirment[1].
But more seriously, creating fake fingers and placing fake finger prints is childs play. Or at least it was for me a half century ago… But add another seventy to that and Conan-Doyal was having Sherlock spotting such fakes made by the “Norwood Builder”.
Whilst choping fingers off is more a horror or murder mystery Theatre Event as gore sells, it has always puzzled me as to why people would assume body parts were any more under an individuals control than any other physical token[2].
With regards,
… we both have hammered on the requirement to separate the comms from the crypto.
Something that goes back so far in time it was even half a millennium old to the Ancient Romans[3]… So you would have thought more people would be not just aware of it but pointing it out, yet for some reason…
[1] The tests show my cardiac output is only about 1/4 of what it should be, but then having a blood clot in the right atrium the size of the end of your thumb does tend to block the free flow etc.
[2] Yes I was puzzled when I was involved with designing finger print readers a third of a century ago. So puzzled that I made the mistake of showing then colleagues how easy they were to fake thus fool the readers… With hindsight I can see why I was saying things the bosses did not want to hear.
[3] I guess the practical question of “How many messages can you get on the head of a slave” is not as much fun as the metaphysical question of “How many angles can dance on the head of a pin” to which “the three degrees” might be an appropriate answer 😉
SpaceLifeForm • October 9, 2021 5:35 PM
@ name.withheld.for.obvious.reasons, JonKnowsNothing
Keep in mind that there is allegedly “Insurance” out there.
I do not believe JA will ever be extradicted.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
name.withheld.for.obvious.reasons • October 1, 2021 7:22 PM
1 Oct 2021 — Assange Disinformation Continues Unabated
It seems a major portion of the public has become indoctrinated with propaganda and have seen Assange as they wish to see him, not as the person he is. A laundry list of lies that people keep spouting without substantive evidence follows (this is partial, it is a long list of crimes AGAINST Assange).
For a detailed examination of the Assange case, before you even consider commenting on the subject do us all a favor and read the UN Charter on Human Rights Rapporteur on Torture’s reporting. This lawyer has done extensive work in getting government documents that expose a series of international crimes perpetrated by government[s] to bury Assange.
Finally consider this, Assange has never had to make a single retraction. No other publications has that milestone. Two, Assange never played favorites. Think about it, an individual that protected no state interest is the one that is the problem? You might want to consider if he is pissing off everyone in power, the powerful are going to act. So does it make sense that Assange is to blame for problems of the powerful? Take your head out of your rear orifice.
FOOTNOTE: Vault7 made Assange the enemy of the CIA, it became personal for many at the spook factory. This is about revenge, and what do think the CIA is capable of when it comes to such a thing? So do you think the information you hold is accurate, check your source.