Friday Squid Blogging: The Chemistry of Squid Camouflage

Interesting research.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on September 11, 2015 at 4:13 PM • 216 Comments

Comments

rgaffSeptember 11, 2015 4:57 PM

@Jonathan Wilson

Very interesting... however, everyone needs to keep in mind that destruction is often NOT better than hostile intrusion. In search for better security we don't want to just allow any old miscreant to suddenly and easily deny us access forevermore to important data that we actually need for some reason or another.

Obviously there are use cases for this, but not as many as one might initially think. Wiping a mobile copy, when I can later restore from a backup... sure, sounds good, provided I can get by ok without it until I get to that backup. Wiping my last copy of everything cause "give me security or give me data death"... maybe not as much, in most cases.

As a real world example: when installing https://grsecurity.net on your Linux system, go over the options carefully and think about which ones can be easily used as a "Denial of Service" attack against you... you may not want to enable all of those, even if they do happen to improve security in the process...

Alien JerkySeptember 11, 2015 5:10 PM

I always wondered how the cuttlefish got its name. It neither looks like a fish, or looks cuddly.

rgaffSeptember 11, 2015 5:14 PM

@Jonathan Wilson

Also, don't under-estimate the ability of a determined well-funded adversary to re-assemble any jigsaw puzzle you make from shredding or other physical destruction... Anything larger than extremely fine powder may be too big for today's technology... Corning Gorilla Glass would be an example of pieces that are rather large.

News StorySeptember 11, 2015 5:35 PM

ArsTechnica are running the article: Once seen as bulletproof, 11 million Ashley Madison passwords already cracked.

The bcrypt configuration used by Ashley Madison was set to a "cost" of 12, meaning it put each password through 212, or 4,096, rounds of an extremely taxing hash function. If the setting was a nearly impenetrable vault preventing the wholesale leak of passwords, the programming errors—which both involve an MD5-generated variable the programmers called $loginkey—were the equivalent of stashing the key in a padlock-secured box in plain sight of that vault. At the time this post was being prepared, the blunders allowed CynoSure Prime members to positively crack more than 11.2 million of the susceptible passwords.

And here are the technical details of how they've gone about cracking it.

ThothSeptember 11, 2015 7:00 PM

@Nick P, Clive Robinson, Figureitout
We know Darpa have the SHIELD program that creates a blackbox tiny chip so any one can install the chip in a chip just like boxes inside boxes. What are the likelihood they may forcefully mandate backdoors with this new boxes in boxes technique or maybe even quietly gag chip suppliers up and get them all to install these stuff into next generation or even current chips ?

I sense their dubious intentions ....

Link: http://www.darpa.mil/program/supply-chain-hardware-integrity-for-electronics-defense

SoWhatDidYouExpectSeptember 11, 2015 8:01 PM

From Slashdot...

Spy Industry Leaders Befuddled Over 'Deep Cynicism' of American Public

http://news.slashdot.org/story/15/09/11/1714254/spy-industry-leaders-befuddled-over-deep-cynicism-of-american-public

Ah, just as we expected. The spooks think that the public is loaded with "venom and deep cynicism" over their work which invades the privacy of everything (except those that are specifically protected). They choose to ignore all rational and real positions against their actions.

Just imagine, if the spooks are so easily "befuddled", what real enemies will do to them. Overall, I think they are just looking for the easiest viction to catch (any honest U.S. citizen will do) rather than performing any real work. Their objective is to influence, intimidate, and control U.S. citizens, not protect them.

rgaffSeptember 11, 2015 8:33 PM

@ SoWhatDidYouExpect

No dictator wants to harm anyone, they all just have the word's best interest at heart... as long as they're in charge and everything's done their way... it's only those terrible resisters to their absolute control that push them over the edge into committing atrocities...

name.withheld.for.obvious.reasonsSeptember 11, 2015 8:59 PM

For the blog regulars, you know who you are, I have a "investigation" that could use some assistance. No, I'm not following on Bruce's request regarding crypto software, I just thought I'd posit anyway. The issue, the reorganization of agency(s) under DoD management and changes to associated rule and regulatory instruments.

Having preliminary data from some early research indicates a number of drastic institutional changes at the CENTER of and INTEL AGENCY. From a rough pass at the info, the agency has transformed from its core mission (I don't believe statute supports the current recasting). It's as if the Department of Energy decided to be the Department of Agriculture.

BuckSeptember 11, 2015 9:00 PM

@SoWhatDidYouExpect

For real, I expected nothing less...
The directors of the FBI, CIA, NSA, NGO, DIA, and NRO have obviously been spending too much of their time mingling amongst silicon valley ceos.

Rogers said, "I don't think we have fundamentally destroyed the public's trust. Some feel that way, but we are accountable to the citizens of the nation, and the nation is counting on us. The nation needs the insights we generate and our computer expertise."
That's how you know that their perceived reality is so far out of touch with that of the average American!
Multivariate analysis indicates that economic elites and organised groups representing business interests have substantial independent impacts on US government policy, while average citizens and mass-based interest groups have little or no independent influence.
Maybe try restoring some more of that accountability to the citizens of our nation before begging for a less cynical dialogue...

The Curious Incident of the AFI 36-3208 sec. 5-11 in the NighttimeSeptember 11, 2015 9:38 PM

@SoWhatDidYouExpect, In other news, NAMBLA wounded by the mistrust and hostility of American children.

Put Rogers back in the squeezebox before he starts head-banging. Human interaction is very taxing for him.

sena kavoteSeptember 11, 2015 10:39 PM


Combined password hashing and integrity check of system partition

With some setups it might be good to form decryption key of data partition's decryption key by hashing passphrase with every software related file on the root level / partition. That could mean gigabytes. The main point of this activity is that decryption is not possible if integrity check fails. How this sounds? Is this a good idea?


-----------------------

Law etc. and text search

From USA comes strange news about prosecutors who game the system by releasing huge document dumps just before trial in order to overwhelm defense attorneys. This happened for example in the case of Ross Ulbricht of silk road. Seems like justice system of USA is infested with sociopathic prosecutors who don't care about justice, but I am open to other explanations.

Anyway, there may be technical help. Do attorneys have advanced text search and analysis software in use? For example, it would be possible to make complex regular expression searches with GREP of any Linux. Even better if storing and stringing grep searches on bash script files. Even better and easier search and analysis tools can be made, that also have easy graphical user interface. Default configuration file for one area of expertise could be thousands of lines long.

Also, legal documents on computers could have options for syntax highlighting just like software source code. Some special classes of words with special legal meanings can have their own color. It is possible that lawyers would not benefit, but legal documents are meant for novices too, and programmers who happen to be involved in a case. I have no idea about the specifics.

The same software is useful in other areas besides law.


-----------------------


How proprietary operating systems decreasing trustworthiness should affect privacy software

Lets take tor project and especially it's tor browser bundle as an example. In my opinion they should give anyone using TBB on Windows one year for finding few hours of their time for installing or otherwise getting Linux and 2 years for anyone using TBB on macOS. Despite macOS being minority OS (just like Linux) among the general population, for some strange reason vast majority of journalists use macOS (maybe because Apple has had so journalism worthy CEOs?). This gives pause because journalists need privacy software more than average.

Then tor should direct the freed resources for making TBB versions for FreeBSD and OpenBSD. Possibly also for one OS that is one of these 3: netBSD, Minix3 or dragonflyBSD. I do not have first hand experience of those last 3, so I reserve judgment and ask you what should be the 4th OS for TBB? Or for what operating systems you would like to have TBB and other mission critical privacy software?

Also, TBB should work on raspberry pi.

How much OS dependent work could there be?

Possibly related: Why can't we get TBB from Ubuntu repos like everything else?

Linux should be the basic / normal option for "the folks", and people like readers of this blog should consider getting one of those other unix operating systems for tor use. I think I flip a coin between pcBSD spin of FreeBSD and OpenBSD. Choice depends on available hardware too. For example, pcBSD works only on x86-64. Organizations may want to install pcBSD, OpenBSD or Minix 3 on their personnel laptops.


--------------------


re: Tails on virtualbox

Tor use is most secure on Tails on bare hardware, second most secure on Tails on virtualbox on some Unix and third most secure on TBB on some Unix.

name.withheld.for.obvious.reasonsSeptember 11, 2015 11:23 PM

Guess this is appropriate given the calendar date, seems the CIA has been transformed.

There is a real question as to the "legality" of the DoD restructuring the CIA as a direct component of DoD at the UndDefSec level. The title of the policy directive changing (putting the CIA in charge of all the IC) is Under Secretary of Defense for Intelligence (USD(I)) as specified in DoDD 5143.01. My understanding is this promotes the CIA to "the" top level component of DoD.

The new position puts the former ODNI above all IC and DoD component organizations. There is much to analyze, need to determine the operational, structural, and underlying rationale for this re-positioning of the CIA.

JPSeptember 11, 2015 11:39 PM

@name.withheld.for.obvious.reasons
"It's as if the Department of Energy decided to be the Department of Agriculture."

Why would this be unusual. The EPA has already decided to be the Department of Energy with the Clean Power Plan.

Alien JerkySeptember 12, 2015 1:16 AM


From the Onion

http://www.theonion.com/graphic/how-to-protect-your-personal-information-online-35036

Here is The Onion’s guide to keeping your personal information secure from hackers:

Always log into your Gmail account in person by traveling to Mountain View, CA and letting the Google folks know it’s you.

The key to protection is being informed about risks. If you receive a suspicious-looking email, assiduously click on all the links and follow their instructions to learn more about the threat.

To keep your phone data safe at all times, never unlock your iPhone screen.

Publicly post sensitive personal information about close friends and family to draw hackers away from you.

For usernames and passwords, choose something that’s easy for you to remember: a phrase you know you’ll never forget, like “Buchenw@ld,” “Dachau#!,” or “Bergen-Bel$en.”

Hackers have been known to infiltrate public Wi-Fi networks, so make sure to switch stores or cafés every 45 seconds while working in public.

Wear a plastic badge that says “CyberSecurity Force” to scare off snoopers.

Remember that if you offer hackers unconditional love they will no longer feel the need to hack.

Always be aware of your surroundings when accessing sensitive information in public. Listen closely for anyone nearby subsequently tapping on their laptop and then muttering, “I’m in.”

If you suspect your computer is untrustworthy, smash a radio in front of it with a hammer to send it a message.

tyrSeptember 12, 2015 1:26 AM


@Sowhatdidyouexpect

What struck me was the answer of Rogers to the question
of who is the main threat. Just what kind of a paranoid
loon thinks that the main threat to USA changes every
hour. Considering the transparency the interNet brought
to the world I'd think a lot more would notice that kind
of threat level.

You have to seriously pity the spooks because of the bad
damage their institutional mindset does to them. In any
other profession they would receive some serious psych
help for that kind of behavior. Once they lost the main
boogeyman of the commies they have been adrift flailing
about looking for something to anchor their paranoid
fears on without much success.

When you mistake sound technical advice for venom and
cynicism you have lost the connection to reality that the
technical world depends on everyday.

Maybe building a building that looks like a Las Vegas hotel
and casino with a snazzy Star Trek bridge simulator seemed
like a good idea before the taxpayers saw it but it didn't
enhance the credibility of the organization that was dumb
enough to do it.

Maybe if some of that money had gone into securing the OPM
database strangers wouldn't be reading their forms.

What I find hilarious is that the classics are available on
the Net, Sun Tzu, Clauswitz, et al and the job is still the
same, the only difference is no high level type has been
held accountable for their failure in the 21st century.

65535September 12, 2015 1:47 AM

@ SoWhatDidYouExpect

“Spy Industry Leaders Befuddled Over 'Deep Cynicism' of American Public”

Lol!

Seriously:

If these so called “leaders” cannot follow the Constitution while doing their mission then they should be replaced.

If these so called “leaders” continue to tell Congress “The least untruthful answer” they should be brought up on charges.

If these so called “leaders” create an entire industry of spyware, rootkits and bot nets then they should be de-funded.

I am sure there is not a lawyer out there that would not be offended to knows that the “Agency” could easily be spying on him/her and could have used “parallel construction” to convict and individual of a crime. This sort of behavior by the upper most law enforcement official of the USA must stop now.

Just because something is easy to do [such as full fiber taps] doesn’t mean one should do it. The US Constitution was put in place for a reason and the Agency should not be allowed to subvert just because it can.

@ aikimark

This is a classic example of an insecure device being exploited. Be it “front door” or “Back door” this watch is insecure and leaking data.

On an economic note, this type of news keeps me from impulse buying of trinket electronics of dubious value.

WinterSeptember 12, 2015 1:48 AM

There are often given arguments of why the TLA's and IC's of the (Western) world are so obsessive about spying out everyone.

In my opinion, Cory Doctorow gave the best and most parsimonous motivation.

Why They Spy – Cory Doctorow Writes about IT-Powered Feudalism
http://libertyblitzkrieg.com/2015/03/10/why-they-spy-cory-doctorow-writes-about-it-powered-feudalism/


This implies that productivity gains in guard labour will make wider wealth gaps sustainable. When coercion gets cheaper, the point at which it makes “economic sense” to allow social mobility moves further along the curve. The evidence for this is in the thing mass surveillance does best, which is not catching terrorists, but disrupting legitimate political opposition, from Occupy to the RCMP’s classification of “anti-petroleum” activists as a threat to national security.

Now you might understand why the UK goverment is most involved in spying out the public. It has the worst wealth inequalities in Western Europe.

Clive RobinsonSeptember 12, 2015 2:41 AM

@ Winter,

Now you might understand why the UK goverment is most nvolved in spying out the public. It has the worst wealth nequalities in Western Europe

Sadly it's not just "wealth inequalities" it's also education, power and status.

In most jobs of wealth or power in the UK it matters very much who your parents are and who they circulate with, likewise where you were educated and who you chose to circulate with. Most people think the "old school tie" is dead, but that is far from true in the upper cohorts. It's made worse by "internships" where you are expected to "work for free" for three years or so to get the contacts before you can get an appropriate "career position" and work upwards.

The joke is that every one talks of "social mobility" it's a sick joke in that the more the "purple politicians" witter on about it and come up with their solutions the worse social mobility gets.

Take the Tony Blair idea that 50% of the young should have a degree, well guess what in most cases of unemployed 25+year olds the reason they get given for not getting jobs is "no work experience", why do they not have work experience, well because they were "racking up debt" in "higher education", that the Politicos still say that the country desperatly needs...

Whilst I believe "life long learning" is essential, I don't believe that your choice at any point in your adult life should be Work or Education, it realy needs to be both together because neither alone gives what is essential which is "rounded experiance".

ThothSeptember 12, 2015 3:14 AM

@sena kavote
What you described is something like ARM TrustZone's boot loader measuring mechanism for trusted boot although your use case is volume or partition decryption. You can actually shortcut it by using HMAC on the data partition to check the values before decrypting like how most network decryption and message crypto work.

WinterSeptember 12, 2015 3:27 AM

@Clive
"Sadly it's not just "wealth inequalities" it's also education, power and status."

Wealth inequalities follow from power inequalities. It is a commonly believed myth that it is the other way around. But in reality, money follows power.

The USA political system is a perfect illustration. The Bush dynasty has not become rich because they were good in business (GWB bankrupted every organization he was in charge of, including the USA itself), but because they were in power. The same for every senator in Washington DC.

@Clive
"Whilst I believe "life long learning" is essential, I don't believe that your choice at any point in your adult life should be Work or Education, it realy needs to be both together because neither alone gives what is essential which is "rounded experiance"."

Education increases productivity, and increases it enormously. Therefore, an increase in average educational level will increase economic growth.

However, your personal pay does not follow your productivity but is determined by your bargaining power. And bargaining power has as much to do with your social network as your excellence.

Your story about "work experience" has nothing to do with the experience of the candidate and everything with the competition for the job. "They" want the money the young people can earn them, but they do not want to pay them a fair share for it.

And that is the hearth of the story of Cory Doctorow. That inequality in bargaining power is what the government surveillance must protect.

CuriousSeptember 12, 2015 4:45 AM

.onion is set up to become a special domain, as I understand it. Understanding the implications is beyond me with my lack of knowledge.

http://www.theregister.co.uk/2015/09/10/tors_onion_domain_gets_privacyconscious_users_off_the_dns

"Big steps were taken this week to get The Onion Router (Tor) project's .onion names out of DNS – and away from prying eyes."

This had me wondering: is such a treatment of a domain name a novelty? I am sort of wondering if such a thing might end up being a bad thing somehow, maybe in other contexts too not related to 'Tor'.

CuriousSeptember 12, 2015 4:52 AM

I have no idea if the following is relevant or not, it looked to me like it might be of some importance:

"Detecting an asymmetric Curve25519 backdoor in RSA key generation algorithms"
https://samvartaka.github.io/backdoors/2015/09/03/rsa-curve25519-backdoor/

"The backdoor embeds an ephemeral Curve25519 public key which is used in conjunction with the attacker's private key to perform an ECDH key exchange to establish a shared secret with the backdoor which is used as a seed for the prime number PRNG and thus allows PRNG state reconstruction and thus public modulus factorization."

ThothSeptember 12, 2015 5:35 AM

@Curious
Read up on the topic of kleptography. It is a fascinatimg literature on using Public Key techniques to attempt to backdoor a blackbox implementation. In simple terms you poison the RNG by seeding it a determined value corresponding to a keypair you own so whatever operation the RNG does becomes predictable to you.

The more secure way to use an RNG is to use multiple RNG sources and then finally derive random values instead of trusting the on-board RNG of blackbox implementations.

EvanSeptember 12, 2015 6:21 AM

@rgaff:
I think a huge part of security engineering is separating all your assets (whether physical documents or data) into two groups: those which you would rather have destroyed than compromised (i.e. are "disposable") and those that you would not. Certain photos are probably the most obvious example of the first category, but arguably could include things like your credit card information or certain types of accounts, such as Ashley Madison. Some banks already do this, when there's suspicious activity or you mistype your PIN too often, the resource gets temporarily or permanently blocked. If whatever it is you have is more valuable to someone else than it is to you, it's a good candidate for deletion in case of tampering.

@Winter:
The two are self-reinforcing. The Bush dynasty was wealthy before it was powerful, but its wealth and power grew hand-in-hand. Arguably it's the case that it's only the last half-century and increasing financialization of the economy (in the US and elsewhere) that extremely wealthy have emerged due largely to chance, and thus without either the opportunity or the need to also acquire political power. Bill Gates and Warren Buffet have vastly more money but vastly less influence than Sheldon Adelson.

Clive RobinsonSeptember 12, 2015 6:34 AM

@ Winter,

You might have seen the result of the UK Labour Party Leader and Dept. Leader election. In what may result in a swing away from it's policy of the last fifteen to twenty years.

The new leader in his speach his directly indicated that he is going to make accountable those who are currently not accountable in communications (hopefully rather more than the Wilson Doctrine tried to achive). As well as indicating other reforms. If this brings a reduction in "guard labour" or not it's far to soon to tell.

Hopefully this change will also bring sunlight to highlight the scabs of inequality in power and wealth in the UK...

It's interesting to see the levels of "happiness" in NW Europe --where things are a little equal-- far excede other parts of Europe.

WinterSeptember 12, 2015 7:05 AM

@Clive
"You might have seen the result of the UK Labour Party Leader and Dept. Leader election."

This seems to be a world-wide trend. The rise of Bernie Sanders in the USA probably has the same roots. In a small way, we see a tendency of the Social Democrats to return to their laborer foundations in the Netherlands too.

The new trend here is to call out "Economism" in politics.
https://en.wikipedia.org/wiki/Economism

ianfSeptember 12, 2015 8:55 AM

@ Clive, @ Winter
          The new Labour leader in his speech directly indicated that he is going to make accountable those who are currently not accountable in communications (hopefully rather more than the Wilson Doctrine tried to achive).

Lofty goals, but they hang on the Labour Party in the UK (and the like elsewhere) first winning an election & steady parliamentary majority in legislative matters. A big if.

There is an unfortunate, historically-entrenched tendency among (not only UK & not only trade-union-based-) populists to want to reform all sort of things all too quickly, and, en route to power, make too many & much too mutually incompatible promises to their backers. It's not for nothing that, following the silly backbench-orchestrated ouster of Margaret Thatcher, the parvenu that beat the Toffs at their own game, a washed-out nonentity like John Major was able to hold onto power on a caretaker platform of "austerity for prosperity." And that it first took a scheming Tony Blair with policies that were essentially indistinguishable from right-of-center conservatives, though delivered with panache and dressed-up in new semantics, to wrench the power from the Tories.

You may be surprised, but those Blairite strategies & tactics were from then on (~20 years ago) studied closely by all kinds of arriviste "Young Turk" Euro politicians, left to right, looking for ways to enact "salon revolutions" from within without alienating their own-older entrenched power bases. Not for nothing, Tony Blair's elegant accession to power & holding onto it for 2 terms of office, made him a hero for the generation of male Euro politicos born 1960 or later… whether ideologically close to, or to the far right of him. I don't know Jeremy Corbyn enough, but remember that Arthur Scargill did fat good to his "charges".

(I specifically do not make any comparisons with the USA, because its culturally-lopsided electoral system makes electing anyone competent & visionary a practical impossibility… the failed "Obama Project" being just the latest example. That's why we the proles around the world are offered the substitution fare of only marginally fucked-up POTUS, and his radical & politically-correct Mestizo successor, in “The West Wing" to keep us wondering what might have been….)

not.name.withheldSeptember 12, 2015 9:03 AM

@Thoth, taking care only to omit code words, nicknames, and classified authorities, here you go

Starting back in the 70s CIA made a concerted effort to obscure domestic covert operations by diffusing their functions. They did it in several ways, as everyone now knows: taking over other agencies with detailees, proprietaries (fake companies), NOCs in multinationals, domestic agents, cutouts in trans-national organized crime, fake NGOs like Meridian House and Human Rights Watch.

They also used the OPSEC from their Cold War COG plans. In those plans, CIA spreads out and hides among the population to make a surgical strike impossible and raise the stakes of deterrence. They were going to use cities as human shields. After the nuclear holocaust they were going to crawl out of the rubble and take over. Don't laugh. They had decentralized C3, economic central planning, everything you could want. That was the stated intention, anyway.

It got more and more ridiculous throughout the 80s as the wheels fell off the USSR, and they put the plans on an all-hazards footing. We thought that was just an attempt to hang onto their doom-bunker meal ticket. But they fooled us. Who would have thought they could just knock over a couple buildings and roll it all out?

Since 9/11 you live in the United States of COG. Those decentralized nuclear boltholes? Now we call them Fusion Centers. Have you wondered why they're militarizing police and putting them through COIN drills? Why Senators grovel to the IC?

Given free rein, the knuckle-draggers naturally went berserk with crimes against humanity and stuff, this was their big chance. They had the domestic population under control. What they didn't expect was a regenerated Russia allying with regional powers, enforcing rule of law with a real, qualitative, missile gap.

You could blink and miss it in the media but spooks at all levels are getting exposed, denounced, locked up, and chased around as fugitives, not by the enemy, but by world hue and cry. This is novel and unsettling for them. So now it's time to pretend that the CIA is not in charge. They're going to subsume CIA under something. It's no skin off CIA's nose, as long as they can kill or torture anybody and get away with it.

Slime Mold with MustardSeptember 12, 2015 9:13 AM

@ name.withheld ....

I believe I have something to add. I am very busy. Hope you will continue on thread as topic is very, very important.
Later,
Slime

BoppingAroundSeptember 12, 2015 9:22 AM

[Off-topic] Nick P,
Saw you 'endorsing' Racket in one of the threads here (or somewhere else?) the
other day. What's so special about it?

Do correct me if I'm wrong in my observations.

Clive RobinsonSeptember 12, 2015 10:18 AM

@ ianf,

It's not for nothing that, following the silly backbench-orchestrated ouster of Margaret Thatcher, the parvenu that beat the Toffs at their own game, a washed-out nonentity like John Major was able to hold onto power on a caretaker platform of "austerity for prosperity."

The problem with a "parvenu" is that people assume that "the newly arrived come with nothing of worth" when in fact sometimes "they arive unencumbered by unnecessary baggage" and traveling light has less to slow you up and drag you down to their turgidity.

In the case of John Major he was in fact quiet an adept politician, who let others take the limelight, and thus the knocks and falls of what Shakespeare once called "grevious ambition". The "Toffs" were not adept at much except inbred infighting, and as such were at best an inwardly focused clique. As Maggie herself once commented "Every Prime Minister must have a Willy", and she eventualy surounded herself with a clique of such, having alienated those who were not. Although not quite a Herculean task, dislodging and removing the ticks took rather more time due to the niceties of politics than the older hatchet method of times past.

As for Tony Blair, what can one say, he was mainly a one trick poney. He stole the ideas of others, which whilst not a grevious sin in politics usually brings a fall. He avoided this by surounding himself with people who knew their position was due to his largesse not their talents, so would fall on their daggers to protect Tony, and thus they would be rehabilitated back into the fold after a time as their reward. He did this marginally better than Maggie and thus he became known as "Teflon Tony" before he became the "grinning japanapse" of "Bush's Poodle". It's been argued by others that his personal inadequacies gave rise to his need to be "A better Thatcher than Maggie" and thus his determination for "A glorious war". This has been augmented by others who argue that Bush could not have invaded Iraq without UK support that came from the "No10 clique", thus they unlike Tony keenly await the Chilcot Report (personaly I think it will be a disapointing white wash as previous repots have been).

But it's the fact that Tony Blair has made a compleat embarrassment of himself over trying to stop the new leader of the Labour party becoming so that makes me think there is a move from "purple politics", which hopefully will bring back voters from their disenfranchisement that Thatcher and Blair brought to British Politics and instilled in them.

I guess as always we live in interesting times, and time alone will tell...

Like you I see little hope for US politics, from the European perspective US Politico's are all so far right wing and thoughtless slogan chanting, that Douglas Adams joke about voting for lizzards has come true to life.

rgaffSeptember 12, 2015 11:10 AM

@ Evan

Interesting ideas regarding disposable data and not... I might add that if certain data is truly disposable, it might be wise to destroy it as soon as convenient to do so, rather than keeping everything around forever "just in case" just because space is cheap... and then trying to destroy it as soon as you think it's about to be exposed (which could even be illegal in certain cases)...

As an example, I've made a general policy of setting all my computer log files to only save for one week. After that point they are automatically deleted. So far, I've never run into any sort of issue where I wished I had held onto them for a longer period of time. A week seems more than adequate to log the details of any problem and solve it--in fact, usually even just a single day is enough for that.

Now if only I could figure out how to consistently securely delete things on an SSD.... :P

Clive RobinsonSeptember 12, 2015 11:47 AM

@ rgaff,

Now if only I could figure out how to consistently securely delete things on an SSD.... :P

I'm not sure you can without compleatly overwriting the entire SSD four or five times, even then "no guarantee".

And in the near future you will be looking at a similar problem with the "system core memory". Currently we use SRAM and DRAM which tend to quite quickly loose the data when power is removed (ie usually within ten minutes even when at very low tempratures).

However there is a new form of memory that uses magnetic elements not voltages or trapped electrons to store data. Whilst it's as dense and potentialy as fast as DRAM it does not forget data when power is removed. It would appear the cost is declining to the point where it will be competative with SSD at similar performance. The chances are it will be used in the likes of pads etc to avoid having a distinction between RAM and storage. I can not see any comercial OS clearing out the memory on shutdown, in fact I suspect that not shuting down only suspending would quickly be the accepted norm...

https://en.m.wikipedia.org/wiki/Ferroelectric_RAM

WaelSeptember 12, 2015 12:00 PM

@Clive Robinson,

I can not see any comercial OS clearing out the memory on shutdown

Perhaps commercial OSs don't clear the memory on shutdown, but certain products I was involved with do exactly that. BIOS clears (including several rounds of different written patterns as well) memory on shutdown on HP desktops and other products. I'm not sure if that behavior has changed. This behavior was mainly a security mechanism to counter what was known then as a "reset attack" on TPMs.

Ronnie HSeptember 12, 2015 12:38 PM

Here's a straightforward question: there's much talk about password weakness. But I have over the years logged into sites where, after three (or five, say) failed attempts, I've been logged out and either had to wait a while before trying again, or had to get in touch with the site operators. There must be a reason why this simple system isn't universal on the net. What is that reason? Surely it would defeat the crackers? Thanks in advance for replies.

Name Goes HereSeptember 12, 2015 12:58 PM

USA’s intelligence chiefs decry “deep cynicism” over cyber spying programs.

Here's a quote for the scrapbook:

In response to a question submitted by Ars to the panel on how the government could get the global business community to trust encryption that provided a "golden key" to the FBI and the intelligence community, Comey said, "I don't have an easy answer to that. I don't think it's right for the government to come up with the answer alone. We want to get past the crypto war thing—we all care about safety and security.

And I support strong encryption—if my SF-86 [the Office of Personnel Management survey filled out by government employees as part of background investigations for security clearances] had been behind strong encryption, maybe someone wouldn't be reading my SF-86 today."

Nick PSeptember 12, 2015 1:00 PM

@ Wael, Clive

Remember my essay on 1 sec deletion of arbitrary-sized data: encrypting data and losing the key = deleting the data. Many academic prototypes and even commercial products encrypt + authenticate anything going to RAM. So, having a hardware overwrite of key storage plus cache on shutdown should make all of that inaccessible. This process, esp important parts, can happen in less than a second. So, as memory and its issues grow, this seems like the best option.

@ BoppingAround

I'm going to assume you're familiar with LISP & Scheme languages along with their tremendous power (esp with macros). If not, I can get a good reference or two for you. If so, go ahead and think of the average Scheme distribution, the user experience, the library issues, etc. Now, read this Wikipedia article. See the difference? They seemed to have combined the practical advantages of many platforms and tools into one system.

My old system combined BASIC's ease-of-use, C/C++ synthesis, C FFI, LISP macro's, and DSL's for common tasks to make one hell of a 4GL. Sadly, I lost it along with everything else in the triple HD failure. Thinking of rebuilding that environment with what I've learned since then. Plus, thinking of building a holistic environment for medium-to-high assurance systems that handles every aspect of assurance automated or semi-automated. I already have much of the methodology in my head from design to the gates. So, what tools and components should I build this on? Eventually for ideal case or something right now to get started?

So, I'm considering languages that are fairly easy to parse, easy to work in, make good design decisions, support legacy libraries, have macro support, and preferrably decent IDE + standard lib. The most important thing is metaprogramming: ability to write code that transforms or synthesizes code. A solid implementation of this is instrumental to making tools that help us perfect software. As you've seen, I've also been studying lots of hardware and hardware/software-integration tools. Kind of thinking in the background how easy they'll be to integrate into this. There's already been two tools to synthesize hardware from Scheme, a few from C, and one from FSM's. A tool that perfects simple algorithms in Scheme might let designer hand it off to a hardware or software compiler to selectively accelerate (or harden) parts of the app.

So, whether prototyping software tools, RAD-ing business apps, or bootstrapping a high assurance methodology... the Racket toolset looks like it could handle it better than most. Probably the best of the [free] LISP's so far. Its self-transforming nature also means that, if another LISP greatly outperformed it, there might be a way to autogenerate a version of my tools for that just to make it run faster. Many possibilities if you have a good IDE, good macro's, good pre-existing code, and a language designed to make that all easy. Hard to see Julia, Haskell, etc beating them on that last part.

Note: A Hacker News reader familiar with Pascal, Oberon, etc told me Nim language was like Modula-3 semantics, Python syntax, and macros. I admitted that sounded like a *really good* start on an imperative 3GL. Especially a C++ replacement. Might have to check it out but concerned about maturity or quality for production.

name.withheld.for.obvious.reasonsSeptember 12, 2015 1:10 PM

@ et al,

Just a quick follow-up, work this weekend will keep me from detailing my findings. What I can disclose related to my current research more than suggests a complete restructure of three specific aspects of the CIA; a change in "DoD Policy and Authorities" respecting hierarchy within DoD AND avoiding disclosure, a NEW mission/charter across the organization--when detailed it is as if a switch had been thrown, and I seem to unable to locate the new authorities but am hopeful that DoDD 5143.01 will provide additional clarity. And, I did get one detail incorrect--an error from my initial report, there are not five new directorates, there are ten.

I am almost certain that recent changes in DoDD 52xx.xx directives, a number of EO's and PPD's, and some NDAA's will shed further light. Currently the morass of about 15 separate policy documents and about a half dozen legislative text, including amendments to the National Security Act of 1947 require careful combing. Seems this activity started in 2011, the specific event horizon that details the root of this activity has yet to be identified (I am certain that PPD-20 plays a major role at least orthogonal to the organization restructuring, NSA attention may be a creative distraction).

Others are invited to analyze any sources available to help the citizenry (and others outside the United States of Hegemonic Globalism) determine what is being done (or undone) in their name and tax dollars. Based on my new findings, this may have a significant affect on the thesis regarding a complete and utter coup by the DoD subverting civilian federal law forming a new military junta and turning civil authority into a/the subservient hand-maiden. My guess is this moves the IC into THE primary role of the operational manager of the new military junta.

It all might get a bit dicey at this point--following the rabbit may not be a good idea. Again, there be dragons here...

Coyne TibbetsSeptember 12, 2015 1:39 PM

Chrysler Catches Flak for Patching Hack Via Mailed USB

Six weeks ago, hackers proved they could exploit a 2014 Jeep Cherokee, to take over the transmission and brakes.

Last week, Chrysler deployed a fix to block the exploit. They did this by mailing USB thumb drives to each of more than one million drivers, with instructions to plug it into the car's USB port; which would automatically apply the patch.

Upon inquiry by WIRED, a (clueless) Chrysler spokesperson responded that, "...the USB drives are 'read-only' and that the scenario of a mailed USB attack is only 'speculation.'"

(Never mind that numerous exploits using USB thumb drives have already been reported.)

CallMeLateForSupperSeptember 12, 2015 2:01 PM

The first library in America to host a Tor relay as part of the Library Freedom Project has shut it down, "at least for now" according to NH Public Radio. Next Tuesday the library's trustees will meet to vote on restarting the relay.
http://nhpr.org/post/law-enforcement-concerns-spur-nh-library-disconnect-tor

The series of events culminating in suspension of the relay began with a communication from a Boston DHS official to officials of Lebanon, NH police. (Tor nodes enable anonymity for terrorists and common criminals doncha know.) The police duly contacted library officials of the concern. And here we are.

The EFF weighs in:
https://www.eff.org/deeplinks/2015/09/library-suspends-tor-node-after-dhs-intimidation

Geez... What's the problem, DHS? The U.S. government whelped The Onion Router. The project name contains the apparently magic word "freedom". Finally, Tor arguably does more for freedom than the USA Freedom Act slathered with Dubya's Freedom Fries[TM].

WaelSeptember 12, 2015 2:11 PM

@Nick P, @Clive Robinson,

So, having a hardware overwrite of key storage plus cache on shutdown should make all of that inaccessible. This process, esp important parts, can happen in less than a second.

True, but part of the problem is that clear text data and keymats aren't located at deterministic memory locations at all times. That fact alone requires full RAM scrap, which takes longer than one second. Actually, memory is scraped on shutdown and on powerup in case the system was abruptly pulled off power (an attack scenario.) BIOS maintains a "dirty bit", and on powerup it checks if memory was cleared on shutdown. If it wasn't, then the memory will be cleared on powerup before control is handed to the OS. There were other details that I didn't include.

AdviceSeptember 12, 2015 3:11 PM

GCHQ wants to set your passwords. In a good way

The guidance advocates a ban on password strength meters, mandatory resets, and predictable combinations, instead encouraging brute force rate limiting and reduced access controls.

The advice is not for the likes of GCHQ itself who should maintain their own air-gapped faraday cages security systems according to risk appetite.

Official report:

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/458857/Password_guidance_-_simplifying_your_approach.pdf

Nick PSeptember 12, 2015 3:30 PM

@ Wael

"True, but part of the problem is that clear text data and keymats aren't located at deterministic memory locations at all times."

In the models I referenced, they're usually located in the SOC in a place specified by the chip designer. Everything in RAM is ciphertext. It gets converted to plaintext for use by processor as it comes through memory interface on the SOC. Processor does operations. Sends results to devices (protected or not) and/or RAM back through on-SOC crypto. So, only need to clear storage internal to the SOC plus possibly what devices have depending on the setup.

WaelSeptember 12, 2015 3:50 PM

@Nick P,

In that case, you have designed an HSM. I was talking about general purpose commercial computers. Perhaps you can make your design work as a crypto module in commercial units.

Sancho_PSeptember 12, 2015 3:51 PM


Re: The never ending story:
FBI, intel chiefs decry “deep cynicism” over cyber spying programs

OK I can explain the reason for some cynism to Comey, Rogers, & co:

1) The active public wants privacy, don’t you hear that?
Even if it would be possible, a backdoor (third party access) is a no go.
This is a social - political issue (-> get out here).

2) The active public got the feeling of you being incompetent in that matter.
It is as a blind wants to discuss the colors of our shirts.
This is a technical issue (-> get out here).

[Sorry for the “get out here”, but otherwise they may not understand that it’s not their business]

****

Why are they always asking for suggestions from outside?
Aren’t there several competent specialists in their own agencies?
Didn’t they ask them?

Is it that deadly stupid “Yes, Sir” behavior that no one can talk back / up honestly?

Or:
Are there agency specialists to agree with the backdoor idea?
Are they not presentable?
Are they not allowed to speak out in public?

Because of secrecy?
Oh boy, don’t you see that your kingdom is breaking apart because of secrecy?

—> Bring your experts to the table, now!

Sancho_PSeptember 12, 2015 3:54 PM

@Nick P
“everything in RAM is ciphertext”

Is this a realistic “processing” of data? I think about my CAD files, but even with textfiles I dunno.
IMO to display some cleartext it has to be stored in RAM, at least at the graphic card.
Ferroelectric RAM would require special software effort (better hardware) to clear (as already does the swap file / partition).

John Galt IVSeptember 12, 2015 4:16 PM


since you guys got onto the topic of non-volatile sytem memory, it's time to mention memristor. it was announced quite some time ago (theory in the 1970's, first R&D demonstration around 2006), and the date of availability keeps slipping. not as bad as fusion that has been 5 years in the future for the past 60 years. I have another newsclip somewhere about an Intel/Micron collaboration with an alternative memristor technology that must avoid the Hynix/HP patent minefield. if I understand correctly, the HP material is fast write, very fast read, nonvolatile and rewriteable. I think that it is based on some flavor of titanium dioxide.

the overall computer based on this type of memory is "six times more powerful than an equivalent conventional design, while using just 1.25 percent of the energy and being around 10 percent the size"

Clive's suggestion about keeping everything in memory encrypted avoids the problem of nonvolatile storage.

HP Will Release a “Revolutionary” New Operating System in 2015 http://www.technologyreview.com/news/533066/hp-will-release-a-revolutionary-new-operating-system-in-2015/

Hewlett-Packard’s ambitious plan to reinvent computing will begin with the release of a prototype operating system next year.

Hewlett-Packard will take a big step toward shaking up its own troubled business and the entire computing industry next year when it releases an operating system for an exotic new computer.

The company’s research division is working to create a computer HP calls The Machine. It is meant to be the first of a new dynasty of computers that are much more energy-efficient and powerful than current products. HP aims to achieve its goals primarily by using a new kind of computer memory instead of the two types that computers use today. The current approach originated in the 1940s, and the need to shuttle data back and forth between the two types of memory limits performance.

“A model from the beginning of computing has been reflected in everything since, and it is holding us back,” says Kirk Bresniker, chief architect for The Machine. The project is run inside HP Labs and accounts for three-quarters of the 200-person research staff. CEO Meg Whitman has expanded HP’s research spending in support of the project, says Bresniker, though he would not disclose the amount.

...

HP plans to use a single kind of memory—in the form of memristors—for both long- and short-term data storage in The Machine. Not having to move data back and forth should deliver major power and time savings. Memristor memory also can retain data when powered off, should be faster than RAM, and promises to store more data than comparably sized hard drives today.

The Machine’s design includes other novel features such as optical fiber instead of copper wiring for moving data around. HP’s simulations suggest that a server built to The Machine’s blueprint could be six times more powerful than an equivalent conventional design, while using just 1.25 percent of the energy and being around 10 percent the size.

...

BoppingAroundSeptember 12, 2015 4:26 PM

Nick P,
> If not, I can get a good reference or two for you

Please do. My familiarity with Lisps ends on mending a few of Emacs setups :-)

I have seen and heard an occasional comment on Racket here and there, claiming
it to be 'quite and quite good'. But I'm no programmer (bar some small shell
scripts). Just have a bit of itchy curiosity.

MrCSeptember 12, 2015 6:20 PM

@ Ronnie H:

Virtually no one mounts an attack by brute forcing password attempts against the live server. Rather they exploit a vulnerability that allows them to steal the entire database of (should-be-but-may-not-be salted and hashed) passwords, and then they perform an *offline* attack on the database. Passwords recovered through the offline attack can then be used on the live server and tried on other sites in case the user was dumb enough to reuse the same username//password combination across multiple sites.

AnuraSeptember 12, 2015 7:14 PM

@MrC

Live brute forces happen all the time. You see it especially in FTP or SSH logs, but it happens against web accounts too - people try to find an account called "admin" or "administrator" just like with FTP. It's mostly just fishing in those cases, but when an individual is being targeted they will attempt to brute force social media, email, bank, online store account passwords and the like.

Nick PSeptember 12, 2015 7:48 PM

@ all
(esp BoppingAround)

Why LISP is the one programming language to rule them all. Provably.

The trick is that people really digging into LISP get a high off its power that makes them talk like zealots or zen masters. You get more flattery than objective information out of those that write on it. All my good sources, mostly 90's, have faded into oblivion as old websites do and none of rest really just spell it out. So, I spent a damned hour trying to update my collection for a semi-objective answer to that haha.

Here's what I found. One person that uses and loves Racket wrote this article on the lack of objective info on LISP along with a list of objective reasons for its power. They're good reasons and only a few. Paul Graham, flatterer of and elite coder in LISP, has a similar list which ends with a link to a paper showing that McCarthy actually axiomatized computation itself. This page lists even more. I dare you to name a mainstream language that has all of those features, flexibility, and control of source. More description and practice is in this free book. The recent book Land of the LISP seemed great, too, when I skimmed it at the store.

Here's my summary and experience:

So, in a nutshell, McCarthy of MIT's Artificial Intelligence lab needed the most powerful, flexible language he could use for that tough work. FORTRAN didn't cut it. So, he implemented the Lambda Calculus model (as powerful as Turing) as a programming language with some imperative aspects. Everything is reduced to basic types and lists that can be arbitrarily composed into anything else like legos. Code is data, data is code, & the weird syntax makes it easy to parse. Basic interpreter in verbose C takes 500-1,000 lines. The language can modify data, functions, its own object system, almost anything about it during compilation or runtime. When OOP got popular, someone coded a mere library and including it made LISP OOP. Ta-da! You can also modify any classes or even object system itself while program runs. Crazy malleability.

That wasn't it. The error handling ("condition system") was similarly powerful. The REPL let you type and test things iteratively. The best feature, for me, was incremental compilation: change an individual function, compile *just that function*, load it into live app running in background, test it, and re-iterate. No loss of flow like C++ or Java. It was also a compiled language with optional types to make it faster. Smart people at Universities and companies even made chips ("LISP Machines") that ran it natively with onboard garbage collection: a whole stack in HLL, including OS*! Thinking Machines used it for parallel processing on 64,000 processors, PicoLISP runs on embedded systems, and SHard autogenerates hardware from algorithms in Scheme (LISP decendant). Any new paradigm, from OOP to Aspects to STM concurrency, could be added with a library of macros without any new compilers or tools.

So, the 2nd oldest language in programming history has quite a lineage. Further, other languages starting with ALGOL have copied its better features for decades with many bolting them onto C-like semantics and syntax. Yet, they still can't fully match its capabilities despite the huge labor investment into tools such as GCC, Netbeans, and so on. Nobody even has a Genera equivalent on the drawing board with most not even able to write OS's in their language much less a whole stack haha. So, I think I can objectively say that, despite the negatives you'll encounter, it is the most brilliant and powerful programming language ever created. Still worth building on.

Racket builds on the simpler, elegant tradition of that called Scheme. Unlike most LISP's, it has standard libraries, IDE, good debugging, a good book, a community, many DSL's pre-built, optional type-checking, and so on. So, it makes LISP more practical and approachable than some before it. So, someone wanting to build the ultimate, RAD tool is already close to it by starting with a mature LISP. Racket *appears* to be the best of those so I keep mentioning it as the LISP example in good languages with macro's. Clojure is the only mainstream LISP. REBOL and RED are a different take on similar concepts which are successful, too. I'm kind of watching them in case they become the next LISP.

Hope that helps.

* Genera's No 3, 7, 9, and 13 of this list of benefits is still unique to a LISP machine far as I know. Many have the others. However, having the app, OS, everything done in same language with consistent interfaces, debugging at any level, modification then execution of live system, usage of all code of OS + included utilities for your own app, custom schedulers... I know few systems that do one of these things (aside from open-sourcing) and none that do all. The LISP machines are still unique and unbeaten in those regards.

Nick PSeptember 12, 2015 8:11 PM

@ Wael

What I've actually described is a general-purpose computer that encrypts and integrity checks anything stored in RAM. The memory protection tech might be used in HSM's but that doesn't mean it can't be used elsewhere. The usages mainly differ by what's encrypted: the whole thing; all data outside untrusted data; select data (esp secrets). Each have tradeoffs. Some have already been used with real OS's.

For instance, the HAVEN project encrypted RAM of virtual machines with FPGA's. The SecureME project cloaked everything sensitive in a Linux system. Finally, this more recent example improved on that with another Linux system and plenty related work cited. So, many different systems are both general-purpose and distrust external hardware (esp RAM). It's beyond a proven concept to the point where now we ask, "How best to implement it?" Which is what the academic and commercial researchers are doing in more interesting detail each year. :)

@ Sancho_P

"IMO to display some cleartext it has to be stored in RAM, at least at the graphic card."

Or the I/O system has to decrypt regions for just what devices need them. ;)

Past that, I mentioned I/O as an extra consideration for a reason. If the device needs clear-text, it will be clear-text at some point. This might be in RAM. This might also be onboard device's memory. So, you have to clear both of those if doing that. Easier if you're using a SOC where GPU is inside it, too. Then it would be operating on stuff protected in RAM. Or if the chips for your devices were modified to pull encrypted RAM through DMA. And so on and so forth. Many possibilities which are heavily depending on SOC and system implementation.

AnuraSeptember 12, 2015 8:30 PM

"Lambda Calculus model (as powerful as Turing)"

That's like saying number theory is as powerful as long division. One is a demonstration of a concept, the other is a formal mathematical system describing the concepts in all the gory details.

ThothSeptember 12, 2015 8:39 PM

@%name.withheld%
If I got your take regarding the CIA you told me and the militarising of the police and senators seeking for IC help and now the spooks are being chased around, something big must be going on ? I am not very familiar with the US IC history though but it does sound like something is going on within and without.

As we know, the militaries are always very powerful (they have guns ... we don't). It's not an unknown thing that the militaries are pulling a good ton of strings and maybe with help of defense contractors but I suspect it's actually the other way round ?

Bob S.September 12, 2015 8:39 PM

Don't want to upgrade to Windows 10? You'll download it WHETHER YOU LIKE IT OR NOT

In fact , MS downloads of strange new services AND uploads of telemetry data started several months before the actual release of W10. I couldn't figure out why MS wanted a 24/7 connection with much of it being ssl data outbound??? To be frank, it freaked me out. Now WE know.

There are several good articles out now on how to mitigate the data flow, but when I first noticed it, it was a big mystery. I am pretty well convinced we will never know how much they are shoving at us and scooping up at the same time.

It appears to me MS has gone "modern" by upfront taking all your personal data and making you "opt out" via laborious mining of screens and sliders while preparing to sell and share user data to create revenue flow. Of course, opt outs can be covertly, or openly, reversed for security reasons.

In my view, "they are all doing it" doesn't wash as a justification, but our government has abandoned us to the cyber wolves and keyboard warriors. We are on our own.

I have noticed a few people waking up to some of this. Apparently, there have some posts/articles on FaceBook suggesting caution regarding the Windows 10 upgrade.

?

Well, half a loaf is better than none I guess.

Nick PSeptember 12, 2015 8:49 PM

@ Anura

They're two different models of computation. Lambda Calculus focuses on function abstraction and variable bindings. Turing machines focuses on manipulating a tape following certain rules. They each went in totally different directions. I'd say much verification and functional programming came from L.C. thinking while finite state machines and traditional processors are more like Turing style. However, Turing showed they have equivalence in ability to express arbitrary programs.

Both have also been implemented in executable form close to their mathematical origins. And they work very differently when you use them. So, I thought it was worth mentioning.

PeanutsSeptember 12, 2015 8:55 PM

Xerox ire self destructing chips. Isn't that the company loosing a million dollars on an Cleveland voter rejected camera system.

Guess they have vast and extensive experience with self- destructing systems no one wants.

It seems a slippery slope with rejected surveillance systems, spooks and surveillance promoters. They are no better than pimps without a Jon for their product. Just as Xerox can smell blood and is suing the city and its people, what will the spooks do when commerce fails and capitalism dies and they like Xerox get the blame.

Peanuts

AnuraSeptember 12, 2015 9:21 PM

@Nick P

While PCs are state machines, they bare little resemblance to Turing machines. The only use of Turing machines is in describing computer algorithms, which is something lambda calculus does a much much better job at. Lambda calculus is an abstract concept you can build off of, whereas a Turing machine is a very specific device. Turing machines are interesting, however, and fun to play with, but lambda calculus is a much more powerful concept.

Nick PSeptember 12, 2015 10:21 PM

@ Anura

Hmm. I might just edit it out of the next version of the essay. I only bring it up because the Turing Completeness of programming languages is often brought up. That's tied to this model. If the model is irrelevant to real computers' operation, wouldn't the Turing completeness notion be as well?

AnuraSeptember 12, 2015 10:48 PM

Well, while Turing completeness is traditionally defined with respect to the Turing machine, it has a much more important implication: if a language is Turing complete, it can be used to program any computable function. It's important in computer science, but unnecessary to make a programming language as all you really need is read/write storage and conditional jumps for it to be Turing complete. That said, you could just as easily say "A language is Turing complete if it can be used to perform lambda calculus"

AnuraSeptember 13, 2015 12:01 AM

@Nick P

I'm only aware of lambda calculus and automata theory (state machines), with lambda calculus being the nicer of the two, mathematically, but I wouldn't be surprised if there was more out there.

01000111September 13, 2015 12:24 AM

@Winter

re: http://www.theguardian.com/technology/2015/mar/10/nsa-gchq-technology-create-social-mobility-spy-on-citizens

Thank you, excellent article. That is a 'tour de force'. As usual with Cory, but this article is especially powerful.


@Sancho_P

re: http://arstechnica.com/tech-policy/2015/09/fbi-intel-chiefs-decry-deep-cynicism-over-cyber-spying-programs/

Another excellent article, though I had read the first part of this one and responded on their forum something very much like what you just said.

I especially like your statement about secrecy ending their kingdom. :-)

@whomsoever & all


On those two articles:


Cory Doctorow:

Why spy? That’s the several-million pound question, in the wake of the Snowden revelations. Why would the US continue to wiretap its entire population, given that the only “terrorism” they caught with it was a single attempt to send a small amount of money to Al Shabab?

Spying, especially domestic spying, is an aspect of what the Santa Fe Institute economist Samuel Bowles calls guard labour: work that is done to stabilise property relationships, especially the property belonging to the rich.
The amount a state needs to expend on guard labour is a function of how much legitimacy the state holds in its population’s reckoning. A state whose population mainly views the system as fair needs to do less coercion to attain stability. People who believe that they are well-served by the status quo will not work to upset it. States whose populations view the system as illegitimate need to spend more on guard labour.


Sean Gallagher (ars):

CIA Director John Brennan suggested that negative public opinion and "misunderstanding" about the US intelligence community is in part "because of people who are trying to undermine" the mission of the NSA, CIA, FBI and other agencies. These people "may be fueled by our adversaries," he said.
FBI Director James Comey referred to the backlash against his lobbying for backdoors into encrypted communications provided by the technology industry as "venom and deep cynicism" that are making a rational discussion about what could and should be done nearly impossible.


Why are any of those 'talking heads' up there speaking? Whatever they say is meaningless. They should have been fired. Why are they, instead, up there acting like what all happened on their watch was okay?

On their watch, OPM was hacked and the files of 20 some odd million people.

I understand this is chalked up all to the OPM head. But, if you go to a bank and entrust your money, shouldn't you have some vested concern in how that bank is holding your money? Credit card companies have done this with companies that use their services, via PCI-DSS. Banks do this with companies they entrust to work with. They don't just take people's word for it. They audit the hell out of these companies.

How much more valuable was these personal details, to the people exposed to the hacks? How much more valuable to the country - supposedly - was the entire edifice of 'secret America'? On their watch, all that security and privacy was entirely raped.

And they whine about Snowden, while they are brazenly up on stage, without the slightest trace of shame. They should have been fired.

But, of course, they do not take America's secrets seriously. Because there is clearly nothing to those secrets. How can they? Trillions of dollars of spent; massive legal violations against the core of American law, the Constitution; and they have one valid terrorism case to show for any of it.

Now, I know there that what Cory meant with that first paragraph is the truly and effectively illegal 'domestic spying program', but sum it up, what is the entire American intelligence edifice worth? Really? Besides bullshit games and gossip? From open source records, I am struck with the conclusion that it is all a waste of money.

And, from these 'talking heads', my opinion is only strengthened. If they really cared, why do they not step down? Instead, they have used these hacks and whistleblowing incidents - Snowden & Manning are the real heroes here - they have used these incidents to glory and posture as if they belong in their jobs. As if the glory of Snowden & Manning's heroic efforts are their own. But, they should be at the scorn of the nation.

Now, I put them as 'talking heads' specifically to highlight the point that they have, on their watch, allowed for their own intelligence infrastructure to be raped. Their most private, vulnerable goods, they let out in the public as if they saw America as a whore, and 'of course that is what a whore does'. I always hated the hacking term of 'rape' to hacking, but that is exactly what happened here. Are they the heads of the game? If not, why are they talking? If so, well, not any longer, because Snowden, Manning, and the OPM hackers - as well as others - showed them completely 'who is boss'.

And so are those who are fighting against them. People like Sean Gallagher and Cory Doctorow.

So, let us see... setting up America as a surveillance state. Mass domestic spying. Lying about terrorist threats. Creating multi-trillion dollar industry which produces no value, but for the most wealthy. Spreading and creating an incubation field for hate in the Middle East, against America, against "free" nations, against the principles of liberty and justice. The message to the country, and the message to the world is they are as corrupt and as incompetent as all hell. So, what is the meaning of law and rights, if the leaders of America's 'eyes & ears' are this thoroughly bad? It tells them that there are no laws and there are no rights.

They can keep talking down the people who stand for truth, liberty, and justice. All those working together as if one person. They are just building up their own shame. And they are getting owned by these people, slicked and diced, upside down and sideways. Almost too easy of a target, if they were not still in "power". In quotes, because they are as powerless as can be. It is outrageous.

Great entertainment anyway, watching Rome burn. They don't feel the flames yet, but they sure will. And to be clear, because they are intimidating little snakes -- I mean the fire of shame.

It is a spiritual and psychological war, and they are losing it... really, really bad. Because it is them fighting against the truth. They have been lying so long and so hard, I don't know when it will finally break in their hearts and minds that they are **everything they accuse, falsely, their adversaries of being**. How so quickly they unconsciously see themselves, how horrible when they wake up to the shame they have sown and will reap.

History will surely not remember them as the heroes they are claiming to be. That is for sure.

01000111September 13, 2015 12:52 AM

@name.withheld.for.obvious.reasons

re: your flurry of posts

There is a real question as to the "legality" of the DoD restructuring the CIA as a direct component of DoD at the UndDefSec level. The title of the policy directive changing (putting the CIA in charge of all the IC) is Under Secretary of Defense for Intelligence (USD(I)) as specified in DoDD 5143.01. My understanding is this promotes the CIA to "the" top level component of DoD.
The new position puts the former ODNI above all IC and DoD component organizations. There is much to analyze, need to determine the operational, structural, and underlying rationale for this re-positioning of the CIA.
Just a quick follow-up, work this weekend will keep me from detailing my findings. What I can disclose related to my current research more than suggests a complete restructure of three specific aspects of the CIA; a change in "DoD Policy and Authorities" respecting hierarchy within DoD AND avoiding disclosure, a NEW mission/charter across the organization--when detailed it is as if a switch had been thrown, and I seem to unable to locate the new authorities but am hopeful that DoDD 5143.01 will provide additional clarity. And, I did get one detail incorrect--an error from my initial report, there are not five new directorates, there are ten.

To a certain degree, I am not following you here, but take what you are saying seriously. I can't get through the intelligence-ese, to a degree.

On the surface, not real sure that the CIA is not less of a waste of money, and less a threat against the world and the country then these other agencies.

I mean the FBI is law enforcement, and NSA is signals intelligence. Why are they pretending to be spies?

Though, really, I call into question the entire edifice of 'secret America', especially post-OPM hack. So, it is, to me, as garbage, even destructive garbage, just shifting in the can.

But I have to take serious pause here, considering the head of the CIA saying the following, from the ars article I quote in my previous post:

CIA Director John Brennan suggested that negative public opinion and "misunderstanding" about the US intelligence community is in part "because of people who are trying to undermine" the mission of the NSA, CIA, FBI and other agencies. These people "may be fueled by our adversaries," he said.

That is pretty despicable. And that is the head of that body. Putting that guy even further up the food chain? Not good.

In context: his statements could not be more hypocritical, and he could not be more oblivious. Are the people above them, currently, less worse? If protecting secrets is their job, they could not be more horrible at their jobs. But, considering the sick trend, I would expect this guy to be even more terrible. Because it is not going 'up', it is going 'down'.

FBI, in terms of real world, violent crime, seem to be doing a good job with what they are actually tasked to do. But the FBI head's statements in that article was even worst then the CIA's head.

I mean, though, in context, of course, they have been beheaded. With what great fury they speak, finding themselves on the bottom of the pile.

01000111September 13, 2015 1:12 AM

@not.name.withheld

Starting back in the 70s CIA made a concerted effort to obscure domestic covert operations by diffusing their functions. They did it in several ways, as everyone now knows: taking over other agencies with detailees, proprietaries (fake companies), NOCs in multinationals, domestic agents, cutouts in trans-national organized crime, fake NGOs like Meridian House and Human Rights Watch.

...

Since 9/11 you live in the United States of COG. Those decentralized nuclear boltholes? Now we call them Fusion Centers. Have you wondered why they're militarizing police and putting them through COIN drills? Why Senators grovel to the IC?
Given free rein, the knuckle-draggers naturally went berserk with crimes against humanity and stuff, this was their big chance. They had the domestic population under control. What they didn't expect was a regenerated Russia allying with regional powers, enforcing rule of law with a real, qualitative, missile gap.

...

No disrespect meant, but devil's advocate viewpoint:

Okay, Russia? Russia is just weak. Putin was getting on the 'friend list', and got himself straight out kicked out. Whose 'friend list'? Europe and America, and really all nations who are allies.

They have been sucking themselves dry, going for nationalism over globalism. Their energy and other export markets are becoming increasingly vulnerable because of this.

Why did this happen? Because they decided to make war with Ukraine, and treated the world as if they are complete idiots in these regards. They have far from fully backed away from that, so everyone is tensed for a good, old fashioned, war in Europe.

Not to excuse the mind boggling failings of the US these days.

But, saying Russia is regenerated, that hurts. They just shot down an UN proposed resolution to give justice to LGBT. From reports I have been hearing, their nationalist propaganda is at perhaps even more of a fevered pitch then it was during the Cold War. No lessons learned.

Though, frankly, I am not sure who has been saying more loudly to the world, that "We are stupid and untrustworthy", the US Government or Russia. Coin toss. For me? About the same.

Only the US probably won't go to literal war with most nations, whereas with Russia, they are sitting, sulking, and it is still open for possibility.

On 'who controls the US', 'it is the CIA':

No offense, but I think you are attributing way too much skill to them. What actual expertise or value have they shown? Iraq intelligence, that Iraq had WMD? Evidence gained from torturing and black sites? These matters are both deplorable and laughable.

I do think there are really ludicrous signs that "something is going on". I get people saying, "It is the CIA". Or some other agency or organization which is under the US. But, I look at it as UNSUB Third Party.

But, IDK. Hey, look, you are clearly very bright and smart. But every front domestically & Globally reminds me of the title of the third or second book in the Mitrokihn archives, "Things Were Going Our Way". The old ruling edifice seems to be getting the shit kicked out of them left and right, on everything from marijuana to homosexual hate to the "war on terrorism" to the "war on Muslims" to the "war on drugs". In hacker speak, they are getting owned. It almost hurts to watch, if it was not so funny.


01000111September 13, 2015 1:33 AM

@SoWhatDidYouExpect

re: ars article, w/o reading slashdot, the panel of intel pansies on fox news, talking crap

Ah, just as we expected. The spooks think that the public is loaded with "venom and deep cynicism" over their work which invades the privacy of everything (except those that are specifically protected). They choose to ignore all rational and real positions against their actions.
Just imagine, if the spooks are so easily "befuddled", what real enemies will do to them. Overall, I think they are just looking for the easiest viction to catch (any honest U.S. citizen will do) rather than performing any real work. Their objective is to influence, intimidate, and control U.S. citizens, not protect them.

What I really wonder is: who is so blind, so naive, so gullible to take any of them seriously, whatsoever? Are there really people out there who do this?

Yet, we have to take them "seriously", because there they are, heading these trillion dollar organizations with enormous destructive power. [Which they have been trying to use to their greatest abilities.]

What I really hate about the FBI head's (hah) statement is exactly in what you quoted, and how unfair it feels. Because I would have said the exact same thing about them. They are full of spitting, poisonous venom, and nothing else. And they are biting everyone and trying to infect them.

Yet, flailing miserably.

I expect deep hypocrites to speak so truly of their own selves when they accuse others.

How apt is the metaphor of 'venom'. They have been poisoning everyone with their bullshit stories about "terrorism" and how everyone should fear.

Frankly, shortly after Snowden, and before OPM, I did have fear. I would never have dared to speak openly on such a subject. In public. But, the OPM hack showed just how much they are 'on top of things', lol. It was shameful how they spoke up, went on stage, and didn't at all get fired, but tried, desperately, to steal the limelight from Snowden, Manning, and all those with them.

But, past OPM? It is just sad.

1. OPM was hacked before this, and despite all these organizations having their most sensitive data stored there, they did nothing.
2. If the records of their own classified people are that worthless, which we can derive from their lack of action, and the fact they still not only have their jobs, but are in the limelight... then what is worth anything at all? What product are they even showing?
3. I am sorry, but I am not completely stupid. These guys came out saying "Oh we all know who did it, it was China, but we have such secret intelligence nobody knows about, we can't tell anyone about it." And, then? Government insiders came out anonymously and claimed the secrets of OPM were being used by **both** Russia **and** China.

Fishing much??

First of all, highly unlikely those "leaks" were not official. Secondly, even if they were official... then they have their heads up their -- you know what.

Because if China stole that data there is no way on earth they would have been so quick to share it with Russia. Especially not after Russian top computer security firm, Kaspersky was 'had' by the Americans. They would never share that data, even if Russia were their closest and best friend.

So, that says to me: they have not the slightest clue who did it.

Which means, considering the data, they don't have the slightest idea of what they are doing. Never mind that anyone who actually wanted to perform risk analysis and quantifiable product analysis for their entire combined "product" would have to come back and say, "There are simply no numbers here, we are doing not only no good, we are far more destructive simply by 'doing our jobs'".

Gerard van VoorenSeptember 13, 2015 2:05 AM

@ Anon again,

The 'war on terror' was a fear mongering cover up for the 'war for oil' and the continuation of the petrodollar.

All the talk about terror is plain bullshit and is meant to be a distraction.

@ Bob S.

The decision of whether to stay with MS is your own. Liberty is a thing not everyone can handle. It comes with responsibilities, such as maintenance of the backups and security your stuff by your own but it also has its benefits.

rgaffSeptember 13, 2015 2:06 AM

@Clive Robinson

Securely delete things on an SSD.... :P
I'm not sure you can without compleatly overwriting the entire SSD four or five times, even then "no guarantee".

Exactly my point in mentioning it, in fact... these stupid stupid idiotic hardware manufacturers need to actually start thinking about security too not just speed! A storage system that actually has a "secure delete" function is a must... and more than that, one that we can verify it actually DOES it, i.e. is open source firmware/hardware/etc...

CuriousSeptember 13, 2015 3:20 AM

Academia and document leaks:

"PhD student forced to remove all WikiLeaks references from her dissertation"
http://www.ibtimes.co.uk/phd-student-forced-remove-all-wikileaks-references-her-dissertation-1519172

As I understand it, the Ph.D (Doctor of Philosophy degree) dissertation process wasn't an issue, but the fact that she was required to publish the dissertation apparently turned into a serious problem. So she did get her Ph.D writing about 'leadership and change', but was sort of forced to remove references to Wikileaks because of the prosecution of Barret Brown. Unless I am mistaken, she had written about US-Venezuelan relations.

The article points out that McKinney is a former US Representative and Green Party politician. She explains the story herself in a 9min video shown in the article linked.

Clive RobinsonSeptember 13, 2015 5:15 AM

@ Jacob,

I found the UK Telegraph article about passwords quite funny and a little one sided.

Whilst they mentioned the "written down and on TV" for a couple of sporting venues they forgot to mention the much more serious "Security CCTV shoulder surfing" at Google.

I don't know if the ailing Telegraph still kisses the ground Google walks on but any adverse mention of the "Choc Box" was baned at one point in the papers desperate attempts to remain viable.

The important thing about passwords is to remember the advice changes as the technology does...

I'm old enough to have not just joked about but also exploited passwords in network streams. And even old enough to have "been active on the scene" as a young adult back when the BBC Micro Live program got hit by Oz and Yug as Herman Hauser --who owned Acorn that made the BBC computers-- found that his "HH" password had been "guessed" for his AMS001 account on BT Gold and the "Hackers Song" put in his startup file (which I believe was the first national televised 'password crack' result). And I was also on the fringes of the 'non-crack' of BT's Prestel system which involved HRH Prince Philips account, where the BT System operators set up a test machine and just copied a backup across and put the operator password up on the screen forgeting that the password file of all users they had copied was in plain text, and thus available to anyone who cared to look... Two seperate items that Journos manage to incorrectly mangle together these days due to the lack of Sub-Editors, ethics and the likes.

But more uptodate you have "end run" attacks such as "shoulder surfing" via hidden cameras also being done by high quality Security CCTV. And as the recent cracking of 11.2million Ashley Madison user paswords shows, even trying to keep up with "best practice" almost inevitably gives rise to tempory or permanant security holes, especialy with large user communities.

And as Bruce and others have noted several times in the past, security advice changes to "Refight The Battle Just Lost", so it is with passwords.

The real underlying problem is that passwords are a "worst case hard fit" for humans and a "best case easy fit" for computers, untill we change it the other way around then the problems with passwords will continue into the foreseeable future.

However a word of warning, I once suggested using a capatcha type system for financial transaction authentication --you can still find it on this blog-- to make a task simpler for humans and harder for computers... Within a very short period of time it was reported that spamers and similar were using "humans" paid virtually nothing to solve capatchas... Thus human ingenuity of the highly motivated few, almost always beats the common security enforced on the masses, in ways that usually become painfully obvious with a short period of time... It's almost enough to make you a fervant believer in "bespoke security" or as we tend to call it "Security by Obscurity".

But as Stella Rimington whilst head of MI5 concluded there was no way to tie humans to documents or even bio-metrics in a reliable way. And she later upset the then UK Prime Minister Tony Blair by wadding in and making her views on her conclusions publicaly known during the "UK National ID Card" debacle. The upset was possibly because Tony Blair may have been looking to use the National ID card to swell his and his political party coffers via backhanders from technology companies vi-ing for lucrative contracts.

Thus I personally have no faith in passwords or their implementors what so ever, likewise the rules people claim will make them secure. However I can not see an alternative...

ianfSeptember 13, 2015 6:59 AM

@ John Galt IV

HP Will Release a “Revolutionary” New Operating System in 2015
Hewlett-Packard’s ambitious plan to reinvent computing will begin with the release of a prototype operating system next year.
[… Beside non-volatile Memristors] The Machine’s design includes other novel features such as optical fiber instead of copper wiring for moving data around. HP’s simulations suggest that a server built to The Machine’s blueprint could be six times more powerful than an equivalent conventional design, while using just 1.25 percent of the energy and being around 10 percent the size.

All dandy, but doesn't it all sound a bit like too much, too fast, too good to be true? I didn't know HP had the industrial muscle to upend the now 70+ year old computer buildup model, and I doubt they can deliver on that promise past and above academic White Paper levels. Or maybe I'm prejudiced for no reason other than to appear the Doubting Thomas' offspring Schmartypants Alec (that must be it).

John Galt IVSeptember 13, 2015 7:17 AM


two gems from the daily news compendium. I think that the first was touched on some weeks ago, but I had missed the compact description of these two fascinating encryption techniques:

http://www.nature.com/news/online-security-braces-for-quantum-revolution-1.18332
...
One such system is lattice-based cryptography, in which the public key is a grid-like collection of points in a high-dimensional mathematical space. One way to send a secret message is to hide it some distance from a point in the lattice. Working out how far the encrypted message is to a lattice point is a difficult problem for any computer, conventional or quantum. But the secret key provides a simple way to determine how close the encrypted message is to a lattice point.
A second option, known as McEliece encryption, hides a message by first representing it as the solution to a simple linear algebra problem. The public key transforms the simple problem into one that seems much more difficult. But only someone who knows how to undo this transformation — that is, who has the private key — can read the secret message.
One drawback of these replacements is that they require up to 1,000 times more memory to store public keys than existing methods, although some lattice-based systems have keys not much bigger than those used by RSA. But both methods encrypt and decrypt data faster than today’s systems, because they rely on simple multiplication and addition, whereas RSA uses more-complex arithmetic.

the second topic also has been touched on in recent weeks, but without the clarity and historical framework provided here. in slightly less than ideal news, your constant berating of the US government has sowed a climate of cynicism, venom, fear and distrust, which has hurt US government morale.

unfortunately for you, that is an act of war, because it reduces the will of the US government to continue prosecuting the war on terror to protect your rights. anyone who makes any expressive act, including posting anything online, that hurts morale is now an unprivileged combatant. you are subject to termination with extreme prejudice. the whole thing is worth reading, especially if you intend to continue posting disloyal and cynical comments that sow hate and discord:

https://consortiumnews.com/2015/09/12/us-war-theories-target-dissenters/
...
What constituted an act of hostility? Whiting defines that to include a sentiment of hostility to the government “to undermine confidence in its capacity or its integrity, to diminish, demoralize . . . its armies, to break down confidence in those who are intrusted with its military operations in the field.”
An example of how martial law was to be carried out was in an order to a subordinate commander by the Army Department of the Pacific Commander in response to complaints from the Citizens of Solano County, California, of disloyal “utterances” they were hearing from fellow citizens.
...
Immediately after the Civil War, when it was freshest in their minds, the Supreme Court had this to say about martial law in Ex Parte Milligan: “What is ordinarily called martial law is no law at all. Wellington, in one of his despatches from Portugal, in 1810, in his speech on the Ceylon affair, so describes it. Let us call the thing by its right name; it is not martial law, but martial rule. And when we speak of it, let us speak of it as abolishing all law, and substituting the will of the military commander, and we shall give a true idea of the thing, and be able to reason about it with a clear sense of what we are doing.”
...
Setting First Amendment Aside
One does not need to speculate that the U.S. government no longer sees First Amendment activities as protected. Government arguments, which were made in the Hedges v. Obama lawsuit, revealed that the Justice Department, speaking for the Executive Branch, considers protection of the Bill of Rights subordinate to the claim of “war powers” by the Executive. One can only be willfully blind to fail to see this.

John Galt IVSeptember 13, 2015 7:35 AM


two gems from the daily news compendium

http://www.nature.com/news/online-security-braces-for-quantum-revolution-1.18332
...
One such system is lattice-based cryptography, in which the public key is a grid-like collection of points in a high-dimensional mathematical space. One way to send a secret message is to hide it some distance from a point in the lattice. Working out how far the encrypted message is to a lattice point is a difficult problem for any computer, conventional or quantum. But the secret key provides a simple way to determine how close the encrypted message is to a lattice point.
A second option, known as McEliece encryption, hides a message by first representing it as the solution to a simple linear algebra problem. The public key transforms the simple problem into one that seems much more difficult. But only someone who knows how to undo this transformation — that is, who has the private key — can read the secret message.
One drawback of these replacements is that they require up to 1,000 times more memory to store public keys than existing methods, although some lattice-based systems have keys not much bigger than those used by RSA. But both methods encrypt and decrypt data faster than today’s systems, because they rely on simple multiplication and addition, whereas RSA uses more-complex arithmetic.


apparently working on open-source encryption or posting news items that cast the US government in a bad light makes you an unprivileged combatant under these broad definitions

https://consortiumnews.com/2015/09/12/us-war-theories-target-dissenters/
...

The guidance of Whiting was: “No person in loyal States can rightfully be captured or detained unless he has engaged, or there is reasonable cause to believe he intends to engage, in acts of hostility to the United States — that is to say, in acts which may tend to impede or embarrass the United States in such military proceedings as the commander-in-chief may see fit to institute.” This is the same argument that the U.S. government made in Hedges v. Obama.

What constituted an act of hostility? Whiting defines that to include a sentiment of hostility to the government “to undermine confidence in its capacity or its integrity, to diminish, demoralize . . . its armies, to break down confidence in those who are intrusted with its military operations in the field.”
...

Immediately after the Civil War, when it was freshest in their minds, the Supreme Court had this to say about martial law in Ex Parte Milligan: “What is ordinarily called martial law is no law at all. Wellington, in one of his despatches from Portugal, in 1810, in his speech on the Ceylon affair, so describes it. Let us call the thing by its right name; it is not martial law, but martial rule. And when we speak of it, let us speak of it as abolishing all law, and substituting the will of the military commander, and we shall give a true idea of the thing, and be able to reason about it with a clear sense of what we are doing.”

Martial law is a subpart of the Law of War and since it is for application to a domestic population as with the Northern States during the Civil War by the Union Army, it is “moderated” ordinarily from the even harsher provisions of the Law of War which are now invoked in the Law of War manual. Yet precepts of both are being introduced domestically with Section 1021 of the 2012 National Defense Authorization Act and domestically and globally by the “U.S. domestic common law of war” precedents trumpeted by Chief Military Commissions Prosecutor, Brig. Gen. Mark Martins.
...

Setting First Amendment Aside
One does not need to speculate that the U.S. government no longer sees First Amendment activities as protected. Government arguments, which were made in the Hedges v. Obama lawsuit, revealed that the Justice Department, speaking for the Executive Branch, considers protection of the Bill of Rights subordinate to the claim of “war powers” by the Executive. One can only be willfully blind to fail to see this.

BoppingAroundSeptember 13, 2015 10:22 AM

Nick P,
Nice and interesting. A bit over my head, too, but that one is a combat target
:-)

I'll look into Racket a bit. I think I have it on one of my machines already.
Maybe it is time to take a closer look.

Thank you.

Nick PSeptember 13, 2015 10:49 AM

@ ianf

Intel did this before with the Intel i432 APX. Language, architecture and speed difference killed it off. Backward compatibility with existing tools or style was shown to be No 1 consideration for any new product. So, they had to use C/C++, x86 or RISC, Windows or POSIX/Linux, and so on. Or similarly extend a legacy system. The only clean-slate system that made it was IBM's System/38. As AS/400 and IBM i, it was ported to POWER architecture, had standard software added, given Linux support, and so on. Even it had to change to fit what others were doing.

So, "The Machine" will be an interesting experiment if they deliver anything at all.

@ BoppingAround

It's worth looking into. The How to Design Programs book might help. As a sys admin, the REBOL and successor RED languages are worth looking into. They use similar principles that allow the language to modify itself. It's a bit more like a typical scripting language than something like LISP, though. Plenty of code out there for REBOL, too, with RED getting lots of traction as both are used in Syllable OS.

not.name.withheldSeptember 13, 2015 11:03 AM

@ 01000111, Interesting points all. The way Russia stopped US aggression in Syria last time shows how weaklings can kick ass. Russia mobilized in proportional steps while presenting a diplomatic solution (OPCW) as a fait accompli. And they're doing it again. Now Russia has deployed just enough firepower to blind US C3, if it comes to that. Meanwhile they're brokering negotiations that could oust Assad but keep Syria intact. When a competent nuclear power confronts CIA, CIA backs down. As for Russia's role in Ukraine, it might help to glance at this guy, http://thesaker.is/ Russia is on firm legal ground. ICJ would confirm that in a heartbeat and the USA would have to shut up. That's why there's no legal challenge, only whining.

Re CIA ineptitude. True. Ineptitude is all that protects us, because CIA exercises arbitrary rule with impunity. Their edifice is cracking, as you note. Look at the institutional rot and degeneracy of the NATO Pact. It's worse than the terminal stages of the Warsaw Pact. Nobody expected the USSR to collapse but it did. CIA is going down the same chute. We can all help stomp their fingers as they hang on.

Stingrays Teach Police to Lie and DeceiveSeptember 13, 2015 11:27 AM

Snowden was repulsed by our top spy being caught lying in public testimony to Congress. So he dumped his documents in a bitter lesson teaching ‘right from wrong’.

Now all decent Americans are outraged when police falsify their official reports. They lie even to prosecutors and judges!

Just as DNA evidence has overturned thousands of innocent citizens wrongly convicted, there will be a coming wave where each Stingray case will evaluated for legality and due process under the law.

Could this be the root-cause our police just can’t stop screwing-up with officers being charged daily?

Once you lie you can never be trusted again!

rgaffSeptember 13, 2015 1:00 PM

@Bob S.

Yes, I have multiple slightly technical friends who have now abandoned Windows for Linux, some were even serious die-hard Microsoft worshippers... I think it's a mass exodus due to Win 10.

It may have been the best thing that could have happened to help out open source in general...

Clive RobinsonSeptember 13, 2015 2:19 PM

@ rgaff, Bob S.,

I think it's a mass exodus due to Win 10.

I've been chatting to some of my more technical friends about Win10, and each time two things come up,

1, It's very invasive Spyware.
2, M$ are pushing it in ways that are way beyond legal in many places.

After further chatting if you bring up the idea of Comey / Alexander / et al "front door" most quickly agree Win10 fit'a the bill more than adequately, with the compliant M$ acting not just as the faux legal constraint, but also as M$ collect the users private data from day1 onwards it gets around the "tipping off" problem.

Over in the UK there has already been complaints about being hit with "Mobile Computing" charges where the 6Gbyte background download has blown some peoples 1Gbyte/month limit.

There is a story doing the rounds that somebody on Holiday got hit with a "roaming data charge" that exceaded the cost of their holiday. I've not been able to confirm it one way or the other, but if true I've no idea what the legal position would be...

The one question nobody I've chatted to can come up with a reasonable answer to is "Why are Micro$haft doing this?", reputationaly and potentially legaly it appears to be a way to commit hara-kiri / seppuku.

rgaffSeptember 13, 2015 3:08 PM

@Clive Robinson

All I can think of is that Microsoft's future, after committing business suicide and paying all the execs handsomely with all the assets, will be government bailouts and more obviously becoming a direct extension of the government. Nothing else other than a plan like this makes sense for what they're doing.

I honestly know of no-one who is a huge Windows fan any longer... they used to be everywhere.

Or maybe they're just deluding themselves into thinking they can do it just like Google did... well, see, Google rode in on it slowly under a "DO NO WRONG" banner, so it took people a while to realize until they were fully entrenched... So that's a bit different... You can't crank the heat up on the frogs so quickly or many will jump out!

CuriousSeptember 13, 2015 3:24 PM

"EU, US reach data protection deal allowing Europeans to sue over privacy breaches
https://news.yahoo.com/eu-us-reach-data-protection-deal-commissioner-182241155.html

"Brussels (AFP) - Brussels and Washington reached agreement Tuesday on a data protection deal that will allow Europeans to sue over improper use of their personal information in the United States, the EU said."

"The deal also helps pave the way for EU plans to collect EU air passenger data, a measure sought by the United States after years of wrangling over how to protect personal information while fighting terrorism and serious crime."

rgaffSeptember 13, 2015 3:25 PM

I meant "Don't be evil"... same thing I guess for people who don't believe they are capable of doing wrong...

Gerard van VoorenSeptember 13, 2015 3:26 PM

@ Clive Robinson,

> The one question nobody I've chatted to can come up with a reasonable answer to is
> "Why are Micro$haft doing this?", reputationaly and potentially legaly it appears to
> be a way to commit hara-kiri / seppuku.

Don't underestimate the stupidity of the masses. Most people are just not aware and the way MS presents the W10 update is pretty demanding. I think MS will get away with it and make a lot of money with this. Btw, I hope I am wrong.

In the past I have said that MS doesn't give a damn about their reputation. They do anything to make money. And they learn. My guess is that, because the regular pc/laptop market is diminishing, and they don't have a competitive answer on the mobile phone market, they are following Google. Google makes money on the mobile market with their spyware. MS is now doing the same on the pc/laptop market. It is sneaky all right but they just don't care.

Remember the Ballmer speach about developers? MS is now opening lots of their software platforms, of course not the cash cows, but enough to keep people interesting. Exactly the way Google did it. They couldn't do that with Ballmer so they have a new CEO. They will never ever open up Windows itself and keep harassing other browsers for instance with new installs but they are more 'open' -ish for developers.

When it comes to 'potentially legaly hara-kiri / seppuku' I don't buy that at all. They don't have a legal department with an annual budget close to a billion USD for nothing.

AnuraSeptember 13, 2015 3:29 PM

@Clive Robinson

They've seen the phone/tablet market and realized people in general just don't care if they are treated like they are just renting the hardware.

I was going to keep Windows 7 until it hit end of life, but now I think I might just stop doing Windows development and just use Linux.

Gerard van VoorenSeptember 13, 2015 4:03 PM

@ Clive Robinson

Reading back my message I realised it should be more positive. Sorry.

rgaffSeptember 13, 2015 4:09 PM

@Anura

They've seen the phone/tablet market and realized people in general just don't care if they are treated like they are just renting the hardware.

This may be true of mobile phones and tablets, because they grew up as a restricted market like this to start with... but I don't think this is so true with laptops and desktops, people still expect to own those... or at least the data on them! I think Microsoft is making a big mistake treating them the same... but time will tell.

And in the corporate world the companies expect to own their laptops and data... so... doesn't this mean all companies won't upgrade to Win 10, and may even ditch Win 8 and 7? I really don't get how Microsoft can risk this... Is there a special non-spy version of Win 7/8/10 for corporate use??

tyrSeptember 13, 2015 4:23 PM


Good news for a change !!

www.slate.com/blogs/future_tense/2015/09/10/brewster_kahle_creator_of_the_internet_archive_should_be_the_next_librarian.html

The fact that he is even considered for the job is a breath
of fresh air into US government. You can bet that the usual
suspects from the copyright mongers are going to be out in
force against him. If you think copyrights should pre-empt
all of law and history like the RIAA and MPAA boys a guy who
makes all of the public domain he can get available to any
one who logs into the archive has to be anathema to them.

It will be hilarious to watch what happens in this arena.

I seem to recall M$ got their butt in a crack in europe over
bundling years ago, now it sounds like they are back on the
hook for exfiltration of european data. If what Clive said
is true the complainants have tidy records to show a judge.
That is always nice, judges like clear paperwork pointing
to a clear offense of the law.

A billion USD may not be enough in this case, since deep
pockets expose you to deep penalties.

BoppingAroundSeptember 13, 2015 4:26 PM

rgaff,
I know several 'die-hard Windows fans' as you described. Many of them seem to be
rather annoyed with, I quote, 'how Microsoft is portrayed by the media as doing
evil things'.

Curious,
I'd wager the collection of passenger data is the main incentive there. Almost
sure it'll be in motion. Maybe unlike the legal action bone thrown to
Europeans. But that is to be seen yet.

Perhaps I'm being too cynical.

rgaffSeptember 13, 2015 5:15 PM

@ BoppingAround

Odd, I've seldom seen such things in the media... that is... "main-stream" media... blogs are not really main stream media. articles on technical web sites are not either. That's where the new Microsoft EULA is being explained, and people are noticing, and ditching it.

Dirk PraetSeptember 13, 2015 7:13 PM

@ Clive

The one question nobody I've chatted to can come up with a reasonable answer to is "Why are Micro$haft doing this?"

Facebook has over 1 billion users who don't give a rat's *ss about their privacy. Practically everyone is using Google. Smartphones, especially Android, leak data as if there's no tomorrow. Both companies are making a mint with their business model. Meanwhile, governments all over the planet are adopting all sorts of surveillance and other legislation, inviting the tech industry on board, either by coercion or with promises of immunity from prosecution. So at the end of the day the real question is not why they are doing this, but why they shouldn't.

The majority of ordinary consumers just doesn't care, and I'm sure in due time they will come up with some (paid) solution to tackle any potential backlash from corporate accounts.

DanielSeptember 13, 2015 7:22 PM

@Dick P.

Because none of those business models are sustainable long-term. Of course, the time-horizon of most businessmen is two seconds...

The fact is as Bruce has said time and time again we live in a golden age of surveillance. But it can't last. There is nothing in human history that suggests or implies it can last.

*For every reaction there is an equal and opposite reaction.*

Given that Google and Facebook are the action why bother to compete? Better to align with the reaction, where no one is big is making a play.

SkepticalSeptember 13, 2015 7:57 PM


@01000: So, let us see... setting up America as a surveillance state. Mass domestic spying. Lying about terrorist threats. Creating multi-trillion dollar industry which produces no value, but for the most wealthy. Spreading and creating an incubation field for hate in the Middle East, against America, against "free" nations, against the principles of liberty and justice. The message to the country, and the message to the world is they are as corrupt and as incompetent as all hell. So, what is the meaning of law and rights, if the leaders of America's 'eyes & ears' are this thoroughly bad? It tells them that there are no laws and there are no rights.

Bizarro-world. The US Government is one of the least corrupt in the world, and has a fiercely independent judiciary which rigorously applies rule-of-law.

That's why civil liberties organizations like the EFF and ACLU actually make a difference; that's why the US allows a wider range of political speech than, at this point, any other country; that's why the US is consistently rated as one of the easiest nations in which to start a business; that's why the US is one of the strongest forces behind anti-corruption efforts across the world.

Respectfully, the picture in your head of the US is so utterly askew with reality that it's difficult to address any of your conclusions without first hacking through a dense underbrush of misconceptions and falsehoods.

@not.name: The way Russia stopped US aggression in Syria last time shows how weaklings can kick ass. Russia mobilized in proportional steps while presenting a diplomatic solution (OPCW) as a fait accompli. And they're doing it again. Now Russia has deployed just enough firepower to blind US C3, if it comes to that.

"US aggression in Syria" has consisted of killing ISIL and AQ-affiliated forces. Russia isn't going to intervene against such efforts, doesn't want to, and frankly, even if it did desire to do so, couldn't.

Russia's role in enabling Assad to avert US airstrikes largely consisted of helping facilitate the removal of (some) chemical weapons and, perhaps, aiding in communications between the US and Syrian governments. The notion that "Russian mobilization" had anything to do with it is without any merit. Nor would Russia be so insanely self-destructive as to attempt to use firepower to "blind US C3."

The primary drivers behind the aversion of US strikes on Assad were (1) the President's reluctance to undertake action with very unpredictable consequences for the dynamics of the Syrian civil war (e.g. weaken the Syrian Government forces too much, and you may facilitate a massacre) and the need for further, costly, US involvement and (2) Assad's willingness to part with CW in exchange for self-preservation.

Meanwhile they're brokering negotiations that could oust Assad but keep Syria intact.

Russia is primarily defending its hold on what it views as an important naval base and an important listening station. It may try to leverage what influence it has among Assad loyalists to show that it can be a constructive force globally and thereby escape the isolation, suspicion, and opprobium that its actions in Ukraine have brought upon it. But I doubt it.

Personally, I think it's now abundantly clear that NATO will become much more heavily involved in resolving the Syrian problem, and that Russia is therefore prudently preparing better defenses for its important assets in Syria. The noise from various corners about Russia's increased military presence are mostly, in my own uninformed and distant opinion, a means of warning Russia not to expect to use the possibility of interfering with coalition or, perhaps, NATO operations as a bargaining chip.

When a competent nuclear power confronts CIA, CIA backs down.

You don't happen to remember the Cold War by any chance, do you?

As for Russia's role in Ukraine, it might help to glance at this guy, http://thesaker.is/ Russia is on firm legal ground. ICJ would confirm that in a heartbeat and the USA would have to shut up. That's why there's no legal challenge, only whining.

Firm legal ground...

What do the G7 and EC say?

We, the leaders of Canada, France, Germany, Italy, Japan, the United Kingdom, the United States, the President of the European Council, and the President of the European Commission, join in expressing our grave concern about Russia’s continued actions to undermine Ukraine’s sovereignty, territorial integrity, and independence. We once again condemn Russia’s illegal annexation of Crimea, and actions to de-stabilize eastern Ukraine. Those actions are unacceptable and violate international law.

Only whining? Russia's economy contracted over 4% last quarter and inflation is running at 16%. It has become a near international pariah, and is desperately trying to warm relations with China, a nation whose interests conflict with Russia's significantly and in the long term - but any port in a storm, I suppose. China is playing the hand to its full advantage, at Russia's expense. China did not sign, as they were once expected to do, an agreement enabling the financing of new pipelines between Russia and China - and the oil purchase price already agreed upon between the two nations - quite the bargain for China at the time - may be subject to renegotiation if oil remains cheap.

Russia is paying a terrible price for the sake of an obsolete foreign policy strategy and an increasingly authoritarian and selfish domestic policy.

I spooge on your stars & stripesSeptember 13, 2015 9:47 PM

Skeptical's meticulous brainwashing got harshed by cognitive dissonance, so here he comes running to win hearts and minds by repeating his loyalty oath. Let's see how full of shit he is today!

One of the least corrupt countries in the world! In TI's Corruption Perception Index the US clings to 17th place with a 4-way tie. The top decile or so is good enough for government work, no doubt, but anti-corruption schismatics like Integrity Action might point out that the US watered down the Convention Against Corruption to decriminalize its institutionalized malversation, and even at that, has still not assessed its CAC compliance. Needless to say, its restrictive municipal-law definition of corruption permits incapacitating Soviet-scale abuse of function and trading in influence. F-35. Q.E.D. Skeptical lives in a decaying 3rd-world shithole and he can't handle it.

US aggression in Syria! In which Skeptical proves that he doesn't know what aggression is and that he doesn't know where to find the definition. And that he doesn't even drink with spooks.

Russia isn't going to intervene! What do you know, this is accidentally true. Of course Russia isn't going to intervene. They don't have to. All you US pussies commanding BMDs are going to back down. Remember when you tried to attack Syria last time? Remember when Russia intercepted that missile? What did you do to them? Nothing. Jack shit. You backed down. Even Libya made the US back down, just by taking you to court. Pussies. Then Skeptical pulls more whimsical unsupported assertions out his ass till our eyes glaze over. Clearly he's got no access and no need to know.

Cold War? You mean that ridiculous duck-and-cover nonsense that paused when the USSR disbanded itself? They lost interest in the whole charade. As your more intelligent elites are only now doing. Snowden et al. are your refuseniks, and they're going to destroy you.

What do the G7 and EC say?! Ooh, toushay! They flap their lips like you do. They're not going to try that shit in court. They'll get reamed up the ass and set a restrictive precedent constraining their unlawful interference. Like in Oil Platforms. See, you're too stupid to distinguish between posturing and winning. That's why you like government so much.

And now the old China hand is all tickled pink at China making Russia knock their head three times. Like they do to the US, like they do to everybody. See, he just figured it out on his last double-secret high-stakes posting in his Walter Mitty fantasy world. Never lived in Russia, either, huh? So, ace, what's your expert assessment of the likelihood of a Kindleberger crisis given the maturity structure of their debt? You don't know shit about economics, give it up.

65535September 13, 2015 10:47 PM

@ not.name.withheld

“…Have you wondered why they're militarizing police and putting them through COIN drills? Why Senators grovel to the IC?”

I deeply suspicious of the “reshuffling of the CIA” within the DoD. I suspect that the CIA is trying to claw back some of its “glory” from the DEA [which seems to be in boots on the ground missions in various countries – with some success].

Why would Senators grovel to the Intelligence Community?

The most obvious reason is the IC has some nasty information on said Senators or their family.

It is possible that the Senators also need dirt or derogatory information on upcoming challengers to hold their positions of power [note that senators tend to stay in office for a long time].

@ Name Goes Here

“…how the government could get the global business community to trust encryption that provided a "golden key" to the FBI and the intelligence community, Comey said, "I don't have an easy answer to that.”-Arstechnia

I have an easy answer – no, they cannot.

In fact, inserting any USA backdoor or golden key will cause reduced sales for USA based companies.

Google was kicked out of China because of it’s relation with IC community [nobody at Google will admit it but that is my take]. This will happen to other USA companies with ties to the USA IC community.

Just look at the “The Athens Affair” and you will see the CALEA backdoor misused.

http://spectrum.ieee.org/telecom/security/the-athens-affair/

@ Bob S.

“…to me MS has gone "modern" by upfront taking all your personal data and making you "opt out" via laborious mining of screens and sliders while preparing to sell and share user data to create revenue flow. Of course, opt outs can be covertly, or openly, reversed for security reasons.”

Microsoft is taking a dangerous path by sucking the living data out of its customers. Given the “flexibility” of their so called “EULA” agreement nobody can trust.

I am done with Windows after seeing Windows 10 and M$’s behavior [the back porting of spy modules to Win 7/8]. I think others will do the same. Windows has become a spyware platform.

@ themoreyouknow

[Regarding which version of Win 10 doesn’t leak data] “Yes, Enterprise edition.”

That is true for the most part.

I wonder about it’s dependence on Azure and so called “Public Cloud” computing in total. I would like to see a thorough review of exactly how much data is leaked using Win 10 enterprise and Azure as a combination. I find it hard to believe that M$ would siphon some of that data for monetary purposes.

One test would be to see what the adoption rate of Windows 10 enterprise is occurring in countries like China [PRC], Russia, and so on.

Maybe there are different versions of the OS that only a few select customers know about – as alluded to by other posters.

rgaffSeptember 13, 2015 11:11 PM

@themoreyouknow

Enterprise edition of win 10? Where do I get that? I'd rather pay and not be spied upon... Why doesn't everyone mention this as an alternative...

name.withheld.for.obvious.reasonsSeptember 13, 2015 11:26 PM

@ John Galt IV,

One does not need to speculate that the U.S. government no longer sees First Amendment activities as protected. Government arguments, which were made in the Hedges v. Obama lawsuit, revealed that the Justice Department, speaking for the Executive Branch, considers protection of the Bill of Rights subordinate to the claim of “war powers” by the Executive. One can only be willfully blind to fail to see this.

The U.S. Constitution is clear here, in specificity respecting the War Article I, Section 9 articulates restriction(s) to rights with the following:

The Privilege of the Writ of Habeas Corpus shall not be suspended, unless when in the Case of Rebellion or Invasion the public safety may require it.
Given the narrow definition, not including war, suggests that the framers saw no rights to the executive or to the legislature as superior. Given words such as abridging, "make no law", and other restrictive language as part of the bill of rights suggests a hands off approach to these rights. The framers were most suspect of the power within the executive branch. This makes clear to me any claims where the executive hold superior rights is completely beyond the spirit and law and should be struck down as unconstitutional and a breach of law.

name.withheld.for.obvious.reasonsSeptember 13, 2015 11:36 PM

@ Skeptical
Bizarro-world...
Your command of the language and your ability to debate becomes ever more impressive with each new post.

Nick PSeptember 13, 2015 11:42 PM

@ Daniel

His name is Dirk, not Dick. Plus, Figureitout probably trademarked "Dick P" already as a synonym for my name. I know he's used it once. ;)

rgaffSeptember 14, 2015 12:03 AM

"The US Government ... has a fiercely independent judiciary which rigorously applies rule-of-law. That's why civil liberties organizations like the EFF and ACLU actually make a difference"

Is that why the EFF and ACLU have been trying for well over a decade to get certain laws examined by the court for their constitutionality, and they're blocked at every turn for "national security" and other secrecy reasons? If you look at the court cases, you see a government pulling every trick in the book to PREVENT the court from doing their job! This is the opposite of "fierce" and "independent"... this is a totally "hog tied" court...

FigureitoutSeptember 14, 2015 12:39 AM

Nick P
--Yep, except you know you're an ass though and seem to revel in it. I've used some other more colorful words too. :) Found a paper for your link farm, "The Development of Chez Scheme" http://www.cs.indiana.edu/~dyb/pubs/hocs.pdf . Seems up your cough "alley" cough :p

Thoth
What are the likelihood they may forcefully mandate backdoors
--Probably pretty high b/c I think they're going to reach a limit on all the data storage (assuming they stay secure and untampered...) and will have to use legal warrants etc. w/ some of our solutions. They'd need someway to get data out if they go after offline micros.

Saw this on HN, pretty good: https://www.cl.cam.ac.uk/~sps32/mcu_lock.html

Mentioned ATtiny as a vulnerable infrastructure, but this is after extensive effort. ATtiny's are cheap anyway, like $0.50-$0.75 each; can put out a ton. In addition it appears Sergei joined this thread which is mildly interesting http://www.avrfreaks.net/comment/82030#comment-82030 (apparently someone built a .hex file, flashed it, then locked it and sent a micro to someone else, who unlocked it and returned the original .hex file).

But I quote above: "Atmel has done a good job in making their products very good protected against non-invasive attacks. There is a huge progress from an old AT89 chips, through AT90S chips to the latest ATmega chips (mega8...128, mega162 etc with mask marking 35xxx). I don't know about the existance of any non-invasive attacks on these latest products. At the same time, any microcontroller can be broken with invasive methods. The question is in time and cost."

And that basically sums up my position; I'm not some "AVR freak" reliant on one vendor so I bet most MCU vendors are "good enough" and it's a matter of liking their chips/toolchains. I think it's good enough until one can do better. One can sometimes encrypt info that gets transported insecurely, for instance a lot of these tiny algorithms for embedded systems (not secure, only for locality, where someone's "peeking" and doesn't have full access). http://perso.uclouvain.be/fstandae/PUBLIS/108.pdf

Gerard van VoorenSeptember 14, 2015 1:25 AM

@ Dirk Praet

About the Russian interests in Syria, this link is quite interesting. Sorry it's Dutch audio. In short: The US wants a regime change, Russia doesn't. And also the US wants plenty of influence in Syria, without sharing it with Russia. That's what the hostility is about and it supports your theory.

65535September 14, 2015 1:47 AM

@ rgaff

“Enterprise edition of win 10? Where do I get that? I'd rather pay and not be spied upon…”

I think you have to have a “long-term” Enterprise license to avoid the invasive auto-updates not of your choice. This still doesn't answer all spyware questions but it gives you an idea.

Here goes [I'll lease out the spacing]:

[Wikipedia]

"Windows 10 Enterprise
Windows 10 Enterprise provides all the features of Windows 10 Pro, with additional features to assist with IT-based organizations, and is functionally equivalent to Windows 8.1 Enterprise.
Windows 10 Enterprise 2015 LTSB
Windows 10 Enterprise 2015 LTSB (Long Term Servicing Branch) is like Windows 10 Enterprise but will not receive any feature updates, gives companies more control over the update process and is the most stripped down edition of Windows 10 available. It lacks the following applications and features:
• Store including most modern apps like Xbox, Contacts, etc.
o There are only four remaining modern apps: Contact Support, Search, Settings and Windows Feedback
o It is also not possible to reinstall the Store
• Cortana
• Edge
• Windows Media Player (only N-Version)
The following applications are replaced with their old counter part:
• Modern Calculator is replaced with the original calc.exe
• Photos is replaced with Photo Viewer as used by Microsoft till Windows 8.1...
Windows 10 Mobile Enterprise
Windows 10 Mobile Enterprise provides all the features in Windows 10 Mobile, with additional features to assist with IT-based organizations, in a manner similar to Windows 8.1 Enterprise, but optimized for mobile devices..."

"N and KN Editions
Additional Windows 10 editions specially destined for the EU, Switzerland, and South Korea (though South Korean editions have "KN") have the letter "N" (for Not with Media Player) suffixed to their names (e.g. Windows 10 Enterprise N) and do not have media-related technologies like Windows Media Player or Camera. There are N editions for all Windows 10 versions except Mobile, Mobile Enterprise, and IoT Core. Microsoft was required to create the "N" editions of Windows after the European Commission ruled in 2004 that it needed to provide a copy of Windows without Windows Media Player tied in. The costs of the N Editions are the same as the full versions, as the "Media Feature Pack" can be downloaded without charge from Microsoft.
Those editions lack at least the following functionality:
• Play or create:
o Audio CDs
oDigital media files
o Video DVDs
o Organize content in a media library
• Create playlists
• Convert audio CDs to digital media files
• View artist and title information of digital media files
• View album art of music files
• Transfer music to personal music players
• Record and play back TV broadcasts after
• Internet Explorer does not include playback for:
o Adaptive streaming
o Digital Rights Management (DRM)" -Wikipedia"

https://en.wikipedia.org/wiki/Windows_10_editions

Compare Windows 10 Editions

http://www.microsoft.com/en-us/WindowsForBusiness/Compare

[and expanded information]

http://www.microsoft.com/en-us/windows/windows-10-editions

[and licensing]

http://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx

[and MS blog]

“…On Long Term Servicing branches, customers will have the flexibility to deliver security updates and fixes via Windows Server Update Services (WSUS) which allows full control over the internal distribution of updates using existing management solutions such as System Center Configuration Manager or to receive these updates automatically via Windows Update…” -Microsoft

http://blogs.windows.com/business/2015/01/30/windows-10-for-enterprise-more-secure-and-up-to-date/


JacobSeptember 14, 2015 3:54 AM

Nick P and the rest of the gang:

Page 7: "Deniable Backdoors Using Compiler Bugs" (in Open Source projects)

https://www.alchemistowl.org/pocorgtfo/pocorgtfo08.pdf

I'd guess that any medium-budget agency can use the described methods to find and implement some attack vectors in any selected open-source project, targetting common current compilers.

P.S. Clive would probably enjoy going over Chapter 4 (page 10) : "Protocol for Leibowitz; or, Booklegging by HF in the Age of Safe Ether"

(In short: By a future presidential decree, all comm must be Safe For Children. Alice wants to send Bob an unsafe message by a shortwave radio in such a way that the listening public, as well as Eve The Enforcer, working at the Fair Communications Commission and supported by the National Safety Agency, would only see the message as a popular approved plaintext protocol. The article details the method used.)

gullipSeptember 14, 2015 4:34 AM

I love reading skeptical, though I actually don't, because he's the man of honor, articulates well within the confines of established norm and order. He's not a sockpup in the sense of origins thus he's very interesting.

Thus I present shilling is no shills.

Dirk PraetSeptember 14, 2015 6:42 AM

@ Danielle

You silly woman (cue: 'Allo 'Allo!)

@ Gerard van Vooren

Sorry it's Dutch audio.

Don't be. Dutch is my native tongue (well, actually a Dutch dialect which is incomprehensible for the average Dutch speaker).

@ name.withheld.for.obvious.reasons

Bizarro-world...

Nothing strange about that. I love Ramones references, as in "Mondo Bizarro", their 12th studio album released in 1992. Joe Strummer and the Mescaleros also had a song called "Mondo Bongo", which featured in Brangelina's Mr. and Mrs. Smith.

... This makes clear to me any claims where the executive hold superior rights is completely beyond the spirit and law and should be struck down as unconstitutional ...

I concur.

@ Skeptical

Russia is paying a terrible price for the sake of an obsolete foreign policy strategy and an increasingly authoritarian and selfish domestic policy.

At least Russia is paying the price for its foreign policy itself. The US is making large parts of North Africa, the Middle East and Europe pay for its own catastrophically failed foreign policy of "regime change". Us over here can't wait for even more US involvement in Ukraine so we can have an even bigger influx of migrants and refugees from that region too.

As to Syria, maybe someone in the European Commission should have the balls to reach out to the Kremlin and start some talks with Putin to see if the EU and Russia can't work out a joint solution outside of a NATO context that would forcibly include the US. It would make much more sense than having the US create just another cluster f*ck. When even Pentagon analysts are starting to revolt against senior leadership painting a completely wrong narrative of the so-called progress against Da'esh (IS), it becomes painfully obvious that something in the US strategy is just horribly wrong.

Clive RobinsonSeptember 14, 2015 8:49 AM

@ Winter,

What's the betting it's a high value unsigned int being read as a signed int....

rSeptember 14, 2015 8:56 AM

@skeptical :)
If we stop whining about what our country could our should be, it may go quietly into the night.

It's our duty, as we love our country like a family member - we object to behavior, indignations and injustice.

WinterSeptember 14, 2015 9:13 AM

@Clive
"What's the betting it's a high value unsigned int being read as a signed int...."

I think a will pass on that wager.

BoppingAroundSeptember 14, 2015 9:26 AM

rgaff,
Meatspace. Not media. But you can find them on the Net, too.

re: Win10 Enterprise

Don't have too high hopes for it. There is still **plenty** of work to be done in
order to shut its gob.

And just because you've paid $230 [A] for it, does not mean you aren't a
product.

Daniel,
> But it can't last.

The problem is, when will it go away?
I'd much prefer if that would happen in my lifetime.

-------------------------------

[A] In case anyone gives too much thought about the sum, the number I've chosen
is just an arbitrary amount of money.

Sancho_PSeptember 14, 2015 9:40 AM

Re “Win 10”

From my side the (hasty) Mi$o actions are both understandable and wise:
- They act from a position of absolute power (US gov is backing them).
- Their PC market position is on the brink to decline (= end of growth).
- Today is the last chance to do it, tomorrow the sheeple may seriously balk.

Yes, they could lose - but otherwise they will lose.


@rgaff

”Enterprise edition of win 10? Where do I get that? I'd rather pay and not be spied upon... Why doesn't everyone mention this as an alternative...”

Seems you’ve already swallowed the hook, time to bring in the line?


@name.withheld.for...

”@ Skeptical
Bizarro-world...
Your command of the language and your ability to debate becomes ever more impressive with each new post.”

Yes, I agree. Only the content, only the content … ;-)
(sorry, @Skeptical, couldn’t resist …)

Clive RobinsonSeptember 14, 2015 11:42 AM

@ Dirk Praet,

When even Pentagon analysts are starting to revolt against senior leadership painting a completely wrong narrative of the so-called progress against Da'esh (IS), it becomes painfully obvious that something in the US strategy is just horribly wrong.

I'm old enough to remember the Vietnam Conflict. And also remember one of the reasons it went realy bad. The use of computers to calculate the "success" of the US measures.

Some remember it was a dismal failure for good reason, the "air war" had little or no effect on the Vietcon, and it was obvious to every boot on jungle soil that the policy from above was a dismal failure often prosecuted in the worst possible way. Later document reasons suggest that various Presidents kept the war going just for political rather than strategic military reasons...

One has to question if those calling the tune in the US have actually studied history, and if they have, why they think a similar policy to one that failed badly in the past is good this time.

John Galt IVSeptember 14, 2015 12:13 PM


The Vietnam War was a giant scam, where US brass knew that the VC had 600,000 under arms in the south and that it was unwinnable. I've probably posted before that Chickhawk by Bob Mason and Kill Anything that Moves by Nick Turse will do a pretty good job of illuminating your thinking on the topic. There are a lot of dots to connect from Lyndon Johnson being in bed with the predecessor company of Halliburton, Brown and Root, before it became KBR. So, a vice president in bed with Halliburton fighting an unwinnable, but highly profitable war halfway around the world is not particularly new. Air America will illuminate another aspect and I saw in last weekend's chatter the mention of the spooks had used KMT opium smuggling to fund their projects. Interesting that there was a heroin epidemic in the US in 1970's. In the 1980's, the spooks were in Central America and there was a cocaine epidemic in the US, epicenter, Mena, Arkansas. There are a lot more dots to connect. The Dennis Hopper movie about Barry Seal, Double-crossed or Betrayed will help with that.

name.withheld.for.obvious.reasonsSeptember 14, 2015 12:14 PM

It am nearing conformation of the changes in the IC, let me state the 10,000m view:

1.) Implementation of Insider Threat Program, DoD response to Snowden Releases
a.) OPM is tasked with tracking SF-86 based clearances with new database
b.) A new database, NSA supplied, provides real-time security clearance evaluations
c.) Levels of scrutiny are define up to the SA-2 level
d,) Initial testing of the "Continuous Evaluation" program using the real-time data

2.) CIA, Now encapsulated within/as the USecDef of Intelligence USD(I)
a.) April 2015, re-tasked and re-org'd under the USD(I)
b.) The new Under Secretary of Defense is handed ALL PERSONNEL management functions fo the IC.
c.) The "Continuous Evaluation" is contained within the USD(I) new role(s)

My guess here is that the original "Continuous Evaluation" program that OPM was to operate represented a "risk" to CIA in a multitude of ways. Not the least being management of organization HUMINT resources, the CIA is layering itself with the IC.

But there is more to come...

name.withheld.for.obvious.reasonsSeptember 14, 2015 12:46 PM

@ Clive Robinson

Like you I see little hope for US politics, from the European perspective US Politico's are all so far right wing and thoughtless slogan chanting, that Douglas Adams joke about voting for lizzards has come true to life.

You're too kind!

Whilst at Cambridge for a few years, attempting to establish some development work in the silicon fen, I befriend quite a few of the community intellectuals. Scientists, researchers, philosophers, and political types were amongst the troupe of friends that found me and a few pints. Many of the conversations rotated around the topic of U.S. unilateral multi-lateralism, the binary vision/sight held by the U.S. political class was well visible outside of the U.S. and its territories. When inside the physical confines of the physical U.S. borders; The Canadian, Pacific, and Atlantic, and the Mexico borders restrained introspective, retrospective, and a number of other "spective" views of the world. I must say though, the United States has myopia down pat...

During these conversations I was given a message (a warning I could serve, a message for the powers that be in the states); if you re-elect GW, we are through with you--the United States cannot be trusted with its politic.

Nick PSeptember 14, 2015 1:38 PM

@ Figureitout

"Yep, except you know you're an ass though and seem to revel in it."

Reveling in ass seems like a nasty past-time. I stay clear of it.

"Found a paper for your link farm"

Decided to read it since you recommended it. Now, I regret that I skipped it as "another Scheme post" on Hacker News. It was a fascinating read of evolving a system from 8-bit to 32-bit to 64-bit with many rational or clever development choices. I like how they kept improving performance while keeping quality as high as can be. The willingness to rewrite or toss what was necessary to keep the whole thing sensible is quite a contrast to other legacy systems that force people to work around crud forever. They also learn from the past better than most in that a solution to an 8-bit problem in version 1 ended up solving a similar problem in the last, 64-bit version. Shows value of keeping those old tricks and papers stashed somewhere just in case.

Definitely adding it to my collection as there might be lessons for a Racket reimplementation or a certified LISP project in the future. Hell, their low-level stuff might even be useful in a LISP processor or hardware/software architecture. Who knows. Thanks for the good read, though.

@ Jacob

It was interesting. It's an adaption of the hacker strategy of tying problems or design artificts together into an attack. That's why no problem that leads to a crash should be considered too small to worry about. Esp on UNIX architecture, where they like composition of programs, it might be used for something worse.

A good argument for certifying compilers. I posted more on that here in response to Debian's concern for reproducible builds and compiler subversion. Had to call them out. Far as that tech gos, there's actually a project (CertiCoq) to build a compiler for the Coq theorem prover itself. The theorem prover is used to specify and verify correctness proofs of many other works (esp CompCert C compiler). A way to turn a spec directly into a binary would be the ultimate, correctness argument. Meanwhile, quite a lot can get done if Debian can run through CompCert.

CompCert's ML could run through FLINT implemented by VeriML on VAMP or RISC-V. That means the C compiler is written in robust ML, the ML is compiled by a robust compiler, that compiler's implementation is done directly with a verified interpreter, and the execution of that interpreter happens on a verified processor. The correctness of C compiler is proved from specs all the way down to assembler without any new developments past simple implementation of VeriML's back-end in VAMP. Put VAMP on several FPGA's with simple interface and SHA-2 hashing to cover hardware issues. They can post hashes of the whole tool suite where-ever they like with however much verification people want. They all end up with same compiler which produces same executable of Debian and anything else.

Then, they add optimizations to that compiler for performance boosts using ML for correctness. These can be checked with original compiler. Matter of fact, you could always do everything with original compiler in a recovery situation if you choose. So, clear root of trust, series of extensions signed/checked by parties you're fine with, easy inspection as ML is close to math of compilers, and continuous improvement of overall system.

They won't do it, though, because mainstream rarely does anything that makes that much sense. The CompCert C and ML extension part, I mean. The other part is the kind of high assurance stuff nobody does outside a few academics. ;)

Clive RobinsonSeptember 14, 2015 1:54 PM

@ Name.withheld...

It was once pointed out to me as a point of conjecture --whilst sharing a pint with people from Cambidge and UCL-- that the death of JFK most benifited the Bush family and their backers...

For obvious reasons it was not a point I felt was wise to follow up already having had a close brush with not just Brown and Root but Kroll as well, and a couple of companies in the UK set up by ex special forces. When exhibiting product at a non public trade show at Sandown Park in the late 90's, it was made clear I was "stepping on their turf" and they were decidedly unkeen on the incursion, and one of them made it clear they knew where I was then living, and what was in my kitchen...

rgaffSeptember 14, 2015 2:25 PM

@ BoppingAround, Sancho_P, etc...

Regarding Win 10 Enterprise, and whether it still sends all your private data to Microsoft or not...

The reason I keep bringing this up is, I dunno if any of you here have ever worked for a large corporation, but they usually tend to take the threat of one of their direct competitors stealing all their proprietary secrets pretty seriously!!!! So also, Microsoft really should be taking serious the threat of EVERY GODDAMN CORPORATION IN THE WORLD BANNING WINDOWS FROM THEIR OFFICES!!!!! And therefore, Microsoft really should be seriously offering some sort of guarantee that they're not doing that to any of those customers... somehow... especially if they're obviously and openly doing it to every home user! Otherwise, Microsoft should be filing for bankruptcy soon. Individual sheeple may not care about their privacy, but all large corporations REALLY DO CARE about theirs.

Now, whether you can ever trust such guarantees in the face of a simple "least untruthful answer" excuse letting you perjure yourself freely...

Wally HilliardSeptember 14, 2015 2:33 PM

@name.withheld "if you re-elect GW, we are through with you" That seems unfair. Do they blame the North Koreans for not starting a Green Party? Do they blame the Palestinians for not voting out unresponsive public officials in Tel Aviv? Do they blame the people of Equatorial Guinea for not massing in the streets for change?

The US is a fake democracy. The founding fathers are the Dulles Brothers. CIA replaces or kills judges anytime they want. Congress rewrote the War Crimes Act for CIA. JFK was the last president who didn't know he was a puppet ruler. The US population can't free itself without global solidarity and concerted pressure from the international community. The sooner people learn that the better.

ianfSeptember 14, 2015 3:43 PM


@ Clive, Dirk Praet, John Galt IV

… one of the reasons [Vietnam War] went really bad… the use of [1960s computer models] to calculate the "success" of the US measures

It was more complex than that, but it's true that at the time there was an unhealthy belief in validity (due to mechanical "objectivity") of what often were GIGO results. However, that was only one bad link in the chain of subsequent events.

One doesn't have to be old enough to remember the "Vietnam Conflict," to hold the only sane conclusion regarding the USA Mil.Ind.Complex's FUBAR intentions in South Vietnam 1958-1975. There exists an extraordinary piece of evidence, admission of (some—not all) errors delivered on camera by none other than the U.S. Secretary of Defense during the JFK build-up & LBJ's escalation of the Vietnam War (he resigned in desperation, or was sacked by LBJ in 1968). I am talking of the 2003 full length documentary “The Fog of War: Eleven Lessons From The Life of Robert S. McNamara” by Errol Morris.

READ MY KEYSTROKES: E.X.T.R.A.O.R.D.I.N.A.R.Y, even by the usual high standards of that filmmaker's.

Rent it to hear McNamara admit how the WWII-military academic "Whiz Kids" (he himself went from Harvard to USAAF bombings' statistical evaluation unit) escalated the conflict in the name of no more than an introvert, sacred anti-communist dogma of the Domino Theory, with North Vietnam being just a patsy for China & Russia's push for world hegemony. The scene in which the elderly, long-retired statesman McNamara recounts a 1993(?) meeting with his once North Vietnamese counterpart, during which he first gets to hear that "we Vietnamese have been battling the Chinese for a thousand years," is beyond priceless. And the entire film, which then-87yo McNamara obviously considered to be his "holding the Communist Monolith at bay" management record's lasting legacy, is filled with such warts n' all moments, none of them remotely hagiographical (anyone wishing for more corroboration & deep background of the origins of the Vietnam War could do worse than read "The Best and The Brightest” [1972] by David Halberstam, a low-key account of how all those brainiacs & self-imagined progressive politicos of the post-Eisenhower era fucked it up big time for the Americans & us all.)

Gerard van VoorenSeptember 14, 2015 4:19 PM

Things are now going fast when it comes to war talking about Syria. One question. What is the best time (which months/season) for a ground war in Syria, considering the entire operation?

name.withheld.for.obvious.reasonsSeptember 14, 2015 6:01 PM

@ Clive Robinson
Can I assume that your are now beyond the KBR, Kroll, and/or Carlye Group influence or pressure(s). It would seem that we are well beyond the intimidation tactics, if there had been the apparatus available back then what would have been the result/outcome. Criticism seems to survive the initial salvos until a nerve is hit (when someone outside your own silent circle) and others start to carry the message forward.

When others start parroting your message or thoughts, that's when it can go really bad. Today the scale of hubris within the IC is so grand that to engender the attention of the IC requires some creative shouting.

I guess what I am suggesting is today's "trigger finger" is more relaxed as the gun can be fired at nearly any time to achieve the desired result. Many here may be "tagged" as NLD ("Non-Lethal Dissident") and marginalized as a threat to IC components.

name.withheld.for.obvious.reasonsSeptember 14, 2015 9:20 PM

@ Clive Robinson,

...and one of them made it clear they knew where I was then living, and what was in my kitchen...

Ha, I don't even have a kitchen, so no worries here mate. Without a kitchen my location and assets are outside the purview of Intel-marauders.

I wonder if I lose the bathroom, or maybe just the sink, the environmental EMF/EMS signature is reduced and thus no need for heavy shielding.

65535September 14, 2015 9:48 PM

@ rgaff

“…I dunno if any of you here have ever worked for a large corporation, but they usually tend to take the threat of one of their direct competitors stealing all their proprietary secrets pretty seriously!!!! So also, Microsoft really should be taking serious the threat of EVERY GODDAMN CORPORATION IN THE WORLD BANNING WINDOWS FROM THEIR OFFICES!!!!!”

Yes, I have worked for a large corporation and they take competitors stealing secrets seriously.

Because Win 10 was a free “up-grade” it took off fairly fast. But, Win 10 adoption has slowed.

Here are some samples:

‘Windows 10 Growth Slackens Amid Bugs, Privacy Concerns and Forced Updates’

“After a storm that Microsoft created with Windows 10 launch, seems like the initial hype is going down in flames.” –wccftech

http://wccftech.com/windows-10-adoption-rate-slows-down-amid-privacy-concerns/

The growth march of Windows 10 slowed this week as gains stalled starting on Monday…On Tuesday, Windows 10's week-over-week increase fell under 20% for the first time, and its absolute increase in user share slipped under the one-percentage-point bar, also for the first time.

Yesterday... Windows 10's user share was 5.7%, or 15% higher than the previous Wednesday. Likewise, the eight-tenths of a percentage point increase between the two was the smallest seen so far in StatCounter's tracking… the flat line shown by Windows 10 this week was a first. Even as growth slowed last week between Monday, Aug. 10, and Wednesday, Aug. 12, Windows 10 recorded some day-over-day gains, small though they were. However, between Monday, Aug. 17, and Wednesday, Aug. 19, Windows 10 lost about half a percentage point of user share… did not happen six years ago when Microsoft launched Windows 7. During the first three weeks after its Oct. 22, 2009, debut, Windows 7 grew slower than has Windows 10, but never lost user share except on a Monday following a weekend peak." - Computerworld

http://www.computerworld.com/article/2973959/microsoft-windows/windows-10s-usage-share-growth-flatlines.html

‘Windows 10 adoption rate shows signs of slowing down’

"…[Window 10] software's share of the market skyrocketed from 1.36% to 3.78% one week after its rollout began, but one week later it was stuck on 4.95%. Taking a closer look at the figures, Windows 10 is gaining users at the expense of Windows 8.1, which dipped from a 15.03% share to 14.09% that week… Windows 7 was relatively steady, dropping from 53.5% to 53.46%, while Windows 8 lost only 0.11% of its user base." -digitalspy

http://www.digitalspy.co.uk/tech/news/a663831/windows-10-adoption-rate-shows-signs-of-slowing-down.html

‘Windows 10 growth flattens out to 30 per cent per week… Redmond's latest can't quite crack five per cent market share’

"Windows 8.1 took a solid hit, down from 15.03 per cent share to 14.09 per cent. Windows 8.0 dipped just 0.11 per cent to 3.39 per cent of the market, while XP dropped 0.24 to 9.74 per cent [note about 10% of online users still have XP -ed]."

“On those numbers it looks like like Windows 10 took a big piece out of Windows 8 and a decent bite from Windows XP's market share. Those who were planning a move from Windows 8 may have done it…Grabbing five per cent of a global market in under three weeks is no mean feat, but will just shy of five per cent of the market satisfy Microsoft? Even taking into account recalcitrants like Sony advising its customers to wait a few more months before adopting Windows 10…” -The Register

http://www.theregister.co.uk/2015/08/17/windows_10_growth_flattens_out_to_30_per_cent_per_week/

I would argue that the real test of the adoption rate of Win 10 is by countries that have real data to lose like China [PRC] and Russia and the like. Those numbers will tell the real story [information leakage and trust in the EULA].

We still don’t know exactly how much Windows 10 enterprise leaks. That will take careful testing – and I doubt the news will be out soon.

rgaffSeptember 15, 2015 12:58 AM

@Nick P

Basically that looks like a screen and keyboard attached to a Raspberry Pi...

(a lot of keyboards do have hardware in them more powerful than a TRS-80)

tyrSeptember 15, 2015 3:15 AM


@Jacob

Thanks for the pocorgtfo link. I particularly liked the
cryptosystem article on page 60. The only thing missing
is the fnords.

I wonder how that would work as a voice system. Use the
speech to text as an input, do the lookup table, send it
and have the receiver end decode and feed it to a text
reader and output the sound. Shouldn't be overly hard
to do using modern tech but it wouldn't be hi-fidelity.
Hardly useful for strategic obfuscation but you could
make a very good tactical voice encryption system and
you could pass the necessaries in plaintext. With a
multiple set of lists and a numerical start here number
it would be a bitch to crack in real time.

I also liked the SweetP accessory ad... : ^ )

Nick PSeptember 15, 2015 10:59 AM

@ rgaff

"Basically that looks like a screen and keyboard attached to a Raspberry Pi..."

No, there's a computer in there. It processes what's sent to and received from the Rasp Pi. How useful, who knows.

@ Clive Robinson, Figureitout

Meanwhile, I found a modern manufacturer of the ultra-reliable chip that ran Voyager for so long. Not sure if it's fabbed on a similar process. Comes with a listing of about every state it can be in along with many waveforms. Might make black-box validation easier. Chip itself might be useful as a component in tamper-resistant setups or guard interfaces.

CuriousSeptember 15, 2015 11:36 AM

"Attackers install highly persistent malware implants on Cisco routers"
http://www.itworld.com/article/2984083/attackers-install-highly-persistent-malware-implants-on-cisco-routers.html

"Mandiant, a subsidiary of cybersecurity firm FireEye that specializes in incident response services, has seen the rogue firmware on 14 routers in Mexico, Ukraine, India and the Philippines."

"The models confirmed to be affected are no longer being sold by Cisco, but there's no guarantee that newer models are won't be targeted in the future or haven't been already."

"Cisco published a security advisory in August warning customers about new attacks that install rogue firmware on routers made by the company."

Clive RobinsonSeptember 15, 2015 12:28 PM

@ Nick P,

As for the T100, yes I remember various journous with one including Guy Kewney who is sadly no longer with us. One of his claims to fame was rebuking Bill Gates in public, yet as you may the T100 BASIC interpreter was actually written by Billy Boy 'the weeble impersonator and all round rotten egg (atleast that was what he used to smell of).

The author of the article also mentions he has an Apple ][ with language card and super serial card, and is thinking of doing a similar thing with it... I can say I've long beaten him to it I've used mine as a terminal connected to the micro-vax I've got squirreled away.

As for the 1802 that CPU has been around for so long now, it just refuses to go away. As far as I'm aware it was the first Rad-hardend 8bit CPU. I used to design around it back when I used to design electronics not just for satellite payloads but also for RTUs in the petrochem industry.

It's actually quite forgiving on the interfacing side and thus not picky about who's IO chips you hook it upto.

Clive RobinsonSeptember 15, 2015 12:54 PM

A 42 year old Security Gaurd has become the first person convicted in the UK for flying a drone in breach of CAA regulations.

He has been found guilty on 9 seperate offences (though originally charged with 17) and has repeatedly had his equipment conviscated and been given warnings he was endangering people and his actions illegal...

http://www.bbc.co.uk/news/uk-england-nottinghamshire-34256680

Sadly he has only been given a fine... if he had behaved as recklessly whilst driving any other type of vehical he would have almost certainly received a custodial sentance upto six years in duration.

rgaffSeptember 15, 2015 4:40 PM

@Nick P

"No, there's a computer in there. It processes what's sent to and received from the Rasp Pi. How useful, who knows."

Maybe I forgot the smiley? :) My point wasn't that it was literally only a keyboard and display, only that it looked that useful, and fairly close to that underpowered :)

@ 65535

So maybe there's hope that Win 10 will be a dismal failure (relatively speaking) due to its spying? We'll see...

FigureitoutSeptember 15, 2015 10:02 PM

Moderator RE: spam
--Sorry to be the 20th person to tell you but I think Mr. abg.anzr.jvguuryq is a spam lol, well more just garbage since there's no links. Or an OTP canary lol. Spam's been picking up, perhaps time to change the "fill in the blank" word?

Nick P RE: you reveling in ass
--Maybe you should try it, you might get some Sorry you set that up too well :p

RE: cdp1802a
--Good find, seems like a decent chip, really liked the block diagram. I'd prefer it for tamper-resistance since I'm going to have to lean on someone or something for guard protocols. Of course you know the few words that jarred out to me, I'll quote them: "provides a synchronous interface to memories and external controllers for I/O devices" [...] "the I/O interface is capable of supporting devices operating in polled, interrupt-driven, or direct memory-access modes"

So if the clock is immune from external interference (perhaps NASA can keep a good perimeter and protect payloads physically 'til launch) then that's not a problem.

Back To The Fusion: They Travel via Light!September 15, 2015 10:26 PM

Back To The Fusion: They Travel via Light!

:::::::::::;;;;;;;::::::::::::

Consider this:

Doc Brown and Marty McFly as cannibals traveling through time.

Mr. Fusion running the best on human flesh, the same "Soylent" material found in a lot of food, hidden there for the masses of alien/human hybrids to consume. These hybrids or the evil ones themselves rely on consuming human flesh, blood even dried blood packets to retain their human form. If you're in a disordered state of mind you may well begin to detect/smell this evil mixed into the food supply and a unique smell the hybrids and evil have. They are everywhere.

One newspaper said "Doc" was committed to a mental institute. Both Doc and "Marty" were obsessed with changing the natural order of things, events in their precious time line, even though they both spoke bad of it briefly by saying they should not interfere and come into contact with their family.

Marty's girlfriend was left like garbage on a porch while Doc goes back in time to rescue his "Beast" (his dog). The dog bowl filled with old and new dog food (the dog/beast doesn't eat dog food!).

Notice the Beast travels through time first only then to be joined by humans. Notice the blinding light/flash as the time machine vanishes into another time.

This is the tip of the iceberg.

!!!

travel via light.. yes.. the evil ones do this..

They Live shows this as they go into a room to travel they travel via light..

K-Pax shows this at the end of the movie.

There are other movies too which show this. Light is almost always involved. There are "props" too used in movies to hide the fact that it is light.

And while some movies show travel by light, others show a hidden appearance by way of light, like the arrivals movie.

!!!

Notice during a very important scene where Marty and his girlfriend are talking, and the lady approaches them and gives him a flyer and asks them to SAVE THE CLOCK TOWER! and his gf writes her number on the paper, during this scene which is both important and powerful, which follows with The Power of Love song, Marty uses the Jesus/Christ curse. The scene has so many subtle things going on in it you may not even notice it.

!!!

Some Anagrams for: save the clock tower

Wacko Etches Revolt
Warlock Etches Vote
Warlock Tech Vetoes
Warlock Covets Thee
Cloaks Corvette Hew
Cloak Vetches Tower
Aw Electroshock Vet

FigureitoutSeptember 15, 2015 10:49 PM

Nick P RE: cdp1802a
--Skimmed its datasheet (bastard, I had other things to do). *Really* good, felt like a work of art. 27 pages...that's...securable. I'm used to 500+ pages (generally means 200 pages of stuff you should read at least 3 times) and the beaglebone chip has documentation let's just say over 5000 pages (and here's where you have to rely on defaults to not screw you...). Saved that link.

thevoidSeptember 15, 2015 11:51 PM

@Figureitout

spam has been picking up, but that fellow's actually not spam, just rot13-ed.

abg.anzr.jvguuryq ? September 14, 2015 10:25 AM

Tbbq wbo, fgebxr uvf rtb fb jr trg zber cngevbgvp pbzrql tbyq.

translates to:

not.name.withheld ? September 14, 2015 10:25 AM

Good job, stroke his ego so we get more patriotic comedy gold.


i think he was talking about Skeptical.

FigureitoutSeptember 16, 2015 12:05 AM

thevoid
--Ah, lol. Well, I guess ciphertext is fair game, but would suck to try to read during lunch break...

tyrSeptember 16, 2015 2:22 AM


Off topic

I was thinking if you examine the long term effects of
the last few decades something odd has happened. Hungary
just closed the border to Serbia.
Serbia is an interesting place, it was where WW1 started
and the lollygagging of Austria-Hungary was what dragged
in all the other players. It has some nice flat farmland
if you look at a topo map it's called Kosovo. The next
door mountainous neighbor is Albania. Albanian Muslims
had been slowly migrating into the farmland and the Serbs
objected to this. Nothing new it is a buffer between the
islamic areas and euro christians so they have been at
each other off and on for centuries. This time the Net
gets in the act the Albanians present themselves as the
innocent victims and USA and NATO pound the crap out of
the Serbs. Note that this does not make either Serbs or
their islamic invaders the good guys in some sappy tale
of good versus evil. What it does do is remove a block
against Islamic expansion into europe.

Likewise Libya is not the good or bad guy in some sappy
story for kindergarden. They were a block on the way to
Europe for any odd wanderer who wanted to get away from
the gregious scumbags who run african countries. NATO
bombs the crap out of them and they are too busy to try
to stem any migrant tide into the Med and then Europe.

That brings us to the latest truly horrific hairball
which shows up as Syria/ISIS in the simple-minded tales
called news. Everyone involved has an agenda, nobody
has sense enough to pour piss out of a boot and those
who don't want to live in a warzone/be recruited/ or
converted exterminated head for Europe right through
the wide open gate of Serbia. The Serbs aren't going to
kill them, that got them bombed last time. However they
will profiteer off the refugees and wave goodby as they
enter Hungary.

Now it would take a better conspiracy buff than me to
fit all this into some wonderful long-range plan by
(insert favorite scapegoat group here) for some agenda
that makes sense. Unless you think Assad and Putin
are planning to sieze Turkey while NATO fights off the
mess they created.

Like Clive says we are living in interesting times.

Clive RobinsonSeptember 16, 2015 2:41 AM

@ Figureitout,

My first thought was "more spam" but some of the greyer brain cells kicked back...

It is many years since I could read "Ceaser Ciphers" as "plaintext" by eye, but my fingers did the counting and getting "goo" was enough to make the brain start to fill in the blanks.

It appears the use of Rot13 has died away these days even though M$ have been known to use it in the registry...

As a rule of thumb fixed alphabet substitution ciphers are easier to break than fixed transposition ciphers, when made variable and combined they can "Make your brain pleed".

Clive RobinsonSeptember 16, 2015 4:17 AM

@ tyr,

Everyone involved has an agenda, nobody has sense enough to pour piss out of a boot...

That is a fairly acurate description of thos formulating US foreign policy.

I don't know if you have heard of the "Single Bullet Theory"?

Put simply we all get taught WWI started with a single bullet fired by what we would now call a terrorist or freedom fighter (or raving idiot ;-) Thus the theory starts with a thought of "If a single bullet can start a war, then can a single bullet stop a war?". That is if you assassinate the right person early enough... It's most certainly what one of the founders of the CIA believed.

It's fairly clear that this thought occurs frequently, during WWII the British on several occasions thought sufficiently about assassinating Hitler that detailed plans were drawn up but were always vetoed. It is said that one reason for this is the unitended concequences of the assasination of Rasputin.

The simple fact is the "Single Bullet Theory" is a nonsense based on faulty thinking. Wars start not because of the actions of a single person "who strikes the spark" but by the much larger socio-political situation that starts as a simmer but builds up to a boil, where any spark will ignite the situation.

Thus going back in time and shooting an individual will just change the individual that provides the spark, not stop the spark. Thankfully we can not travel back in time, however it does not stop people (like the US IC) trying to make predictions about people and preemptively assassinate them (hellfire from a reaper).

It visibaly fails to work, and in fact can be shown to add more fuel to the fire pile, so when the spark happens as it surely will the situation explodes.

The other thing is history shows us these "spark strikers" are unknowns, thus you can not preemptively kill them because there is no way to identify them.

Which brings out a couple of oter points where the US is going wrong.

Firstly, the same problem as blights forensics blights this idea, you can not argue backwards from effect to specific cause beyond a very small distance. This obvious fact shows why the "collect it all" policy has not and can not work. It's a runiously expensive way to "fail to find chaos's butterfly".

Secondly if you assassinate someone prior to them starting to take action, you lose many things. Obviously the intel to date becomes invalidated and you don't know who will replace them and what they will do, other than history suggests it will be more revenge motivated...

History shows that revenge has an endless spiral component which gives rise to fights that regularly go on for more than half a millennia. It gets to the point that nobody involved knows either the original cause or how to stop the fight as all involved just want to kill each other due to what they have been brought up to do.

Oh and history shows there is ultimately no profit in war, early gains get lost and social positions get changed by force.

A walk from Bocham in Germany through what feels like an interesting park, is in reality a walk through the miles long ruins of the Krupps armaments factory, broken and destroyed and the ugly wounds on the landscape getting slowly obliterated by grass, trees, and the feet of children at play. Likewise Empires rise and fall, they have no permanance.

The British Empire was a myth, it was started by pirate traders and adventures, most forgoton within a generation. The few remembered like Cecil Rhodes, because of the magnitude of the harms they caused. Long before the hight of the Empire during Victoria's reign, the politicians knew that empires cost more to run let alone defend than they are worth. Thus they topple under the explotative imbalance they create and are crushed by the need of the masses.

It's a lesson the US has obviously failed to learn the latest round of explotative tricks in trade agrements shows that.

Ultimately as the "Commonwealth" is showing the way forward is by peace and fair trading, unfortunatly this causes what the elites fear more than a loss of profit or assets, a loss of status, to become equals to the masses is their "fear most dread". They lay claim to conservative religion as their codex, but forget it teaches "That all men come from the common clay, and to the common clay they will return"...

Ultimately peace and prosperity can only happen via equality, this means sharing not hording, and accepting that the tide raises all boats equally. We live in a "finite world with a rising population", the American Dream comes from a less enlightened time, when it was not just the west that was wild. Back then things in "the new world" appeared to be just for the taking, and people forgot the lessons of "the old world" they had come from...

Those people from Africa and the middle east, want to do the same thing, they want to leave their "old world" for what they see as "the new world", and their reasons for doing this are little different from the Pilgrim's reasons...

The lesson to remember is that with them the Pilgrims took the society they were running away from, because people can rarely break fully with their past. Thus those that are fleeing from Africa and the Middle East, will in all probability bring what they are running away from, for future generations to suffer.

The question then arises "How do we break the cycle?" such that people are not driven to flee their homelands. One way is not to make their homeland a living hell compared to where we live, and likewise ensure they have a viable future in their homeland.

John Galt IVSeptember 16, 2015 5:57 AM


as always, I think that full spectrum domination in ethical hands would be one of the better things that has happened on your planet. unfortunately, it is rare to find ethical and enlightened people in positions of power. even if they arrive in power that way, they usually are subverted by the carrot or the stick. this doesn't mention the 100 kW laser backup for those craft that can't be commandeered. with sufficiently robust controls, even that is a good idea. one US analog of this system is the Baltimore blimps, for which the 100 kW laser system has not been mentioned. if I haven't said it before, The Pentagon Wars is both a brilliant movie and a brilliant book.

http://sputniknews.com/science/20150916/1027051586/drone-shield-selex-uav-dsei.html
...
UK defense firm Selex ES on Tuesday unveiled an electromagnetic shield designed to defeat commercial drones.
After three years of development, Selex's Falcon Shield system made its public debut during the Defence and Security Equipment International exhibition in London.
The firm did not explain in great detail the proprietary technology, which was developed with military customers, but said drones can be detected, taken over and then flown to land safely away from the target being protected.
"Electronic warfare is the ability to control the electromagnetic spectrum," said Stephen Williams, C-UAV capability manager at Selex ES.
"It's about passively sensing an enemy target using radio frequencies so that the enemy doesn't know you know they are there, and then finding a way to counter that target."
The Falcon Shield system is scalable to provide protection to any size of location – from a small group of people, to a convoy of vehicles, to large-scale critical infrastructure or military bases.

Clive RobinsonSeptember 16, 2015 6:44 AM

@ John Gaut IV,

UK defense firm Selex ES on Tuesday unveiled an electromagnetic shield designed to defeat commercial drones.

From what you have quoted, it sounds like it's scanning for EM emissions from the device, to locate it, then based on that --and possibly visual sighting as well-- looking for the ground control signals, and tacking them over.

That will work for toy drones but it would not take much effort to RE a drones control micro, and then re-chip with an encrypted version ot just one that works significantly differently, to stop the take over phase.

As for the detection phase, there is no reason for either the drone or ground control systems to emitt EM radiation, if the drone is made autonomous. Such "autonomous" systems have been around in the form of "automatic pilots" for over half a century, and back in the 1980's we had "cruise missiles" that not only had a fairly sophisticated auto pilot, but autonomous target identification and munitions deployment. You could build such a system with a mobile phone with little difficulty, just pick one where you can re-flash the OS such as many Android devices, quite a few can be purchased outright for 200USD or less with every thing you need and then some.

So the Shield whilst working for the technicaly unsophisticated anyone who is "engineering graduate" or better educated should not have many problems evading it.

John Galt IVSeptember 16, 2015 7:40 AM


@Clive

Excellent critique. All of their cards are not on the table in this article. They have sophisticated optical and radar tracking in the works. The Baltimore blimps use very sophisticated phased array radar capable of tracking hundreds to tens of thousands of moving objects in the field of regard. The benign countermeasures described in the popular press are the velvet glove. The array of hyperkinetics, high power laser, high power microwave, etc. countermeasures will be adequate for maintaining a secure aerial environment around high-value targets. I realized this morning that transponder-based systems are going to be required for robotic cargo submarines to ply the oceans. The same collision avoidance systems that are being deployed in the air. The fact that the expense of these systems lock small players out of market is a feature, not a bug. You could think of the transponders that will be required on everything as license plates. Again, it's not a bad idea, except for the part where unprecedented powers are lodged in groups of individuals with a reckless disregard for the law and a keen focus on lining their own pockets.

ianfSeptember 16, 2015 9:30 AM


Theoretically, that Selex ES could be looking for/ detecting some combination of a buzzing-audio profile & EM emissions "air-footprint" around the defended sites, but, as Clive said, well-engineered, autonomous drones have no reason to radiate any EM presence around them. There are a couple of guys on YouTube etc doing what they call "zombie drones," a kind of hi-tech tag game, where one drone makes another one his(her?) follow-Simon-bitch, which this Selex stuff probably could thwart, but that's as far as it could go (within the hitherto disclosed parameters of their new defensive anti-drone technology).

Nick PSeptember 16, 2015 10:12 AM

@ Figureitout

"Skimmed its datasheet (bastard, I had other things to do). *Really* good, felt like a work of art. 27 pages...that's...securable."

I knew you'd like it. I'm not an 8-bit fan but I keep coming back to it. A strange for me but interesting architecture. The main reason for my interest in it is that it's the brains of spacecraft like Galileo: over 14 years uptime in harsh environment. Wikipedia page said it achieved it with its design plus the Silicon on Sapphire process. SoS is more rad- and EM-resistant than most. Plus, you can say you're chip is blinged out with sapphire. :) Peregrine Semiconductor still develops that for RF at up to 130nm.

Anyway, the design is proven. The specs seem to have unusual amount of data on its states/waveforms. Correct me if I'm wrong on that as you look at a lot more of the datasheets than me. Just seemed like this one was more inspectable for quality of info as much as no. of pages. Putting it on an older node, esp SOI, might replicate the reliability of old one. And we all know reliable functioning is a pre-requisite for secure functioning in most designs.

Note: You can also instruct it to "SEX." Designers probably included that for purely, professional reasons. Another bonus is this great picture of it. Neat looking at the patterns of the wires. I find that laypeople also enjoy seeing what a chip is underneath as it gives them some perspective.

Nick PSeptember 16, 2015 12:41 PM

re hardware synthesis

Found some interesting links for those wanting to see what cutting edge looks like. This article is about high-level synthesis of 3D designs. This article is about working with 5nm cells and synthesizing circuits. That's pretty amazing stuff. Makes you wonder how much further it will go.

Far as open-source, I've had concerns about getting it lower than 180nm: the weird effects at 130nm and below prevent a simple strategy. One typically has to do actual place-and-route synthesis of the design, measure that, do lots of tweaks, re-synthesize, and so on. Lots of different issues to work around, too. "Physical synthesis" tools for this are expensive and proprietary. Well, this group created a tool (DELPHI) to do some of this thats work with open-source Yosys/ABC synthesis and got results at 32nm. There were talks about releasing (open-sourcing?) that one. Their other tools are interesting, too, with a NoC generator and a GA-based solution for optimizing FPGA designs.

CuriousSeptember 16, 2015 12:44 PM

Washington Post has apparently access to a draft on US government's future approach to encryption:

"Obama faces growing momentum to support widespread encryption"
https://www.washingtonpost.com/world/national-security/tech-trade-agencies-push-to-disavow-law-requiring-decryption-of-phones/2015/09/16/1fca5f72-5adf-11e5-b38e-06883aacba64_story.html

There is a "National Security Council" link to the draft in the article.

The very top of the document is titled "Review of strategic approaches".

"This summer, the National Security Council produced a draft paper setting out options for dealing with strong encryption on communications devices.!

Nick PSeptember 16, 2015 4:20 PM

Was looking for a replacement for GPU, DSP's, etc concerning anti-subversion. Much of that remains black-boxes with open efforts not so good. Gotta consider GPGPU stuff, too. I liked Ambric's architecture for this as they hit high numbers with easy-to-learn programming model. They're gone. However, found this:

A 167-processor computational platform in 65nm CMOS

Turning that into something more real

So, 167 simple processors running at 1.07GHz w/ 1.2V and 47.5 mW of power. Supports having accelerators for fast-fourier, video, etc. Does over 198 billion ALU ops a second w/out the accelerators. A simpler version, cheaper to implement, implemented a 180nm chip with 36 processors, 520MHz, and 32mW average at 475MHz. Should still blow most DSP's out of the water performance-wise. The lab does a lot more cool stuff here.

Simple route for open GPU/DSP might be to license and build on their hardware. Or buy it outright while still letting them use it perpetually for their own research. Might make a nice extension to cheap, homebrew computers and FPGA-centric stuff.

Sancho_PSeptember 16, 2015 4:49 PM

@Curious

I take three points from the WaPo article:

(1)
"… said a senior administration official, who was given permission to be interviewed, but on the condition of anonymity because of the topic’s sensitivity."
Read:
“We don’t know if what we say would be our opinion, or if we have an opinion at all, so we may speak but do not think first.”

"… said a second senior official, who, like several others, was not authorized to speak on the record."
Read:
“There is nobody authorized to reveal our void, because it’s classified.”

(2)
Our actions will be clear and immediate, as to boycott the Waldorf Astoria:
”I guarantee you we will win if we have to.”
(POTUS)
[“… if we have to.” is a remarkable sidestep anyway]

(3)
Beloved guys at the CIA, we need your help here.
”We do not have the perfect example … dead child … terrorist plot …”
- and encryption, of course!
Now!

***

Thanks for the SYNful Knock link, amazing!
25 in the US … they simply have forgotten to deactivate the test objects, they'd never spy on Americans.

ThothSeptember 16, 2015 9:30 PM

@all

New dictionary words for security I would like to introduce:

- Upper Echelon Security (UES). The protection of the Upper Echelon of society in an attempt and belief that such protection afforded to the higher ranks of society would constitute to a whole protection of society by virtue of protecting the higher ranks of society.

- Individual Security. An individual security is the protection of an individual against a group or other individuals. The security mindset is that equipping every individual with the ability to resist as a defensive mechanism that would allow society to be better protected from every individual's efforts.

rgaffSeptember 17, 2015 5:11 AM

@Thoth

In my opinion, we need to stop saying "well, it's impossible to protect against state actors, so don't bother" and just sit down and say "well, exactly what WOULD it entail to protect every individual from every state actor... and see what we CAN do to inch toward that goal... Because anything short of that is just giving up and accepting Naziism as inevitable.

This may be kind of what you meant by "individual security"?

(Except that I think I've broken Godwin's law when this really is my central argument to modern Orwellian spying.)

CuriousSeptember 17, 2015 5:23 AM

Reading a tweet by Christopher Soghoian, I am intrigued by this notion of live/current/recent surveillance data being thought of as "historical data", as I can easily imagine how "historical" might be some kind of logical category that could perhaps be abused in a legal setting as a kind of loophole.

I guess that a specific issue would then be there possibly being a dichonomy of 'live' and 'historial', one that might not be useful for every context. I would think that 'live' and 'not live' would make more sense intuitively, maybe even with an intermediary state of 'delayed'.

https://twitter.com/csoghoian/status/643824378384384001

There is a reference to a document, but it won't load for me at present time.
https://appellate.nccourts.org/opinions/?c=2&pdf=32993

Everytime I see a reference to something being a "live" video/audio recording, I can't help but think that in our modern time, no broadcasted event is really 'live' anymore.

ThothSeptember 17, 2015 6:47 AM

@rgaff
That is my exact meaning for Individual Security. Do note that my thoughts and Whitfield Diffie's ideas of Individual Security are the same. The thought is something like what USA was in the past and should have been like in the present where everyone has at least a gun behind their front doors to protect themselves.

Link: https://en.wikipedia.org/wiki/Whitfield_Diffie (under Philosophical leanings)

ThothSeptember 17, 2015 8:49 AM

@all
How to walk pass the front door lock of an Android 5 OS without needing any vendor coercion.

All you simply need to do is spam the password input field for the lock screen with so much characters to the point it crashes and simply gives you entry into the kingdom :) . This does not mean that you should ignore Full Disk Encryption of SD Card and Phone Memory as a cold booted phone would not allow decryption of disk contents until correct password is entered to form the decryption key.

Link: http://arstechnica.com/security/2015/09/new-android-lockscreen-hack-gives-attackers-full-access-to-locked-devices/

SkepticalSeptember 17, 2015 10:39 AM


@Spooge: One of the least corrupt countries in the world! In TI's Corruption Perception Index the US clings to 17th place with a 4-way tie.

Yes Spooge, along with that notorious haven of corruption, Ireland. You seem not to understand how to read the CPI or what the overlap of the confidence intervals implies. Just so we're clear, the CPI - and TI's other work - along with the other two widely used corruption indexes support that the US is one of the least corrupt countries. It's really not a controversial claim for anyone who's familiar with the subject.

Remember when you tried to attack Syria last time? Remember when Russia intercepted that missile?

lol Hey you managed to make me laugh. Thanks.

What did you do to them? Nothing. Jack shit. You backed down. Even Libya made the US back down, just by taking you to court. Pussies. Then Skeptical pulls more whimsical unsupported assertions out his ass till our eyes glaze over. Clearly he's got no access and no need to know.

I have my newspaper subscription and you have your conspiracy websites and Russian propaganda outlets. I like fiction too, of course, but I don't confuse it with reality.

This one's my favorite:

Cold War? You mean that ridiculous duck-and-cover nonsense that paused when the USSR disbanded itself? They lost interest in the whole charade.

I loved that one. The Cold War as a charade. Great stuff.

So, ace, what's your expert assessment of the likelihood of a Kindleberger crisis given the maturity structure of their debt? You don't know shit about economics, give it up.

I merely share the assessment of the Russian Government that their economy is contracting at an annual rate of 5% and that inflation continues to run at 16%. I said nothing about their sovereign debt, and of course I lack the capacity to analyze such a challenging subject and leave such matters to more enlightened minds such as yours.

Nick PSeptember 17, 2015 11:01 AM

re Assembly programming in Python

I think the PeachPy project is potentially a real advance in assembly programming. The problem, illustrated in the slides, is that many programs are very similar. However, you're looking at quite a bit of work reusing the code. Not to mention working with it. The PeachPy project gives you Python tools that make that easier. Better parts are automating the boilerplate, autogenerating calling conventions across systems for same code, and making files like ELF or or Mach-O. Any assembly programmers here feel free to try it and report the results.

SkepticalSeptember 17, 2015 11:07 AM


@Dirk: At least Russia is paying the price for its foreign policy itself.

I think some in Ukraine, Latvia, Estonia, Lithuania, and elsewhere, may disagree.

The US is making large parts of North Africa, the Middle East and Europe pay for its own catastrophically failed foreign policy of "regime change".

Believe it or not Dirk, brutal dictatorships with an unhappy populace and a dysfunctional economic system often manage to sow the seeds of their own destruction by themselves.

The Syrian Civil War began with protests against Assad's government, which were brutally suppressed by Assad (as usual) - but this time the suppression provoked further protests and some key defections from military and security units. And from there Assad's control over much of the country slipped away, and in place of a tenuous order there emerged instead a civil war.

The US had nothing to do with it. Europe had nothing to do with it.

Us over here can't wait for even more US involvement in Ukraine so we can have an even bigger influx of migrants and refugees from that region too.

Maybe you should let Russia build a new wall to prevent such things.

As to Syria, maybe someone in the European Commission should have the balls to reach out to the Kremlin and start some talks with Putin to see if the EU and Russia can't work out a joint solution outside of a NATO context that would forcibly include the US. It would make much more sense than having the US create just another cluster f*ck. When even Pentagon analysts are starting to revolt against senior leadership painting a completely wrong narrative of the so-called progress against Da'esh (IS), it becomes painfully obvious that something in the US strategy is just horribly wrong.

If you want to stop the Syrian Civil War quickly, you'll need a few hundred thousand troops and a timeframe of 10-20 years to allow for a functional Syrian state to develop. How many Dutch soldiers are willing to die to impose order in Syria? Otherwise, all you can do is attempt to manage the problem. In the case of refugees, that probably means more refugee camps closer to Syria.

The US does not have a strategy to end the Syrian Civil War. Neither does any European country. Neither does Russia.

The US and European countries do have a strategy with respect to ISIL and AQ, but that's a different matter.

SkepticalSeptember 17, 2015 11:50 AM


@Clive: Put simply we all get taught WWI started with a single bullet fired by what we would now call a terrorist or freedom fighter (or raving idiot ;-) Thus the theory starts with a thought of "If a single bullet can start a war, then can a single bullet stop a war?". That is if you assassinate the right person early enough... It's most certainly what one of the founders of the CIA believed.

I cannot think of a single history or analysis of World War 1 that claims a single bullet was the determining cause of that war.

The formation of the major focus of US foreign policy post World War II was driven by a broad historical, social, and political analysis of the Soviet Union. You'll find little in George Kennan's writings that suggests a single bullet held the answer to preventing a future war. I think you're vastly underestimating the magnitude of research and analysis that is involved in the formation of national strategy.

But we need to distinguish such questions from strategies and tactics that would be adopted during very particular circumstances, such as a military conflict. If you were ambushing a column of enemy vehicles, for example, as I suspect you well know, you might quite rightly direct certain fire at the vehicle carrying the command component. If you wanted to disrupt an enemy's ability to coordinate the movements of entire divisions, you might target the command structures engaged in such coordination.

Thus going back in time and shooting an individual will just change the individual that provides the spark, not stop the spark. Thankfully we can not travel back in time, however it does not stop people (like the US IC) trying to make predictions about people and preemptively assassinate them (hellfire from a reaper).

The US isn't "preemptively" killing anyone, and the targeting certain resources of enemy organizations and networks is not predicated on some "single bullet theory" of war. It's based upon an analysis of the enemy organization or network as a system, its critical vulnerabilities, and a weighting of the costs implicated by possible strategies to achieve the desired end state and the effects of those costs on US ability to pursue other national strategic objectives.

Listen, from a long-term vantage ISIL and AQ are distractions. They need to be handled because in the short-term they do present disruptive threats (they also showcase avenues of attack that a state might adopt against the US), but they're not long-term strategic challenges. Hence the adoption of a strategy that attempts to minimize the costs of US action, which allows the US to continue to focus on emerging challenges in the Pacific.

Clive RobinsonSeptember 17, 2015 1:16 PM

From the "You couldn't make it up" Dept.

On the radio news in the UK --on Clasic FM-- an item that sounds so made you want to go and wash your ears out,

Apparently JEB (Bush junior 2) has in an interview said that Margaret Thatch --UK PM and part time Ronnie 'Raygun' head slapper-- should go on the new US $10 note, because he thinks she was some kind of inspirational leader...

My advice is that pehaps Donald 'the Shetland Pony' Trump has just enough marbles to play a game, where as JEB has probably tried eating his...

Just to give everybody a hint of just how much Maggie was hated in the UK when she died some enterprising person rereleasd "Ding Dong the *itch is dead" and the BBC amongst other broadcasters had to ban it from the play list.

name.withheld.for.obvious.reasonsSeptember 17, 2015 1:36 PM

@ Clive Robinson
Your comments about Maggie is often missed by many here in the states, remember the world according to many here is bounded by two oceans...

I'm sure it comes as no surprise that the U.S. political landscape resembles the surface of the moon--a stark, barren, non-atmospheric, and empty landscape incapable of supporting even a microbe. It is embarrassing and telling, both at the same time, of the devolution that is the cultural regression the U.S. has been engaged in the last 40 years. Not only has the body politic digressed, it is a race to see whom among us can be the most dim-witted and ignorant. The moral of the story, "I'm with stupid!"

I remember a joint press conference during the Iraqi war where GW and Tony took questions from the press. At one point a question was asked and literally GW said, "Ask my smarter brother Tony..." It was humorous at one time to watch U.S. politicos but now it is just sad.

Clive RobinsonSeptember 17, 2015 2:13 PM

@ Thoth, and others,

All you simply need to do is spam the password input field for the lock screen with so much characters to the point it crashes and simply gives you entry into the kingdom :)

Man is that ever an old bug...

I cut my Unix teeth on a PDP11-70 I found it had that bug... a little while later the Uni I was working at got a couple of Perq single user Unix boxs, guess what it had it as well, and I used it to get around the Sys Admins "lock" on the Pac-Man look alike that ran on them for a little lunch time entertainment. The Sys Admin was not happy and wanted to know how I got "root equivalence". After a few veiled threats that failed he tried offering me a pint. So I showed him... as well as indicating exactly were the bug was andhow it effected a number of other Unix boxes that had ported from the same flavour of Unix...

I later found that the official correction, whilst solving one bug left another one open, who remembers the "AAA..." sled trick on Solaris boxes?

But I also found a nasty Sushi style attack on Sys5 V4 for Intel. The code for having multiple screens had a bug in it. If you switched from th login screen to say the seventh virtual terminal screen typed in the Sushi script on one line, but did not hit enter, then went back to the first virtual terminal and logged out, half the time the Sushi script ran when the next user logged in...

And yes I have one or two more recent versions of Unix login screen attacks for various Unix flavours, occasionaly they come in handy.

ThothSeptember 17, 2015 7:25 PM

@Clive Robinson
They should set a max value on the login password (something like 50 ~ 70 ASCII characters). Maybe to simplify the problem, it is due to the code cuter's forgetfulness to do bounds checking (password length, acceptable characters ...).

These days people are too spoil by lazy scripting which I call the "Happy Flow Scripting Attitude". They can only see the "success" and "fail" scenario of most codes but they don't make an attempt to see much deeper than the boolean-like nature of codes (side-branch decisions).

I wonder if login codes look something like that these days ? :

// ... All your other codes before login ...

// Attempting to Login
doLoginCheck(); //

// Show desktop after login
showDesktop();

// Login Checking function
public void doLoginCheck() {
if (loginScreen.getPasswordField() != PasswordStore.getLoginPassword()) {
throws LoginException();
}

// ... All your codes after login ...

I have not tried the above codes myself but I wonder if you can simply flood the login checking function to get pass it so it glitches and skips to the show desktop function and if that's what's going on these days ?

Dirk PraetSeptember 17, 2015 7:50 PM

@ Skeptical

The US had nothing to do with it. Europe had nothing to do with it.

It is deeply saddening that a man of your intellectual capabilities despite all proof to the contrary continues to deny any and all US involvement in and responsibility for the current state of the Middle East, North Africa and Ukraine.

Listen, from a long-term vantage ISIL and AQ are distractions

If this is the official US party line, than that's probably one of the most cynical things I've heard in a very long time. Especially because your government keeps using AQ and IS as the main driver for their Orwellian mass surveillance.

I was planning on writing en extensive rebuttal, but I think I'm just gonna leave it at this. I'm doing some volunteer work for a local organisation catering for refugees tomorrow morning, and I think my time is better spent getting some sleep than allowing myself to get dragged into to yet another pointless debate with a spokesperson for the government whose insane foreign policy is ultimately responsible for this human disaster.

FigureitoutSeptember 17, 2015 11:29 PM

Clive Robinson
years since I could read "Ceaser Ciphers" as "plaintext"
--Yeah...I try to avoid packing my head w/ ciphertext, I get pissed having to have 50+ passwords and it's growing...and my mind can't be 100% sure of origin of encoding; an OTP could be disguised as a "ROT13 Caesar" cipher and/or be some kind of trap to observe response to decryption if it was too easy...Simply takes lengthy physical surveillance to see if one would think that's safe from attack.

Nick P
I'm not an 8-bit fan
--Well above is just an increased attack surface (just check out the torrent of documentation and things you (and hackers) can do w/ it) but not 1 bit so you can work w/ it.. Now we have tools that make 8bit pretty useful in embedded world (sometimes that's way too much power to throw at a problem).

I guess the "SEX" instruction was to "SEt indeX" register, kind of weird to think how that logic worked but any of the 16 registers could have them set to be PC/index. Wonder what toolchain is like for the 1802.

name.withheld.for.obvious.reasonsSeptember 17, 2015 11:38 PM

@ Clive Robinson
Many do not know that parameters may be passed at login; environment variables, shell and pre-login processing directives. In the case you mention I could see setting the PATH to something hacked such as the public ftp address for the first entry in the path PATH=/var/ftp/pub/myhackedbin for example.

Of course this varies from NIX flavor to flavor SYSV, BSD, Solaris, AIX, etc...
Your mileage may vary.

Clive RobinsonSeptember 18, 2015 1:16 AM

@ Figureitout,

My ability to read Ceaser and other simple substitution ciphers, was caused when very young and reading "Lord of the Rings" books, where Tolkien gave "runic script" and translation table. I used to write a sort of diary in it.

I'm far from the only person to do this, and people have used it to hide messages and do daft things. You might remember as a "school kid" typing 0.7734 into a calculator and turning it upside down to read HELL'O, well long before that people used to make lapelpins broaches and badges that did the same thing. I was reminded of this a few weeks ago when some journalist had an OMG moment over a 1930's pin that appeard to say Hope in a germanic script but if you turned it the other way up --which would be the pin wearers POV-- it said adolf.

@ Figureitout, Nick P,

As for the 1802 tool chain, it did not have one as such originaly, it's that old. You eventually could get cross assemblers running on old iron and some mini computers but many programers "hand cut" it, which is what I initialy did when using it. A few years later when I had to cut code in any quantity for a job, I took advantage of it's nice instruction set and wrote my own assembler in basic on my Apple ][ and as PC's had arived and I'd got "Small C" up and running I and a work colleague rewrote the assembler in C almost over night. As I occasionaly joke "That was back in the days when programers had shoulders like American football plays, from having to bash the keys on KSR teleprinters". The early days of "home computers" often ment "programing with a soldering iron" because you could by many bags of "signal diodes" for the price of one "fuse link PROM" thus "debugging" was not quite the Grace Hooper "hook a moth out of the circuit" but was cutting and resoldering the legs of diodes. Something you can not realy do now we have "Pb Free" solder, with a higher melting point. What appears to have been lost with the mists of time is not all 8-bit micros could be "single stepped switch programed" because they had a minimum clock frequency due to the equivalent of DRAM for CPU internal registers.

With Nick P mentioning the 1802's SEX instruction and Bruce bloging about the exploding chip the thought that you could bring the numonic back on a new chip with say "Set to EXplode" or some such did cross my mind.

@ Name.Withheld..., Thoth,

The real problem of such login problems is that of commiting the sin of "Trying to be to clever by half" by "Trying to squeeze a quart into a pint pot" by programers who realy should know better...

The classic one I remember for the pain it caused was a software spec for an electronic lock. To save on the cost of having an "enter key" the spec called for no limit on the number of numeric key presses, and it should unlock when the correct digits were entered in sequence for the entry code. And just for the fun of it the spec also called for the entry code to be a minimum of three digits and allow upto twenty five digits... Whilst not that difficult to code up in assembler, it's a "pain in the backside" for a high(er) level language like C.

And yes it's those "useful extentions" that still alow the login tricks I occasionaly use when the occasion calls for it, and it's not just *nix that suffers from this, you would be surprised at just how many embedded systems suffer from similar issues. The NSA et al do not have to be overly clever with quite a few network connected devices used in homes, workplaces, hospitals and people... In some cases it could bring a new plot line to "Dial M for Murder" :-( I dred to think how bad it's going to get with "boiler plate designs" that are going to get used in IoT devices...

SkepticalSeptember 18, 2015 3:29 AM


@Dirk: It is deeply saddening that a man of your intellectual capabilities despite all proof to the contrary continues to deny any and all US involvement in and responsibility for the current state of the Middle East, North Africa and Ukraine.

I said that the US had nothing to do with the state of the Syrian Civil War, which happens to be true.

Syrians account for, by far, the largest group of refugees applying for asylum in the EU (over 120,000 in 2014). By contrast, more persons from Pakistan than from Iraq applied for asylum. Libya doesn't make the top 10. You can go ahead and check Eurostat yourself.

It's equally ludicrous to ascribe to the US responsibility for events in Ukraine - a sovereign country, in Europe, in which a civil is being enabled and fomented with the direct assistance of Russia.

I'll certainly give the US its share of the blame for the enormous mistakes it made in Iraq, and elsewhere.

But the underlying conditions of the states in the Middle East, and elsewhere, are far more important here than the intervention of the US and other nations in Iraq in 2003.

Those are the facts Dirk. Unfortunately autocratic regimes in the developing world, who keep ethnic and tribal divisions in check by brutality and corruption, all too often end as failed states. Options at that point are very limited.

Me: Listen, from a long-term vantage ISIL and AQ are distractions

You: If this is the official US party line, than that's probably one of the most cynical things I've heard in a very long time.

We're on a forum on a blog. Nothing I say is official anything.

But it does happen to be the truth. ISIL and AQ will fade away. They are short-term threats, that must be handled. In the short-term, perhaps medium-term, they are serious threats.

But in the long-term, the danger of the greatest magnitude is the rise of authoritarian, undemocratic governments. They pose the greatest danger of another war between great powers over the next several decades - or even sooner, I fear - and indeed to the eventual realization of human rights by the entire planet.

There's nothing cynical about my analysis Dirk. It's simply a matter of reading trends and learning from history.

Especially because your government keeps using AQ and IS as the main driver for their Orwellian mass surveillance.

Yes, certainly the surveillance programs that have caused the most controversy are designed for counter-terrorist purposes.

But those programs aren't the primary focus of the government - they're simply the primary focus of what gets reported and of what gets discussed here. It's natural for those who frequent this site, and such issues, to unconsciously form an impression that programs such as these are all government thinks about. And in fact that's quite far from the truth.

The primary long-term focus of the government - the challenge that will determine whether the world becomes embroiled in a major war or whether it can progress peacefully (relatively speaking) - is in Asia. That's why Obama has been so determined NOT to be drawn into another endeavor that would heavily tax US resources and energy and divert focus from the challenges that lie ahead and that must be prepared for now.

As I've said - history has not ended.

I'm doing some volunteer work for a local organisation catering for refugees tomorrow morning, and I think my time is better spent getting some sleep than allowing myself to get dragged into to yet another pointless debate with a spokesperson for the government whose insane foreign policy is ultimately responsible for this human disaster.

Well, between having an accurate assessment of foreign policy, and caring enough about your fellow human beings to help them, personally the latter says more to me about a person than the former. I appreciate the good work that you're doing today.

As to the collection of disasters that is Syria... Assad is responsible for much, and ISIS is responsible for much, but the US role has been extremely limited. It's helped the YPG defend against ISIL, and it's done significant damage to ISIL in general. That's about it, if we discount the apparently troubled attempts to create an independent force.

That too is just the truth. Somehow it seems more satisfying when we can assign blame to an actor that we think had the power and will to choose differently - we view US actions as choices, and those of Assad, of ISIL, of others, as simply part of who they are. So I understand the temptation to assign blame to the US.

But for Syria, that blame belongs elsewhere.

And I write as someone who knows better than I would have preferred the costs of American actions - and mistakes - abroad. Nothing is being whitewashed; I do not deliver official lines; I can speak of the mistakes without hesitation, and the triumphs without fear of seeming naive. I merely state the truth as best I am able to see it, and on such questions as these I think my eyesight is better than most.

I hope your work goes well this morning, and that to those who have traveled far in desperation and in hope, you provide some ration of good fortune.

Gerard van VoorenSeptember 18, 2015 6:11 AM

I would like to repeat my question.

> Things are now going fast when it comes to war talking about Syria. One question. What
> is the best time (which months/season) for a ground war in Syria, considering the
> entire operation?

Clive RobinsonSeptember 18, 2015 8:18 AM

@ Gerard van Vooren,

What is the best time (which months/season) for a ground war in Syria, considering the entire operation?

That's the wrong question to be asking first, the first two should be "Who is the enemy and who sees us as the enemy?" which leads on to "What type of war is it going to be?".

As has been seen any kind of action in that part of the world is not going to be a "home by Christmas" war but upwards of a decade of military action. So weather is going to be an "opening phase" consideration. For instance a war of atrician could start by an air campaign designed to rob the troops of shelter, food etc by bombing military facilities and infrestructure. Could be started at any time, but would be most effective when the weather is changing from summer/autumn to winter, however it would cause troops to be "messed" with civilians which would be undesirable as the civilians become "human shields".

The middle east has the temprature variations of a continental climate of cold in winter hot in summer, however although the average rain fall is low there can be snow, sleat and rain to deal with on land that can produce vehicle damaging conditions that feel like the vary between "sand blasting" through to "course grinding paste". For a ground campaign times when either extream is likely should be avoided.

You can go on for ever with this, however you have to judge the enemy correctly. Napoleon invaded Russia and faught his way to Moscow ariving in mid September of 1812, expecting to be met at the city gates to take the city's surrender. Instead he found next to nobody, the first night he was there fires started in various places and in a city made mainly of wood it spread from building to building. Within two days the city was ablaze and shortly thereafter Napoleon found not only had the city turned to ashes his dreams as well, as there was no sign of surender happening. With winter fast approaching Napoleon turned his remaining troops westward and home, and he discovered what the Russians knew by hart, the weather can not be beaten into submission... the rest they say is history as was his army most of whom never arrived home.

If those you seek to fight have the "No Surrender" and "death is salvation" attitude, any victory you might gain will be at best piric, purchased at a price that can not be carried in any sense. And those in that part of the world know the US does not have the stomach to do what is required to achieve victory no mater how piric, those back home will not support it.

No matter how strong the rock the drip drip drip of water cuts it down given time. The US military war hawks may see themselves as the biggest, the best equiped, the toughest in training etc, but the US citizens who give up their sons, daughters, brothers, sisters and loved ones care not a jot for that. They care for their loved ones and want them back alive and in one piece, not blowen to pieces by IEDs and suicide bombers, who come day after day with the monotony of rain. The enemy knows this, and in a land where life has become cheap and vengence burns, they know it's only a matter of time.

This is just one of the reasons for drones, but air warfare that works against regular troops on the battle field and in barracks fails against irregulars in amoungst civilians.

In such situations what do you do?

Goliath was felled by a stone from a shepherd boy, the invincible Achilles had his heal, the mighty and seamingly invincible do fall in battle, especialy when their opponents know the weaknesses by which they will succumb. It's just one reason that pride is said to come before a fall. So sometimes the best move to make is not to play a game you can not win.

Nick PSeptember 18, 2015 10:55 AM

@ Skeptical

"But in the long-term, the danger of the greatest magnitude is the rise of authoritarian, undemocratic governments."

I agree. The transformation of the U.S. from a semi-open, Constitutional regime to a secretive, pro-surveillance state w/ occasional dictatorship-like moves is troubling. That this attitude is spreading a bit to other democracies is also troubling. As Dirk said, it really helps when they have groups like ISIS around to attempt to justify it all. Otherwise, a calm people might stop and ask if we really need to trade away all our liberties to a unsupervised, secretive groups that routinely push disinformation on us. The answer is obviously No but easy to overlook when terrified.

rgaffSeptember 18, 2015 12:20 PM

@Nick P

"easy to overlook when terrified."

Which is why those secretive groups are the real terrorists... they're the ones pushing terrorism on us, so that we'll stay terrified enough to fork over all our liberties.... (of course, they're blaming it on someone else, but they ARE the ones pushing it)

ThothSeptember 18, 2015 7:08 PM

@Clive Robinson
Very well written article with nuggets of wisdom of Sun Tzu and Sun Bin. Too bad the US Warhawks and their warhawk allies don't seem to understand the serious blunder they are making time and again. If they continue so, a morale that is driven below ground level would only encourage more radicalisation despite the prevalence of surveillance and it wont be long their power structures might fail and other countries like China and Russia might overtake their influencr and power.

One of the taboo is to launch an inappropriate war (with cotrect attitude) in Sun Tzu and they done that all too many times without looking at consequences and that same goes for Russia conquering parts of Georgia and Ukraine.

FigureitoutSeptember 18, 2015 9:54 PM

Clive Robinson
I used to write a sort of diary in it.
--Yeah when I was forced to (my sh*tty handwriting was a good enough cipher lol), I had some journals, but all english lol, never thought I needed to hide stuff, never felt like someone would rifle thru my stuff. And I used to write 80085, c'mon now don't lie. :P

many programers "hand cut" it
--Interesting story. Yikes, I much prefer working on laptops and desktops w/ good programs giving me much better vision in the chip...I wouldn't have it any other way. However it'd be impossible for them to do that w/ today's chips. I have to "hand cut" surface mount parts (is leaving a huge glob of solder good for doing repeated solder in/out (I use..bah this rope-wire stuff for getting SMD parts off, ugh can't remember name), the poor wire and via can't take much more abuse), we literally cut the lines on pcb hacking up a board w/ an xacto knife, I didn't think it'd be separated but it was.

But it is the big joke at the office to make fun of noobs (ahem, c'est moi. I'm too gentle! lol gotta get rougher and not care about a burn mark and I want eight arms when I'm doing it or I have to resort to tape) who can't solder most anything w/o f*cking the board. I'm much better now though, just weird parts I still suck at.

Nick PSeptember 18, 2015 11:30 PM

@ Figureitout

Thanks for the link: it was awesome. I also like how they illustrate the near and far field effects I see Clive + RF people talk about. Neat to see them as actual waves moving out of the antenna.

Clive RobinsonSeptember 19, 2015 10:03 AM

@ Figureitout, Nick P,

Nice to see them as actual waves moving out of the antenna.

That is one very expensive way of doing it ;-)

First off you don't have to go to the overly expensive units you can use a couple of old/second hand Satellite TV units or get an X band doppler radar unit used for trafic light controlers, even brand new you can get them for less than the price of just one of those "mil avionicd grade" units used in the kit.

But if you want to view some wave forms you can go back to the work of Randal and Boot at Manchester Uni, who invented the cavity resonator magnatron.

Another way is to use an open wire transmission line and put a four foot fluorescent light tube on top of it if the VSWR is 1:1 the tube will be evenly lit, when it's not you will see peaks and troughs which you can move around with a variable complex load.

As for making your own synthetic apature radar at around 2.5GHz, open a ham radio book on microwaves the ARRL flog one for just a few dollars, you will find stuff on 13cms the upper end of which is close enough to the ISM band to not make much difference in mechanical dimensions for most purposes.

I'm also supprised at the complaints about the need for a "network analyser", most hams don't need such luxury items, a VSWR meter signal generator and noise bridge are all they normally need.

It amazes me that they think there is no other way to do things.... after all what do think engineers did before HP and others made network analysers (which are actually little more than a VSWR bridge wired up to a couple of mixers with the result displayed on a vector meter or scope).

FigureitoutSeptember 19, 2015 9:15 PM

Nick P
--Glad you liked it, didn't think you would lol.

Clive Robinson
That is one very expensive way of doing it
--Well if you factor in time which is money it may not be so...I mean something like this by "marking" waves somehow b/c raw image may not help much: http://ja01.chem.buffalo.edu/~jochena/images/circular3.gif and here's what the raw image would be but worse: http://www.es.ucsc.edu/~glatz/GarysImages/field190.gif
RE: your rant on needed better equipment
--Well if I can solve a little bug so fast that's nice (I worry too much about little things screwing up my tests/experiments giving me false conclusions or just leading astray to wastes of time). Heard about a piece of equipment that displays i2c very clearly which will catch timing issues or just seeing you got comms.

Are you sure about Manchester Uni or was it Birmingham?

Oh, heard of FSQ? 6-page article in QST. New (well, slightly different) pretty cool mode that's meant for something I want, computer chat: http://www.qsl.net/zl1bpu/MFSK/FSQweb.htm

SkepticalSeptember 19, 2015 9:40 PM


@Clive: No matter how strong the rock the drip drip drip of water cuts it down given time. The US military war hawks may see themselves as the biggest, the best equiped, the toughest in training etc, but the US citizens who give up their sons, daughters, brothers, sisters and loved ones care not a jot for that. They care for their loved ones and want them back alive and in one piece, not blowen to pieces by IEDs and suicide bombers, who come day after day with the monotony of rain. The enemy knows this, and in a land where life has become cheap and vengence burns, they know it's only a matter of time.

You're partly right.

Counterinsurgency requires lots of personnel and lots of time to be successful. But this isn't news to the United States, least of all the US military.

That said, in many circumstances it absolutely can be successful. Those who find salvation in death are outnumbered by those who want their families to live and prosper; provide the latter with security, earn their trust, relentlessly find and kill the enemy, and the flow of insurgents dries in the sun. The question is whether the costs incurred in doing so are worth the gains.

The Syrian Civil War - for all its horror, for all the savagery involved - doesn't threaten US national interests to a point where the investment of a major counterinsurgency campaign would be justified.

And it would be a huge undertaking. One would need to provide sufficient, continuous security around the country while simultaneously building political institutions that would be accepted as legitimate and that would be strong enough to stand against internal challengers.

As I said - hundreds of thousands of troops, and 10-20 years.

It can be done. But I doubt many volunteered to serve in the American, British, Dutch, French, etc. militaries in order to fight and die for the sake of bringing order to Syria. Nor is it particularly where attention should be focused.

Everyone in the US Government knows all of that. The major focus will continue to be on the Asian-Pacific region.

What I disliked about your comment is the way you framed this in terms of "stomach for the fight." Provided that the war seems justified, and that the US is engaged to win, the American people have ample stomach for war. What they will not tolerate are half-measures in a conflict that they need not be involved in, where the primary beneficiaries of their efforts may be some truly horrible individuals and groups.

@Nick: The transformation of the U.S. from a semi-open, Constitutional regime to a secretive, pro-surveillance state w/ occasional dictatorship-like moves is troubling. That this attitude is spreading a bit to other democracies is also troubling.

Riiiiight, which is why The Guardian sent its material to The New York Times for safekeeping, which is why groups like the ACLU and the EFF (groups to which I contribute, incidentally) are suppressed, which is why it's just so difficult to find people willing to tell you about their political opinions in the United States or to fund political groups that oppose US Government policies.

The threat of terrorism is unfortunately real, and it's as dangerous for what it can compel the US into doing as it is for the direct damage and other secondary effects it can cause.

But anyone familiar with the sweep of history will understand the potentially catastrophic possibilities posed by the combination of a rising, nationalistic, and authoritarian country in a region of democracies to the defense of which the US (and its allies) are committed, where that rising nation has territorial claims that conflict with those nations, a sense of destiny, and a sense of historical grievance, that may override what cooler heads would advise it to do.

I do not think enough people understand just how dangerous a period of history we are entering, nor the intensity with which the major players are preparing. With prudence, foresight, and a steady strength, a peaceful and stable future will be achieved. But the number of ways for events to develop differently are many.

Now, if people want to pretend that the US is our biggest problem... well, I guess we'll see how that turns out for us.

Clive RobinsonSeptember 20, 2015 5:35 AM

@ Figureitout,

Yes my mistake it was Birmingham, Manchester along with Cambridge was the early days of computing in the UK.

You might find this of interest as both a resource and a test tool,

http://f6cte.free.fr/index_anglais.htm

As for FSQ that's something that should be on my radar but was not so added to the "target designator list" ;-)

MFSK in it's various forms is something I like and it started life in the UK Diplomatic Wireless Service back when I was still "running around in short pants". If you've got access to IEE documents it might be worth grabbing a copy for an enjoyable background read [1]. Due to the noise it made the system was christened "Piccolo" by it's designers Harold Robin, Donald Bailey and Denis Ralphs [2], and used various types of MFSK over the years.

I've mentioned in the past that I was involved with the design of an 8bit CPU verison of the Piccolo version using six tones sent as sequential pairs (6x6=36 symbols) and it brings up a point that is worth remembering which is sometimes DFT is better than FFT. The reason is DFT on a limited amplitude input range (say four bits) using a lookup table (256bytes) is going to be a lot faster than an FFT. Importantly remember you get two outputs one amplitude and one phase, in some MFSK systems they are phase cohearant which means you can use the phase signal out of the DFT to make a PLL tracking oscillator for dealing with not just some doppler effects --such as moving vehicles-- it also keeps sync during fading which can get you a dB or so better performance. The design of software oscillators could fill a book but computers are idealy suited to incrementing counters and using lookup tables so the various forms of NCO's are fairly easy to make not just in software or just in hardware thus you can design in software and unload to hardware as required. Oh the other thing about lookup table multipliers, they really don't care if the input is linear or compressed in some way (such as the old phone A-Law).

Befor you go to far down the FSQ route you might want to have a look at the likes of the Military ALE and Link-11 and Link-22 systems work at the low levels as quite a bit of research has gone into the HF long haul side of them for "Fleet Control" for 3C systems.

FSQ can be broken down into several parts that can be changed or replaced if you like to give other benifits (FSQ is not going to work to well for Tropo, Satellite and EME working and DominoEX might be better for that).

The lowest layer is obviously the 33tone MFSK generation and reception which from the little I've read lacks doppler and offset correction or sync holding through fading which could be added (needs more reading and thinking especialy about usage prior to saying much more on that).

The next layer up is the ISK which kind of acts like "whitening" as used for "distributing the signal in the mask". The use of. "Differential keying" is an old and reliable technique, however the adition of 1 as the increment could be adjusted for "path conditions" if using "Point to Point Broadcasting" as opposed to "Fleet Broadcasting".

As for the alphabet compression, Samual Morse came up with that idea long before radio communications. However it's charecter based compression not message based, and in strong fading where signals are marginal or are being jamed compression gives rise to uncertainty in decoding. It's a trade off between the two end points, and expected signal conditions, whilst it's probably in a sweet spot for Fleet Broadcasting, it's probably not for Point to Point in very marginal conditions.

What I did not see was anything on Forward Error Correction, FEC is essential for marginal link working you can go from the simple AMTOR-2 FEC of repeating the message in small groups, or for the more complex Reed-Solomon type error correction (which if IRC is used in DominoEX).

The use of single tone MFSK over FM gets you very little which is why I'm supprised to see it in there for sending graphical information, which is why I'd like to see the rational for it.

Anyway it appears to be all Opensource so, it's a matter of reading and thinking and if required "cherry-picking" other additions to add for you specific requirments (Oh and re-writing for *nix not Windoze might make it more appealing to a larger more security concious audiance).

[1] As far as I'm aware the original 1963 paper is still behind a paywall as is a follow up paper in the 70's however you can get an overview of the original paper pluss the IEE refrence from, http://gb129.tripod.com/PICC1963.TXT it's also worth looking at some of the other MFSK refrences on his site.

[2] One of the papers authors also wrote a book on the subject, that you may be able to get through a Uni library :- Ralphs, J.D. telegraphy (IEE Telecommunications Series). Peter Peregrinus Ltd. ISBN 0- 86341-022-7.

FigureitoutSeptember 20, 2015 8:48 AM

Clive Robinson
--And I can't say much back (you know those high speed tennis ball machines, feels like I'm getting pummeled by one) b/c of the backlog of data I'm processing. Got one of the radars (not sure on specs even) on my desk now and I can use for a school project now but the main thing is just taking the relay signal. The boards I wanted to use (silicon labs dev boards), well I'm able to build but revamping the codebase (it's got a unique style to it too) for my purposes is too much now since I got too many codebases I need to know, so I should be able to knock it out w/ Arduino easy. But guess what word I used to display on LCD screen...."bewbs" lol.

Yes, MultiPSK is pretty popular eh? Bah but I got too many gadgets to play w/ now lol.

RE: error correction
--I'm not sure how robust but one of the features that really stuck out to me was:

"Another important factor in the design of FSQ is that no synchronising process is required to locate and decode the received characters. Lack of sync means that reception is much less influenced by propagation timing changes that affect almost all other modes, since timing is quite unimportant to FSQ; it almost completely eliminates impulse noise disruption; and it also contributes to very fast acquisition of the signal (decoding reliably within one symbol of start of reception). Fast acquisition removes the need for addition of extra idle characters at the start of transmission, and this leads to a very slick system. Add high resistance to QRM and QRN, thanks to the low baud rate, and you have a system so robust that it does not need error correction."

But yes it's windoze (most good ham software is, but it's getting better) but source is open which is a big step for some hams (my dad wanted to make a radio "twitter" and keep source closed, and I told him someone's going to reverse it...).

And the gb129 text doc. was nice, could read it.

Nick PSeptember 20, 2015 11:07 AM

@ Skeptical

"Riiiigh...." (counter based on existence of freedom of speech or press follows)

And yet, it doesn't counter at all given my careful wording: "w/ occasional dictatorship-like moves." That they do it selectively means the majority, including you, will act like it doesn't exist because you're not in the crosshairs. That the media stays reporting on some of the times they do keeps a chilling effect going where many are afraid to take action past using speech or press. The few that do can be hit with the power of the public state or secret state. The methods vary from harassment to imprisonment under our broad laws to kidnapping/torture to execution. Most just get harassed with a number imprisoned.

In your theoretical country, we wouldn't have had journalists on Do Not Fly list, Bush Admin hacking into libraries to remove FOIA-released documents, CIA kidnapping people at airports, TSA detaining Poitras et al, NSA digging up dirt on dissidents, FBI SWATing mathematicians homes, billions in assets seized w/out charges via civil forfeiture, IRS freezing assets without charges, and so on. These kinds of techniques come into play mainly when government whistleblowers, independent professionals or businesss cause them real headaches. Especially if they're not well-known or don't have good lawyers. Otherwise, people are hit with the run of the mill stuff: ignored or just questioned. Such is the nature of a dual state like ours.

Note: These risks don't apply to partner companies that bribe politicians or support the police state. Goldman et al dealing bribes, crashing the system, and costing us around $1 trillion is *not an issue* past an opportunity to fine some companies. Imprisonment or seizure will not happen. Because the LEO's and I.C. are really trying to protect us from such threats to our future (sarcasm). ;)

"The threat of terrorism is unfortunately real, and it's as dangerous for what it can compel the US into doing as it is for the direct damage and other secondary effects it can cause. "

That much is true. Prior experience shows our meddling in the Middle East is a huge part of why we're targeted the most and most democracies aren't. So, there's a natural solution to that that involves a 180 of imperialist policy that caused it, some damage control for the bad, and long-term investments in the good. Won't happen because this isn't about *defence*.

"defense of which the US (and its allies) are committed, where that rising nation has territorial claims that conflict with those nations, a sense of destiny"

Now, territorial claims is where you're getting somewhere. Like what we did to Iran with Operation Ajax to grab their oil and try to dominate their government. They resisted, even revolted. We've punished them ever since with sanctions, covert ops, etc. The result is that they consistently funded efforts against us all over the Middle East. All that imperialism, murder, and mayhem never brought up in the recent discussions on TV about how to handle Iran despite it being critical to understanding the situation. CIA finally admitted Ajax recently including that it was to take resources. Never thought I'd see *that* part.

And that's just Iran. The same sources that originally blew the lid on what U.S. did there were also making claims for many countries in Middle East including Syria. The lying about Iran took decades to briefly end before back on the assault. Gotta wonder what we'll find about all the other countries, esp Syria. So, I invite other Americans to be skeptical of the claims of known liars in U.S. government who have conflicts of interest. They need to come clean about what they've done over there up to this point so we can piece together what parties contributed to the mess and how. Then, we can come up with a solution going forward that isn't part of an imperialist game or reduces its blowback.

"I do not think enough people understand just how dangerous a period of history we are entering, nor the intensity with which the major players are preparing."

This we agree on. Although, it's probably going to be a resource war among the superpowers and their allies with terrorism a side effect of proxy fights. Decent chance current issues in Middle East are beginning of that as they were in quite a few, prior cases. Plus, the major players will continue to increase surveillance and police powers to control their citizenry as they have for years. Elites in industry will continue to be largely immune to prosecution despite plenty of evidence of their schemes which do more damage than terrorism. Indeed a dangerous time for Americans to live in and who knows what the major players are going to hit us with next.

"Now, if people want to pretend that the US is our biggest problem... well, I guess we'll see how that turns out for us."

Let's look at past decade or so. The foreign countries have never caused me any problems. They didn't threaten me outside (per 9/11 Commission report) a Saudi-funded operation in NY, led by a Saudi, and with a team of mostly Saudis. One government could've stopped with existing legislation except due to incompetence they eventually admitted. The result was that the President walked hand-in-hand with Saudi's while smashing Afghanistan and Iraq. They let us know the classified documents on funding of 9/11 were of "little* practical significance." (*little = huge) So, one attempt from a Saudi group and a response that would leave some wanting justice really confused.

Now, what of U.S. government. The FBI/DEA/IRS has locked up around five digits worth of people maybe more. Often for harmless stuff. Civil forfeiture has stolen millions. Insurance laws passed via bribes to states resulted in poor people across the country being harassed, threatened, robbed of their money, and denied "privilege" to drive. IRS hit more individuals and small businesses while ignoring large firms paying 1-4% taxes, etc. Lack of any accountability or security in State Dept + NSA + OPM INFOSEC caused effortless burns of almost every major capability and dedicated worker we have. Dirty, ex-Goldman regulators in Treasury and lawmakers in Congress put us in debt & long-term liabilities to tune of trillions supporting criminals. Issues with patent suits and deadly drugs continued to increase with bribery-supported legislation (again!?) from Congress and apathetic courts that don't nullify it.

So, all together, the past decade has shown corrupt, irresponsible, reckless, and evil members of three branches of government to cause all kinds of damage to Americans. I've experienced some of it personally. It's obvious that U.S. government power and corruption are greatest threat to Americans. More financial damage, imprisonment, and murder from that than any foreign power. Americans worrying less about the tiny risk of terrorism and more about domestic threats is A Good Thing. Dealing with that and getting accountability into likes of I.C. might also reduce issues in Middle East as a side effect given they'll create less of them. ;)

name.withheld.for.obvious.reasonsSeptember 20, 2015 1:00 PM

@ Nick P
Seems a nerve has been hit, I understand your passion and frustration given all that has transpired in the last decade and a half (15 years for those among the analog challenged). Under the Obama administration there has been a concentrated effort in suppressing press liberty--the number of persons prosecuted under the espionage act exceeds all previous administrations combined. The AP scandal, no one prosecuted, where 100's of journalists and their offices were monitored. The reason for this massive breach of press liberty, the disclosure of the printer cartridge bomber(s). It is probable that the CIA was exposed by details of the case--but the constitution does not restrain speech and press freedoms due to the exigency of the federal government. In fact, the very beginning of the 1st amendment states "Congress shall make no law..." indicating the primacy of these rights. It doesn't start with "Congress, can if it wants, or the executive if it finds it necessary, may breach these rights if they feel like it..."

When rational is made for subjecting freedoms to constraint by the government, be MORE than skeptical, because it is this exercise that is actually subverting these rights. The framers knew that encroachment was possible, it is the reason that the congress is the only branch of government that can declare war. Why would they want to constrain the executive in a manner such as this--because they knew that "feature creep" was a component of all contemporary and past governments no matter their structure. Madison, brilliant beyond anything seen in contemporary governance, in stating the rational and need to insure that state power (via the military) is constrained. His statements were quite strong, and as the architect of the constitution I would suggest that he is STILL an expert in constitutional law.

Read the federalist papers and Madison's comments...this will go to the spirit of the law and not just the letter. And, it is the letter of the law that LEA types keep referring to when stating that they are not violating it--I'd argue that not just the letter is exceeded (misuse of the language is not a intellectually honest interpretation of the law) but the spirit is violated--with prejudice.

name.withheld.for.obvious.reasonsSeptember 20, 2015 1:28 PM

To my mind, the single greatest threat to "NATIONAL SECURITY" (an amorphous phrase) in the United States is the debt and deficits that will cripple us in the near future (18.5 trillion in debt, half a trillion in deficit per year--and that's with 0 percent interest rates).

This is from Alexander Hamilton, the Federalist Papers, and I quote:

There are even dissimilar views among the States as to the general principle of discharging the public debt. Some of them, either less impressed with the importance of national credit, of because of their citizens have little, if any, immediate interest in the question, feel an indifference, if not a repugnance, to the payment of the domestic debt at any rate.

Hamilton goes on state the other side of the debt position:
Others of them, a numerous body of whose citizens are creditors to the public beyond proportion of the State in the total amount of the national debt, would be strenuous for some equitable and effective provision. The procrastination of the former would excite the resentments of the latter.
Seems Hamilton predicated the impasse that congress finds itself...and the irony completes with Hamilton stating in the same paragraph:
The settlement of a rule would, in the meantime, be postponed by real differences of opinion and affected delays. The citizens would clamour; foreign powers would urge satisfaction of their just demands, the peace of the States would be hazarded to the double contingency of external invasion and internal contention.
Here Hamilton is saying that the pressure to remunerate public debt (banks and lenders--state and private) will contend with those held to make the payments (the citizenry).
I believe that every candidate for public office should be asked their impression of what Hamilton is say here...

Hamilton also said that debt is slavery, I concur.

SkepticalSeptember 20, 2015 3:31 PM


@Nick P: In your theoretical country, we wouldn't have had journalists on Do Not Fly list,

Freedom of the press in the US is being squelched by the No Fly List? Have you ever lived in a country where freedom of the press really did not exist?

Bush Admin hacking into libraries to remove FOIA-released documents,

No idea what this refers to.

CIA kidnapping people at airports,

In the US?

TSA detaining Poitras et al,

You think she was flagged for extra screening because she was critical of the US? Really? How did that go?

"Johnson, this individual made a documentary that is critical of US policy in Iraq!

"What?! No!"

"Yes! Here look - no wait, don't look, avert your eyes! But make sure we ask her lots of questions every time she enters the country, just to let her know that it's not okay to be critical of the United States."

Come on. Can't we be realistic about this for just one minute?

NSA digging up dirt on dissidents,

You're referring to the NSA discovering embarrassing information about foreign terrorists in order to discredit them and reduce their ability to recruit. It's literally a way to reduce the power of violent organizations without using violence. So I'm just going to stop with your list here, because this is getting ridiculous.

Note: These risks don't apply to partner companies that bribe politicians or support the police state. Goldman et al dealing bribes, crashing the system, and costing us around $1 trillion is *not an issue* past an opportunity to fine some companies. Imprisonment or seizure will not happen.

Billionaire hedge fund managers are prosecuted, Nick, when a case can be built. And if a conviction is won, they go to prison.

If you think a DOJ prosecutor is going to cut someone in finance any slack because he has deep pockets, you're out of your mind. And if you think the FBI is going to look the other way if a company like Goldman were discovered to be bribing government officials... that's what those people get up for in the morning.

That much is true. Prior experience shows our meddling in the Middle East is a huge part of why we're targeted the most and most democracies aren't. So, there's a natural solution to that that involves a 180 of imperialist policy that caused it, some damage control for the bad, and long-term investments in the good. Won't happen because this isn't about *defence*.

A 180 of what policy? Please, I'd love to know. 180 degrees on what policy?

Now, territorial claims is where you're getting somewhere. Like what we did to Iran with Operation Ajax to grab their oil and try to dominate their government. They resisted, even revolted. We've punished them ever since with sanctions, covert ops, etc.

I'm talking about the South China Sea in the present day. And you're talking about Iran 60 years ago during the Cold War.

Although, it's probably going to be a resource war among the superpowers and their allies with terrorism a side effect of proxy fights.

Commodities are cheap. They'll continue to be cheap. And if they ever become expensive, you'll simply see more rigs restarted in the US and elsewhere.

The looming problem in Asia is not about a fight for resources.

Decent chance current issues in Middle East are beginning of that as they were in quite a few, prior cases.

Yes, the problem in Syria could be secret Western imperialist intrigue - or the problem could be a dysfunctional society, a brutal government that can no longer maintain power, and longstanding hatred and war between actors in that region.

Let's look at past decade or so.

You want to look only at the past 10 years to try to understand what problems might be looming in East Asia? Good luck. I could see someone saying the same thing in 1935.

It's obvious that U.S. government power and corruption are greatest threat to Americans. More financial damage, imprisonment, and murder from that than any foreign power. Americans worrying less about the tiny risk of terrorism and more about domestic threats is A Good Thing.

The US has very good anti-corruption measures in place Nick. As in any society, crimes will continue to occur - and those crimes include corruption - but it's at a low level and shows no signs of expanding.

My favorite part of your list is the reference to the OPM hack as evidence that the US Government is the greatest threat to Americans. The other parts are mostly silly (ex-Goldman employees at Treasury! Horrors! The Treasury Department should only hire people from outside the finance industry!), or are really pleas to change drug laws (I happen to agree with changing them, but neither are they a "threat" and it's beyond absurd to consider those imprisoned for violating them as evidence that they're a threat - those laws will change as voters demand they change, and that process has already begun).

The dangers I'm referring are that of a possible armed conflict in East Asia, sometime in the next few decades, and the dimming prospects for democracy elsewhere. For whatever reason, you're being incredibly near-sighted in your assessment of the state of the world.

Dirk PraetSeptember 21, 2015 7:31 PM

@ Skeptical

If you think a DOJ prosecutor is going to cut someone in finance any slack because he has deep pockets, you're out of your mind.

Please be so kind as to educate us on the people responsible for the financial crisis in the US who got indicted, let alone sent to jail. Not that it was any different in other countries. One of the only places I know of where that actually happened was Iceland, where both politicians and bankers were incarcerated.

rgaffSeptember 21, 2015 11:05 PM

@ Skeptical

I'm impressed that you seem to have such a good grasp of how Poitras was detained and questioned simply for being critical of the United States... You seem to know the initial conversation was with agent Johnson and everything :)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.