Friday Squid Blogging: Squid Fishing Championship

It's an annual event in Hvar, Croatia.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on November 13, 2015 at 4:22 PM • 212 Comments

Comments

AnuraNovember 13, 2015 4:30 PM

Is that catching fish with squid as bait, or catching squid with fish as bait? Or is there a fish called the "Squid Fish"?

GodelNovember 13, 2015 5:12 PM

Cross Device Tracking:

When a user encounters a SilverPush advertiser on the web, the advertiser drops a cookie on the computer while also playing an ultrasonic audio through the use of the speakers on the computer or device. The inaudible code is recognized and received on the other smart device by the software development kit installed on it.

SilverPush also embeds audio beacon signals into TV commercials which are "picked up silently by an app installed on a [device] (unknown to the user)." The audio beacon enables companies like SilverPush to know which ads the user saw, how long the user watched the ad before changing the channel, which kind of smart devices the individual uses, along with other information that adds to the profile of each user that is linked across devices.

Cute.

http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/

DannyNovember 13, 2015 5:36 PM

Je Suis Paris

I dated a wonderful woman, an extraordinary exile from Iran, who volunteers as a doctor at the theatre under siege tonight. Other great pals too in Paris tonight, all out of contact just now.

It's been a nightmare watching this unfold from afar. On one British TV channel I watched a bomb blast outside the Stade de France football stadium, and on another I watched 20 minutes later the crowd cheering a French goal, because the crowd hadn't been told what was happening - even after President Hollande was evacuated.

I'm guessing this was a French racist attack judging from the restaurant initially targeted being a 'foreign' restaurant popular with Muslims, but it could still be Daesh punishing Muslims who tolerate alcohol.

I probably shouldn't be posting just now, nothing rational to say, just pissed off we've reached this poor state of affairs and still not trusting our state.

Clive RobinsonNovember 13, 2015 5:41 PM

@ Godel,

@ CallMeLateForSupper beat you to the ARS link.

I've posted a reply about it as well,

https://www.schneier.com/blog/archives/2015/11/personal_data_s.html#c6710653

It's interesting to note that it's the "marketing industry" that used the --Supposed-- BadBIOS communication idea before the ordinary cyber-crooks... Kind of proving a point I made around nine or ten years ago --rather forcefully over on the Cambridge Comb labs blog-- about BotNet herders not realy knowing how to monetize their "assets".

I wonder what other TAO etc technology the "marketing industry" might have adopted as well...

ianfNovember 13, 2015 5:53 PM


Definitely OT, but maybe not.

Those of you for whom love is math and math is love should find this review of a book exciting (it is definitely well written), and the book itself—a mix of memoir and essay—possibly close to Nirvana.

Love and Math: The Heart of Hidden Reality
by Edward Frenkel
Basic Books, 304 pp., USD$16.99

MATHEMATICS / BOOK REVIEW

“Blinded by Love” by Edward Rothstein

[…] “Frenkel is a distinguished mathematician who came to maturity in the last days of the Soviet Union; he was invited to become a visiting professor at Harvard at the age of twenty-one and now teaches at the University of California, Berkeley. His two themes—mathematical passion and artistry—come into play in two interwoven narratives, one of how he became a mathematician, the other of how his own mathematical work developed. It is research which, he writes, “can be fully understood only by a small number of people; sometimes, no more than a dozen in the whole world at first.”

Edward Rothstein is the author of “Emblems of Mind: The Inner Life of Music and Mathematics” and is Critic at Large for The Wall Street Journal.

http://inference-review.com/article/blinded-by-love

DannyNovember 13, 2015 6:10 PM

Daesh then. Mobile phones cut off, internet down, and borders officially closed, followed by the inevitable backlash against innocents of colour. Cauchemar.

Clive RobinsonNovember 13, 2015 6:17 PM

@ Danny,

Likewise my sympathies are with the many people and their loved ones who are being held hostage or have been hurt or killed in Paris this evening.

As I understand it there have been six places attacked by gunmen armed with AK47s, possibly driving around in a black car, and handgrenades thrown at or adjacent to the French-German football match by another group. It is thus likely there are several groups carrying out coordinated terrorist attacks

The sketchy reports coming in are atleast fourty people killed and a hundred being held hostage. I fully expect those numbers to change over the next few hours as the authorities move out of emergancy response mode into lock-down and investagative modes.

I further suspect that as Germany was obviously being targeted as well, that by Monday morning there will be a marked change in various European Countries border policies. Especially with regards to refugees and migrants coming out of Africa and the Middle East via the Mediterranean, Turkey and the Balkans (that many europeans hold Germany responsible for due to Angela Murkels "open arms" statments).

For those in London planning on attending the Lord Mayors Parade and other festivities tomorrow, I would expect a much heightened security response from the Met Police and other Gov entities. Staying at home and watching on TV may be a lot less stresful as Public Transport and parking are almost certainly going to be effected as will general crowd security.

Nick PNovember 13, 2015 6:33 PM

@ Clive, Wael

Interesting write-up on how transistors actually work by William Beaty. He says he spent years trying to understand it in a way that wasn't plain math or use incorrect explanations of how things work. He aims to correct those while providing a description that people can get mostly with no electronics knowledge. His version makes a *LOT* more sense to me than most but, like he said, contradicts some descriptions in books.

What do you all think of it? Should this be the default way to explain this to people? Seem accurate, you know?

Note: One commenter suggested Gray and Searle's 1969 book was better than such "ankle-deep" explanations. Link to free download of it is here. (Warning: 70+ MB if you do pdf) I challenged him to give specific pages and claims for comparison. I'll check on that later. Meanwhile, I'm just mentioning that in case either of you wanted the book. :)

Note 2: The text field thinks I spelled math incorrectly. Deep learning this, Watson that on the Internet but they can't get spell-check right in 2015. Jeez...

DannyNovember 13, 2015 6:35 PM

The theatre has been stormed, no word on deaths except the two attackers. I'm going to stop posting here tonight as my anxiety will derail the thread. Two of the bombs outside Stade de France were suicide bombers, reportedly by France 24, not the grenades used in the other attacks.

You say there is the Lord Mayors Parade tomorrow in London, that surely has to be cancelled on a precautionary principle. Never mind all this British stiff upper lip, chin up, standing up to threats nonsense, bunker down for now. At least we have gun control here, officially at least. Anyway, I'm too upset and busy so goodnight and best wishes.

100 dead in the Bataclon, just heard from F24. Awful.

rNovember 13, 2015 6:42 PM

@Godel, Clive.

This is quite the eye opener.

I wonder if Mozilla's recent per-tab sound icon had anything to do with this being discovered.

Clive RobinsonNovember 13, 2015 7:12 PM

@ r,

This is quite the eye opener.

Yes and no...

If you look back on this blog you will find a technical discussion on BadBIOS that started a couple of years ago. I went into quite a bit of the technical background,

https://www.schneier.com/blog/archives/2013/11/friday_squid_bl_398.html#c2146651

How ever you will also find a post on the same blog page from RobertT who had some years prior to that carried out practical experiments. And... The next blog page after that was devoted to BadBIOS and you will see that many did not believe that it was possible even with the technical information...

As for the Moz tab, I've no idea, I've not had cause to look into it untill you mentioned it... So more "early morning reading" for me ;-)

Though I suspect the US Gov may well have first heard of it through the FCC. Adverts are routinely checked for "rule breaking" as various things like "subliminal messaging" are prohibited in the US. It's almost certain that a "broadcast engineer" would have noticed "odd behaviour" because most adverts use very heavy audio compression to make them sound "two to four times as loud" as the normal program audio. Such audio compression would need to be carefully controled to stop the high frequency data bursts mucking up the normal audio. Which would be a visable anomaly on a VU meter or "broadcast monitor" or "deviation meter" used to ensure FCC licence compliance. Thus questions would get asked of the advertiser and passed upwards to the FCC by the station just to cover their own back, so they don't lose their licence or get a stiff penalty as well as a eye watering fine...

Dave MillerNovember 13, 2015 8:11 PM

Tonight at the Ground Floor Theater here in Austin, "A Night of Squid". The tentacles reach deep into the heartland... see groundfloortheater.org

GrauhutNovember 13, 2015 8:16 PM

The Paris shootings, the Bataclan massacre showed again that security by sigint doesn't work.

Not enough boots on the ground after Charlie Hebdo.

"Long, we have had to face tight terrorist cells that most often came from abroad to carry out attacks on our soil before to return to their country of origin. But today, we find that the risk comes from people who were born or who have grown up among us and, after a process of radicalization, fall into fanaticism and armed violence. Many of them join these terrorist organizations in Syria and Iraq - 571 of our fellow citizens are now well in this situation. Once indoctrinated and trained to kill by DAESH and Al-Nusra Front, local branch of al Qaeda, most of them represent a major risk to their safe return. No less than 246 people participants on the theater of operations are already back in France." https://translate.google.com/translate?sl=fr&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fmobile.interieur.gouv.fr%2Ffr%2FActualites%2FL-actu-du-Ministere%2FOuverture-de-la-journee-de-reflexion-sur-la-prevention-de-la-radicalisation&edit-text=&act=url

French interior ministers speech yesterday, 11/12. They already knew them. Did nothing but to count them.

The bullets always kill the wrong ones.


Nous sommes Charlemagne

DannyNovember 13, 2015 8:39 PM

@Grauhut

There was a earlier report today on RT I think, maybe France 24, about 'The Jungle' camp at Calais and other camps at ports bordering the UK. Anyway, a Kurd was shown saying he and other Kurds had just left 'The Jungle' for another camp because former Daesh fighters had moved in.

I doubt this is related to tonight's attack, the attackers are being reported as 'homegrown', local accents and knowledge, and the Kurd may have been expressing his own bias to gain easier access to the UK. And I wouldn't post this elsewhere because it would feed into pre-existing British xenophobia. But...I do hope there is someone in British intelligence with some actual brains on the ground there talking to the Kurds.

GrauhutNovember 13, 2015 9:44 PM

@Danny: "the attackers are being reported as 'homegrown', local accents and knowledge"

Thats exactly what Bernard Cazeneuve, ministre de l’Intérieur, said the day before the attacks.

"But today, we find that the risk comes from people who were born or who have grown up among us and, after a process of radicalization, fall into fanaticism and armed violence. Many of them join these terrorist organizations in Syria and Iraq" https://www.schneier.com/blog/archives/2015/11/friday_squid_bl_501.html#c6710671

FigureitoutNovember 13, 2015 9:55 PM

Godel // Clive Robinson // Mike Amling // r RE: ultrasonic infil/exfil
--For the paranoid amongst us, doing something that requires it, there should be minimal transducers in the vicinity or they can get noise but still are missing a lot of context. You can snip out speakers and mics of lots of electronics still, it's when they start getting too tiny and far too integrated into important chips where you destroy stuff where it's a guaranteed threat vector you can't easily remove.

Well, you can use transducers to hear things you shouldn't (audio rectification of RF, it's kind of complicated some of these scenarios, I can "hear" something like 27MHz CW signals w/ the sound system in my house), so what if some of these accelerometers can detect vibrations from voice too? So devices packed full of sensors w/ wifi radio and network connection like a smartphone have absolutely no place in a secure environment, remove battery and place in soundproof/shielded container if you need it. When they become too ubiquitous no one's safe anyway so we all suffer, attackers and all.

At the same time, it opens up a lot of pathways for data transfer...just saying...

Something that gets me is the BIOS "beep" codes. These are really useful when you're screwing around there. Snipping those speakers just cut out a big debugging tool, but leaving them in means a potential comms channel into a deep part of your PC. :/ I like my headphones but realize they're make a nice antenna...

Lots of buildings in the US are very poorly and cheaply built, no sound protection thru walls. To help sleep, practical attacks still would be fairly difficult w/ at least muffling some sound, and line of sight stuff like IR needs direct path in.

DannyNovember 13, 2015 10:06 PM

@Grauhut
'Jihadi John' aka Mohammed Emwazi, was a Brit from the age of 6, an IT salesman. British media were perhaps overly-triumphant when he met his much deserved drone yesterday. Others have been white British, but the subsequent paranoia these attacks breed is always racial, and as you said, those bullets always kill the wrong ones. I fear for my Afghani friend in London as much as my missing Iranian and Algerian pals in Paris.

I know not to expect any information from them anytime soon. My best pal survived the Bali bombing and he took days to get in contact, obviously had more important things to do and more important people to contact. I'll still be up all night swearing at the stupid TV anchors. The F24 one who just went off air was constantly asking if more people had died than in the Madrid bombing yet, like it was a national competition.


In a bit of light relief, and much more on topic, us Brit's are worried that we won't be able to afford our mass-surveillance - Cost concerns over web spying proposals.

No real debate here over the morality or worth of the 'Snoopers Charter', just quibbling about the cost.

GrauhutNovember 13, 2015 10:57 PM

@Figureitout: "Snipping those speakers just cut out a big debugging tool, but leaving them in means a potential comms channel into a deep part of your PC."

Out of your pc...

If i were a snooper, audio would be my very last line of offense. Lots of different chip sets and speaker / mic qualities, mostly no mic in a desktop. And the beeper would be my very last line. Morsing out data on audible frequencies is not the best idea i can imagine for successful apt espionage, audibility is not so a and kills the p. ;)

Wesley ParishNovember 14, 2015 1:49 AM

Well, at least we know that politicians still lie, and Ford's in his flitter, and all's right with the world ...

President François Hollande just said today that this was the worst mass killing since the Second World War. I thought there was something odd about that, and I checked up the Wikipedia page on French Algeria

ht tps://en.wikipedia.org/wiki/French_Algeria

After there was s riot following French gendarmerie opening fire on a parade celebrating the end of the war, 100 pieds noirs were killed

ht tps://en.wikipedia.org/wiki/S%C3%A9tif_and_Guelma_massacre

The French army retaliated harshly, resulting in the deaths of approximately 6,000 Algerians.
140 Parisians? Compared with 6000 Algerians at a time when Algeria was administered as a metropolitan department of France itself and not a mere possession? (for USians, a department's roughly the same as a state, with due representation, etc.)

GK Chesteron's got a poem on The World State, where he laments

The villas and the chapels where

I learned with little labour

The way to love my fellow man

And hate my next-door neighbour

I'd guess that's long been France's problem - more probably Europe's problem too - with their Arab and Muslim neighbours.

ianfNovember 14, 2015 3:25 AM


Wrote Grauhut “The Paris shootings, the Bataclan massacre showed again that security by SIGINT doesn't work.

That's not the only inference that has to be drawn from the most recent crisis. The larger one that no vocal member of the commentariat yet dares to make is that the West may be entering the age of recurring asymmetrical urban warfare. In fact, we have been living in it since the 2008 Mumbai attacks, only were too slow to notice (and, besides, that happened far out east, one shade of brown people killing another shade of brown people—excuse the cynicism).

There is no longer any doubt that the terrorists at large have discovered that unpredictable, randomly targeted and dispersed AK47+suicide-vest attacks against public venues in order to terrorize the population, rather than such to "avenge" some specific "wrongs" in specific places, give the most "bang" for their effort. Furthermore, such strategy makes it practically undetectable, undiscoverable in advance by security services as long as the intent and the planning is undertaken within the terrorist cell itself, and using direct analog means of coordination.

It is hardly a coincidence, that the dead/ attacker ratio yesterday in Paris (~15), and that in Mumbai (16.6), are similar, and that given the time scales of these 2 carnages, 3 hours vs. 3 days, the Paris one was much more "efficient" (as has been proved in the past, even gangsters are governed by the laws of resource allocation and maximized return on investment).

I was in Paris not that long ago, stayed in the 11th Arrondissement, near rue de Oberon, which I found extremely easygoing no less on account of two obviously "neighborhood dogs" let out to "air" themselves out and then returning to and waiting in front of their abodes until someone opened the downstairs door to let them back up the stairs to their apartments (twice in a day: never seen anything like that anywhere else).

    While walking around Paris for 3 days I couldn't but note, however, that in terms of potential targets, Paris must be a terrorist's wet dream. There are so many famous public places there filled at all times with tourists, sizable number of them young Americans, that it's a wonder no such asymmetrical warfare "events" had yet taken place. Even though, probably, these agora are better surveilled than random 11th Arr. ones, I wouldn't count on the police being able to stop an attack in progress there any faster than anywhere else. So what yesterday's attack teaches us is that venue doesn't matter, any place will do for the terror "purpose," and the lesser ones are just as "usable" as the Famous Landmarks.

This means a lot bigger problem for the government (any government) that up to today thought it being able to manage the "threat picture" against plausible, rationally-foreseeable potential urban targets. Because the only way in which such "faceless" warfare effectively could be contained would be for the laissez-faire democracies to turn themselves into fascist states. For which "solution" there are proponents within the right-wing/ surveillance-state-friendly parts of most any Western nation's populace. A state of permanent vigilance, population kept on its toes for external, internal and imaginary threats, just what Adolf Hitler had in mind for his German-dominated Europe. We have been warned, and there is no clear-cut return to day-before-2001/9/11 in sight… but we had better watch ourselves not to turn into our worst enemy, the one the terrorist set out to prove we've been all along (I know this sounds academic, but what else can I say in the circumstances?)

some guyNovember 14, 2015 6:07 AM

@ianf

Compare security against terrorism to IT security. It is not true that fascism is the only alternative to laissez-faire democracy in containing this kind of 'warfare' (which is indeed not that 'faceless' as you suggest, as the perpetrator made apparently no effort to disguise their background).

So, IT security: you can go the way of allowing absolute powers to a very small group of administrators, limiting all other users and applications to the bare minimum set of permissions they need to work, inspect and vet any application between allowing users to use it, restrict information access through encryption, inspect and log the actions of users and processes, filter and log their interactions, filter and log communication with the outside world, cryptographically ensure the identity of all actors, routinely hunt through your logs for suspicious behavior, and store the logs for future investigation. This I would call 'the fascist way to IT security'. It makes very easy for the few all-powerful administrators to kill offending processes, eradicate them permanently from the system, withhold or wipe sensitive information, as well as vet, control and ban undesirable users. Even so, no such IT system will ever be completely secure, as no fascist state is forever safe against revolutions.

But there is another effective approach to IT security, often discussed on this site. Any machine can be made perfectly stable and secure without any of the above measures by just air gapping it and only ever running your own trusted code on your own trusted data within your own trusted hardware. So, what to call an 'air gap' approach when translated to society? Some may say 'isolationist' or 'mono-cultural', or 'racist' even?

There are many precedents of a fascist system taking over society, as well as many precedents of 'isolationist' societies especially in the past. Incidentally, given the character of the problem we are confronting today, the mono-cultural solution would imply some form of cultural if not ethnic cleansing - for both of which there are plenty of precedents as well.

Because the fascist way is initially easier to paper over with nice words, and it offers ample opportunities for profit along the way, I have no doubt it is the direction that will be taken. It has already been taken actually, even though it may just be the beginnings. The open questions are about how rapidly and completely it will take over, and especially what will come after it when it will itself fall to a next revolution of some kind.

It would be sort of amusing if those who oppose a fascist turn were to suddenly embrace the anti-multicultural position. It is also amusing that both ways are commonly labeled as various flavors of right-wing politics, notwithstanding the fascist character of communist regimes, but this is too off topic on this site.

Bush/Cheney/Condi Warned: The Attacks Will Be SpectacularNovember 14, 2015 6:20 AM

To cover-up their shame, Bush/Cheney went secretly went nuts and took away Americans Constitutional liberties after the historic 9/11 tragedy. The truth is finally set to be released next month in a documentary.
The Iraqi war was a widely known as a mistake. The War on Terror has not stopped terrorist attacks at all. Yet citizens suspected of no wrong doing are now under mass surveillance, not as claimed for national security reasons, but primarily for profit.

As usual (JFK assassination) the 9/11 congressional investigation committees were misled by leaders withholding facts.
The White House was warned repeatedly by the CIA in the months leading up to the 9/11 attacks, and the Bush/Cheney/Condi team ignored them.
Now pathetically, even Dick Cheney wife(!) is attacking to deflect away from the imminent Showtime documentary. No wonder Cheney has suffered so many heart attacks, not being able to live with his grossly negligent leadership. The Bush family always said ‘just-ask-Dick’. He will know what to do.

How can anyone be 'loyal' given this insanity when National Security is ALWAYS used to cover up terrible decisions?

http://www.politico.com/magazine/story/2015/11/cia-directors-documentary-911-bush-213353

ianfNovember 14, 2015 6:40 AM


Listen, Wesley Parish, this may not be the best time & tactic to hold lying French politicians to account for past transgressions. We all know that their imperial dreams went south quite some time ago, and that plenty of Frenchmen still find unpalatable their defeats at Dien Bien Phu, and everywhere else in "theirs for eternity" North & Subsaharan Africa. But we shouldn't also forget that, once they felt which way decolonization winds were blowing, they had to fight their own right-wing OAS over leaving Algeria. In the meantime they managed to defeat the FNL there, the only Western power ever to subdue, if briefly, an urban guerrilla movement. Not for nothing is the neo-realist movie recreation of The Battle of Algiers, made a decade+ after the events, a staple at military counter-insurgency courses, and among the insurgents themselves.

And then, of course, is the French eagerness to play the first banana flute in world politics, which has made it pursue an iconoclastic pro-Arab position in a West that does anything but. The France with liberal immigration policy from the "French dominions" in tandem with palpable segregation of and second-class citizenship status of its non-whites. The same France that parades with "Touche Pas à Mon Copain" buttons, while herding these copains into easily check-point-separable banlieus outside city perimeters.

The conservative, but highly readable British author David Pryce-Jones (b. 1936) has written a polemic on the v. subject of “Betrayal: France, the Arabs, and the Jews” which tells the story of that particular French schizophrenia better than I could recount it here; there's also an hour-long audio uptake of a talk he had given in New York 2006 about it. Consult these first, then you can redirect your general anti-French ire towards more refined targets.


GK Chesteron's got a poem on The World State, where he laments” [inconclusive lament deleted]

Finally, as an aside to your "poetic conclusion," hear this about blog-trolldom (-trollery?) from a sage-in-dying:

    Indestructible microbial organisms, blog-trolls copulate with themselves constantly, producing offspring in the form of lethally insolent verbal tics. […] In right-wing postings, any attempt to express the argument in the form of a poem should be taken as an instruction to stop reading instantly.

    [earlier quoted instance, of]

FigureitoutNovember 14, 2015 7:09 AM

Grauhut
Out of your pc...
--How do you know for sure? And I know it's a stretch or there are generally vastly more "surefire" and easier attacks. And if you take security seriously you wouldn't leave a bunch of networked transducers in the vicinity of your setup.

Wael
--The "ju-jet" site didn't really load much w/ noscript...strike 1. Ok it was worth it to temp. allow it. Sweet! always something to buy lol. BUT, those LED's & 7-seg displays...hmmm...I'm being nitpicky/difficult lol...need to be in a dark[ened] room too lol since I didn't realize the DIODE would be so sh*tty and just a flashlight get 1.3V backwards (getting near 1.8 where you could maybe do some stuff...I'm curious of some kind of high energy laser though).

And I like the broken chinese english, but first one, know whatsup?--It cannot work in new motherboard designed which method used to solve the EMI problem and reduce system power dissipation.

CuriousNovember 14, 2015 7:27 AM

Not sure if this was mentioned in last weeks thread:

I like how UN privacy chief is said to have had a rebuttal against the notion of 'privacy' being a modern concept.

"UN privacy head slams 'worse than scary' UK surveillance bill"
http://www.theregister.co.uk/2015/11/10/un_privacy_head_slams_uk_surveillance_bill/

"The outspoken chief also accused "father of the internet" Vint Cerf of being "dumb" by claiming that modern privacy "may be an anomaly." The claim that anonymity only occurred in modern time with the move to big cities was "pure, undiluted rubbish," said Cannataci."

CuriousNovember 14, 2015 7:33 AM

"Code Name U.K. Probe Snowden Reporting Revealed: "Operation "Curable""
https://theintercept.com/2015/11/13/code-name-uk-probe-snowden-reporting-revealed-operation-curable/

"A secretive British police investigation focusing on journalists working with Edward Snowden’s leaked documents has been designated the code name “Operation Curable,” according to details newly obtained by The Intercept under the U.K.’s Freedom of Information Act."

"The Metropolitan Police first announced it had launched a criminal investigation related to the Snowden documents in August 2013. About four months later, in December 2013, the force’s then-assistant commissioner Cressida Dick acknowledged the investigation was looking at whether reporters at The Guardian had committed criminal offenses for their role in revealing British surveillance operations exposed in the leaked files."

DannyNovember 14, 2015 8:37 AM

Neither my Parisian pals or I use social media much, and I'm beginning to regret that a bit now. The Facebook 'safety check' feature would have been useful, the Twitter #rechercheparis less so - it's mainly people tweeting how heartbreaking the hashtag is. My Algerian friend 'Francified' his name once his first child was born "to stop all the dog shit put through the door", and I never realised until now just how common his new French name is. A Cambodian Parisian I know never actually told me her real-name as she said I'd not be able to pronounce it, just her French nickname. The Iranian surgeon who used to be the volunteer doctor at the Bataclan will be busy even if she wasn't there, but should be easier to track as I emailed her hospital - she commutes mid-week to her hospital in the north of France so they won't be too busy to answer.
French newspaper punters are already speculating this will help LePen defeat Hollande and whatever Republican, maybe, maybe not, but it's bound to bad for Merkel. The attack is allegedly linked to the recent arrest of a Montengro man in Germany with a car load of machine guns and explosives en route to Paris, according to the Bvarian governor.
The fire in the Calais jungle seems innocent though, a Sudanese man using a gas-heater in a tent.

Bob PaddockNovember 14, 2015 8:48 AM

For the use of Ultrasonic technology in 'Mind Control' look up the history of the Neurophone by Patrick Flanagan.

Most of the ramblings found on Internet are by people that have never used one and attribute things to the Neurophone that they did not do. The comments about influencing military brass where the model from the early 70's.

From my personal experience with a couple of different models the older model from the early 80's works best. You can put the transducers on your feet and 'hear' the audio in the center of your head.

The Parapsychology Foundation is running an all day class today (Saturday Nov/14/2015) with different speakers on WizIQ. Ed Mays is scheduled for 4PM EST. He ran the CIA's Remote Viewing Program.


"The Mind Has No Firewall", TIMOTHY L. THOMAS; Parameters, Spring 1998, pp. 84-92.

the Junior NSA cadets of CloudflareNovember 14, 2015 8:58 AM

Cloudflare, the idiots who fight the global war on Tor, have now decided on more centralized statist security. It just so happens that Big Brother can spy on you better but ithastobethatwaybecausethey're just, uh, er, keepingyousafe.

http://sockpuppet.org/blog/2015/01/15/against-dnssec/

Cloudflare 'protects' ISIS chatrooms but the government doesn't mind. Go figure.

NameNovember 14, 2015 9:23 AM

Topic: Ed Snowden made a mistake in selecting Glenn Greenwald to carry the NSA story forward. Is it time for a Discussion?

I believe Glenn Greenwald has taken the opportunity of a lifetime to improve the world, and instead used it as an opportunity for self-aggrandizement. His new company (Firstlook) and new publication (The Intercept_) have not fallen off the radar because they never even made it onto the radar in the first place. I suggest that Glenn Greenwald has failed as a journalist. Does this matter enough to talk about? I don't have an answer.

ianfNovember 14, 2015 9:27 AM


@ some guy, if you could streamline your "terrorism security is just like IT security" theory—hence manageable, perhaps even develop it further towards a general "asymmetric warfare can be predicted with elliptic crypto-curveball methods" one, then I could consider folding, spindling, and mutilating it. For a sample of that, hear this (sotto voce):

the fascist character of communist regimes

Fascist regimes rely on overt brute force to subdue its opponents and keep populations in check. Communist regimes use covert intimidation and peer pressure to participate in building of a just world to the same effect. Whether that represents a refinement of the same basic idea, or an entirely new one, is of no consequence. But one difference is telling: communist regimes send to a Gulag, or execute the writers; while fascist ones gas the readers. Some people, e.g. the Jews, appreciate the difference.

ianfNovember 14, 2015 10:00 AM


The "Name That Doesn't Have An Answer" believes that

(a) Ed Snowden made a mistake in selecting Glenn Greenwald to carry the NSA story forward.

    Certainly, given the long queue of better qualified/ braver journos standing at the ready to carry the torch… err, the NSA Extinguisher.
(b) Glenn Greenwald has taken the opportunity of a lifetime to improve the world, and instead used it as an opportunity for self-aggrandizement.

    Certainly, he should have taken his rôle in bringing this all out out of the picture including the Poitras picture. Preferably prostrated himself in front of… Something in penance for his shameless self-promotion riding on the coattails of Snowden. Happy?
That out of the way, I happen to believe that Ed Snowden should have written a parallel book himself, one that would have described the structure and reach of his materials, to be distributed freely to all. Simply because the journalists/ opinionmakers as general do not believe what they are told without reliance on some written/ published word.

rNovember 14, 2015 11:05 AM

@ianf,

In all fairness, mr. 'endsnow' may not even know everything his snapshot contains. If he did run wget against his employers he may not have had time to go through even 10% before realizing he had to be concerned about his own safety and the security of the documents he was exfiltrating. This could have easily led him down the road of locating a seemingly responsible person or persons he would have to outsource the massive responsibility to.

All in all, there may not be any structure to the documents other than what was initially mirrored ands his knowledge of the contents may be severely limited to the initial revelations that led to his decision to leave in the first place.

CallMeLateForSupperNovember 14, 2015 11:21 AM

FBI: "The allegation that we paid CMU $1M to hack into Tor is inaccurate”
http://arstechnica.com/tech-policy/2015/11/fbi-the-allegation-that-we-paid-cmu-1m-to-hack-into-tor-is-inaccurate/

Call me cynical, but my first thought upon reading the headline was, "I see; so the actual amount of payment totaled what?.. $900,000?"

I received an unexpected feel-good once into the article; the author noticed the wiggle-words and called it out: "For now, it's not clear from the FBI's statement which part is inaccurate: the specific payment amount or its involvement entirely."

It smells like the venerable ol' Non-Denial Denial[TM].

The finishing touch on this steaming pile is that both CMU and FBI have shut up and circled the wagons.

rNovember 14, 2015 11:27 AM

Oh, and back on the topic of ultrasonic user confirmation - this could be used by cell site similators to detect physical proximity of groups themselves.

rNovember 14, 2015 11:29 AM

@callmelate

Or - the million paid to CMU could've been out of Putin's pocket ands the FBI facilitated the transaction.

Gerard van VoorenNovember 14, 2015 11:47 AM

@ keiner - about the lies surrounding the US Iraq invasion,

That is old news. Just read Rumsfelds memo from 2001. See also https://en.wikipedia.org/wiki/Rationale_for_the_Iraq_War#Oil_a_factor_in_the_Iraq_war

The Iraq war was not a mistake. It was deliberate and it was about oil. The rest is all lies. Bush belongs behind bars as a war criminal but it's the victors who carry out the executions. If you want to know a bit more about it, go watch Fair Game (2010). Then you can see the whole show of lying, manipulating and cheating again.

WaelNovember 14, 2015 12:16 PM

@Nick P, @Clive Robinson,

Interesting write-up on how transistors

I must have missed this one. I'll mark it for later reading, although I doubt he'll say something I'm not aware of. How's that for arrogance :) Oh, on a first glance I wasn't aware that the transistor was invented by:

The transistor was invented around 1923, by physicist Dr. J. Edgar Lilienfel

I like this comment, too:

The truth will set you free ...but first it will piss you off! -anon

Nick PNovember 14, 2015 12:30 PM

@ Wael

"I'll mark it for later reading"

Aight.

"How's that for arrogance :) "

You gotta crank out some full-custom circuits at 28nm... that work... before you can be arrogant. :P

B613November 14, 2015 12:49 PM

@ianf

Some good thoughts, and it is good you are thinking about these matters. However, some counter-points.

The larger one that no vocal member of the commentariat yet dares to make is that the West may be entering the age of recurring asymmetrical urban warfare. In fact, we have been living in it since the 2008 Mumbai attacks, only were too slow to notice (and, besides, that happened far out east, one shade of brown people killing another shade of brown people—excuse the cynicism).
There is no longer any doubt that the terrorists at large have discovered that unpredictable, randomly targeted and dispersed AK47+suicide-vest attacks against public venues in order to terrorize the population, rather than such to "avenge" some specific "wrongs" in specific places, give the most "bang" for their effort.

I think that this tactic works very well for France, as we saw with this series of attacks and last year's attack on the magazine. It also worked, as you stated, a few years ago in Mumbai.

However, this indicates a significant problem with France and Mumbai its' self. You do not see these sorts of attacks in the UK, for instance, and not in the US.

(The US does have a problem with "mass murderers". But statistically these are minute, and the conditions are entirely different. There are criminal mass murders here which are actually frequent, then the headline head cases.)

I am surprised ISIS has not struck the US yet, however. This is certainly a matter of time. However, their best tactic is not this sort here. There are many possible reasons for this. One is that we do have a significantly armed population. Two is that the Muslim community has significant pressure on them from both the populace and the authorities. This is a specific kind of pressure, too. They can wear head scarves and be accepted. But they will not be accepted for encouraging religious violence. So there is this understanding. A sort of respect. But there is also fear involved. America does have a very high rate of violent crime.

America also has a very high per capita number of armed police officers.

And the population is often very armed. (My own self, I do not carry nor own a gun. I do always carry an OTF automatic knife. I know the human arterial system very well. I know how to hit an artery so it is not apparent to anyone else in the vicinity, or how to hit an artery so at the next heart beat it shoots out fifteen feet. However, the knife is not required for that, a pencil or pen or spoon or practically anything could be used. The knife is simply for EDC and as a deterrent in worst case scenario, or to be seen as worn as an entry deterrent. If there was gun fighting significant in the streets, I would change to a 22 low powder zip gun with integral suppressor, multiple cartridge chamber, low profile. Easy take down. If it got very severe, well, then you have to use strong polymers, ceramics, and a 3d printer to make something a little more effective. These conditions, of course, are highly unlikely here.)

The US also has significant national guard, veterans, military. And, again, everyone is armed.

I do not like to say that the often very unlawful and surely questionable practices of significant investigations and surveillance on Muslim communities here has been an effective deterrent. Inherently, I would tend to think this is actually a waste of resources. I would also not like to say that having a very heavy per capita of police and military is an effective deterrent. Nor a very heavily armed populace. Nor the substantial, heavily armed criminal gangs and other criminal elements.

I actually believe the most profound deterrent has been not challenging them on anything but encouraging violence, financially or vocally supporting violent Islamists. And having a very high degree of willingness to accept them as they are, befriend them, work along side them.

Unfortunately, what we "like to think" and "what actually is effective" may not always be in line.

I do expect ISIS to strike, eventually, in the US, but probably by a more sneaky means. Certainly, as we have seen with our mass murderers that are unbalanced, there is a significant capacity of a lone Islamist gunman. The problem is a collection of Muslims with fully automatic weapons, the capacity to alter those weapons to fully automatic, the capacity to recruit, communicate covertly, and plan such attacks -- these are all choke points US heavily is focused on.

They would likely be caught at these following choke points: the recruiting and general loud "chatter" involved in supporting violent Islamism; the pattern of gun purchase of specific types in Muslim dominate community; the pattern of covert communication set up and usage, including purchase and download; the loudness of a group of serious Islamists who would keep themselves separate and close apart from other Muslims and the rest of society; staking out, planning to hit major population points.

I wish I could make such an analysis of, say, UK, Taiwan, Germany, or wherever. Unfortunately, not my areas. I am also not certain what conditions enable this fully in France. However, certainly, as some posters pointed out allowing French citizens to go and join violent Sunni groups in the Middle East and then return - in the hundreds - is certainly absolutely not allowed in the US.

That is seriously asking for a problem.

Secondarily, there is already a very critical war going on.

Everyone should understand this.

The "front" is all over the Middle East. It is involving Shia versus Sunni, with Europe, America, Russia, China all involved. It is in Iraq, in Syria, Lebanon, Jordan, Yemen, and really all over the region. Israel is heavily involved and a major factor. Afghanistan is another major front. But, these very deep cracks spread far and wide.

The Jade Helmet exercise was put into action recently. The US has "boots on the ground". They have sent in significant special forces. This is trivial to escalate, and the chance for significant escalation is very high.

Containment is absolutely a major strategy.

Iran is a major player in this. They are intentionally sandwiched. Saudi Arabia is a "friend", in quotes. They are also intentionally sandwiched. This is all by design.

It is a powder keg, and the probability of very fast, hard, global escalation is extremely high. That could come from a very wide variety of elements.

Attacks like these on US shores would absolutely ensure entirely ruthless support of the majority of the American people. The actions the US are taking in these areas are already ruthless and consistent. A hospital was attacked, with every appearance of being intentional, just a few weeks ago, for instance. Jihadi John was highly likely splattered just yesterday. The defense industry is just longing to get the American people serious about severe intervention. But, the political and diplomatic situation is extremely fragile and continuing to show some degrees of progress.

I won't even begin to go on here on "why" these factors would mean a very low liklihood of significant gun play in the streets of America of some Sunni Muslims betraying the country and their own prospering communities to go against: armed citizen populace sore from Pearl Harbor AND 911, African American gangs, Hispanic Gangs including significant cartel presence, US police, US Military, fellow Muslims abhorred by their behavior. Further, these communities are self-segregated. Which is very weak, strategically.

And they would have in their mind significant and ruthless efforts resulting from their actions which probably would not stop until only one nation there was left standing. Psychologically, emotionally, that tends to be destabilizing.

Even, finally -- there is already significant asymettric gun fighting going on and it has been for years. Not in the UK. In the US. In Mexico. In Brazil. In Eastern Europe. In Africa. On, and on, and on we can go there.

'Islamists using dogs for tactics'

Hard line Sunni Islamists abhor dogs. They will not go into house where the owners have dogs.

Dogs are haram.

'fascist reactions'

Islamists are extreme fascists. More fascist then Hitler or Stalin. These actions are racist, their beliefs are deeply racist. Their majority nations are deeply racist and extremely low in diversity. You have a very high chance of being jailed, tortured, killed, attacked just for being white. It is bigoted on far deeper levels these just these.

I do not like fascism. I do not like fascist moves by Western nations. I do not like fascism in fundamentalist Christianity. I do not like Neo-Nazi fascism, I do not like extreme left fascism.

I am a bigot against bigots only. They make my blood boil.

Otherwise, I am as liberal, laid back as a hippy as a person can get.

But fascism in democracies is an everyday problem. There is advance always being made.

Escalation in democratic nations does not enhance that threat only because the conditions are so incredibly volatile, everyone would be much too busy focusing on ruthless and indiscriminate murdering in the Middle East, Islamist parts of Asia and the South pacific, Islamist parts of Asia, and North Africa.

You are then talking about significant bloodshed. Asymmetric warfare already very present in many of those areas would certainly increase. But you are also talking vast increase in drones, troops, tanks, missiles, and so on and so on.

Personally, I do not believe such violence would be "the answer". It does not change hearts and minds which is absolutely necessary there. But, it does work with "the answer" as "the stick" to the "carrot and the stick", "reward or punishment", "the road to destruction or life".

That is simply the state of things and realities, as grim as they may be.

some guyNovember 14, 2015 12:50 PM

@ianf
I don't see how elliptic curves or debating whether 'fascist' applies to communist regimes add anything to my parallel between alternative security approaches to IT and terrorism.

VilmosNovember 14, 2015 1:01 PM

We were in Korcula (the island just south of Hvar) in 1974 and mother ordered squid. It took something like two hours to get her food. We were joking that they just went out to sea to catch some. Now I know better. They just went over to Hvar to have *THEM* catch some. This is the incontrovertible proof how middlemen (and middlewomen) can slow down things. :-)

Vilmos

ianfNovember 14, 2015 1:12 PM


Ruminative speculations on operational security of BBC Peter Taylor interviewing ex-NSA Edward Snowden in Moscow (OpSec Spec in mil.speak; оперативные спекуляции безопасности in FSB.speak ;-))

This is 10k text TL;DR long, so IGNORE.

The BBC Panorama half-hour Spies and the Law program first emitted 5 October 2015, and still viewable on iPlayer in the UK.

[“Italic parts verbatim,” the rest is my film-technical commentary fleshed out by indirect later corroboration from Lena Sundqvist's DN piece]. This was the first lengthy filmed interview that Ed granted a British medium, all in the wake of emerging details of GCHQ's fingers—and worse—in the privacy cookie jar. [2013 video in The Guardian].

Peter Taylor (=PT) in a taxi from the airport (probably later/ recreated footage): Interview took months to arrange. We were told to “check in and provide a room number

Observe: provide, method unstated, but probably not via a cell phone. The Swedes were instructed to leave their mobiles behind while waiting to be picked up in a hotel bar. Their interview also took months to arrange, most probably through The Right Livelihood Foundation that awarded Edward Snowden (=ES) the "alternative Nobel prize" last year, and whose 2 representatives chaperoned the reporter and the photographer during their 5 hour long interview (complete with medium-rare room service!)

Still in the taxi, PT talks about Edward's background in the CIA, NSA, then working for a private NSA-contractor, shows the picture of Ed with Gen. Hayden in tuxedos in happier times, just two spooks of a vaguely proud father of son and son type having commemorative "memory wall" picture taken .

A picture of the Metropol Hotel's façade is shown, so that's probably not where the meeting/filming took place. A b/w static picture of the filming rigs, tripod, lightning, seating also flashes briefly, but is too inconclusive to draw any inferences from. This filming required at least a 3 man crew, and a sizeable amount of gear to make the room into a film studio. Judging by the credits, there were local Russian cameraman and sound operator, hired from the BBC's pool of local film talent (every newsy major city has one such). Wouldn't think they were told in advance who were they filming that day (did ES have a say in how they were instructed/ misinformed? Possibly).

The lightning was artificial, which meant the need to cover the windows, and to ensure an interrupted (thus not circuit overloading!) amount of electrical juice (in normal cases all critical filming is done with own el-generators whether local electricity supply can be counted on or not. Hardly in this case, though, which means that one of the crew must've been knowledgeable enough to decide what effect safely could be drawn… probably used compact, low voltage LED arrays here). All filming was done against a black background, the importance of which will transpire later.

ES enters the room from what looks like a hotel stairwell, but could well be a recreated, disinformative maneuver. Most probably there were other people involved in checking out the situation, and the hotel room disclosed only in the last minute.

ES: “I was an Infrastructure analyst with a PRIV AC access” [spells it as 2 words], that means there was nowhere that I couldn't get.

OBSERVE: a 30-year old with mere 7 years on the job given the keys to the universe.

With an email address, he could find everything about that person, starting with reading all the mail.

Gradually grew more and more suspicious of the harm from mass surveillance. It's not he, who should have to decide [what/who to watch], but the public… and, it's the journalists who are people's representatives who decide the public interest.

At some point he saw himself in a “orange jump suit in isolation on Guantanano.”

Fairly quickly, the questions move to for British viewers more prescient subject of GCHQ. It is basically “a subsidiary of the NSA.” Funded, etc. in exchange for the product.

At 10 minutes in of this 30 minute session, in response to some off-camera question, ES waves iPhone5 and declares what the NSA/ GCHQ can do to it remotely, the names of control payloads (PT looks up their names, reads from some papers in his lap, which are below the frame - some "manual?") This part can be seen in a 1m video on BBC News' website, which describes the interview.
http://www.bbc.com/news/uk-34444233

  • Dreamy Smurf - power on/off
  • Nosey Smurf - hot-micking
  • Tracker Smurf - geolocation
  • Paranoid Smurf - to obfuscate any attempts at post-invasion analysis

Surveillance via a smartphone is basically “a target too tempting to ignore” for the intelligence community.

Mentions CNE, Computer Network Exploitation, how the key Pakistani network CISCO routers were pwned. The so compromised companies lose the trust of their customers, have to ask themselves who do they work for, customers or the government. PT does not inquire further how CISCO reacted or rectified the damage.

PT mentions the Investigatory Powers Bill now moving through the UK Parliament. ES has opinions on “the structure of oversight, both members of parliament and the public should be able to verify… and those that violate that trust should be held responsible to account. […] Under PRISM companies were legally obliged to reveal…. (rubber stamp court)

"There's no way to know" what NSA shares with GCHQ and vice-versa.

The impossibility of state-mandated back doors… “if a company accepts requests from one government, it will have to provide the same to other governments” (e.g. China on request).

At [18m in] the discussion veers towards ES' most vocal detractor, former NSA director Michael Hayden. “Who does M. H. serve?

PT: Are you a traitor?
ES: Whom did I betray?

ES will consider a plea bargain, volunteer to stand trial, but “not as deterrent for future whistleblowers” (being spies)

PT: Isn't it ironic that you, a defender of freedom is now living in Russia?

ES applied for asylum in 21 countries, most simply ignored it. Would return home tomorrow if the government was reasonable. So far “they only promised they won't torture me, which is a start”. But there's progress, no longer does Eric Holder speak of me having blood on my hands, as he did in 2013. I'm waiting to hear from them.

PT asks an important, hitherto unasked question about how does Snowden support himself.

ESmade an extraordinary amount of money,” brought it all out with him. How? In cash. How much was it?

ES would rather not say it as he probably violated some customs declarations.

    DIGRESSION: assuming ES was paid, say $70k/ year for 7 years, and managed to save, say $250k to bring out with him, together with other savings etc totaling double of that, it's too much cash to be carrying through the airports, etc, even in the highest $100 denomination bills (acquiring highest $1000 to $10000 bills that are no longer issued, but still valid, would have drawn too much attention to himself). So he probably arranged some iron letter of credit with a non-American (Overseas H-K Chinese?) bank from which he now draws the funds. A bank that he researched thoroughly in advance, that wouldn't budge to U.S. pressure & gladly accept his half a $M for interest-bearing storage. Moscow is not a cheap place to live for a foreigner, but I'd think that $5-6k/ month buys him a comfortable existence there. Judging by that, his cost of living is probably ~85k/ year, and now that he works for the Freedom of the Press Foundation, he gets his basic needs covered.

PT about the quid-pro-quo with the FSB, he's a golden asset on their doorstep.

ES Of course they talked to me in the airport, but I came out of H-K bringing no information with me. “I burned my life to the ground to fight surveillance, why would I now contribute to more of the kind? “The only way to protect oneself is simply not to know the answers

ES regrets didn't come forward earlier.

Does he feel like a marked man? As a marked man “you don't have to think about tomorrow… if I'm gone, I'm OK with that, I feel blessed

That was it, long credits roll, tens of names involved. Not mentioned in the interview: his parents, girlfriend joining up, stupid stateside harassment of, contacts with other journalists. Most probably agreed upon off camera.

TECHNICAL: judging by the number of transitions and cuts, the filming took at least one, probably more hours, due to the need to transform the room into a film studio. The noddies were added separately later (noddies are shots of the interviewer asking the question, or nodding knowingly and cut in to interspace otherwise single talking head on the screen). It could well be that the noddies were filmed first in London after all the material has been screened and assembled. Hence the black background and the same as in Moscow light angle, intensity and color/ temperature which permits such later takes. I rather don't think they kept ES on the site for longer than necessary.

[The BBC Panorama interview aired in the UK a month ago, and on the BBC World (European) channel in week of 11 October, but only now could I find time to finish the above. My bad.]

B613November 14, 2015 1:18 PM

"Name" wrote:

Topic: Ed Snowden made a mistake in selecting Glenn Greenwald to carry the NSA story forward. Is it time for a Discussion?

I believe Glenn Greenwald has taken the opportunity of a lifetime to improve the world, and instead used it as an opportunity for self-aggrandizement. His new company (Firstlook) and new publication (The Intercept_) have not fallen off the radar because they never even made it onto the radar in the first place. I suggest that Glenn Greenwald has failed as a journalist. Does this matter enough to talk about? I don't have an answer.

Not really worth responding to. The Intercept has been frequently quoted in the mass media. I certainly do not agree with all of Greenwald's personal views, but his capacity for propagation of "the message" and consistency of it is very strong.

Frankly, if you wish to argue Snowden, with a more substantial argument like "he is a traitor", feel free to fire away. But, you would get knee capped. And, you don't even know for sure if there was not a US counterintelligence operation involved in all of that, either.

If you think that is impossible and astronomically unlikely, then you know nothing about what some elements here are very capable of.

Bob Paddock wrote:
I appreciate a strong diversity of opinion, and do not scorn even the incredibly implausible. Indeed, I live in such a state. All the time. And, a major favorite motto of mine is, "Magic is simply as yet unknown technology".

However, controlling the minds and hearts of men usually involves different technology. Much of this technology is very observable and well documented, albeit in usually obscure corners.

The "technology" however, is not the real factor here. What people do not realize is that power is not in the public faces you see. Usually. But behind the scenes. The pundits say one thing, think one thing, and are motivated in one way. But those who control them behind the scenes have them as duped puppets for their own agendas, very often entirely not what they think they are working for and doing. That is the reality of how government really works. And by "government" I do absolutely also means even non-governmental forces but controlling influences of the population as well, including artistic, business, scientific, social, cinema, media, and so on.

Technically, the material is rich but arcane. Which is why your average wannabe controller of others is so horrible at it. The single best place to look is at the late and greater pillar behind most modern highly powerful methodologies: the works of Milton H Erickson. I see even supposedly psy ops saavy groups like GCHQ quote NLP pundits and feel disgust and humor. Not that there are not some jewels there in NLP and NLP ripped off tech, but the baubles to jewel ratio is like metal detecting on a beach no one has ever used. Very, very low. Better bet otherwise are then following up on effective ericksonian therapists. Then, digging into the latest and greatest from cognitive behavioral psychology and neuroscience. Mix in there darker, well documented methodologies, some from even seemly absurd books like the 'the Laws of Power' and 'the Laws of Seduction'. I have run across some effective books even with absurd titles that cater to wannabe psy ops kiddos. Sun Tzu is also required reading. But, there is much else.

As for the supernatural, people tend to know much, and nothing at all. A good way of saying it, metaphorically, was in the novel "Monster". People forget "magic" because the "magic" portion of their brains is so shrunken.

I could be sarcastic.


B613November 14, 2015 2:13 PM

@Clive Robinson

It's interesting to note that it's the "marketing industry" that used the --Supposed-- BadBIOS communication idea before the ordinary cyber-crooks... Kind of proving a point I made around nine or ten years ago --rather forcefully over on the Cambridge Comb labs blog-- about BotNet herders not realy knowing how to monetize their "assets".
I wonder what other TAO etc technology the "marketing industry" might have adopted as well...

It is an interesting development. I do consider that technique as more "far flung" then the more everyday methods. Many of these companies have already set up and positioned themselves strongly for significant "cross device" attribution and information gathering. Sooner or later the value of that data is just too much for them to ignore.

CISA offers the possibility for some of these firms to store all user data "for security purposes". This can contradict all other regulations from governmental to corporate to specific client based. Regardless, any company daring to do this would have to keep quiet about it and guard that carefully.

I hate to say it, but when reading the Binney article about how bad ass the NSA is because they have a yearly budget of 18 billion dollars a year, I almost laughed out loud.

The yearly revenue of, for instance, the top ten Global 500 firms:
https://en.wikipedia.org/wiki/Fortune_Global_500

500 billion dollars down to 200 billion dollars.

And you can go very, very far down the line into the top 1000 firms, which will still be billion dollar revenue firms. Never mind all the global corporations who are capable of hiding their extensive, scary revenue.

The NSA does not have the strict parameters afforded to corporations. They have no auditing. Results are not a priority in most of their areas. Deep vested interest is laughable. They have significant hiring out to contractors who price gouge them.

Where do the vast majority of seriously brilliant computer security researchers work? The NSA? That would be laughable. No, Fortune 1000 firms.

Cloud is everywhere, meaning centralized data. Unified accounts across systems is the norm. Lose your google account, you probably lose your email account, your smartphone, your system. An attacker can remotely load and control your devices. And such an attack could be as simple as a XSS on a far flung google.com domain. Likewise, Microsoft, Apple, and so on.

China has been aggressively TAO'ing their products, from smart phones to tablets to even stuff like laptops and digital picture stands.

You have firmware, impossible to remove spyware on massively popular products. All Chinese handsets might as well be cloned and walking bugs for their government and industry, which are entirely the same thing.

Much of these spyware probably have dual purpose. Very many are significantly and clearly material related. Your cheap tablet sends all your data to a company.

Offshoring removes regulations. Offshoring data is surely a likely future. All those worker progressive moves in America and Europe over decades? Corporations ended up firing all the workers and moving everything to slave shops in China and the Pacific.

Nobody knew about PRISM. We watchers probably all guessed. Why was Skype not end to end? Why was none of these products out there not end to end?

Even many top execs at those companies swore up and down it wasn't them. Maybe they are lying and playing spy. Maybe they really did not know. Getting agents into companies is trivial as faking a solid resume. Not exactly a legend that would pass foreign intelligence scrutiny -- it would never need to. Fortune 500 firms routinely discover top executives lied about even having college degrees at all.

Supply side security is abysmal. Albeit, many hardware products are made at the very same firms, and usually a big portion of the business of these firms are government. Yes, they make Dells and HP side by side with US missile boards. Different room, yes, same workers.

And for this matter, where are the "we found it here is what the Americans were doing" reports from the TAO disclosures? Where are the scary, subtle hardware taps in consumer and business devices? Counterintelligence is being quiet. Or absent. Russia and China, why should they get serious about scouring for such things, when they can be making money from their jobs? Serious money.

Shaking down their domestic businesses.

Hanging out with their mistresses and boys. Luxuriating at high cost clubs and boasting about crap they did in the 90s.

If a corporation decides to put something on their boards that makes surveillance super easy, they could do it for their own interests, their government interests, or both. And no one would know. You will have to start having consumer groups taking everything apart and trying to figure out where the bug is. And they probably would find stuff that is useless unless accompanied with the firmware. Then there is the ever ubiquitous backdoor that is entirely unseen and even if detected is absolutely plausibly deniable: the intentional security vulnerabilities well designed to be significantly hard to find and critical, remote, complete system/root compromise. Like the bug in the Moscow Embassy seal that evaded all normal detection methods.

DannyNovember 14, 2015 2:47 PM

@B613
"Islamists are extreme fascists." Would you use the phase "Christianists are extreme fascists"? Or would deny the Lord's Resistance Army are extreme fascists? And maybe on or two US generals.
I referred to my Parisian pals as Algerian, Iranian and Cambodian, and they would be horrified if they read this - they are 100% French. I mentioned their racial background because right-wing French racists noticeably always did. The 'Algerian' came to Paris as a child after his communist grandfather shot an Imam and himself is a devotee only of Satre. My Iranian ex came there as a 17 year old when the Mullahs took over Iran, put herself through a decade of medical training by working other jobs, was previously engaged to a Jew, and drank a single glass of red wine every meal. The Cambodian hated Cambodia and other Cambodians for the madness and slaughter your country and my country induced there. They are 100% Parisian, typical Parisians too. Chic, smart, secular, tolerant, intelligent. Yet even if they haven't suffered from these Daesh attacks, they already suffered from a wider-French racism.

Paris is a strange city, under siege by English language and English culture thanks to the USA more than England. The rich people in the centre dislike the people in the suburbs, and they dislike the country folk, and the country folk hate English speakers. If you are English or American, then never, ever approach a train-station booth with an English or American flag, it's a trap! The counter staff will delight in abusing you. White Scots and White Irish sometimes get a free pass, some serious hospitality in the French country, because we are not English but not in Paris. In Paris you have to speak French far better than the President does. White France was proud of treating it's colonies as equals in law, but never in actuality. My Algerian descended existentialist pal was a professor at the Sorbonne, but when we hitch-hiked to his cottage south of the city he relied on me stopping the cars.

Only one of these attackers is actually French it seems by the latest reports, that is hopeful it's just an intelligence failure. Something else that cheered me up was while scouring the images and videos in vain for a familiar face, I did notice a familiar attitude. One young man walking calmly away from the shooting, smoking a cigarette and his arm wrapped around his girl, utterly bored. That's my Paris. Another scene with the walking wounded wrapped in those gold-silver blankets, and a teenage woman and turned her metallic blanket into a mini-skirt, and a young man had turned his into a scarf. That's my Paris.

B613November 14, 2015 3:59 PM

@"some guy"

But there is another effective approach to IT security, often discussed on this site. Any machine can be made perfectly stable and secure without any of the above measures by just air gapping it and only ever running your own trusted code on your own trusted data within your own trusted hardware. So, what to call an 'air gap' approach when translated to society? Some may say 'isolationist' or 'mono-cultural', or 'racist' even?

So, these are not the best methods to secure your communications. So, the metaphor fails here.

The major flaw is nothing is ever trusted. Never trust anyone or anything. Assume, always, compromise. Always assume 24/7 surveillance. Video and audio.

So, you married your high school love. You only associate with blood relatives and folks you went to high school with. Trust, then? For what? If you all work in security and went to a security school since you were twelve that sort will always be gaming each other.

Maybe they won't screw anyone else, or stab you in the back. But they would be gaming you.

If not, they don't work in security, and certainly did not grow up in it.

More likely you work around people you met a few years ago, at best. You probably met your spouse a couple of years ago. Maybe a decade. You really have no idea who anyone really is, though.

Check records. Like OPM? Or death records? School records? Meet their parents? Ever live with them? Met their high school friends or old friends? So everyone says to you.

But, whatever, it takes to get a bit more untrusting. Binney, in his reddit interview pointed out he doesn't trust any software. Why should you?

He is probably far more trusting with people. But that is his side of things. If there were people like Binney on the human side of things, you think they would say you can trust people? Hardware? Software?

And hey, life is not worth living without people you trust. So do not get me wrong. I trust and love and am trusted and loved. But, we don't ever say anything anywhere. And when we ever say anything, it isn't anything anyone else could prove.

Anyway, to the technical details. I am often vague, cause it could pinpoint my identity. But, in short, there is a security and usability ratio. You can have very high usability in extremely diverse environments and extremely high security at the very same time.

Believing that is impossible is removing the goal every security person should have. Fasicsm or security? No fascism, strong security.

Secondly, I really see IT Security folks, especially CND sorts or ex-CND, but others that worked in a very anal environment who throw personal, realistic risk analysis out the window.

Crazy enough, everyday people actually do really solid risk analysis frequently - not always, of course - in regards to their communications security.

IT Security people should do far better then they do. But too often they build fascist, impenetrable systems. Then they go and tell everyone about, as if challenging their threat people to see what they went through so much trouble for.

Want to know one of the most scary effective ways for totalitarian nations to find their dissidents?

Easy. Do entropy analysis on communications across the populace, and set up other chokepoints: to put on a list those who rely on encryption and other secure communications tools and services.

Want to know how cops and many in physical security pinpoint threats right off? Easy. The ones most wary of them. With most they couldn't scream it right off any better if they tried.

Now, there are two other animals who do this, either are sophisticated: 1) they use uber communications security and don't actually have anything to hide. They get off on that. A mystery wrapped in an enigma. 2) the sort whose job it is to get people interested in them. There are far more then these sorts then you might think.

In all of this? The metaphor remains 1 on 1. You can have a diverse, heart based society that is merciful in their views of others and also has very strong security.

That is really everyone's goal, already. And there are enormous edifices built to hold that up.

ianfNovember 14, 2015 5:29 PM


@ rrrrrrrrrrrrIn all fairness, mr. 'endsnow' may not even know everything his snapshot contains.”

Quite, I don't think he knew, not the rumored 1.7M documents he supposedly had access to (probably a projected figure of those the NSA most feared of being leaked—they don't seem to know the extent of that either. Which means he knew how to remove all traces of his looking where he wasn't supposed to look WHILE he was looking. It's not that hard to do if you are a Unix wizard.)

But that's not the book that I'm talking about. His intended target group, journalists and opinion makers, are pretty good at validating claims in specific data troves, than at finding the red threads there. For that reason alone he should simply have taken somebody already deceased (of natural, non-security related causes) and written up the history of NSA's insight into that person's private life. Pour épater les bougeois. Or something similarly straightforward to serve as both an appetizer and a sampler of greater riches inside. Because relying on just a single conduit to the outside world, Glenn Greenwald, came with its own potential risk of not getting there. That's why I believe he should have had something in writing, at least a manifest of why he's doing what he's doing prepared (on air-gaped laptop ;-)) in advance. He's well spoken, has all his mental facilities intact, but, alas, is not a "writing man." Pity, Emile Zola would have had a thing or two to say to him.

If he did run wget against his employers he may not have had time to go through even 10% before realizing he had to be concerned about his own safety and the security of the documents he was exfiltrating.

We don't know how he g.r.a.d.u.a.l.l.y became concerned, how one thought led to another, how he went about gathering the data trove, and what security measures he took. Unless he gets pardoned and lives to tell the tale in a huge memoir of his own in 30 years' time, we (our descendants) may never know. We can be sure of only one thing, that his activity didn't ring a bell anywhere, or he'd have been facing the patriotic boys in black. The rest of his OPSEC can only be speculated upon, and Ed surely isn't telling.

DanielNovember 14, 2015 5:32 PM

Never, ever let a crisis go to waste.

Who is to blame for the recent Paris terror attracts...right there on the front page of Yahoo.com?

Why Tor, of course.

https://news.yahoo.com/paris-attacks-show-u-s--surveillance-of-islamic-state-may-be--going-dark-203103709.html#

Over the past year, current and former intelligence officials tell Yahoo News, IS terror suspects have moved to increasingly sophisticated methods of encrypted communications, using new software such as Tor, that intelligence agencies are having difficulty penetrating — a switch that some officials say was accelerated by the disclosures of former NSA contractor Edward Snowden

ianfNovember 14, 2015 5:40 PM


@ B613

[waste of space][more waste of space]

Good luck with your armed US population when an autonomous ISIS-like group of pissed-off natives decides to strike in force as in Mumbai and Paris. In the final tally, more people will have been shot by "first armed responders" than by the terrorists. Unless, of course, the targets are of type where guns are unlikely to be found, I don't know, ballet studios, Lamaze classes? Hey, there's a commercial oppo right here: "Birthing while packing" @ The Learning Annex. Patent it, become a mogul on my dime.

PS. this is a forum for exchanges of informed, preferably c.o.n.c.i.s.e opinion, not for some stream-of-consciousness effluence. We already know you can type.


@ some guy

I know you can't see, that's why you try envisioning "alternative approaches to terror security" based on "IT security." Because asymmetric warfare can be air-gaped, too. If only the terrorists play the elliptic crypto curveball game as is expected of them. [More waste of time.]

Clive RobinsonNovember 14, 2015 5:53 PM

@ Curious,

... the force’s then-assistant commissioner Cressida Dick acknowledged the investigation was looking at whether reporters at The Guardian had committed criminal offenses

Cressida Dick... by her poor managment was responsible for the disgraceful shooting of the Brazilian Electrician on the London Underground. For some reason despite her obvious failings she eas exonerated and promoted (some say for "keeping her mouth shut").

The Guardian newspaper pointed out her incompetence in various ways in quite some detail. Thus it should have been clear to any sensible person that she would be incapable of having the required level of impartiality, thus should never under any circumstances have any such involvment in an investigating any newspaper especially the Guardian...

However, with many senior Met Police officers having "financial and other" involvments with Rupert "the bear faced lier" Murdoch's News Corp UK subsiduary papers that were guilty of "phone hacking" it would be difficult to find a senior Met Police Officer who was not "tainted". So I guess in her case it was a case of "last --police-- man standing"...

Samual AdamsNovember 14, 2015 6:02 PM

@ ianf said: "We can be sure of only one thing, that his activity didn't ring a bell anywhere, or he'd have been facing the patriotic boys in black. The rest of his OPSEC can only be speculated upon, and Ed surely isn't telling."

I think it didn't ring a bell because those published are PDFs of instruction manuals, overview documents, and design briefings that are of no real use to someones trying to reconstruct the systems built to services. Those PDFs are not top dollar assets according to security and he was probably the one in charge of administrating such files, which matched his skillset.

B613November 14, 2015 6:34 PM

@Danny

"Islamists are extreme fascists." Would you use the phase "Christianists are extreme fascists"? Or would deny the Lord's Resistance Army are extreme fascists? And maybe on or two US generals.

Dude, okay, maybe I defined this in another post. Note: No relation to the "some guy" I see also arguing the spectrum of fascists with someone else.

To be clear: "Islamist" is not slang for "Muslim". "Islamist" is slang for "fundamentalist Muslim". More specifically, usually, for "fundamentalist Sunni Muslim who advocates violence against others because they are not also Sunni Muslim".

They certainly are "fascist". Not by the literal "fascist" movement of Italy, but by today's slang.

While "arab" roots are heavy in Sunni Islam, saying an Islamist is a person of a singular - or even "dark" - race is absurd.

Nothing to do with race. Everyone knows it.

America is actually the most diverse nation on the planet. It is not at all like what you may see on tv.

In the current area where I live, probably 80% of the population is first generation immigrant. Very many are Muslim. We have girls go to school with head scarves, guys walking the street with sandals and robes, even women and girls that wear the full body covering. Nobody thinks twice about anyone for that.

I don't know what I think about France's forced secularism. In general, I am certainly against it.

If someone wants to be an Islamist here, as long as they do not advocate violence, everyone is deeply supportive.

Through my decades of work, I have usually worked with a very high percentage of people from "all over the world".

There are obviously Americans with racist beliefs. That is everywhere.

I am not here promoting the US over France. Either. I love a strong diversity of cultures, and there are many things I love about the culture of France.

I think, probably, France's forced secularist policies contribute to significant instability in their Muslim population.

Otherwise, I think allowing Sunni Islamists coming back to the country after joining ISIS is insane and very bad policy.

That's it.

It isn't "hitting at France", by any means.

As for "who I consider fascist", all sorts.

Extreme left or right wing pretty well can sum it up.

These are people who live for appearances. The more extreme they are, the more severely they cruelty judge others on mere appearances. The more self-righteous they are. The more hypocritical they are.

There are apolitical fascists of all sorts.

There are moderate and liberal and conservative fascists.

One major commonality: they look at everyone outside their own group as irredeemably bad. They condemn ruthlessly. Their hearts are cess pools, seeing evil in every group everywhere.


The extremely vast majority of Muslims are not Islamists. They are not terrorists of any sort.

Very, very minute of the number of total Muslims are that way.

WaelNovember 14, 2015 7:00 PM

@B613, (@Dirk Praet: this is going to tickle you :) )

Hard line Sunni Islamists abhor dogs. They will not go into house where the owners have dogs.

I'm not sure that's a true statement.

Dogs are haram.

Dogs are classified as "Najiss" meaning "not clean". They are "Haram" to eat, but ok to use for hunting, guarding, keeping sheep and cattle protected, etc... It's erroneous to say "Dogs are haram" because "Haram" refers to "actions". There is one exception I'm aware of which is the "Haram" of Macca and Madina in which case, "Haram" means "sacred". The spelling looks the same in English, but different in Arabic with the latter word missing an "aleph". حرام means prohibited (WiKi isn't accurate), حرم means sacred area. By the way, "Halal" is the antonym of "Haram".

Islamists are extreme fascists

How do you define "Islamist"? If you mean the likes of ISIS, then fascists isn't accurate either. They'll kill anyone who doesn't agree with them regardless of creed, culture, or race and that includes their "own" people.

More fascist then Hitler or Stalin

Your statement could be correct because Stalin wasn't a Fascist. Benito Mussolini would have been a better choice representation.

You have a very high chance of being jailed, tortured, killed, attacked just for being white.

Don't confuse "Religion" and "race". That statement as far as I know is incorrect. Maybe you'll get "mugged" or "taken for a ride" if you're recognized as a "foreigner" regardless of your skin color -- still not good... Then again, some Muslims are whiter than white (yea a few albinos, but some come from the place that the word "Caucasian" was derived from) and that's just one example of many.

Yabadabado...

Haji Kaboob, Deadly ISIS JihadiNovember 14, 2015 7:21 PM

How do you do? My name is Haji Kaboob, I am ISIS Jihadi, Junior Grade. As Messrs. Isiskoff and Klaidman have suggested, I would endorse Tor without reservation. It was very useful in providing opsek for my high-level planning meetings in October with John Brennan, Bernard Bajolet, John Sawers, and Yaacov Amidror. In our secret meetings we took many crucial decisions, such as the hippy peace symbol made out of the Eyeful Tower, for you to stand in solidarity with our victimes, that was my idea. Amidror took the credit, but I am a teme player so it is OK. Tor was also very helpful when Ali Mohamed and I blew up your heathen twin towers the first time, even though it was just a web service then. Ali had been having this problem of getting locked up and having to have John Zent come and bust him out of jail, but with Tor we were invisible to our FBI and CIA adversaries except when we called them up to ask for money or explosives or terrorist uniforms et cetera.

B613November 14, 2015 7:27 PM


ianf responded to my criticism of his post:

[waste of space][more waste of space]
Good luck with your armed US population when an autonomous ISIS-like group of pissed-off natives decides to strike in force as in Mumbai and Paris. In the final tally, more people will have been shot by "first armed responders" than by the terrorists. Unless, of course, the targets are of type where guns are unlikely to be found, I don't know, ballet studios, Lamaze classes? Hey, there's a commercial oppo right here: "Birthing while packing" @ The Learning Annex. Patent it, become a mogul on my dime.
PS. this is a forum for exchanges of informed, preferably c.o.n.c.i.s.e opinion, not for some stream-of-consciousness effluence. We already know you can type.

Yeah, okay. I normally would not respond to this sort of trolling response, but I am glad to give you some pointers.

You did not respond to even one minor point of my post with a shred of logical reasoning nor the slightest of evidence. Your response is, instead, instinctual and emotional. You lash out with desperate personal attacks instead.

Your response is a galling example of a person who is oblivious to their own capacity for reasoning, and their own nature. The projection you perform in this response reveals your inner heart. That is why you should set emotion and instinct aside, and instead, think. Reason. Be rational. Rely on evidence. If you disagree with someone, make a reasonable response from your strong capacity to weigh out difficult matters and your extensive personal knowledge base from doing your homework.

Do not strip yourself naked in front of everyone and show you emotionally upset about a post. That your mind was disarmed.

I can only conjecture at the reason for this. Perhaps, you are simply not the reasonable, thinking sort. More likely, myself being a new poster, perhaps, you feel your "turf" is in jeopardy because a "new poster" dared to contradict some of your statements.

This is really on display here:

PS. this is a forum for exchanges of informed, preferably c.o.n.c.i.s.e opinion, not for some stream-of-consciousness effluence. We already know you can type.

I suppose you see that as inarguable truth. I see it as your incapacity to have actually parsed any of my post in the slightest. Your implicit message there is "this is your turf, do not challenge anything I say, because if you do, I will get emotional and personally attack you to try and demean you so you get I view you as a subservient male or a female".

Here is how to reason, and have a polite discussion, example:

Assertion: "The X car model from Y vendor is bad"
Rebuttal: "I disagree with your response, and here are my reasons why: the X car model from Y vendor has extremely good response times, and uses very little gas."
Response: "You are stupid and just said nothing, how dare you make me less then the leading, dominant male around here in front of my adoring fans."

That would be the "bad" example, okay. That is what our exchange *was*.

The *good* example would be:
Assertion: "The X car model from Y vendor is bad"
Rebuttal: "I disagree with your response, and here are my reasons why: the X car model from Y vendor has extremely good response times, and uses very little gas."
Response: "On paper it does, but in reality a qualified company did this review and pointed out that it actually has horrible usage of gas."
Rebuttal: Really? Do you have a link for this
Assertion: Yes, of course, here. [Evidence, albeit, no, a link does not always suffice for reasoning evidence. Usually reasoning evidence will take many other forms.]
Response: Oh, thank you. I checked the sources, and you are correct. You saved me from an atrocious purchase! Thank you for being so smart and having so diligently performed your homework!


B613November 14, 2015 7:48 PM

Wael wrote, in my response to the assertion that extreme violence supporting fundamentalists Muslims commonly simply called "Islamists" are "fascist":

More fascist then Hitler or Stalin Your statement could be correct because Stalin wasn't a Fascist. Benito Mussolini would have been a better choice representation.

*sigh*

http://www.urbandictionary.com/define.php?term=fascist

It is a slang definition, and that is clear from the context.

It is so frequently used as the slang definition 99% of the time, that when people actually mean "fascist" like "literally the followers of Mussolini" they have to point this out to others.

I believe this is true in both England and the US, though possible it is an Americanism. As it is used in this context frequently and since the internet was online, it would be extremely difficult to not come across this term.

Also, context matters when people speak. Look at how a word is used, and try and understand their own perspective of it in context of what they are saying.

Even your version of "snow" and "what you personally mean by the word" will be different from someone else's. People are subjective. They attach personal experience to words.

There is some ironic humor to the multiple misunderstandings of the word "fascist".

One poster wanted me to pick up a dictionary and dare not use normal everyday slang speech. Another poster was outraged I used too many words, and demanded I leave the forum if I continue to do so.

Not one, but two posters have been harassed because they use the everyday slang definition of the word.

I can add, an equivalent slang term people often use is "Nazi". I tend to prefer to use "fascist" instead. To evade godwin's law, so frankly, if someone does secretly believe themselves to be fascist, they will get defensive. Revealing that they are much alike.


Anyway, not responding to anymore semantical arguments or arguments consisting of demeaning person attacks.

Twice is more then enough.

If anyone has a substantial opinion, is reasonable, willing to present evidence, and feels highly confident they understand the post -- please, feel free to do so.

Otherwise, if your toe has been stepped on, sorry. Maybe don't tie up your ego so much in with what should be pure intellect.


Yusop MillochNovember 14, 2015 8:27 PM

@ B613 : It is so frequently used as the slang definition 99% of the time, that when people actually mean "fascist" like "literally the followers of Mussolini" they have to point this out to others.

I prefer using the word 'fascist' for corporations such as Google, Facebook, and McDonalds. Multinational fascists to be exact exertion of status quo above and below 'the law of lands' (plural) thru financial interests (plural), thus a proxy for anonymity of power.

BrockwayNovember 14, 2015 10:15 PM

Since Paris belongs to the squiddable themes of the week...

I was waiting for the usual flatulence from the NRA posterior orifice on duty.

But Donald "cerebral sphincter" Trump beat them to it.

rNovember 14, 2015 10:33 PM

@Jacob,

so lizard squad and north korea can hack sonys network but the NSA can give a heads up to the frenchies?

CuriousNovember 14, 2015 11:50 PM

Apparently, US Pentagon wants to murder people and cause destruction using the internet of things.

"The Pentagon's plan to outsource lethal cyber-weapons"
http://www.engadget.com/2015/11/13/the-pentagons-plan-to-outsource-lethal-cyber-weapons/

"(...) The scope of this nearly half-billion-dollar "help wanted" work order includes counterhacking, as well as developing and deploying lethal cyberattacks -- sanctioned hacking expected to cause real-life destruction and loss of human life."

Not G ManNovember 14, 2015 11:54 PM

@ ianp

[waste of space][more waste of space]
I can only conjecture at the reason for this. Perhaps, you are simply not the reasonable, thinking sort. More likely, myself being a new poster, perhaps, you feel your "turf" is in jeopardy because a "new poster" dared to contradict some of your statements.

Taking up more space isn't surefire bigger fish to fry, but sometimes it is. Once I read them, there were context, kinda like reading other people's graduate exams. Interesting blog here.

CuriousNovember 15, 2015 12:14 AM

@Clive Robinson

I still remember that Brazilian guy that they shot. I can't help but think that there is this systemic need and motivation in a governments to be heavy handed/brutal. Because, when you are heavy handed, not only you are likely to get away with it because of bascially unlimited powers when working for "team authority", I can also see how being heavy handed is viewed as a training exercise of sorts, as if such was viewed to be necessary or just convenient (i.e being brutal in a time of state emergency).

Presumably, the UK police were aware of the risks of making a mistake before firing and there being a gamble, but my impression from reading news/media (the little I read) is that it was all portrayed as a mistake of sorts.

I could probably ramble on, but this blog isn't the place for me to do it.

CuriousNovember 15, 2015 12:38 AM

Off topic: Paris bombings

Now that the French president has opined that the bombings were an act of war, presumably president François Hollande can agree with me that war is terror. Somehow that makes sense to me, if terrorism is an act of war. Or did Hollande conclude or wish for the attacks to be from some known government entity?

I heard something weird on the radio in the aftermath, from the local norwegian prime minister. Something about the attacks being "an attack on our shared democratic values". So silly, as if people in general don't share basic values of saftey and peace. I was also surprised to hear the quip from the norwegian prime minister, that "they hate our freedom", something borrowed from US politics I would think. An alternate interpretation, as if such quips could be a crafty boiler plate response, could imo be that the notion of "values" and "freedom" are also poetic words for order and authority, something that probably would be thought of as being counter intuitive and wrong for most if not all people. I think journalists should be better at teasing out what motivations people in office have for making such quips, if only to provide clarity on the record, to dismiss any other alternate and between-the-lines and poetic interpretations so to speak.

DannyNovember 15, 2015 1:10 AM

@b613

"To be clear: "Islamist" is not slang for "Muslim". "Islamist" is slang for "fundamentalist Muslim". More specifically, usually, for "fundamentalist Sunni Muslim who advocates violence against others because they are not also Sunni Muslim"."

The term 'Islamic terrorist' seems much clearer, and speaking clearly is increasingly important in my neck of the woods. I'm sure we all here understand your definition of 'Islamist', but you know who don't understand the subtlety? Morons.

About a decade ago I was car-jacked by a local 'white-power' gang, and they threatened to 'suicide' me. Like you claim to, they all had knives and I had no chance to out-fight them but I had the ability to tone down my smart-arseness into 'smarts', and because I was submissive, and local, I was allowed to live. I learned that they consider "the wogs start at Calais", translation is anyone non-white, non-native English speaking is sub-human in their eyes, and any local who disagrees is their enemy. Basically just paranoid xenonophobes with no prospects and so nothing to lose by adopting gang violence. I hosted a 'nazi party' that night and got some insights into them and their awful MO, and sadly also into the local police who were not one bit concerned at my allegations or evidence. The thing is, folk very similar to them are becoming an electoral force now, all around Europe including the supposedly progressive nations.

The terrorists in Paris were murderous criminals and should be treated as such. No better or scarier than any other 'mafia'. Harsh security measures are needed to fight them, and against the 'white power' gangsters I mentioned but they are not an existential threat like the real fascists and Nazi Germany were. They have no ships, no airforce, no standing army, no nukes. And they should be prevented from getting these things, because they know that.

The US in 200 years beat down the British Empire, the Spanish Empire, the German Kaiser, fascism, Nazism, imperial Japan and the Stalinist USSR. At times you got a bit paranoid and infringed on your own Constitution, but never to this degree of mass-surveillance - are you really so scared by what Brzezinski dismissed as "some agitated Moslems" that you will live in fear and paranoia?

Le Cafe Nostra is/was an Parisian-Algerian restaurant, all the victims there are Islamic or at least Arabic, wholly integrated into France and so enemies of Daesh. Daesh are just terrorists who wish to label themselves a state, and who we should treat as nothing more than the criminal murderers they are.

DannyNovember 15, 2015 1:23 AM

@curious
"I still remember that Brazilian guy that they shot." Jean Charles de Menezes. I think it's important to list names of victims while we can.

"my impression from reading news/media (the little I read) is that it was all portrayed as a mistake of sorts."

Worse, it was portrayed as an understandable mistake. "He looked a bit Arabic" to the armed British police who'd surveilled him for days. He was effing Brazilian. We in the UK are trusting our safety to armed police informed by British 'intelligence' who can't tell a Brazilian from an Arab, or just don't care for racist reasons. That's why Scottish people don't go out in the sun, not fear of melanoma, if we get too much of a tan then we may get shot.

I don't mean to imply it is okay to shoot Arabs on sight either in case MI5 are reading this. It's not.

DannyNovember 15, 2015 1:39 AM

@Curious
The official Norwegian government Facbook campaign is "Norway? No way". There is a huge backlash to Merkel's ill-thought through plan to encourage mass-migration. European laws on refugee and asylee status are well-thought through, well-practised, if perhaps a little mean. Her personal over-reaction to the Syrian war has exploited those rules to let everyone in, and it's damaged her country and other countries, never mind the travellers. We are currently experiencing populist political backlash and far-right violence because of that. People are leaving refugee camps that are relatively safe from violence, to seek better economic conditions, and this inevitably spells the end of the EU.

It's probably not worth talking about anywhere, let alone here, because nothing we say will make any difference. Economic migrants bring economic benefits to the upper-class in class-based societys, to the landlords and employers, but they don't bring economic benefits to any other residents, they just bring extra competition. Refugee status is great if the refugees eventually leave when their country is safe, but they never have previously in the UK. Even a limited, planned for amount of economic migration is fine, but not the 'open borders' amount we've already experienced from the poorer EU nations, hence Cameron's policy being sensible compared to Merkels.

The fact one of the Paris terrorists is a recent 'refugee' from Syria will incite further French racism against any French person of colour.

DatainspektinoenNovember 15, 2015 3:20 AM

This article by the Swedish Data Protection Authority scared me.

The southernmost county in Sweden is running a 2 year trial project, in which all of the 83 ambulance vehicles have been equipped with a rotating camera on their roof to stream video from accident areas back to the hospital so that the emergency room can prepare better.

The local government granted the project without any encryption of the video stream. First when the Data Protection Authority heard of the project and went to court, they started encrypting it.

Their trial project also includes cameras mounted on ambulance personell but it is not clear from the article to which degree that has been implemented.

DannyNovember 15, 2015 4:32 AM

This is definitely off topic, and a rant, but I've just witnessed the most abusive, intrusive 'car-crash' TV report ever. Worse than any possible parody. A monolingual Sky TV reporter door-stepping grieving Parisians leaving flowers at the attack scene.

"Excuzev moi Madame, you are live on Sky TV in England, do you speak English? Yes, have you lost someone? How are you family coping today?". Repeatedly, live on air.

[Remainder removed by moderator; please curb the impulse to publish threats, even if they're "only" hyperbole]

CuriousNovember 15, 2015 6:29 AM

To moderator:

Better have a look at Danny's post just above here, sooner than later. "Danny" probably knows better.

SkepticalNovember 15, 2015 6:47 AM


@Grauhut: The Paris shootings, the Bataclan massacre showed again that security by SIGINT doesn't work.

A strawman. I've yet to meet, read, or hear the individual who claims SIGINT provides security against everything.

SIGINT is one tool. It's an important one. To take the Mumbai attacks as an example, SIGINT in that instance did not enable the attack to be thwarted, but it did enable the responsible parties to be pinpointed with high confidence before the attacks were finished while also highlighting additional targets that may have been selected for follow-on attacks.

@ianf: That's not the only inference that has to be drawn from the most recent crisis. The larger one that no vocal member of the commentariat yet dares to make is that the West may be entering the age of recurring asymmetrical urban warfare. In fact, we have been living in it since the 2008 Mumbai attacks, only were too slow to notice (and, besides, that happened far out east, one shade of brown people killing another shade of brown people—excuse the cynicism).

The threat of an attack of the Mumbai pattern has been a significant focus of counterterrorism actually. Britain held a high-profile, large-scale exercise using precisely that scenario just this past summer, to give but one of many examples.

If you want to read a broader take on the possibly growing relevance of urban terrorism - and urban warfare in general - David Kilcullen's Out of the Mountains is recommended reading.

There is no longer any doubt that the terrorists at large have discovered that unpredictable, randomly targeted and dispersed AK47+suicide-vest attacks against public venues in order to terrorize the population, rather than such to "avenge" some specific "wrongs" in specific places, give the most "bang" for their effort. Furthermore, such strategy makes it practically undetectable, undiscoverable in advance by security services as long as the intent and the planning is undertaken within the terrorist cell itself, and using direct analog means of coordination.

I suspect most of the targets were not randomly selected at all. As to being undetectable... sometimes they will be, but often they won't. Eight attackers killed. Three possible accomplices arrested. Planning over weeks. There are lots of opportunities there for a mistake. Perhaps a CT analyst notices a particular pattern, asks for more resources to pull the thread a bit, and succeeds. Perhaps one of the people involved talks. Perhaps one of the criminal elements who sells weapons becomes suspicious, and decides that this kind of thing may not be so good for business, and tips off someone (a favor that he'll be able to cash in at some point). Perhaps one of the people involved is actually under intensive surveillance, even if the others are not. And so forth.

Not every attack can be stopped, but bear in mind that a large number HAVE in fact been stopped.

This means a lot bigger problem for the government (any government) that up to today thought it being able to manage the "threat picture" against plausible, rationally-foreseeable potential urban targets. Because the only way in which such "faceless" warfare effectively could be contained would be for the laissez-faire democracies to turn themselves into fascist states.

On the contrary, there are policies, ongoing measures, and contingency plans in place, in many places, for precisely this kind of attack. And they don't involve fascism. But the brutal truth is that assault rifles can be fired very quickly, and terrorists can exploit very short windows of opportunity to inflict high casualties. The frequency of these attacks can be reduced, they can be deterred from key points, and the damage inflicted can be reduced, but they'll always be a live possibility.

On another note, I continue to wonder whether the thwarted attack several weeks ago on a train was intended to be part of a larger attack, given that the individual waited for a particular train and quite clearly had help in acquiring weapons.

It'd be interesting to see if there were any connections between that train and any of the individuals associated with the latest attacks.

DannyNovember 15, 2015 6:49 AM

@Curious
I agree, very politely worded rebuke though, ta. Tis my name, no need for inverted commas. Moderator, please ban me. I knew I would'nt be posting here soon anyway so I over-indulged on a Squid thread, but this world is maddening.

One final thought: I always thought if I was ever charged with crimes against humanity then I'd plead self-defence.

CallMeLateForSupperNovember 15, 2015 7:37 AM

Indeed, Yahoo was all over the Paris attacks when I looked yesterday. (First time I'd ever visited Yahoo home page, and likely the last.) From the tenor of Yahoo;s coverage, they Gargled TLA news releases and spat out the result as their story. "Going dark"; "new software such as TOR"; emcrypted messaging apps and phones. All of TIA talking points were there. CBS News last night reported similarly. "Stenography", as Greenwald described this kind of reporting last June.

My opinion: the Paris attacks are almost - almost - perfect ammunition for TLAs to use for lobbying congress for still more data-vacuuming power. "Perfect", being an attack within U.S. borders. They've said they are holding fire in anticipation of this opportunity, and I believe it.

CallMeLateForSupperNovember 15, 2015 7:50 AM

@Skeptical
"Not every attack can be stopped, but bear in mind that a large number HAVE in fact been stopped."

Kindly forward to ODNI all documentary evidence of your "large number" claim. Despite pulling themselves through knotholes trying to document their effectiveness for Congress, they could cough up only one case... and that case was bogus.

rosy mesophyteNovember 15, 2015 8:08 AM

If you're out of ideas for Christmas gifts this year and you live in the UK, how about an anti-Snooper's Charter mesh box for any friends and family who live down the road from you? For less than £20 you can give them a pre-configured TP-Link MR3020 (or MR3040) running piratebox, which will allow them to communicate with you (and each other) privately. All they need to do is plug the box in and log on to the system. Simples!

http://piratebox.cc/openwrt:diy

MastergoNovember 15, 2015 8:33 AM

@rosy

Add a few USB drives and end-to-end encryption and you've got yourself a community-based private distributed backup system. All the advantages of a cloud solution (resilience, redundancy etc.) plus the advantages of a local network (basicly it's your folks hosting your encrypted data not a dingy industrial unit in California).

Liberace FizzNovember 15, 2015 9:14 AM

@rosy mesophyte, Mastergo:

You could rig it to make a network-based cluster that would allow you to process distributed tasks with any unused bandwidth (video processing, large scale GIS modeling, big data visualizations, etc.)

ianfNovember 15, 2015 9:20 AM

    [This is a compound reply, stand by for yours Wael, Jacob, Brockway, Not G Man, Danny in turn].
@ Samual Adams thinks [Snowden's activities] “didn't ring [NSA's] bell because those published are PDFs of instruction manuals, overview documents, and design briefings that are of no real use to someones trying to reconstruct the systems built to services. Those PDFs are not top dollar assets according to security and he was probably the one in charge of administrating such files, which matched his skillset.


"Those published"… but we really don't know what makes up the bulk of his data trove. Judging by the way in which he explained his PRIV(ileged) AC(cess) classification to BBC's Peter Taylor, he had the free reign of the entire NSA network infrastructure. I can't say what it meant, and neither can you; nor does Glenn Greenwald, for whom it is largely of no interest. That's why I keep carping about wanting to read Ed's own words, rather than such relayed by an agent (with all the known principal-agent dilemmas it brings along).


@ Wael(‎‪@Dirk‬‎ Praet: this is going to tickle you

Please, sir, can I come along on this tickling of Dirk by remote control? Let me assure you that I can spew out such vaguely obnoxious alleged folk wisdoms at 1928 Ann Arbor, Michigan Ford assembly line speeds or better. And Dirk deserves to be pickled tinko! (Inquire within for bulk rates).


@ Jacob “the Paris terrorists had used PlayStation 4 to communicate among themselves before the attack. Forbes then goes and explains why the PS4 comm channel is difficult to monitor.

    NOTE TO SELF: write article titled TOR-SCHMORR, When Are The Authorities Going To Ban The PS4 Consoles Due To Terrorist Deployment, Of?

    (Because, in terms of audiovisuals, is there much difference between playing MFPS games, and the IRL one in the 11th Arrondissement? Just as the 2001/9/11 hijackers prepared their WTC "approaches" on a Microsoft Flight Simulator, so could Friday's murderers have "simulated" theirs on interconnected PS consoles.
BONUS: a picture of Paris yesterday



@ Brockway was waiting for the usual flatulence from the NRA posterior orifice on duty. But Donald "cerebral sphincter" Trump beat them to it.

Oh? Do tell (some of us are so remote we don't get to hear all The Donald's brain farts by default). But I wonder who was first, as one here resident NRA orifice already has spoken, fortunately this time only with pen in hand, and a small calibre one at that!


@ Not G Man “kinda like reading other people's graduate exams

"Kinda" is needlessly slang English, and those droning-on diatribes are more like undergraduate term papers—but then why do they have to be read/ assessed here? I'm sure there's an app for that.


And now for something completely different: [… About a decade ago Danny was car-jacked by a local 'white-power' gang, and they threatened to 'suicide' him …] “Basically just paranoid xenophobes with no prospects and so nothing to lose by adopting gang violence. I hosted a 'nazi party' that night and got some insights into them and their awful MO, and sadly also into the local police who were not one bit concerned at my allegations or evidence. The thing is, folk very similar to them are becoming an electoral force now, all around Europe including the supposedly progressive nations.

Once Danny sobers up, he's apparently capable of one or more cogent thoughts. Speaking of "White Power" yobs, I just watched a related TV debate. A young German politician was in Warsaw on 11 November, Polish Day of Independence, and watched from a sidewalk as a 5000-10000?-strong nationalistic column went by waving the flags and carrying mostly anti-immigrant banners like "We Want The Cutlet, Not Muhammed", "Poles for Poland, Poland for the Poles!" – all drunk on the recent electoral victory, which for the first time since 1989 placed outspoken chauvinists in the Seym (Parliament). It reminded him of the known Ozzies' (former DDR) oft-racist sentiments expressed in street demonstrations, but, despite some unruly behavior contained by organizers' own security(?), was pretty orderly by Western stanards. What made it memorable, however, was that, after the demonstration was signed off, and people started dispersing, several half-an-hour-long queues formed in front of predominantly Kebab and VietChow stands and food trucks. Lines composed exclusively of white-and-red-dressed bolshie proponents of "pure, white-race Poland" timidly waiting for their afternoon spicy Eastern gob-fix. Too bad nobody in the studio asked what to me sounds like a logical follow-up question “weren't there any Polish bigos (meat-cabbage stew), pierogi (meat-cabbage-dough), or fancy kielbasa (garnished sausage lollipop) fast-food stands nearby?” Because I don't recall any such last time I was there either ;-))

Haji Kaboob, jihadi extraordinaireNovember 15, 2015 9:37 AM

How do you do? Like many shadowy international men of mystery, I come to Schneier for the inside G-2 from high-stakes covert operatives like Mister Skeptical with his above Top Secret clearances of Tippy-Top Secret and DONT LOOK AT THIS and his deadly adventures in the fast-paced world of international intrigue.

When Mister Skeptical says, "It'd be interesting to see if there were any connections between that train and any of the individuals associated with the latest attacks." You know what he means, right?

He means CIA.

If you will excuse me now, I have to take a call from Mister Archibald. Good thing he cannot read what I am writing cause of Tor!

Kim SerinNovember 15, 2015 9:55 AM

Weird error messages on ebay today:

"Secure Connection Failed

An error occurred during a connection to checkout.ebay.com. Peer attempted old style (potentially vulnerable) handshake. (Error code: ssl_error_unsafe_negotiation)"

Dirk PraetNovember 15, 2015 9:59 AM

@ Skeptical, @ Grauhut, @ianf

The Paris shootings, the Bataclan massacre showed again that security by SIGINT doesn't work.

More precisely: SIGINT alone is unable to prevent attacks. It just provides a means to more rapidly connect the dots after the facts.

Not every attack can be stopped, but bear in mind that a large number HAVE in fact been stopped.

More like a very small number we know of, actually. And no, I don't believe any official making claims to the contrary and citing "national security" to omit details.

There is no longer any doubt that the terrorists at large have discovered that unpredictable, randomly targeted and dispersed AK47+suicide-vest attacks against public venues in order to terrorize the population ... give the most "bang" for their effort.

Which has been discussed more than once on this blog.

The larger one that no vocal member of the commentariat yet dares to make is that the West may be entering the age of recurring asymmetrical urban warfare.

Perhaps, and only if we allow it to happen. I am convinced that as usual the result of the investigation will be that one or more of the perpetrators were actually known to authorities, that they got logistic support from other known parties and that they were radicalised by known preachers or recruiters hanging out at known venues.

The tough question our democratic society has to ask itself is to which extent we can further tolerate known hate preachers, recruiters, Syria returnees and other radicalised elements to freely roam our streets, wielding the protective shield of the very rights and values they are trying to destroy.

However much we may understand the political, religious and socio-economic backgrounds behind these attacks and the people that carry them out, it is going to take years, if not decades, to tackle and solve the underlying issues. For now, however, I think it is equally important to seriously consider removing from society any and all known individuals either preaching or following the barbaric Da'esh ideology. Not allowing ourselves to be terrorised is one thing, but allowing rabid dogs to run wild is just asking for trouble.

@ Wael

I have no idea whether dogs (or blowfish) are haram or halal. Who actually gets to decide such stuff?

ModeratorNovember 15, 2015 10:21 AM

@Danny : No, you shall not be banned. The world is indeed maddening. But watch yourself, thanks.

GrylliNovember 15, 2015 10:40 AM

@Kim Serin:
"Weird error messages on ebay today"

From the Qualys SSL test site:

SSL Report: checkout.ebay.com

"This server is vulnerable to MITM attacks because it supports insecure renegotiation. Grade set to F."

Looks like rabbit season...

SkepticalNovember 15, 2015 11:06 AM


@LateForTheNews: Kindly forward to ODNI all documentary evidence of your "large number" claim. Despite pulling themselves through knotholes trying to document their effectiveness for Congress, they could cough up only one case... and that case was bogus.

I'm going to kindly point out your misunderstanding of what I wrote first.

(1) I simply said that many plots ARE stopped. Period. I did not say anything as to how they were stopped.

Most of the opportunities I described for a plot such as the Paris attacks of 13 November to have been detected had little to do with signals intelligence, much less with particular programs, and absolutely nothing to do with Section 215 (your "one case" reference).

Instead I pointed to - simply as examples - the number of actors involved, the length of time during which operational compromise was possible, the likely involvement of criminal elements for certain supplies who may themselves have had motive and opportunity to render a significant tip to authorities.

But having done that, let me at least correct one apparent factual error on your part regarding particular American surveillance programs, even though it likely will not change your political views:

(2) At least 42 terrorist plots were disrupted as of June 2013 in part due to SIGINT collected under Section 702 (NOT Section 215). No one who has seen disclosures related to 702 - not former Senator Wyden, hardly an advocate for surveillance programs, not the PCLOB, no one - disputes that SIGINT collected under 702 has resulted in disrupted plots.

I have not seen any data on how many terrorist plots have been disrupted worldwide, in aggregate, as a result of SIGINT collected by ANY nation - whether US, Germany, Turkey, Russia, Philippines, and so forth. But I think it safe to say the number would exceed 42.

Closed Caption for the Hard of ThinkingNovember 15, 2015 11:47 AM

Skeptical with today's Big Lie: 54 plots, I mean 42, I mean 4, I mean plots plural. Mental defectives that FBI tricked into holding rubber bombs.

Watch who they DON'T catch in time: John Brennan's Salafist Principality. It's there to scare you so you'll put up with his Stasi. CIA does it over and over and over and they say, Oops, they got away! and shrug at each new career-crushing failure, and credulous patriotic rubes fall for it every time.

This is how stupid Skeptical thinks you are.

CuriousNovember 15, 2015 12:46 PM

Off topic:

I mentioned some weeks ago how there were RFID parking meters in my neighborhood, tonight I see that they are actually charge stations for electric cars, and thus not parking meters as I initially thought. My bad.

Clive RobinsonNovember 15, 2015 12:57 PM

With regards,

... the West may be entering the age of recurring asymmetrical urban warfare.

Err you could easily argue it that the Middle East and the West are both suffering "urban warfare" and that in both cases it's "asymmetric".

That is the US/UK and other Western nations are sending drones and fighter/bomber aircraft that those sending them know that those on the ground have no defense against. Often the targets are in urban areas and involve significant "collateral damage" which by any other name is "targeting non combatants / civilians" which is without doubt a war crime, no ifs no buts or maybes.

Thus the asymmetry from West to East is one of "Technology" which the West holds cheap compared to life.

Those attacking from the Middle East have little or no "technology" and as a consequence hold life cheaply, thus their asymmetry is "Disposable DNA".

If we look at the cost and kill ratios those attacking from the Middle East are winning by huge margins.

A long carefull look at the Israeli - Palestinian conflict which started in reality with the Russians attacking what was left of the Ottoman Empire shows that in the long run terrorism does get results. That was how the State of Israel started, and is just one of the unpalatable but nevertheless true outcomes of terroristic activities. Another unpalatable truth that can be seen from this, is that "technology" realy only works against advanced adversaries be they your own civilians or foreign millitary.

Which brings us to the question that can be put in the same way a leading economist did about "The War on Drugs" and called it either the "Indian or Chinese Solutions", of Accommodation or Annihilation. History teaches us that Annihilation rarely if ever works, thus Accommodation would be the most promising avenue of investigation.

But... There are other factors to consider, the first, is could accommodation be achived in a way acceptable to both sides? The second and less obvious is what becomes of the "war industry and it's products" that keep the conflict going, and would as easily start or prolong other conflict?

Answers to these questions are needed prior to deciding on which direction we take, and we need to make then soon with out being swayed by the FUD of the MIC.

Verdie BorundaNovember 15, 2015 1:01 PM

@Curious:

That's great news. Tightening legislation to prevent misinterpretation and abuse (or "clearing the air"), whatever you want to call it, is definitely very welcome.

Yellow RibbonNovember 15, 2015 1:18 PM

@Clive, v. true. The Pentagon can only fight civilians. When they finally got up the nerve to invade Iraq after a decade-long genocidal blockade, Saddam annihilated the 3/7 Cav and fought the 3rd Infantry Division to a standstill. The Pentagon infowarriors had to use major OPSEC to obscure the mass casualties. Now Pentagon cowards know to hide at home and stay out of reach and kill noncombatants with drones.

rNovember 15, 2015 1:32 PM

@clive,

Maybe the MIC has already taken an "undocumented" stance of accommodation. Supposedly Afghanistan is growing more opium than ever, the United States seems to be almost entirely uninterested in the Mexican dilemma and its variation of Latin American terrorism. The MIC, or at least the prison systems and the police benefit greatly from the controlled burn and acquisition of such profits. Further more it facilitates both fear mongering and profiteering.

?

B613November 15, 2015 2:01 PM

@Wael

Hard line Sunni Islamists abhor dogs. They will not go into house where the owners have dogs.I'm not sure that's a true statement.Dogs are haram.Dogs are classified as "Najiss" meaning "not clean". They are "Haram" to eat, but ok to use for hunting, guarding, keeping sheep and cattle protected, etc... It's erroneous to say "Dogs are haram" because "Haram" refers to "actions". There is one exception I'm aware of which is the "Haram" of Macca and Madina in which case, "Haram" means "sacred". The spelling looks the same in English, but different in Arabic with the latter word missing an "aleph". حرام means prohibited (WiKi isn't accurate), حرم means sacred area. By the way, "Halal" is the antonym of "Haram".

Will answer this other bit:

That you feel a need to explain the meaning of the word 'halal', which I did not use, indicates they you believe it is very common for people *not* to know what the word means. I would not do this, it would surprise me if someone did not know what the word means. I would assume they do.

This means there is a very high likelihood I am much more exposed to that word then you are.

Likewise, my statement about "hardline Sunni Islamists" not liking dogs, even to not wanting to go into houses where they are... this would be an odd thing to say. It is a rather specific detail for someone to make up. So, no, I did not make it up, nor read about it in a book. It comes from experience.

Not all Muslims go that far. Not all Sunni Muslims go that far. Probably, not even all we might call "Islamists" or "hardline Sunni Islamists" do. But, yes, I would, from my own experience, be surprised if a **hardline Sunni Islamist** was relying on dogs as an essential function for some kind of terrorist operation.

But, then, this is all based on "ianf's" postings. Same guy who did a twenty page analysis with zero experience on Snowden's HK security operations in this same thread.Never even mind that as good of a job as Snowden did in his "spying"/whistleblowing, he was low level. He did not have but a tiny, tiny bit of operational experience. He was a desk analyst. And he only had seven years of experience.

His whistleblowing was his first real physical operation. Some of his "opsec" was very good, considering it was his first name. Plenty was cartoonishly awful. Main reason he was able to succeed was because the US Gov was so awful. They trusted everyone. He wasn't on anyone's radar, until he was.

"OPSEC", which I put in quotes because no one who ever does such things uses these words because it would raise suspicions against them - unless, of course, they are playing a befuddled Walter Mitty contractor - is really first and last about "staying off the radar" and if you get on it, get off it again.

Contractors, and to some degree analysts, tend to be horrible at this. Contractors, especially. You can spot them from twenty feet away, and if there is any doubt, two minutes of conversation can confirm it. Not that they ever really know anything. To them, it is very important information. Not to anyone else.

Not to say Snowden was an ordinary contractor. He clearly was extraordinary. He had the moral fortitude to do what he did. And he showed considerable bravery in planning out his operation, being the sole operative in it, and successfully completing it. He was conservative, cautious in his planning and sticking to the plan. That is a hallmark of a good operative. Experienced good operatives don't cross their t's and dot their i's. They write outside the lines. A zero experience good operative, Snowden exemplifies that, to be sure.

Quite frankly, Snowden lived out the "desk analyst turns operative" in a profound way -- he went even better then "Three Days of the Condor". Very impressive achievement.

SteveNovember 15, 2015 2:50 PM

In regard to the Paris attacks: I saw numerous pundits (Michael Morell for instance) and newscasters (lobbing set up questions) espouse the dangers of encryption, intelligence and law enforcement going dark due to terrorists using widely available encryption products, end to end etc, and not having a backdoor into them.

Yet again as in the Boston Marathon and 9/11 there were advance intelligence warnings that were ignored for whatever reason. https://www.washingtonpost.com/world/middle_east/ap-newsbreak-iraq-warned-of-attacks-before-paris-assault/2015/11/15/1ca1481c-8bc5-11e5-934c-a369c80822c2_story.html - a senior French security official told the AP that French intelligence gets this kind of communication “all the time” and “every day.”

worriedautistNovember 15, 2015 3:18 PM

@ Grauhut:

It will probably be claimed that sigint could have solved / prevented things like this, if we just had more of it, e.g. "give us more resources!". Starting to regret not having gone into security-type of hacking. Seems to be plenty of ways to make money there in the future with shit like this going on.

B613November 15, 2015 3:25 PM

@Danny

The term 'Islamic terrorist' seems much clearer, and speaking clearly is increasingly important in my neck of the woods. I'm sure we all here understand your definition of 'Islamist', but you know who don't understand the subtlety? Morons.

Some discussion on how the AP has changed the definition of the term "Islamist", so now [2013] they no longer use it alone to describe Islamist militants, radicals, and extremists.

http://www.slate.com/blogs/the_slatest/2013/04/05/_islamist_definition_changed_in_the_ap_stylebook_two_days_after_illegal.html

Slate is a liberal venue, and they are mocking AP a bit for this change.

I said I would not discuss semantics again, and here I am. But, in this case, I feel a little concerned for you, because of this story:

About a decade ago I was car-jacked by a local 'white-power' gang, and they threatened to 'suicide' me. Like you claim to, they all had knives and I had no chance to out-fight them but I had the ability to tone down my smart-arseness into 'smarts', and because I was submissive, and local, I was allowed to live. I learned that they consider "the wogs start at Calais", translation is anyone non-white, non-native English speaking is sub-human in their eyes, and any local who disagrees is their enemy. Basically just paranoid xenonophobes with no prospects and so nothing to lose by adopting gang violence. I hosted a 'nazi party' that night and got some insights into them and their awful MO, and sadly also into the local police who were not one bit concerned at my allegations or evidence. The thing is, folk very similar to them are becoming an electoral force now, all around Europe including the supposedly progressive nations.


It sounds like you have kind of picked up some of their behaviors. This is unfortunate, but sometimes happens to victims of violence. So, now, you tend to see anyone who speaks of using a knife for defense as a possible "white power racist". You probably have problems with people who drive the same car they drove, or wear the same color shirts. And, even further, to anyone who may be white may be like them. But, this is very far from the truth.

Racism is endemic to the human species, unfortunately. Biology is involved, but as we see today in western democracies, it is reversible and not at all hard wired. The core part of the biological problem is we tend to bond with those like us, like our family, like those we sleep with. Powerful phermones and steroids are involved. The very same bonding chemical between spouses and mothers and their babies, oxytocin, also has a reverse side effect. Of effectively anti-bonding to those very different from those they are bonded with.

The change going on in society today is ultimately about not viewing people by their outside, by mere appearances, but by their heart.

Who they are in the inside.

I do not have any pleasure with neo-nazis, whatever they call themselves. They do not get anywhere here in the states anymore. Main place where they are a problem is in our horrible prison system. But, these same prisons have all their gangs broken down by color. And it is the very same with nations. Western democracies are leading the world against this. They are extremely diverse.

Eastern democracies, not so much.

But they may get there.

The vast majority of nations you might go to are absolutely not diverse. This is, of course, outside Western Europe or the United States. The Middle East, Asia, Africa, South America, Mexico and Latin America. The South Pacific. These are general statements. I am not equating non-diversity with the same sort of racism you see in the Western Democracies.

Most of these nations you will not have problems being from another race. Even if you are an extreme minority. But the fat chunk that will, those are Muslim majority nations and territories. ("Territories" very noteworthy, especially in North Africa, for instance, North Sudan and North Nigeria. In the Middle East, Lebanon is a very divided nation, and Israel to a certain extent.)

It is very, very different that is for a westerner to go "over there", then for a Muslim to come "over here".

That is a strict reality, and a hard reality. But it is a reality and one which the world is struggling to come to terms with.

A major difference is that there is specifically extremely lack of cultural diversity in Muslim majority nations and territories. This is hard set in the religion, and this is true whether it is Sunni or Shia. It is not true with some secularists, obviously, and it is not true with some branches that do not hold high credence to religious statements condemning outsiders.

This is not the case with many of the other low diverse nations, like most nations in South America, Latin America, Mexico, China, Japan, South Korea, much of Africa which is not Muslim majority or Zimbabwe.

They do not have belief systems that tend to view outside cultures as a bad and a very bad.

Muslims who come to the West are Westernized, many of them. What the West has to offer is enormous. That is incredible sympathy and an excellent model for the rest of the world to follow. We have gone so very, very far beyond what we could expect in return.

And that is good to do.

But this does not mean people should blind themselves to these facts. Confusing associations with Westernized Muslims with thinking you understand Muslim society everywhere all over the world is a significant bias.

Everyone is a person, and I believe in redemption. Everyone can be redeemed. Very many get very hard hearted belief systems. They are extremely judgmental. They do not have a value system which has at its' pinnacle mercy in judgmental. They do not view open mindedness and soft heartedness as highest virtues. Quite the opposite.

The live by robotic like rules, by appearances. And the more zealous they are in that manner of system, the more dead they are. The more asleep. The more robotic. Without reasoning faculties or true self-control. They run by sheer instinct. They are profoundly hypocritical and self-righteous. And entirely oblivious to it. They have a vanity, a conceit, about themselves which is daunting to behold.

Hitler was the personification of that tyranny. I do not think anyone could exceed him and his Nazis. Stalin certainly was right up there, close to him. Neither of these were religious, but political, but both held a significant belief system. They are exactly of the same manner of animal as what one finds in the tyrants of cult leaders, and in their followers.

Cults are, in fact, microcosm of totalitarianism. They are a good microcosm to examine the behavioral symptoms of the tyrant and his or her followers. Whether that tyrant be the leader of a major organized religion or branch thereof, or whether they be the leader of a literal nation.

That was the old way.

The West has started and made steps over the starting line to the new way.

The West is very much ahead of much of the rest of the world in this way, and economically. In fact, the two are intrinsically tied together.

But, it is just the starting line. The finish line is probably a thousand years down.

So, as self-critical as Westerners can be, and I am certainly one of them at times, we should also take time to respect and admire - to soak in gratefulness - for what we have here.

And by all means -- watch documentaries. Read books. Travel. Not very popular because it is often heart wrenching to observe these cultures, but heart wrenching is the best work out you can possibly do in your life. These are sick areas, and they need to get better.

DisgustedNovember 15, 2015 3:35 PM

@Skeptical

Just what do you tell native citizens who never asked for such "protection" and after 15 years of government coups from the "hired help" are now within a razor thin margin of adopting violent tactics themselves? Surely this fact should enter into grand poobah diliberations?

We were never a peaceful race.....we're the "mad dogs" banished. So why do these people keep wiping their boots with our Bill of Rights? More instigation to justify their phony baloney jobs?

Government thugs can be hit. And the whole mess could unravel as quickly as Libya. Yet all we see from the self appointed asswipes in charge are blank stares.

Let me give you a clue. Some in this country believe that *NO* amount of terrorist losses warrants even a millimeter's give in Constitutional protections. Think you can kill all of us?

SteveNovember 15, 2015 3:37 PM

Officials are claiming that the terrorists used encryption to communicate. As opposed to meeting up in person in private (or in a radical mosque) to plot out details like the mafia. I'd like to see some proof that they used encryption like whaps app etc. From WaPo:

"The attackers are believed to have communicated using encryption technology, according to European officials who had been briefed on the investigation but were not authorized to speak publicly. It was not clear whether the encryption was part of widely used communications tools, like WhatsApp, which the authorities have a hard time monitoring, or something more elaborate. Intelligence officials have been pressing for more leeway to counter the growing use of encryption."

They have no idea how they communicated since it is "not clear" which they used. If they knew then the would know. This is just rhetoric being used to further their war on encryption and using a tradgedy to justify mass surveillance etc which is clearly useless in fighting terrorism.

For tactical preparation you meet up and plan in person not at a distance with your secret (inefficient impractical and slow) decoder rings.

Boots on the ground please and eliminate IS.

B613November 15, 2015 3:52 PM

@Steve

In regard to the Paris attacks: I saw numerous pundits (Michael Morell for instance) and newscasters (lobbing set up questions) espouse the dangers of encryption, intelligence and law enforcement going dark due to terrorists using widely available encryption products, end to end etc, and not having a backdoor into them.
Yet again as in the Boston Marathon and 9/11 there were advance intelligence warnings that were ignored for whatever reason. https://www.washingtonpost.com/world/middle_east/ap-newsbreak-iraq-warned-of-attacks-before-paris-assault/2015/11/15/1ca1481c-8bc5-11e5-934c-a369c80822c2_story.html - a senior French security official told the AP that French intelligence gets this kind of communication “all the time” and “every day.”


They can do targeted surveillance very well. As one commentator pointed out, this is the golden age of surveillance.

Problem is these top level pundits do not know what they are talking about and they are enormously wasting time and resources trying to create fantasy systems that are entirely unrealistic.

Instead of focusing on targeted surveillance, they think it is a good idea to throw that out and look at everyone. That dilutes the intelligence they can get. Never mind the enormous waste of resources.

And when I say "targeted", I am talking about nets of contacts. Not simply individuals.

It is simply not that hard to get zero day for a government for any smart phone or computer system. It is not that hard to get malware that will evade detection. It is not that hard to get MITM for a government with many of these communication systems, from telco, to social networking sites.

Most of the major software services even outside of telco do not offer end to end encryption from long ago.

Specifically so they can offer MITM inspection by governments.

Then, there is the rampant technological advances in miniaturization of video, audio, and tracking devices.

It is true, there is a pain point with utilizing such technology. Once found, it is blown, and can even be reverse engineered and used against them. But, this is an operating hazard all the time, for anything.

The pain points of what they are thinking they can build with "surveil everyone everywhere all the time" are very many. There have yet to be the significant technological advances necessary to take use of that data. And when it does, it is probably coming from the far more competitive commercial market of consumer information gathering and trading. As well as from from similar fields, such as cutting edge advanced malware and exploit detection systems.

Then there are the enormous problems of providing a clear and visible backdoor in everything. Those problems are insurmountable and foolish to even try to get. Why have a clear and visible backdoor in everything when you can have an entirely invisible backdoor in anything you want?

And, of course, think about it, which they are not: if everything had a clear and visible backdoor, isn't that the very same thing as telling terrorists you can surveil them? That is doing the Snowden to the extreme -- they want to take the Snowden "going dark impact" and revolutionize it. They want to apply it to all software and hardware.

Amazing they could be so stupid, so consistently, but it is true.

They are really just that much of zombies they do not get that one simple fact.

Clive RobinsonNovember 15, 2015 4:03 PM

Ed Snowden thinks people should use Ad-blockers.

https://www.washingtonpost.com/news/the-switch/wp/2015/11/13/why-edward-snowden-thinks-you-should-use-an-ad-blocker/

His argument is that due to the poor security behaviour of the advertisers they open up routes for malware. Which is true, we would all be more secure if we all turned off javascript etc and removed Flash and most Adobe and Oracle products.

However the counter argument is that many sites rely on the advertising to provide the content we want for free.

BUT... the reality is not what the third part advertising agents most effected by ad-blockers would have you belive (no surprise there). The large sites almost invariably don't make money by hiving off to third party agents, and add blockers don't achieve much against what these large sites collect. It's the little sites who need the income from the the third party agencies, and it's a deal with the devil most times due to the compleate lack of care these agents take security wise. Thus the "reputational loss" often falls on the small site. Further the slice of the cake the little sites get from the agents is so small you have to wonder at the viability of the whole model.

The solution to this to my knowledge has been known since the early 1990's if not earlier and it's micro/pico charging for content. The problem is there has not been a viable micro/pico charging system for various reasons. Surprisingly to many the major stumbling block in the past has not being the payment security but the cost of the accounting...

rNovember 15, 2015 4:50 PM

@clive,

I wonder if anyone had investigated bitcoin (or more appropriately litecoin in this instance) for the pico-financing of data sources and the web-based entertainment you speak of...

I'll add that to my list of client side js modules that I would like to see included in browsers.

Sancho_PNovember 15, 2015 5:25 PM


What I’m missing in the (not only) Paris discussion is the hardware.

We are talking about intelligence, SIGINT, surveillance, encryption, going dark. Yes, we “must stand together”, send messages of solidarity, never bow to terror, blah blah.
This is all software, including listening to Mary and Bob’s comm.

But these attacks are not done by software.
They have very real AK47's + suicide vests, not knives, fertilizer and sugar.

No one seems to be surprised to see military-grade weapons used in attacks, being a commodity for the mentally ill (=terrorists).
So there is no asymmetric warfare,
terrorists on both sides use the very same hardware, payed by our taxpayer’s money.

Let me make that clear:
It is never (encrypted or plain) communication that kills people.

Sancho_PNovember 15, 2015 5:33 PM


@Clive Robinson:

”Further the slice of the cake the little sites get from the agents is so small you have to wonder at the viability of the whole model.”

I’d like to take it a step further:
Did you, by any chance, at any time, buy any product because of online ads?

I’m afraid all these online ads and “profiling” aren’t worth the effort.
- Shhht, if they realize our economy will collapse in seconds.

Sancho_PNovember 15, 2015 5:36 PM


@Moderator:

Got this message again, now at clicking "Preview":

"unused

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@schneier.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log."

Clive RobinsonNovember 15, 2015 5:38 PM

@ Steve,

This is just rhetoric being used to further their war on encryption and using a tradgedy to justify mass surveillance etc

My son is currently reading the Terry Pratchet book "Truth".

Part of the books "plot line" is a saying oft told by one of the protagonist's father,

    A lie is half way around the world before the truth has got it's boots on!

It is very much these "lies of omission" that the likes of these "unnamed sources" use. They know that if they get their view out first it matters little to the public opinion if even a day or so later it's found to be incorrect or a down right lie. These unnamed sources have learnt how to lie to journalists in a way that absolves them in the journalists eyes of any responsibility. Thus like the relationship between a pusher and a drug addict, the journalist keeps crawling back to the unnamed source for their next hit irrespective of the cost to them...

Oh and the next Terry Pratchet book on my son son's reading list is "Carpdiem" it should teach him about the evils of "key escrow" and "collect it all" surveillance...

As Sir Terry himself once noted "There's a lot to learn in a fairytale or other story, even for adults".

WaelNovember 15, 2015 6:07 PM

@B613,

This means there is a very high likelihood I am much more exposed to that word then you are.

Let's just say I am more than familiar with most branches of Islam (and other religions.) You still maybe exposed to the word more than I'm. That's not the point. I maybe trying to clarify some subtle differences in the "words" we use. This has always been my MO to make sure we are talking about the same thing. If you look through this blog, you'll find this behavior is consistent. We discussed, for example, the meaning of: "Security", "Trust", "Random", "Random Variable", "Security Engineering", etc... It's a common theme to read several of the bloggers here start a discussion with: It depends what you mean by: xyz. @Clive Robinson will often say: xyz means different things to different people at different times. So I didn't deviate from that behavior, and my comments aren't meant to tell you: I know more about this subject than you. It's simply a correction of terminology (dogs are 'haram".)

But, yes, I would, from my own experience, be surprised if a **hardline Sunni Islamist** was relying on dogs as an essential function for some kind of terrorist operation.

As for Sunni Muslims (or Muslims in general) dogs aren't generally allowed to live indoors. And you are generally correct that "Hard liners" wouldn't "enter a house that has a dog", and I do believe you that you based this on "first hand experience". But there are exceptions... There is a rule in Islam, however, that states "necessities allow the prohibited" some translate it as "necessity knows no laws". So I claim if a dog servers the purpose, of a hard-liner-ultra-orthodox "Islamist Terrorist", he will happily use it -- trust me. I'll even raise you this: if his purpose can only be served by him ridding a pig knowing the pig and him will explode "together" and get mixed up and buried together, he'll do it. That's why it's laughable when I hear someone saying "put some pigs here and there and this will stop terrorists"... It won't! A lot of those so called "Islamist Terrorists" are ignorant about Islam's basic rules. A lot of them know the "appearances only", and I know that from first hand experiences as well. Don't be surprised!

@Dirk Praet,

Who actually gets to decide such stuff?

That's a deceptively simple looking question. It's hard to answer, but let me say that "theory" and "practice" aren't aligned on this one. Today, every Tamir, Darweesh, and Haani decide. I skipped the subscripts, but emphasis is on the middle name, as usual.

@ianf,

Let me assure you that I can spew out such vaguely obnoxious...

I'm aware of that. I have a hard time deciphering half your obnoxiousnessdom. Maybe that's a good thing, who knows... Maybe there is a hidden embedded insult to me there ;)

tyrNovember 15, 2015 6:24 PM


@ Steve, Clive

I prefer that those who advocate boots on the ground
hop on down to the recruiting office and ask for the
chance to be first in. New openings are being created
every day so you can easily get in on a career with
guaranteed advancement.

Adm. Carrol said the first reports are always false
and the first casualty in war is always the truth.

The lad with the firecrackers should maintain a low
profile for awhile given the nature of the video of
Parisian police guns drawn and wagons circled. Who
they were going to shoot is unclear but the sentiment
was nicely portrayed.

Too bad Terry isn't around to explain toff snouting
in his wonderfully illuminating way.

WaelNovember 15, 2015 6:38 PM

@Dirk Praet,

The tough question our democratic society has to ask itself is to which extent we can further tolerate known hate preachers, recruiters, Syria returnees and other radicalised elements to freely roam our streets, wielding the protective shield of the very rights and values they are trying to destroy.

Mufti Ismail Menk says it's up to the individual nation to decide based on the "Law of the Land", and he predicts the Internet will start to be blocked by western nations.

Clive RobinsonNovember 15, 2015 6:50 PM

@ Sancho_P,

Did you, by any chance, at any time, buy any product because of online ads?

Err the honest answer is I've never ever bought anything because of an add anywhere, I'm not an impulse buyer, and worse I only buy anything if after carefull thought I can show not just a real need but an actual return on it.

That's not to say I don't look for vouchers for things I do use, but even then...

My sons mother does not like going shopping with me... One reason she has related dispairingly to many of out friends is... We were shopping one day and toilet rolls were on the list, rather than just grab a pack of six, I apparently appeared to go into a trance for a few seconds. When she asked me what I was doing I told her I was working out the total number of sheets for the price and thus which of the thirty or so packs was best value... She thinks this is weird and not possible to do the mental arithmetic that fast. My friends however know better and think it's mildly ammusing she would still think that after all the years she has known me...

I can clearly remember the last time an advert had any effect on me, it was the run up to Xmas when I was a young lad in short trousers, and their was an exciting add on TV for an electrical --not electronic-- game. I pestered my parents and they bought it... Lets just say it was a realy big disapointment within a few minutes of opening the box... Lesson learned, now the only reason I look at ads is out of amusment to try and spot the con / angle. Much to his mum's annoyance, my son has likewise become immune to adverts, if he ever showed an interest in a toy in an advert, I'd take him somewhere where he could see it for real and even play with it. Apparently from her point of view "I've taken the magic out of Xmas for him", I look at it as he got what he actually wanted, not what he or his mum was "sold" / conned into buying. Admittedly we do have alot of lego technics including a couple of Mindstorms and other compatable robots. And this Xmas we will be working on converting a couple of those laser fighting tanks to run off of WiFi enabled Raspberry Pi quad core boards and adding USB cameras and Nerf guns to get "the real turret commander view and feel" on the laptops. The other job is to add the NFC RFID chips and readers to the model railway to give the signalling and control system an upgrade and put another micro 2.4Ghz camera in the new loco for a drivers eye view, so it's going to be a busy two weeks, so no time to watch the adverts even for fun ;-)

Not G ManNovember 15, 2015 7:22 PM

@ B613 said:

But, then, this is all based on "ianf's" postings. Same guy who did a twenty page analysis with zero experience on Snowden's HK security operations in this same thread.Never even mind that as good of a job as Snowden did in his "spying"/whistleblowing, he was low level. He did not have but a tiny, tiny bit of operational experience. He was a desk analyst. And he only had seven years of experience.
His whistleblowing was his first real physical operation. Some of his "opsec" was very good, considering it was his first name. Plenty was cartoonishly awful. Main reason he was able to succeed was because the US Gov was so awful. They trusted everyone. He wasn't on anyone's radar, until he was.

Interesting post.

Like any crime watch system, it's the first time sinner can't be accounted for. Our society, Western that is, of trust was built on innocent until proven guilty as a fundamental right, and thankfully that.

When it comes to Computer Watch, it is no different. It's the first timers that it must identify and then be notified to neighborhood watchers, in some cases publicized as to become numbered public enemies.

The principles of mass surveillance would not escape this paradigm, atleast I don't think so. But since we believe guilty until proven in a court of law, first time sinners can get into grey areas when it comes to secret spying. As a commentator said, three sins a day committed by the average citizen. The list just keeps growing like Moore's law, but will eventually hit a snag.

rNovember 15, 2015 7:44 PM

@tyr

People who urgently request boots on the ground should be the first in the meat grinder?
So... We send them all our sociopaths, our psychopaths, the insensitive victims of our media. Basically we send them every blind, unthinking and unfeeling clod we have huh? Better yet, when they get back after participating in a genocide we give them jobs, tear gas, tazers and a hero's welcome right?

I for one am very glad our troops have to pass psyche tests before being admitted, sure a couple maniacs will get past the filters but it's far better than just shipping our criminals and war mongers overseas unrestricted.

@clive, thanks for the Christmas ideas.

Clive RobinsonNovember 15, 2015 7:47 PM

@ Wael,

Mufti Ismail Menk says it's up to the individual nation to decide based on the "Law of the Land", and he predicts the Internet will start to be blocked by western nations.

Whilst he is probably right in the first part, I hope he is wrong in the second part.

History has taught us over and over that trying to block information is a fools errand.

The three things we need to keep the peace are information, knowledge and understanding.

There are atrocities being committed by all sides, the first step to stopping the endless cycle is ensuring that everybody knows that, what they are and by whom they were committed and at all levels. It's pointless to ask that people be punished, because the reality is it's not going to happen, no matter what people might wish. What we need is de-escalation by all parties, then we need to incentivize people not to fight.

Usually the first step on building a peaceful future is to give all a future they feel they can participate in. It will not be easy but history shows if enough people buy in to the prospect of a better peaceful future, most of the rest will follow. Those that don't generally become more and more marginalized with time, the trick is to prevent them formenting trouble for the majority.

Part of the process will inevitably involve breaking down the old patriarchal system and becoming more secular. The seperation of religion, state and legislature is an essential part of bringing about a longterm equitable and stable state. History has shown it's the most likely path for peace, simply because everybody can see it results in an inclusive not exclusive society, where there is an opportunity for a future.

It's also something we in the West need to revisit ourselves, we have to accept the perhaps bitter truth, that we will have to lose status and some lifestyle so that others may prosper. Our world is in most respects finite, we have the limited choices of living within the resources we have equitably, die fighting to maintain inequality or find ways to sustainably improve the resources we have available to all of us. The latter choice as history has repeatedly shown, can only happen in a peaceful environment... That is, it is only in the interests of a very very limited few that we take either of the former choices, which is stupid because their is no "trickledown effect" it's a myth put out by the few, to stop people thinking about the realities of our shared existence.

WaelNovember 15, 2015 7:51 PM

I skipped the subscripts, but emphasis is on the middle name, as usual.

Maybe I'll put the subscripts incase it's not clear:

Map

Every Tamir, Darweesh, and Haani

To:

Every PeepingTom, Dickhead, and DirtyHarry

Emphasis on the middle name refers to ISIS :)

WaelNovember 15, 2015 8:30 PM

@Clive Robinson,

There are atrocities being committed by all sides, the first step to stopping the endless cycle is ensuring that everybody knows that, what they are and by whom they were committed and at all levels.

That's is true. How do you insure what you propose with biased and government controlled media (worldwide, not picking on an individual country.)

It's pointless to ask that people be punished, because the reality is it's not going to happen, no matter what people might wish.

Yea! Some are above the law

What we need is de-escalation by all parties, then we need to incentivize people not to fight. Usually the first step on building a peaceful future is to give all a future they feel they can participate in. It will not be easy but history shows if enough people buy in to the prospect of a better peaceful future, most of the rest will follow. Those that don't generally become more and more marginalized with time, the trick is to prevent them formenting trouble for the majority.

That's also true. Have you considered running for a post in politics?

Part of the process will inevitably involve breaking down the old patriarchal system and becoming more secular. The seperation of religion, state and legislature is an essential part of bringing about a longterm equitable and stable state. History has shown it's the most likely path for peace, simply because everybody can see it results in an inclusive not exclusive society, where there is an opportunity for a future.

That maybe one way. How has history shown that, though? Aren't there examples of other systems in the past that were successful, inclusive and guaranteed the rights of minorities?

It's also something we in the West need to revisit ourselves, we have to accept the perhaps bitter truth, that we will have to lose status and some lifestyle so that others may prosper.

We in the west with few exceptions are indirectly taught to be greedy and live beyond our means.

Our world is in most respects finite, we have the limited choices of living within the resources we have equitably, die fighting to maintain inequality or find ways to sustainably improve the resources we have available to all of us.

Yes! Future wars will be about water and sunlight (solar cell landscape.) Unfortunately the interests of countries are conflicting. What's good for one is bad for another. There is also "mistrust".

PS: I like your Sinai story and what you did to her in the tent :) Say, your YouTube links are now working? You must be on a different device ;)

SteveNovember 15, 2015 9:00 PM

@tyr

So if I call 911 and ask for police protection from a criminal, I should really not ask but be 1st in line to join the police force...because anyone who asks for the military response is a chicken hawk? It's the nature of a civilized society here and now to have police and military to handle emergency situations like criminals and IS and Nazis in WW2 etc. And we do need to ask them from time to time. So @tyr you know what you can do with your comment. Further anyone who thinks we can fight wars solely from behind the comfort of our computer terminals remotely through mass surveillance and drones or from 30,000 feet is in fantasyland. Paris and Syria and Iraq show that our opponents do have boots on the ground, and that's how they've caused so much suffering and misfortune. At some point you have to pick a side, and at some point you have to engage the enemy. Me, I'm old and fat and worthless on the front line and I have to ask for that costly protection.

Dirk PraetNovember 15, 2015 9:14 PM

@ Clive, @ Wael

The seperation of religion, state and legislature is an essential part of bringing about a longterm equitable and stable state.

Which is the very thing Da'esh and its followers reject and why there can be no place whatsoever in our society for either the ideology or its followers, and for whatever reasons they chose to go down this path.

WaelNovember 15, 2015 9:25 PM

@Dirk Praet, @Clive Robinson,

The seperation of religion, state and legislature is an essential part of bringing about a longterm equitable and stable state.

I won't talk about "definitions" (of every word that's longer than three letters in this sentence) and "labels". Okay, prove (convince me) this statement is true! Don't take this as a "defense of Da'esh" -- I'm against everything they do.

WaelNovember 15, 2015 10:42 PM

@Nick P,

I'll mark it for later reading

Got to finish it. I understand why he wrote that piece. He apparently was a technician by education, at least initially. He also questioned the technical texts technicians learn from. What he talks about in his piece is rudimentary solid state physics. The engineers he talk about must be a Bachelor of Engineering in EE degree holders. The difference is Engineers with a Bachelor of Science in EE get to study how transistors and other semiconductor devices work from several perspectives, including Solid State Physics that is missing in Technology degrees. The book you have should have that covered to some elementary extent. Keep in mind that solid state physics is a different topic (and I can recommend a few good books on this subject as well.) Good reading, fairly elementary as it's meant to clarify things to others who lack Solid State device theory. I'm not sure about his analogy of the "conveyer belt" -- seems inaccurate too.

HansiNovember 15, 2015 10:58 PM

Some months ago, during night, unknowns repeatedly flew drones over French nuclear power stations:

http://www.theguardian.com/environment/2014/oct/30/drones-spotted-over-seven-french-nuclear-sites-says-edf

0n 0m05sec, this cnn excerpt from a recent ISIL video makes not only threats to russia, but it also contains what looks like footage from a drone flying over the cooling tower of a nuclear power station:

http://edition.cnn.com/2015/11/12/middleeast/isis-russia-threat/

Meanwhile BND gets 225 new employees and BfVS 250 people

http://www.spiegel.de/politik/deutschland/bundesregierung-stockt-personal-fuer-geheimdienste-auf-a-1062886.html

What they do there? According to Spiegel

http://www.spiegel.de/politik/deutschland/bundesnachrichtendienst-spionierte-systematisch-freunde-aus-a-1061517.html

they are busy with spying on Care International, Oxfam, ICRC, US, France, UK, Sweden, Portugal, Greece, Spain, Italy, Austria, Switzerland, Vatikan.

However, according to german politicians BND gave list, saying that they would only spy on some german diplomats, Unicef, WHO, FBI, Voice of America, and US industries like Lockheed, and nothing else of course... so that list seems to be wrong too....

http://www.heise.de/newsticker/meldung/BND-Skandal-Auch-ein-deutscher-Diplomat-ueberwacht-2916521.html

Because it was busy spying on the Vatican, BND did not notice a man crossing the german border with a car and 8 AK-47, 2 grenades, TNT, pistols, revolvers and ammunition a week ago. In his smartphone, the destination Paris was marked. He said to the police officers who caught him accidentially that he just wanted to visit the Eiffel tower.

At that time French authorities reacted with suspicion, saying that if the germans want information on something related to Paris they should first fill out an official request.....

B613November 16, 2015 12:33 AM

@Wael

Good comments, thanks.

But, yeah, I see where you are coming from on that. I was using the term loosely, like using "kosher" a bit out of whack as people often do.

I know there is a phrase from the koran or hadith, "the dogs bark but the caravan moves on", so was surprised to discover my Sunni neighbors found dogs so abhorrent. Probably a regional thing.

I think those comments some make about pigs is just because they find banning eating pigs so laughable, as bacon is so good. Certainly, it was a good rule to have seven thousand years ago, like not eating shellfish. Both types of food, if improperly prepared and handled, can cause sickness.

But who eats dogs anyway? Some far flung asian cultures, at best... or people really, really hungry.


http://www.usatoday.com/story/news/nation-now/2014/09/12/man-cooks-exes-dog-for-dinner/15533031/

@Not G Man • November 15, 2015 7:22 PM

B613 said:

But, then, this is all based on "ianf's" postings. Same guy who did a twenty page analysis with zero experience on Snowden's HK security operations in this same thread.Never even mind that as good of a job as Snowden did in his "spying"/whistleblowing, he was low level. He did not have but a tiny, tiny bit of operational experience. He was a desk analyst. And he only had seven years of experience. His whistleblowing was his first real physical operation. Some of his "opsec" was very good, considering it was his first name. Plenty was cartoonishly awful. Main reason he was able to succeed was because the US Gov was so awful. They trusted everyone. He wasn't on anyone's radar, until he was.

Interesting post.
Like any crime watch system, it's the first time sinner can't be accounted for. Our society, Western that is, of trust was built on innocent until proven guilty as a fundamental right, and thankfully that.
When it comes to Computer Watch, it is no different. It's the first timers that it must identify and then be notified to neighborhood watchers, in some cases publicized as to become numbered public enemies.
The principles of mass surveillance would not escape this paradigm, atleast I don't think so. But since we believe guilty until proven in a court of law, first time sinners can get into grey areas when it comes to secret spying. As a commentator said, three sins a day committed by the average citizen. The list just keeps growing like Moore's law, but will eventually hit a snag.

Well, Snowden should have had stricter controls placed on him. And I mean by that on the entire group. I am separating that issue from what Snowden did, and simply talking about the failure of the security of his contracting firm and the agency they were contracting with.

Nobody is asking for everyday citizens to have body cams. But it is reasonable to ask for cops to have body cams.

In security fields, you don't trust each other, you "trust, but verify".

Not having good controls is just bad security.


With mass surveillance it is very much more like intelligence then security. They have to remain objective about what they see, like doctors. No moral judgments. There is an enormously high false positive rate, and what people say in private and how they say it is very different then how they speak in public and what they say in public.

Without that objectivity, you are unprofessional. You can not understand the target or suspect. And you can certainly not ever gain rapport with them, if need be.

If you can not understand them, and well, and quickly, you can not possibly know what they are thinking, or what they will do next. You can not know what they are currently doing. You have made them an unseeable black box by your own biases and narrow minded viewpoints.

It is not 'cuff em' law enforcement, either. You watch. You wait. You let people do all sorts of stuff and stomach it. You let people have all sorts of misunderstandings and stomach it. In many ways, many of the thinkings and behaviors are exactly the opposite of military or law enforcement. Excepting of course, deep cover law enforcement and such. Where people are of one appearance, which is a mask; and then they are their real self, who is someone else entirely. And this is moral.


WaelNovember 16, 2015 1:25 AM

@B613,

You're welcome. I won't comment further on dogs or pigs in this thread because it'll be way OT ;) I do like shellfish, though.

Markus OttelaNovember 16, 2015 2:51 AM

@ Figureitout:

"I thought it was both ways, splits into 3 separate streams in same direction?"

The LAN tap has two RJ45 female connectors opposite each other that pass through the traffic between A and B. The two other RJ45 female connectors can tap into traffic received by A or received by B. I'll have to double check this, but I would assume the LAN tap sends data to tapper from Tx-pair and moves it to Rx-pair on NIC of tapper. I'm not sure if crossover or non-crossover cable could reverse the operation.


"Figures such a simple device wouldn't cleanly capture traffic (I'm most concerned w/ hidden exfil/infil)."

The tapping part works really well. The issue is, I'm not sure you can send data in one way through the tap connector. Hidden exfiltration is the major problem so I recommend you stick with the data diode.


"I want slow internet if I'm going to capture it all"

The tap has two capacitors that slow down the connection from 1Gbps down to 100Mbps. I've had no problems when capturing at that speed (even when using the 100Mbps internet of household).


"FEC still confuses me a bit"

Basically you need to use UDP protocol because unlike TCP, UDP doesn't send data back to sender about what data it failed to receive. So the transmitter needs to send extra data to ensure redundancy. FEC or forward error correction sends extra data from which small transmit errors can be automatically corrected.

In the case of my crappy fiber-ethernet converters, I had lot's of noise. Such heavy FEC was required, that 100Mbps was reduced to 16Mbps. It's still good enough considering the advantages, and compared to serial data diode. 16Mbps is fast enough for multi-user video-conferencing: With Skype's protocol, you could receive sound and video from 15-20 users depending on video quality. VoIP could support up to 150+ simultaneous friends you're listening to.

PJNovember 16, 2015 3:54 AM

How fresh do you like your squid?

http://www.dailymail.co.uk/news/article-3319726/Watch-diner-eats-fresh-squid-tentacles-moving-around.html

Predictably, after Friday's events in Paris the GCHQ shills in the British media are beating the drum for banning apps that use encryption and for the so-called "Snoopers' Charter".

Greenwald has answered already but will it make a difference?

https://theintercept.com/2015/11/15/exploiting-emotions-about-paris-to-blame-snowden-distract-from-actual-culprits-who-empowered-isis

Dirk PraetNovember 16, 2015 8:29 AM

@ Steve, @ tyr

Me, I'm old and fat and worthless on the front line and I have to ask for that costly protection.

And that's what you pay taxes for, Steve.

Ideally, boots on the ground would be provided by the UN or regional powers such as Saudi Arabia, Turkey, the Gulf States or Iran, but I don't think that's gonna happen. The first three - all Sunni - have far less of a problem with Da'esh than us here in the West, and nobody actually wants the Shia nation of Iran to play a bigger role in the region. Since there is still no consensus about the faith of Assad, UN troops are not going to happen either.

The US and the UK, who carry the biggest responsability for the unravelling of the entire region, are understandably apprehensive about yet another round of ground war that in no time would devolve into unwinnable asymmetric warfare on a terrain where, on top of it all, the local population has totally had it with foreign invaders.

However much I believe Da'esh and its supporters need to be exterminated, the ghost of radical Islam - thanks to the war criminals Bush, Cheney and Blair - is back out of the bottle and it won't let itself be put back in easily. With or without boots on the ground and a military defeat of Da'esh, the nations of Syria and Iraq will never be the same again and the entire region is going to be completely and utterly foobar for decades to come, and with a significant impact on the west through mass immigration and recurring terror attacks.

And it's going to stay that way until the arrival of the next Great Dictator who through a ruthlessly oppressive regime restores law and order, or the advent of a visionary like King Faisal, Mohandas Gandhi or the prophet Muhammed who manages to reunite all tribes and sects and bring back peace to the land.

AlanSNovember 16, 2015 8:34 AM

@Steve, PJ, others

I have also heard a number of commentators bring up encryption as an issue. In fact, there were commentators talking about the 'going dark' while the attack was still on-going and there has been more since.

But Marci Wheeler points out they can't even make the metadata work for them: Surveillance Hawk Stewart Baker Confirms Dragnet Didn’t Work as Designed

The dragnet covering these terrorists is the kind of dragnet the NSA would love to have on Americans, if Americans lost all concern for their privacy....The terrorists may have used encryption and therefore made it more difficult for authorities to get to the content of their Internet communications....But their metadata should still have been available. There’s no good way to hide metadata, which is why authorities find metadata dragnets so useful. French authorities knew of at least one of these guys, and therefore would have been able to track his communication metadata, and both the Five Eyes and France have metadata dragnets restricted only by technology, and therefore might have been able to ID the network that carried out this attack. Stewart Baker claims that Section 215 was designed to detect a plot like this. But the metadata dragnet covering France and the Middle East is even more comprehensive than Section 215 ever was. And it didn’t detect the attack...

Clive RobinsonNovember 16, 2015 9:31 AM

@ Dirk Praet,

... the ghost of radical Islam - thanks to the war criminals Bush, Cheney and Blair - is back out of the bottle and it won't let itself be put back in easily.

The problem behind this is the answer to "Who want's to put it back anyway?"

And the real answer is pretty muxh nobody with any influence in the game. The rest of us the "innocent citizens" of many nations don't count as is repeatedly made clear.

If you look back far enough on this blog you will find a comment to the effect that there are three basic types of racist,

1, Those who have been attacked in some way by those of a recognisable ethnic group.

2, Those who due to their own inadequacies blaim their failings on others who they think have stolen their jobs/future/etc, and see others of an ethnic group as having being responsible.

3, Those who see profit in encoraging racist behaviour in others in some way.

The simple fact is what goes for racism also goes for religion, politics, street gangs and much else and it can be summed up as various aspects of "tribalism".

Now I can not say it's inbuilt into humans but various anthropological studies indicate that it is and is rather more fundemental than " mating privilege".

Whilst the first two groups are generally easy to see by their actions and in the case of the first a readily understandable effect from a cause the third group is the most dangerous.

And it is this third group that tend to rule the roost, and make choices for the rest of us by various insidious techniques and the FUD, lobbying, back handers and nest feathering we see in politicos and civil servants is just the tiniest tip of a very massive iceberg. It is an ingrained part of the political process that is "representational democracy" that is anything other than democratic in reality. Which is why, understandably, it is the political model those who profit by it, want to force by use of arms onto other nations. It is as bad as the "great game" which the likes of Cecil Rhodes used to exploit the resources of Africa and other areas including India, North America and befor them South America, and just about every other place the greedy boot of European Adventures has steped onto from a row boat, and oft accompanied by "the men of God" ensuring a "rendering unto Ceaser"...

Clive RobinsonNovember 16, 2015 10:19 AM

@ Wael,

Okay, prove (convince me) this statement is true!

The first step is probably mildly enjoyable...

I'm going to ask you to watch a British comedy film called "Hot Fuzz".

Importantly just watch and enjoy it a couple of times, don't try and analyse or critique it yet just enjoy it.

Any one who has lived in a small English "Market Town" or Village for any time will recognise many parts of it, it's what makes it so funny.

Then get back to me, and we will talk about it.

Dirk PraetNovember 16, 2015 10:47 AM

@ Clive

Any one who has lived in a small English "Market Town" or Village for any time will recognise many parts of it,

Does living in Camden Town or near Elephant & Castle count too ?

B613November 16, 2015 11:11 AM

@AlanS, whomsoever

on "going dark" & Paris Attacks & Wheeler article:

A commenter there posted this excellent link regarding major financial ties and some of these pundits for the disastrous mass surveillance programs:
https://theintercept.com/2015/05/12/intelligence-industry-cash-flows-media-echo-chamber-defending-nsa-surveillance/

Two of the main points from the article, well worth summarizing:

1) France has far more invasive mass surveillance then the US ever had going on currently
2) The US and other allied countries have far more invasive surveillance going down in the Middle East already -- this was never taken down

Mass Surveillance Issues

I stated this above, but will state it again. It is well worth repeating: the argument is that "Edward Snowden revealed what we were surveilling, therefore this made the terrorists go dark. They realized we were surveilling these communication choke points and stopped using them."

This basic argument is core to basic principles of surveillance: if they know you are spying on you, they won't do or say anything. Worse, they can use your surveillance on them against them for targeted disinformation campaigns. And, in some cases, they can literally take your surveillance technology, reverse engineer it, and use it for their own selves.

In this case, Snowden revealed they were 'watching this', 'listening to that'. So, hypothetically, this caused the terrorists to avoid these areas or secure them, thereby "going dark".

Their answer? They have kept up an incessant, global, 'prime time' media campaign to argue for a global US backdoor in all US software and hardware products.

If this idea were implemented, then terrorists would not guess nor assume but know that all US software and hardware was surveilled. Thereby making terrorists "go dark" on an unprecedented scale, according to their own way of thinking.

If Snowden was a hand grenade, this would be a nuclear bomb.

Brief Commentary on the Stupidity of their Punditry

I think it is difficult for people to wrap their minds around how so many public facing, important leaders of US intelligence & law enforcement could be pushing such a literally blind and stupid argument.

Because the audience has never surveilled anyone, never hacked their systems, never wiretapped anyone, this has problem not consciously occurred to many of them. The way people are, however, I am sure it has unconsciously occurred to them, and so is in the "back of their mind" when they hear these arguments.

Often how stuff like this becomes conscious for people is when they actually do it. Before then, they can get the logic of it and have a "gut sense" "something is wrong".

Which brings me to "why" they are probably pushing for it:

1. Ignorance
2. monetary contracts
3. politics

1 and 2 are big bags of worms, but 1 is well worth going into:

1. These folks have never personally been involved in surveilling anyone, so they have no idea about the obvious reality of how that does not work with the target is aware you are spying on them.
2. Most of them are from entirely different fields, just put into their position. Some may have had some very, very high level view of some surveillance projects. Some have none at all.
3. They believe if they just throw money at such a system, it will work. They have this easy enough to understand 'pie in the sky' idea of what they think will be made. The workable solutions are far more difficult to understand, as are the problems with their 'pie in the sky' solution.
4. Getting more money. Like point 3, they see how they can get a lot more money and resources by their childish idea of a workable system. But they do not understand more sophisticated solutions that would actually work. These, too, could certainly use more money. As much money as anyone could throw at them. So, again, they just really are not thinking.
5. Certainly they have a severe "yes man" problem. This is indicative of horrible intelligence and leadership, in general. Good leaders should have a wide spectrum of diverse viewpoints from diverse, knowledgeable advisors. Clearly, this is not going on.
6. These guys are light years away from being hackers or anything like it. While this is said as much in point 1, people may not be adequately wrapping their mind around just how far from understanding what they are talking about they really are.

You do not have to be a hacker who spends time surveilling others to understand this. There is another way. Use your mind to think out, "what if you were a hacker". Think. Get a pen and paper, write a story or something. Do not just regurgitate all the time what others tell you, thinking that is as good as thinking for your own self.

Reasoning and thinking is admirable. By any one's standard of virtue.

Very simple: if you had zero day and unfindable, super stealth rootkit spyware... and a target in mind... would you want to first tell that target you are going to spy on them? Would they allow that? If they could not stop you from doing so, would they react entirely passively, act as if they normally do? Might they not play all sorts of games with you, instead? Or use systems that would evade your surveillance?

Really basic stuff.

Workable Solutions

Targeted surveillance. This certainly does mean branching out from targets to map their personal networks.

The problem with the "surveil everyone" system, immediately, be it pushing for backdoors in everything or dragnet mass surveillance (all the same thing) is you are inevitably reducing focus on solid targets. Good leads.

So, for instance, very little information at this time is known about the specific identities of the French attackers. However! One is known and was already known to be an extremist. Clearly, they did not have him under adequate surveillance despite him being a strong lead and a positive target.

At a top level, Binney's old system was a positive, good model to use. Even privacy advocates are for it. At least, I can recall at no time reading of Binney anyone alarmed by his system.

It is not too dissimilar to models used by corporations which the public are comfortable with: anonymized personal data, with options to drill in on solid targets.

Otherwise, it is designed to focus specifically on targets and map out their networks to find additional targets.

That, its' self, is hard enough to do considering how many non-targets a valid target will communicate with.

Core to all of this:
You are still going to have to hack. Governments have access to 'hard to find' critical security vulnerabilities. They have access, the capability anyway, to create difficult to detect "spyware"/rootkits. They have access to MITM of many popular services. They certainly have the capability to train hackers and plan and improve processes for stealth surveillance.

They have drone surveillance, satellite surveillance, and miniaturized surveillance of all sorts: audio, video, gps. DNA tools and tactics. Chemical tools and tactics. This is the 'golden age of surveillance'.

These programs and this technology certainly do cost money. Problem is: it is smart money. Requires 'doing it right'. More money, the better -- but it is immediately evident, it has to be strategically placed smart money.

The "mass surveillance dragnet"/"backdoor in everything" way is just the shotgun method. It, too, to work actually requires the same smart money to actually do anything. They just are confused and think it does not.

Unless, of course, all of this is just an elaborate smoke screen to cover up systems really still in place. But, considering the immense failures of these guys, on their watch: Snowden, OPM, ISIS, Iraq, etc... you can pretty well guarantee this is absolutely not the case.

B613November 16, 2015 11:24 AM

@AlanS, whomsoever

ISIS strategies.

I wish I had my old "Death from Above" tshirt... need to find another one.

Though normally I mean that in more metaphorical terms. I am in a bad mood, not just over Paris, but also seeing these threats they are making.

Realistically, pragmatically, the chance for a very severe reaction is only growing. The entire area is very volatile, and only is growing more volatile. I think we can be a bit numb to this - every generation alive - because so often 'things have ended up okay'. Not too terrible. Over there.

The more Sunnis Shia kill, the more Shia Sunnis kill, the more focus on outrages, even direct focus to outrage mass public... the more Sunnis killed by non-Muslims... the more Shia killed by non-Muslims... the more Sunnis killed by Sunnis... the more Shia killed by Shia... the more Jews killed by Muslims... the more gentiles killed by Muslims... the more Muslims killed by Jews and gentiles...

It is all bad.

And there is a lot of oil in that area.

Sadly, the actual most conservative, safest course would be to go 'all out' on ISIS regions. Heavy bombing from the air. Then, follow up with troops. This would invariably mean mass civilian causalities.

Make the ground where they are at rid of any structure at all.

That would cool down the core powers and prevent further problems from happening.

When they are attacking in foreign countries, creating outrages, they are thinking very hard they want to pull in their forces. They believe they are invulnerable. They are as serial killers getting away with it. They think they are angels of God.

They are on a massive, delusional powertrip.

Problem is, the longer they can do this, the higher the chance they will do something *really, really bad* truly igniting the entire Middle East into conflict as it has never seen before.

Not a pretty answer, and not one I believe anyone will take. They almost never have before, not since the second world war, anyway.

Dirk PraetNovember 16, 2015 11:28 AM

@ Clive

The simple fact is what goes for racism also goes for religion, politics, street gangs and much else and it can be summed up as various aspects of "tribalism".

Spot on. Hence my distinction between The Dictator who rules through division (Caesar's "Divide et Impera") and The Visionary who rules through unification.

Clive RobinsonNovember 16, 2015 12:30 PM

@ B613,

It is well worth repeating: the argument is that "Edward Snowden revealed what we were surveilling, therefore this made the terrorists go dark. They realized we were surveilling these communication choke points and stopped using them."

Importantly the argument has been shown to be false.

The "going dark" started quite a while before the Ed Snowden revelations. One bunch of jokers who tried to push the myth, included a "time line" in their report on which it can clearly be seen that the development of and use of "home grown crypto" predates their "Ed Snowden Revelation" time marker.

For those that want to follow time lines back, go back to when OBL and a Comander of Russian antaganistic forces used Satellite phones, then one day the NSA helped the Russian's and the equivalent of a cruise missile's worth of explosives flew down the Comanders radio signal whilst he was talking on the sat phone and blew bits of him from there to kingdom come. As usuall some gobby US insider looking to polish their cred with journos let the story out...

From that point of time OBL and many many others dropped of the electronic comms grid. Subsiquent gobby US insiders have made the situation worse as they polish their position harder...

Ed Snowden thus became an easy fall guy because gobby US insiders can not keep their traps not just shut but firmly buttoned down.

As in oh so many other things US insiders and political appointees do more damage by their petty point scoring "Cult of Personality" gum flapping, than any whistle blower you can name...

John Galt IVNovember 16, 2015 12:37 PM

@Clive

You are correct that people are deeply tribal animals. I'm pretty sure that I posted this before. Humans are hardwired to treat people from other tribes with suspicion and hostility. After all, they might be here to kill us and steal our women. Hence the reflexive actions in Europe to bomb Syria some more, as if it hadn't been bombed enough already. And to close the borders. Check out the article below to appreciate how deep the predisposition runs, to the point that Democrats and Republicans are willing to commit passive genocide on each other. Especially ironic, because the two quasi-parties actually are two sides of the same corporate-control coin. Humans need and want leaders who are able/willing/eager/predisposed to behave sociopathically toward enemy groups, at least until we achieve enlightenment. Have you run across Doug Casey before, he of the rabid libertarian stripe? A term of affection, having been one myself in the before time. btw, I believe that Doug Casey and Karl Denninger are self-consistent. I see that people who are bright and ethical gravitate to some form of libertarianism. The police almost always lie to protect other members of the police tribe. To be fair, the police generally will treat working people from their jurisdiction reasonably well, unless the working people happen to be the wrong color, live in the wrong part of town, or show attitude.

from Doug Casey's excellent free newsletter. hopefully this brief excerpt is covered under fair use

http://www.caseyresearch.com/cdd/quest-confidence

excerpt:

What We Always Knew About Politics, But Couldn't Prove
By Paul Rosenberg

Politics makes people mean.

We always knew that, but if ever we said it, people passed it off as a
trite complaint about one political party or the other. But now,
thanks to a couple of researchers at the University of Michigan, we
can prove it.

This new study was very cleverly set up so that the researchers could
measure the empathy of Republicans and Democrats for each other,
without using political questions. Here's how they did it:

In their first experiment, the researchers recruited subjects on a
cold winter day (some of them were outside, waiting at a freezing bus
stop). They said that the test was on reading comprehension.

In one version of the test, they gave the subject a story to read
about a left-wing, pro-gay-rights Democrat. This Democrat was, in the
story, hiking through the woods on a cold winter day. In the other
version the story was the same, except that it was about a
right-wing, anti-gay-rights Republican. Only after the experiment did
they ask the political leanings of the subjects.

In the second experiment they did the same thing, but they used thirst
instead of cold. They fed the subjects salty foods and gave them no
water; then they told a story about a man walking across a parched
desert. Again, one version of the story featured a Democrat and the
other a Republican.

You'd think that a thirsty guy would feel some level of sympathy for
another thirsty guy, right? And normally, that would almost always be
true, but it turned out that politics killed that natural sympathy.

Democrats felt sympathy for a Democrat in the story 100% of the time.
Republicans felt sympathy for a Republican protagonist 96% of the
time.

But when the freezing or thirsty person in the story was from the
other party, sympathy died almost completely: The sympathy of
Democrats fell to 0% and the sympathy of Republicans fell to 9.5%.

WORSE THAN MEAN... EVEN MONSTROUS

Mean is a non-specific word. Even though it always refers to something
negative, it can refer to many different types of negative things:
grumpiness, outbursts or malice, for example.

The meanness uncovered in this experiment was of a specific type: the
killing of empathy. And that is a very dangerous thing.

Empathy is the root of morality and cooperation. People without
empathy are called sociopaths, and they are by far the most dangerous
people on the planet. Every genocide features sociopaths; every mass
atrocity and every continued abuse requires them. So, when a study
shows empathy being almost entirely crushed, it should be jarring. To
put it clearly and simply, this study showed something very scary,
which is this:

When people are under the influence of politics, they turn into sociopaths.

That is not hyperbole. Go back and re-read the explanation above. If
you think I might be over-stating things, read through the study for
yourself.

Such people do not become permanent sociopaths, of course – they are
able to experience empathy in other situations. But when politics
comes to their minds, they lose all empathy for someone of the
opposite party. And that is a very dangerous thing – especially
considering that politics is the obsession of the age, the mass
addiction of our age.

This is no longer a subject of debate; it is fact.

We always knew that politics made people mean. This study showed us
how completely politics crushes empathy... and shows us how toxic the
political obsession really is.

The crack addict needs to walk away from his pipe; the alcoholic from
his bottle; it's time for us to start walking away from politics.

B613November 16, 2015 1:18 PM

@Clive Robinson

Yep. Had the sat phone debacle in mind, as well. Well said points.

Ed Snowden thus became an easy fall guy because gobby US insiders can not keep their traps not just shut but firmly buttoned down.
As in oh so many other things US insiders and political appointees do more damage by their petty point scoring "Cult of Personality" gum flapping, than any whistle blower you can name...

Yes. This kind of motive is what I had under "politics", but did not go into.

I do believe, certainly, "ignorance" is a major factor in what they are saying, however.

This "making people aware that you are going to hack them" or even worse "making people aware that their system is hacked" is something they clearly just do not get. Anyone who does knows just how bad of a tactic that is.

They really are not even qualified for their jobs.

Not so sure how wise the whole "appoint whomever you want to lead X agency" concept really is, especially when it involves not hiring from the inside.

@Dirk Praet

And it's going to stay that way until the arrival of the next Great Dictator who through a ruthlessly oppressive regime restores law and order, or the advent of a visionary like King Faisal, Mohandas Gandhi or the prophet Muhammed who manages to reunite all tribes and sects and bring back peace to the land.

You have some good points, I may want to respond to later time allowing. But, on this, I do not believe there is any chance of this happening.

"Him and what army" is the phrase that comes to mind.

One of my security researcher friends has gone mad. Brilliant guy. Hazard for intellectual jobs. He believes he is Jesus Christ. I basically point out to him, "you and what army".

Right now, "ISIS", is power mad. Large portions of their group have engaged in mass torture, slaughter, rape, pillaging, while effectively stating to "God and the world" they are God, on earth. That is a huge and consistent component of what they are saying.

It is exactly like with serial killers, whom have been very well studied and I believe are very well understood. This is not behavior unknown to ancients, however, the term is "drunk on blood".

No thunder, no lightning contradicting them, yet. No bolt from Heaven yet putting them in their place.

There is intense progression for such people on these rampages.

There are significant components which add to their "rush". Serial killers leave intentional clues, or realize their own mistakes, and seeing they are not caught makes the rush all the more intense for them.

The best, quick way for people to understand this is the Ted Bundy case. Normally, when serial killers are caught, that is it for them. He escaped.

Did he retire, ala Hannibal Lector? Did he stop while he was ahead? No, of course not. He made his way down to Florida... and rampaged a sorority house. He attacked a child on the street.

Might as well imagine ISIS leaders standing on a hill of corpses, putting their chest out, yelling to the sky, "Who is God, we are God". Red sky behind them.

Their taunting has grown far more severe. They long for France to get angry at them and attack them. They are starving for the US to unleash their might on them. They strike at Hezbollah in Lebanon, who is so close to them, wishing they would engage them with their full strength.

It is kill or be killed. Taunting here means as severe of brutal strikes as they can possibly do. With the singular aim of getting their target against them with their full force. They deeply believe this would destroy their enemy, that if they can but engage them they would have yet another conquest under their belt.

More severe strikes from the air would demoralize them. It is a horrific thing. But their savagery, their brutality has to be at least met.

"Boots on the ground", really a waste of time. Would only conflagrate the situation. They would use such a chance to demoralize by sheer brutality any POW via video, and it would only feed their bloodlust madness.

FigureitoutNovember 16, 2015 1:33 PM

Markus Ottela
--When I first read, I read it wrong. it is limited to sniffing 10BASE-T and 100BASE-TX, and each sniffing connector monitors only the network traffic going in one direction. -- http://ossmann.blogspot.com/2011/02/throwing-star-lan-tap.html

I thought that meant both ways. So unless you want to sniff twice and check you get same traffic, only 1 line needed. And thanks for saving me that time and confusion lol.

Hidden exfiltration is the major problem so I recommend you stick with the data diode.
--And next step is some kind of fairly solid "guard" that enforces some simple data structures or files rather than just 1-way comms that still lets anything thru (to prevent the worst hopefully, just malware that infects isolated target w/ no return comms...which would be hard to hide w/ some MCU's but they'll still be doing some kind of internet stack). And a good converter for some popular filetypes. That'll be hard, I want almost no edge cases that can escape the filter. I'm going to get into that next, just don't have a viable implementation in my head.

I've had no problems when capturing at that speed
--Good, that's good it doesn't completely breakdown, just slows it down.

forward error correction sends extra data from which small transmit errors can be automatically corrected
--Yeah I thought that, but still wonder...what if it's all wrong? Need to look into it more.

Such heavy FEC was required, that 100Mbps was reduced to 16Mbps
--Yeah it's not like I'm going to be using this all the time. Only potentially important comms or file transfers that can only happen over internet.

American High-Tech Waterloo November 16, 2015 1:55 PM

Safe Harbour 2.0, currently being drawn up by the EU and US authorities, "will not provide a viable framework for future transfers of personal information"…
"If by the end of January 2016, no appropriate solution is found EU data protection authorities are committed to take all necessary and appropriate actions, which may include coordinated enforcement actions."
http://arstechnica.com/tech-policy/2015/11/safe-harbour-2-0-framework-begins-to-capsize-as-january-deadline-nears/

Clive RobinsonNovember 16, 2015 2:57 PM

@ Dirk Praet,

Does living in Camden Town or near Elephant & Castle count too ?

Well the former is "narf" London and the second "sarf", and named after some French bint wot blew the London Bridge budget on clothes hence the nursery rhym about it falling down. They are seperated by a rather dirty ditch, called "Old Father Thames" that like many here these days realy suffers from "elder abuse". Whilst the two places once were seperated by green and verdent farm land, you'ld be lucky to find a green bit in between that's not become brown and lumpy from the owners of befouling hounds of various forms from rats on stilts to those that would give pause of thought to the mut of Baskerville Hall repute... But that's not how the Corporation of London's spicks, spivs, turn coats, international fraudsters, fixers and protection racket merchants want you to see their "fine city". Beholdent to none and paying of taxes to nobody, it's uncertain as to what they have acquired and squirreled away over the years, but the US national debt might be smaller.

But yehr, there is a certain ferral similarity or three between Village life fetlock tugging servitude under the propriatal gaze of the Parish Council and living on the edge of the "Ring of Steel" cameras and humourless custodians of "our freedems", in two of the highest crime spots in the fair isle, where getting knifed or shot as a teenager is an almost weekly event with crime fatalities being more than monthly.... Oh and "pissing on the streets" so common, not just from being "to poor to have a pot to piss in" but because the streets are the only place they can afford to die a slow death on... But hey that's what fiscal responsability by the cronies of the Corporation of London means...

J on the river AcheronNovember 16, 2015 2:57 PM

Man, be away for awhile and come back to 154 comments, lot going on and then major attack in Paris.

A thought occurs. Too much to tap on iPad. May be the u.s. Congress should issue "Letters of marque and reprisal"? To go against the bad guys. Speaking of digital here but maybe not limited there only.

A constitutional option. It would need to modernized a little. The person/"vessel"/company, target, ability to keep spoils of war, and penalty is hanging for straying. Agree to complete monitoring, digital, video, etc.

I really wish the radical jihadis just wanted to be the Islamic version of Amish. I would buy a well made rug from them. Instead they insist on killing people rather than live and let live.......

Just a thought.

@nick, thanks. Nice transistor pointer. Sub audible comms pops up again. Without my hearing aids I can't hear normal stuff. Now I have to think about audible sniffer. I thought the hum from Verizon was stupid on steroids.

Take care, Jacob

GrauhutNovember 16, 2015 3:13 PM

@Markus Ottela, Figureitout: Get a simple smart switch with monitoring port. Makes self sniffing a lot easier. ;)

http://www.amazon.com/TP-LINK-TL-SG108E-8-Port-Gigabit-Tag-Based/dp/B00K4DS5KU

Or for some bucks more a HP 1920-8G L3 routing Switch, worth the money if you want enhanced features like RMON.

http://h20195.www2.hp.com/v2/GetDocument.aspx?docname=4AA5-4095ENW&doctype=data%20sheet&doclang=EN_US&searchquery=&cc=de&lc=en

A passive splitter only makes sense on non ethernet lines like DSL, if you want raw frames or on fiber.


Even cheaper: Use a dual nic pc or soc for sniffing, bridge on both interfaces and position this unit between the line uplink and the rest of your network.

If you use a flashable NAS instead of a soc you can use this setup as a 24/7 logger.

ianfNovember 16, 2015 3:46 PM


@ Clive Robinson [cc: Dirk Praet]

... the West may be entering the age of recurring asymmetrical urban warfare.

    Err you could easily argue it that the Middle East and the West are both suffering "urban warfare" and that in both cases it's "asymmetric".

Nolo contendere. FTR observe that that my comment applied to the "larger" inference "that no vocal member of the commentariat yet dares to make” [that the West may be facing such warfare directed against itself] I.e. nobody in the West (but you—noted & dutifully reported upstairs) cares to admit the factual tit-for-tat situation, but, confronted with random mass violence as that in Paris, prefers to react from the position of wounded who–us? innocence.


US/UK & France [and possibly some other Western nations] are sending drones and fighter/ bomber aircraft well knowing that those on the ground have no defense against.

Quite. Given cheapness and ubiquity of drone technology, however, I expect we'll be heading towards home attacks with autonomous (preprogrammed and/or GPS-controlled flight path to targets) explosive drones. In fact, I've once read a mil.draft paper alerting the brass to the need to study threat potential of mass-launched grenade-bearing RC-planes as a cheap form of urban guerrilla warfare. Explosive drones seem like a "natural" progression of that, a cheapo cruise missile of sorts, that, if launched in some numbers against dispersed targets, basically would be impossible to defend against. Remember the 1991 Provos' van-mounted mortar attack against #10 Downing St.? I haven't seen any cost estimates for that, but assume the same would buy between 20 and 50 drones with 1kg payload, with much larger target radius AND precision than 3-4 mortar shells. When that comes, observe the tense, I expect to see autonomous police killer drones hunting down guerrilla drones. And it will come because attack drones are replaceable where human jihadis aren't.


Those attacking from the Middle East […] hold life cheaply, thus their asymmetry is "Disposable DNA".

Wrong logick, the cheapness of (ME-cultural) life has nothing to do with lack of Western technology there, but I'm not about to deliver a lecture on that here. Also the "disposable DNA weapon" is pretty expensive and ineffective for anything but token attacks (just look at the number of failed attempts, 2 of them outside the Paris stadium on Friday, when the bombers failed to gain admission to the venue).


If we look at the cost and kill ratios those attacking from the Middle East are winning by huge margins.

It's disputable, but here's not the place/ time for such discussions.


A long carefull look at the Israeli - Palestinian conflict which started in reality with the Russians attacking what was left of the Ottoman Empire shows that in the long run terrorism does get results.

You and I do not see eye to eye on that subject, but I'm not about to teach you where you're wrong (in claiming that). Suffice it to say, that the "Palestine Problem" looks different depending on where one sets the starting point for the concept of cleansing—however one calls it—of the Jews from Europe (your ~WWI date is far too late in that process). We're both critical of Israel, but let us stay sane in this never-ending tug of war over what basically is a sun-scorched stone desert with mythical Abraham-Jesus-Mohammed-slept-there (possibly with prostitutes and child brides) qualities.


That was how the State of Israel started, and is just one of the unpalatable but nevertheless true outcomes of terroristic activities.

You know that that is not true, albeit a common dissembling "wisdom" that's popular in the UK, the failed British Protectorate power in the region, later the kicked out owner of the Suez Canal, and other, lesser power plays. However one looks at it, the state of Israel came into being (in spite of their religious orthodoxy "waiting for Messiah" stance) due to the Tsarist Russia & Europe gradually getting rid of its native Jews, until it went tits up in the Holocaust—after which there no longer was any imperative not to grant the creation of a Jew-state. But well before that, for >50 years, the Jewish settlers in the Ottoman, later the "British" Palestine, built their society from the ground up in fully legal, democratic AND socialist ways and means. In fact, Eretz (pre-state) Israel can be said to have been the only successful socialist experiment to date, possibly the only one ever. And in places, where there were not enough Jewish hands to e.g. dry the swamps that the original settlers managed to buy from local Arab landowners, what Tel-aviv essentially rests on, it was all done with paid Arab labour (for which the day workers risked being whipped by their own). But of course, it's far easier to blame the aboutcoming of the state on "Jewish terror." (PS. you may not be aware of it, but that's basically hardcore Right Zionists' foundation legend as well, macho chest-thumping, the works).


History teaches us that Annihilation rarely if ever works, thus Accommodation would be the most promising avenue of investigation.

For Accommodation to be attempted, there has to be someone willing to meet you half way. You see ANY actor(s) in the region even contemplating it?

Regards accepted.

Gerard van VoorenNovember 16, 2015 3:56 PM

LibPNG has a severe bug that has been fixed by now but is still unpatched in a lot of devices and programs. Yet another buffer overflow. It's kinda depressing. The only answer I see is to get rid of C but maybe there are other answers.

Nick PNovember 16, 2015 4:08 PM

@ Gerard

Yeah, in another discussion on it, one commenter on Hacker News (jimrandomh) pointed out that it's pervasive, invisible use was the reason it was so serious. Whole comment here as it was good:

"Security vulnerabilities in libpng are a huge deal; they affect lots and lots of different programs, including things people don't usually think of, and many them embed their own copies of libpng which makes them hard to update. The last time there was a security vulnerability in libpng, it took years before it was fixed everywhere.

Patching this properly will require not just replacing a centralized copy of libpng, but scanning all binaries for statically-linked copies. There might be some tools left over from the last time libpng got into trouble; this would be a very good time to update and link to them. Some categories of software that are at particularly high risk right now:

* Web browsers. Sandboxing likely helps, but there's a possibility that there are some usages (eg favicons) that decode outside the sandbox.

* MMS on Android (possibly remote root on phones with no user interaction)

* Any server that accepts PNG uploads and processes them (eg, user avatar thumbnail generation)

* Anything which shows people user-provided avatar images (eg, IM clients)

* Video games which download levels that can contain images

* File browsers which show image previews

* Music players which display album covers

Expect malicious images to start appearing everywhere, and soon. If you're responsible for the computer security anywhere, this is a drop-everything priority."

Dirk PraetNovember 16, 2015 4:32 PM

@ B613

Large portions of their group have engaged in mass torture, slaughter, rape, pillaging, while effectively stating to "God and the world" they are God, on earth.

It's nothing new. History is rife with similar aberrations: the crusades, the Spanish Inquisition, nazi Germany, the Rwandan genocide, Pol Pot's killing fields. The list is endless. To put it simply: Da'esh is evil reincarnated and therefor must be exterminated. By any means necessary.

Clive RobinsonNovember 16, 2015 6:11 PM

@ ianf,

You and I do not see eye to eye on that subject,

We may or may not, my view is based on what primary records I've been able to get access to in the past in the UK's National Records Office in Kew SW London. As contempory records of the time it contradicts much that has been written about Palestine in the past. It's interesting to note that more recent works are changing, however there are a lot more records yet to come out under the various time rulings...

As for the "ethnic cleansing", "moving on" and other discrimination against Jews by amongst others White Russians, and just about every European Country and even the US that now make up the "West", yes it is long and it is complicated. Also if you want to get to the bottom of that then you have to go back to the tales of "Romulus and Remus" and the later origins of the Holy Roman Empire, and the schism with that which still resides within Rome today.

The problem --as I found getting on for a quater of a century ago--, is you soon run into the issue of the lack of reliable primary records. With regards those ousted Jews buying land from the Palastinians, that again is at best a debatable point. The records show that few if any Palastinians owned property, they were effectively at best tenent or indentured farmers to those of the Ottaman Empire (who we would now call Turks). The records further show that when the Jews purchased the land, almost the first thing they did understandably was replace the Palastinians with their fellow Jews who could not afford land. Thus they "did unto others" by effectively cleansing the land of Palastinians... Who then became pawns in others political games.

The British unfortunately were "gifted" Palestine by the Ottomans, in return for what was in effect war debt. What the British were realy after was the bottle neck of Constantinople, to stop the Russian's gaining access to the eastern end of the Med and thus threatening other British Interests in the area. Oddly perhaps it's the same story of Russian Maratime interests being played out today that gives us the Ukrainian and ISIS issues...

As for the accommodation resolution route, actually yes there are a lot of people interested in it, but currently they have no power, thus their views are not reflected in current events.

Be it Drugs or Oil, or as it once was spices and salt, external interests are in keeping the region in a state of flux, and as Kipling noted over a hundred years ago the "Whiteman's Game" Continues, and with it the "Great Game" that has plauged the region for as long as written records have existed.

Nick PNovember 16, 2015 6:14 PM

@ Wael

"Ok. Give me. Couple of weekends."

Ability to... maintain perfect grammar... complete sentences... failing... ARGH!!!

:P

ianfNovember 16, 2015 7:22 PM


@ AlanS “The former director of the torture agency claims Snowden "has blood on his hands" for tipping off terrorists.

As a retired official, Woolsey can say what he wants, but the bigger his hyperbole, the bigger the backlash. The important thing to harp on is what ArsTechnica does in the next paragraph: “That blame [for the alleged Snowden-caused “inability of the intelligence community in the US and in France to stop the Paris attacks from happening”] seems a bit far-fetched, given that terrorist organizations have been using encryption of various sorts for more than 15 years at least.

Besides, at the end of September during BBC Peter Taylor's interview in Moscow, Ed Snowden explicitly said that he no longer hears that kind of scary language from the Obama administration, so he's cautiously optimistic [that he'll be allowed to go back to stand trial once the government becomes "reasonable". That'll be the day.]

B613November 16, 2015 7:57 PM

@Dirk Praet
I wrote:
Large portions of their group have engaged in mass torture, slaughter, rape, pillaging, while effectively stating to "God and the world" they are God, on earth.

It's nothing new. History is rife with similar aberrations: the crusades, the Spanish Inquisition, nazi Germany, the Rwandan genocide, Pol Pot's killing fields. The list is endless. To put it simply: Da'esh is evil reincarnated and therefor must be exterminated. By any means necessary.

The motive Da'esh has must be tremendous. They are well blocked in. They do not have much chance for global attention, like what they so crave, unless they strike out with more terrorism. Not exactly like news crews are going to swamp in there. Or that people want to get home from work to plop down and watch the latest of what is happening in Da'esh land.

If anyone went and rushed it, that would be the safest course, I think. But, they won't. Which gives them all the more time feeling their power rush and focusing on terrorist plans in Europe, the US, and who knows where else.

The current strikes just are enough to only make them more mad.

There is a very dangerous triad of power they are in the center of there, and structurally, it is kind of like a mountain the way the influence spreads out from the South Pacific to well across North Africa.

The triad of Iran, Saudi Arabia, and Israel; where, of these, Iran and Saudi Arabia are head to head in just about every country of the region in tight tension via their respective branches of Islam.

Da'esh, I suppose I just see as not all that relevant, more like simply the top of a volcano. Very hot, ready to explode. But, ultimately, it is everything else to be really concerned about. They are a fuel.

WaelNovember 16, 2015 8:40 PM

@Nick P,

Ability to... maintain perfect grammar... complete sentences... failing... ARGH!!!

Yea, I botched that one. I wanted to say: ok, give me a couple of weekends...
For some reason I pressed '.' instead of an 'a' and the rest as they say is history... Unfortunately, recorded history...

Clive RobinsonNovember 16, 2015 9:19 PM

@ Wael,

Yea, I botched that one. I wanted to say: ok, give me a couple of weekends...

Nay Worries...

Take comfort from.the old saw of "To err is human".

The simple fact is I err so much I must be,"super human" by now ;-)

FigureitoutNovember 16, 2015 10:20 PM

Grauhut
Get a simple smart switch
--Word "smart" in name of product: strike 1. The tp-link has a "pc interface" of which I want none, all config stuff is flashed in either a locked ROM or fused in OTP-style (my preference but those parts are getting rarer...and you have to get it right as it's now a static target).

From product page: TL-SG108E is easy to use and manage. Auto MDI/MDI-X crossover on all ports eliminate the need for crossover cables or uplink ports. Auto-negotiation on each port senses the link speed of a network device (either 10, 100, or 1000 Mbps) and intelligently adjusts for compatibility and optimal performance.
--No don't want that.

The HP thing, same deal. Way way too many features. And a web management page...no don't want that.

At the least I'll harden a random low-spec PC, and run it live connected to large HDD (I struggle how to make it tamper-resistant, logs *cannot* be tampered with). Some NAS and stuff, meh don't know about that.

Super hard bordering on impossible, I don't think what I'm thinking of is going to work. So I'm focused on my roots of trust more so it doesn't matter and easy recovery and small attack space for those that take are public-facing.

WaelNovember 17, 2015 12:11 AM

@Clive Robinson,

Nay Worries... Take comfort from.the old saw of "To err is human".

To err is Human, to forgive Devine.

The simple fact is I err so much I must be,"super human" by now ;-)

Can you do that? :)

Wesley ParishNovember 17, 2015 1:30 AM

Hi, @Clive and @Danny

You demolished @ianf's attack on me quite well, considering that that was hardly your motive.

What is more important is he himself demolished his attack on me with these words:

I.e. nobody in the West (but you—noted & dutifully reported upstairs) cares to admit the factual tit-for-tat situation, but, confronted with random mass violence as that in Paris, prefers to react from the position of wounded who–us? innocence.
It was precisely that air of wounded who-us? innocence that riled me on the night of the attack. @ianf labeled my response "anti-French".

On a happier note,

The fact that Europe’s reproductive rate is 1.4 children per couple, and so there needs to be considerable immigration to maintain a productive workforce that can sustain the middle class standard of living, is a godsend for Isis, because at the same time there has never been less tolerance for immigration.
from Mindless terrorists? The truth about Isis is much worse is something I've waited to hear for quite some time now. And likewise
“Capture the rebelliousness of youth, their energy and idealism, and their readiness for self-sacrifice, while fools preach ‘moderation’ (wasatiyyah), security and avoidance of risk.”
Brings to mind someone else
Sir Henry Gurney, the High Commissioner of the Federation who was murdered in 1952, was a veteran of irregular warfare. He had faced the Zionist terrorists in Jerusalem and was a man without fear. His approach to the problem of confronting Communism was hopelessly sane. The Communists were offering young Chinese the intoxication of craziness, of a mad and heroic righteousness to justify the misspending of their lives. Sir Henry's answer was decency, goodness, security, prosperity, authority, liberty under law. He offered everything except glamor, terror, inspiration, and romance—Everything except the chance to join the British side.
What kind of British side?
A British side which, like the Communist side, would welcome the makers of the future, the builders of the next civilization, the arbiters of history.

Quote from Psychological Warfare by Dr Paul Myron Linebarger.

B613November 17, 2015 8:45 AM

@Wesley Parish

re:
http://www.theguardian.com/commentisfree/2015/nov/15/terrorists-isis
http://www.gutenberg.org/files/48612/48612-h/48612-h.htm#Page_244

et al


I do not think there is a propaganda solution. The best thing nations could do is let anyone who wants to go and join Da'esh, go and do so. And do not let them come back, by any means.

There is not - yet - the 'political will' to carpet bomb their area. A grisly, ruthless consideration, but a necessary one. This gives them time to plan and order terrorism in distant lands. They have one agenda, to taunt their enemy to strike them at their heart. To go to them.

They will not be satisfied until they are dead.

It surely is 'about glory, about esteem' - it is about power - all the very same thing. Domination. Blood lust.

Only a fool thinks that by ruthless dominion over innocents is a foundation to true power found, however. Such fools are certainly unreasoning, and so mindless.

Anyone who has converted them otherwise, should speak.


GrauhutNovember 17, 2015 12:19 PM

@Figureitout: "At the least I'll harden a random low-spec PC, and run it live connected to large HDD (I struggle how to make it tamper-resistant, logs *cannot* be tampered with)"

Have a look at non Atom Celeron Boards like the GA-C1037UN and SOCs like the BPi-R1.

Separate logging device and log host. If you have to save packet dumps, write short dump files to a local SSD and let the log host poll them in short intervals, for instance with rsync minutely.

Never give the logging device other access to the log host than logging to the remote syslog facility (and netflow aggregator if needed) of that loghost. A log is considered tamper proof for me if the log host archives faster to a WORM device than your attacker can hack it! :)

If you want something easy to manage, reconsider using a smart switch or an active sniffing device and an open source SIEM like OSSIM. A smart switch offering all packet IO of the sniffed line combined, because most "amateur" applications i know of do not support merging separate packet IO inputs on two interfaces out of the box, they are usually written for combined monitoring ports.

If you want to write your own "big data" anomaly detection routines, logging to a remote syslog-ng host with MongoDB (+ TokuMX) backend database is imho a good place to start.

Good luck!

Just ChrisNovember 17, 2015 2:30 PM

Happy squidding folks

Nice to at least find some people that are equaily crazy as myselfe.

So ok many voices little time, so Snowden character
as is by many seen as some good person telling us all the hidden trues. I have some small issue with it, since there are to my knowledge alittle things that werent eather known or figured out allready released.

So the agenda has been all the time i think not to address our community with things we allready know, but to tell the non technically intrested audiance what is at stake.

By that its made a fantastic punch, it has worked nicely. Everyone grasps what is at stake and why we dont need mass meta data surveilance, right ? :-)

Cool, because programatically we are past this level allready, and its now where the magic happens, programatically engineered stuff, its almost like macro programming human behaviour using a common media channel.

Or something like that...
// Good night

ianfNovember 17, 2015 8:39 PM


ADMINISTRIVIA @ Not G Man
                                listen carefully, I shall only repeat it once: if/when you quote some 3rd party who ascribes something specific to yet another, in this case me, you need to start by validating any claims there at the source. Otherwise you're just risking commenting a straw man argument, which is like post-vasectomy masturbation in print. Or, worse, that you don't understand what you read and write.

More specifically, you quoted an "interesting post" in which the poster—a multidiscipline expert by his own reckoning—made an astonishing jump from own mind-effluvia over "hardline Sunni Islamists" to a statement that “all that is based on "ianf's" postings. Same guy who did a twenty page analysis with zero experience on Snowden's HK security operations in this same thread.”

Notwithstanding the fact that those my long ruminative speculations over Ed Snowden's OPSEC in Moscow, not H-K, were based on a clearly given TV program, I had NOT WRITTEN ANYTHING about hardcore, Sunni or Islamists in any combination thereof in previous postings (to which The Expert you quoted did not care to link to anyway). This may sound like a small transgression to you—and it is—but by not checking beforehand the veracity of what/whom you are debating with, you risk becoming part of noise in the noise-to-signal ratio of this forum.

Perhaps that's of no consequence to you, because you're just passing by. Fine by me, but then there's no need to occupy the bandwidth. Esp. when debating with some nick of the delusion-of-meta-CIA-grandeur variety, whose two obvious specialities seem to be vacuous logorrhea & labeling those, for whose arguments he can't come up with any cogent counterarguments, with a plethora of mental and/or behavioral afflictions. Really, a virtuoso psychic diagnostician, and all free of charge—just what this cyber security blog forum long needed!

FigureitoutNovember 17, 2015 9:50 PM

Grauhut
Have a look
--So much peripherals (I don't need HDMI or audio on my sniffer), and the word "smart" again to describe BPi-R1 (that's strike 2 for you :p), which is fine if I'm just playing around and I don't care about data flow, also means those peripherals are temptation to hack. I'm thinking something along these lines: http://www.ultimaserial.com/avr_lwip_udp.html Got a dev board w/ 100's of examples (I need that little kickstart, my "training wheels" still (I hate training wheels) :( ) and I want to finally learn some board layout software and just populate bare minimum for some lower-spec SOC's.

There's a disconnect here, I don't need industrial level solution (and I don't believe for one second that within the massive cludges of data flowing malicious packets can't sneak in (let alone "insider threat" or just someone bringing infection in)). I wish I'd see what I want on the market, but it's not happening, too much "smart".

Nick P
--You may find this of interest: http://joeduffyblog.com/2015/11/03/blogging-about-midori/

CuriousNovember 18, 2015 2:14 AM

Off topic:

According to The Christian Science Monitor, Spain is said to have now issued an warrant for arrest for a number of Israeli government officials, in the aftermath of the killing of nine Turkish activists on a boat headed to Gaza. The article also points out how Israeli Prime Minister Benjamin Netanyahu is said to have international immunity, pointing out that he would not be arrested after all.

http://www.csmonitor.com/World/Global-News/2015/1117/Spain-issues-arrest-warrant-for-Benjamin-Netanyahu

I am weirded out by how The Christian Science Monitor makes the reference to the assault on the ship, as a "gun battle" in the third paragraph. The notion of a "gun battle" is probably misleading, because the activists iirc weren't armed. A "gun assault" would be honest and meaningful.

GrauhutNovember 18, 2015 5:52 AM

@Figureitout: "I want to finally learn some board layout software and just populate bare minimum for some lower-spec SOC's."

A 100mbit fast ethernet device maxes out at 148.000 pps half duplex. Have fun doing anything useful with such a potential amount of packages on your lower-spec SOCs! :)

(It does not work, its math, ask Don Quixxote)

ianfNovember 18, 2015 6:25 AM


OT :: Last few days in The Guardian…

Paris attacks Opinion | Comment is free

Terrorism has come about in assimilationist France and also in multicultural Britain. Why is that? • Kenan Malik

The polyglot chic, the swagger and the noise – the Paris I love will come back

Is Molenbeek Europe’s jihadi central? It’s not that simple • Johan Leman

Thanks Amazon, but we don't need your solidarité • Jessica Reed

Islamic State Opinion| Comment is free
Mindless terrorists? The truth about Isis is much worse • Scott Atran

John Oliver TV and radio blog
TV satirist John Oliver responds to Paris attacks with 'a moment of premium cable profanity'

    The host of HBO’s Last Week Tonight has delivered an expletive-filled defence of French values in the face of the ‘bankrupt ideology’ of the terrorists

    During Sunday night’s monologue he took advantage of the US cable channel’s relaxed policy on swearing. “After the many necessary and appropriate moments of silence, I’d like to offer you a moment of premium cable profanity … it’s hardly been 48 hours but there are a few things we can say for certain.

    First, as of now, we know this attack was carried out by gigantic fucking arseholes … possibly working with other fucking arseholes, definitely working in service of an ideology of pure arseholery.

    it is important to remember, nothing about what these arseholes are trying to do is going to work. France is going to endure and I’ll tell you why. If you are in a war of culture and lifestyle with France, good fucking luck. Go ahead, bring your bankrupt ideology. They’ll bring Jean-Paul Sartre, Edith Piaf, fine wine, Gauloise cigarettes, Camus, camembert, madeleines, macarons, and the fucking croquembouche. You just brought a philosophy of rigorous self-abnegation to a pastry fight, my friend.

Online dating The Observer | Life and style

Internet dating: 10 things I’ve learned from looking for love online

Judaism Opinion | Comment is free

Diaspora Jews offer a rare chance for hope in the Middle East • Jonathan Freedland

+ an oldie (Dec 2014), but goodie…

Hacking | Technology
Hacker fakes German minister's fingerprints using photos of her hands

    Jan Krissler used high resolution photos, including one from a government press office, to successfully recreate the fingerprints of Germany’s defence minister

    It’s an old cliché of security researchers: fingerprints might appear more secure than passwords. But if your password gets stolen, you can change it to a new one; what happens when your fingerprint gets copied?

    That’s no longer an abstract fear: a speaker at the Chaos Communication Congress, an annual meeting of hackers in Germany, demonstrated his method for faking fingerprints using only a few high-definition photographs of his target, German defence minister Ursula von der Leyen.

    Jan Krissler, known in hacker circles as Starbug, used commercial software called VeriFinger and several close-range photos of von der Leyen, including one gleaned from a press release issued by her own office and another he took himself from three meters away, to reverse-engineer the fingerprint.

Clive RobinsonNovember 18, 2015 7:34 AM

@ Figureitout,

I want to finally learn some board layout software and just populate bare minimum for some lower-spec SOC's.

Have you tried doing a layout by hand on "faint ruled" 0.25cm grid paper?

The reason I ask is that experience of trying to hand layout on paper gives you a lot of feeling / knowledge of laying out that CAD software gets in the way of you learning.

I still do many layouts --especialy RF / Analog-- in rough on paper before moving over to CAD. The reason is that although CAD layout is improving, even the top of the line software still sucks with anything out of the ordinary or if it does not have appropriate rules.

For instance there has been many a time I've had to layout complex mixed circuits where the likes of auto routers can not be told not to do stupid things, or either they just give up. Practical experience gets you over that hump with little difficulty, getting the experience rarely happens in front of the screen...

The other thing is if you use "drafting film" that is feignt ruled you can get the CAD to print out by the required size multiple and drop your hand draft on top to "sanity check". But at the end of the day you have to "check the netlist".

Back in times past quad and hex packages of logic gates gave a PCB designer greater freedom to change the logic gates used to ease the device. I've actually been known to swap around pins not just on memory data busses but address busses as well and thus having to write code to change the "ROM Image" to suit. It sounds like a pain and it is but... If you have the choice between single sided cheep pax (paper/resin) board with a couple of wire links and significantly more expensive double sided FR4 (fiberglass) with plated through holes, the savings can easily exceed your annual salary on production runs, which can make you a "worth keeping" employee, compared to the CAD only jocky sitting next to you...

Clive RobinsonNovember 18, 2015 7:59 AM

@ ianf,

You left a real goody out of your Guardian round up...

In yesterdays "G2" section was a piece by Paul Mason, who is the economics editor for the UK's Channel 4 News (about the best television news programing available in the UK currently).

Before reading the piece remember what economics if all about... That is the efficient managment of finite resources that suffer from the entropy effect. That is raw resources and the goods they make that form real not financial wealth and --ie not money you can endlessly print banknotes of higher denomination-- and less thought about, political power.

Definitely worth a thought provoking read and as a way to "ground out" the "magical thinking" we are getting from the political puppets.

B613November 18, 2015 10:02 AM

@ianf

Well "ianf", I seem to have gotten quite substantially into your head to have worked out such a nasty little post about me. Or is it flattering.

If you are serious, then I certainly have my finger on your buttons. If you are not serious, as I believe you are, then you simply like to show off your capacity for linguistic ninjutsu. For someone whom you erroneously believe can appreciate it.

Unfortunately, my idea of good poetry is more along the lines of Japanese tentacle porn.

And other such Cthulhu base savagery.

Fancy word play without substance, not my taste.

As for sourcing, I do not provide sourcing on material from my experience, and I obscure it. Otherwise, even little details could identify me. On other matters, I do. There is no reason to provide such sourcing, however, the logic is obvious. And while possibly not obvious to those without the same experience, it is blatantly obvious to those with it.

I think you play up the "I don't get it" card too much. I am quite convinced that you do.

But, a person such as your self is one who stands out. Not difficult to forget.

Though, sadly, I must say, never met anyone like you before, you are new. Where are you from? What does "ianf" stand for? Is it: I. A. N. F.? Standing for something? I Am Not F....?

Clearly, you have an unusually keen eye to words, and ability to use them. Substance missing, not withstanding.

Are you a writer...? Or...?


Dirk PraetNovember 18, 2015 10:42 AM

@ ianf

Is Molenbeek Europe’s jihadi central? It’s not that simple • Johan Leman

Johan Leman is a good guy and, as a former director of the Centre of Equal Opportunities, an authority on the subject of disenfranchised local communities with a huge number of 2nd and 3rd generation immigrants especially from North African origin.

Pretty much everything he says is true, but where he is dead wrong - just like the previous Molenbeek mayor and city council - is that he saw the rise of radical Islam in these communities as an inevitable but rather harmless societal issue we in the end only had ourselves to blame for and that could only be met with more understanding instead of oppression.

FigureitoutNovember 18, 2015 9:14 PM

Grauhut
Have fun doing anything useful
--I will, we have different definitions of useful.

Clive Robinson
--No point if it's not a new design, calculations, sure. All I'm planning now is practice layouts w/ Atmega's for this sensor project (pinout of a micro, whoa so complicated...not. Hard design already done inside (w/ some bugs no doubt that designers won't admit to even when confronted lol)) so I can save my arduino's for prototyping. And my handwriting sucks so I like clean lines (that I remember easier too, a little) in some spice program, much easier to "sanity check".

Even that may not be necessary, the arduino nano is basically perfect, and other boards like that.

John Galt IVNovember 19, 2015 12:45 PM


Dishonest or incompetent? It's a trick question.

Still Wanna Fly?
http://market-ticker.org/akcs-www?post=230909

Most people would think this is a slightly more credible news outlet than the one that Karl used in his post.

http://www.nbcnews.com/news/us-news/tsa-fails-identify-73-employees-terror-watch-lists-n371601
...
A review of screening and security procedures inside the TSA has revealed that 73 workers approved for access to secure areas are actually on the terrorism watch list.

If we disarm the idiots, psychotics, criminals and sociopaths, who will be left to protect us?

B613November 19, 2015 1:55 PM


The FBI is Worried About Hacktivists Targeting Politicians & Cops
http://motherboard.vice.com/read/the-fbi-is-worried-about-hacktivists-targeting-politicians-and-cops

How ironic. I am worried about the FBI targeting politicians and cops too. Just as they did under Hoover.

It is a concern that other government organizations besides just the FBI may have done this and may be doing this, and may do it more aggressively in the future.

Some of that coverage here, on the FBI using informants to hack domestic and foreign targets:

http://motherboard.vice.com/read/how-an-fbi-informant-helped-orchestrate-the-hack-of-an-fbi-contractor
http://motherboard.vice.com/read/exclusive-how-an-fbi-informant-helped-anonymous-hack-brazil
http://motherboard.vice.com/read/what-house-of-cards-got-right-about-hackers
http://www.dailydot.com/politics/hammond-sabu-fbi-stratfor-hack/
http://www.dailydot.com/politics/fbi-hammond-sabu-hack-country-list/
http://www.dailydot.com/news/jeremy-hammond-fbi-foreign-governments-list/

Gerard van VoorenNovember 20, 2015 1:45 AM

@ In the Shadow of ... whatever it is today, in reply to Josh Rubin who made a point that he thought was relevant.

> Care to explain your self?

> Or, just wasting everyone's time?

If you call out people to wast everyone's time, maybe you could look in the mirror as well. The amount of text that you write is astonishing and most of it is just clutter. Please stay on topic, please agree to disagree sometimes, and please try to be informative. This advise counts for some others as well.

In the Shadow of a Murder of RavensNovember 20, 2015 3:07 AM

@Gerard van Vooren

If you call out people to wast everyone's time, maybe you could look in the mirror as well. The amount of text that you write is astonishing and most of it is just clutter. Please stay on topic, please agree to disagree sometimes, and please try to be informative. This advise counts for some others as well.
whatever it is today, in reply to Josh Rubin who made a point that he thought was relevant.

"Justin Andrusk".

I don't know any "Josh Rubin".

If he were Jewish, I would probably give him a break. Albeit, as his name doesn't exist in google before 2010, obviously not real "security architect" at Sherwin Williams or fuck not.

And, hey I remember your name from posting here over the years, but fuck if I recall anything intelligent or relevant you have said. Lotsa words that have wasted my time and everyone else's. So, just because you can't understand or read fast, don't fuck with others who can, maybe?

Anyway, maybe your real name has a resume somewhere, so I can be more impressed and take your crap more seriously?

In the Shadow of a Murder of RavensNovember 20, 2015 3:16 AM

@Gerard van Vooren

So, yeah, just as a double check there, did a search on your "real name"... care to explain your credentials. Because fuck, because a real security researcher, I read your crap and think it is a bunch of crap.

FYI, look up your friend there Justin Andrusk... easy to confirm this Justin is that Justin:

Google: "Justin Andrusk"

Pick up his name, website, go visit, check it out, compare language. Happy to prove it if you wish.

So, searched on your supposed "real name" there you post with - course you never say anything worth shit, not a researcher, I know FX in Germany and Mixter, btw - and see "he died" and other shit.

Justin's identify fits his posts... besides he doesn't exist before 2010... granted, his resume is such crap, lol, no wonder there.

One poster here said it is unlawful to try and unmask covert agents.

Only... that ain't u guys, lol.

Anyway, halfway amusing.

You actually have anything you have posted or submitted to anywhere that ups your creds?

Happy to connect with either you or Justin on Linkedin....

If not?

Bow to the Cow

Cult of the Dead Cow totally was doing all of this way before Dingledine, lol...

If you were a pizza guy and got an order by someone named "Dingledine", wouldn't you say that is a fake name, rofl??

... k


In the Shadow of a Murder of RavensNovember 20, 2015 3:21 AM

@Gerard van Vooren

And hey, bud, no offense, but anyone for real sees fake ppl such as yourself and is polite and strings u along, lol.

So, some intelligent comment, ok?

Like not personal attack, but on the actual material? Sooo much material, surely something there which could be quoted honestly in context, without pulling out your tinny tiny cock and embarrasing urself, right?

If ur aren't german, sorry.

lol...

I work with benni, but don't know you, rofl...

Mixter has a wandering eye and FX... is really kind of ugly. But supergenius.

And who are U???

Maybe belgium, rofl.

Gerard van VoorenNovember 20, 2015 3:36 AM

@ In the Shadow of ...

> If you call out people to wast everyone's time, maybe you could look in the mirror as well.

Just repeating myself... And I do want to keep my identity "secret".

In the Shadow of a Murder of RavensNovember 20, 2015 4:32 AM

@Gerard van Vooren • November 20, 2015 3:36 AM

If you call out people to wast everyone's time, maybe you could look in the mirror as well.
Just repeating myself... And I do want to keep my identity "secret".

Just to be clear -- fine with me. Only reason I hit at Justin was because he fucked with me and screwed up my words to make it out I was doing US federal crimes like intimidating juries in speech.

So, I went clickety clack on my work system and looked his ass up.

FYI, I have probably used... IDK? A thousand names here. Posting since the 2000s. I try and be fair. I speak to the moderator and shit and don't use a proxy, except with my company system.

I know people here. Sometimes I am writing a lot, sometimes not.

I have my own reasons for doing that. I don't know about hardware. I don't know about faraday cages or transisters. So, I see a lot of posts, I fucking scan over. I am sure the fuck expert on some subjects.

I am both a privacy advocate and a bad guy against privacy. Horrible.

I have worked on systems that reveal people's private data, and on systems that hide it.

The cutting edge systems in the past ten years for finding security bugs are a mix of "RASP" and "SAST".

And, fuck, I have known contractors whose only job was to type away keeping up cover identities friends fill in here and there who have heart attacks in their twenties, and no one knows why. I really would be more thinking about my next coke and smoke then shedding a tear for them. I mean, quick death, right?

Advantage for us "psychopaths" with IQs above 200 is we keep so many fucking technical facts.

But, yeah, so having worked in telco, as like "sentry eagle" or whatever Snowden would say, we would watch connections to suspect sites and time periods, and pretty quickly be able to hit back at users.

Unless, you know, they used Tor or a paid for VPN system which wasn't specifically not set up by US intel just to see who had the most secrets.

Like, IronKey.

Dirk PraetNovember 20, 2015 8:21 AM

@ Gerard van Vooren

Btw, talking about being informative, Nick P and Dirk I think you gonna like the implementation of TOR in Haskel

Cool stuff. Gonna have a look at it over the weekend. Thanks for the pointer!

Black ArrowNovember 20, 2015 10:17 AM

There's a proposal to put armed guards in the Westfield shopping centre in Stratford, east London, in order to deter terrorists. I don't think this will work because a guard with a machine gun will scare a normal person, but it won't deter a terrorist. If a terrorist attack happens, the terrorist would be about to blow themselves up; they won't care if you shot them because they are about to kill themselves!

I'm not an expert in security (or a terrorist, in case GCHQ is wondering), but if someone is about to kill themself (and many other people) by blowing themselves up, they won't care if you are capable of killing them using a gun.

Jason Richardson-WhiteNovember 20, 2015 12:58 PM

@ Black Arrow:

Just thinking out loud, the presence of armed guards could affect target selection. If I am a terrorist, I would be less likely to succeed in blowing myself up if there are armed guards. (Does the proposal have the guards at least *under cover and/or concealment*...? If not, then it's a quick step to take them out prior to an attack... If so, just advertise that the guards are lurking... somewhere.) So, the move, if implemented with some thought, could cause terrorists to seek other venues of high human occupation. Actually, it would work better to say that *some* venue have armed guards, without saying which ones. This would have the advantage of increasing the uncertainty in *all* terrorist operations, without actually requiring one to arm all locations of high occupancy. Of course, one must follow through, or the secret will get out that it's only for the benefit of scaring terrorists...

More generally, the terrorists are "winning" (short-term) if the degree of trust is dropping sufficiently that daily life in the West becomes unmanageable -- you can't get your shopping done, get to work reliably, and so on. But, as I think about it, the terrorists are not pursuing a winning *strategy*, even if they are "winning" for a period of time.

Consider:
(1) suicide bombing is a strategy of *extreme* attrition. I don't mean to be funny, but it is an extremely *stupid* strategy, because it deletes a person who *might* be a capable war-fighter, or at least capable of building bombs or provisioning supplies or whatever.
(2) The general "terrorist" strategy is subject to a decided break-even point (diminishing returns). They can continue to create fear only so long as they do not mobilize the enemy into full-scale assault of the homeland from which terrorism is controlled. If that happens, terrorism just becomes a resistance, which is defensive and not offensive at all. On the other hand, if they do *not* turn up the heat enough, then they do not get the attention needed to fund more ambitious aims.

Terrorists' best chance of genuine success is not a generations long warfare. It is in radicalizing enough recruits to find someone who can give them access to WMDs. We should not fear what is happening in Europe or the US on a small scale. We should keep our eyes on Pakistan, where 200 (+/- 10) nuclear weapons are poorly secured (by Western standards) and fanatics with modern weaponry live only a couple hours drive away (Taliban). Ally the Taliban and ISIS in a task force to secure nuclear weapons... that is what we should truly be worrying about, despite everything that is happening.

We must stand together against the small attacks but not forget where the strategic threats truly lie, in my opinion.

Nick PNovember 20, 2015 1:54 PM

@ Figureitout

Yeah, I've been following that blog. Will be interesting to see what he posts. Too bad they didn't release it somehow.

@ Gerard van Vooren

Thanks for bringing it to my attention! Yet again, it's one of the Galois people applying Haskell to solve a tough problem. Making that problem Tor and on a unikernel is interesting. The pro's are many: Haskell's safety; easier to formally verify/analyze; easy concurrency; robust compiler. So, this thing will probably perform well and have fewer of the generic vulnerabilities that C code usually results in. Also, LANGSEC is teaching us more about how Turing Completeness hurts security while encouraging removing that. Haskell compiles to a modified version of System F, a Turing incomplete language. So, there's possible benefits later on if researchers combine the two.

The main negatives are the compiler, FP security, and covert channels. The compiler is a large, complex, and few people understand it. Not a good trait for a TCB. Further, the translation from Haskell statements to object code is not clear at all just by looking at source. Whereas, a language like Go or C usually produces pretty, predictable assembler. Attackers hit object code, not source, so one must be sure they're producing the right ones.

Far as FP security, not much has been done on attacking or securing stuff in functional languages. The imperative constructs have been worked out plenty. It might even be straightforward for researchers to map those principles to, say, the intermediate or final output of a functional program. It just worries me that I haven't seen much research in this area. There could be attacks we don't see coming.

Finally, IIRC, Haskell also has GC. High assurance apps require custom or at least careful memory management to avoid creating covert channels. Tor is a program where leaks are one of the main things attackers are looking for. Key leaks if nothing else. So, this is worth considering although of unknown risk. I'd solve the other problems first probably.

So, that's my thoughts on Tor via Haskell. Some risks on the high security front that might require substantial work by Haskell pro's before solved. Far as regular risks, though, the project should prevent many and allow for easier modifications when protocol is updated. The ease of maintenance and integration that comes from functional programming is an often overlooked benefit. On imperative side, both Ada and Eiffel had that property as well due to good design. Not as much as a functional language but Design-by-Contract plus good typing got them some ways in that direction.

Note: Good news is that a reference implementation in Haskell can be understood well enough to refine it into an imperative implementation in a safe language. On the high end, seL4 project did exactly that with a Haskell and C co-implementation along with equivalence proof. They OSS'd the tool that extracts Isabelle from C.

Gerard van VoorenNovember 20, 2015 2:05 PM

@ Jason Richardson-White

> Ally the Taliban and ISIS in a task force to secure nuclear weapons... that is what we
> should truly be worrying about, despite everything that is happening.

I still worry a lot more about governments. Does the date 26 September 1983 ring a bell? That day the world as we know it escaped from a global thermal nuclear war. One man ignored orders and stayed calm otherwise we probably didn't have this conversation. He got fired btw for ignoring that order.

Nick PNovember 20, 2015 3:04 PM

Finally, I see a mainstream source mentioning Saudi Arabia as instrumental to rise of groups like ISIS. Might create needed awareness. Now, we just have to get one to notice the implications of U.S. claiming a War on Terror while simultaneously endorsing, supporting, and training a terror-sponsoring state.

Gerard van VoorenNovember 20, 2015 3:09 PM

@ Nick P,

> Yet again, it's one of the Galois people applying Haskell to solve a tough problem.
> Making that problem Tor and on a unikernel is interesting.

Yes, I agree. This could make it easier to implement networking services such as IM or maybe FUSE with relatively minimal LOC. I am interested in the presentation.

> The main negatives are the compiler, FP security, and covert channels.

Note however that there are multiple compilers for Haskell. GC, I don't know how that could interfere with side channel attacks. There are multiple ways to implement GC, with different outcome. Go is also a GC language. But I haven't seen a TOR implementation in a safe non-GC language such as Rust or Ada yet. Rust should probably be easier if they borrow the functional parts from the Haskell implementation. But then again, the Rust compiler is also complex. Lots of things. The developer said that it is early days. Good to take into account and research, but it needs vetting and growth before general usage.

Clive RobinsonNovember 20, 2015 4:01 PM

@ Nick P,

With regards Garbage Collection, yes there are two main ways (refrence counters and valid pointers) other than the usuall stack frame method.

As a rough rule of thumb the more strongly typed a language the less onerous the GC task is.

However if you go beyond strongly typing other avenues open up importantly for MMU less hardware you can shift to memory location independence, thus simple memory copy for doing memory managment.

One way to do this is with stacks holding offset from base pointers derived from a linked list (in a similar way to lisp). Which makes any basic way to do GC relatively painless and you can chose either refrence count or pointer or both depending on which trade off you want to exploit at any point.

One advantage of such a linked list system is you can take it that bit further where data and code are completely equivalent as first class objects. But doing so is also a security nightmare in the making for obvious reasons (that you find when you try to code it up in assembler or in an interpreter).

It's funny when people talk about security and Turing Compleatness because few understand how non Turing Compleate state machines can "accidently" become Turing Compleat with the seemingly most minor changes. This most often happens when you have interaction between two state machines via common access to memory as Intel have found with their Memory Managment system in later IAx86 designs.

GrainNovember 21, 2015 12:25 PM

@Justin

@ Gerard van Vooren
IQ > 200
I wouldn't worry too hard.

Sorry about that, Justin. *I* *am* "Justin Andrusk", well, that is one of my many second layer fake identities. Sucks, because I put a lot of work into it over the years.

But, that was partly meant to be looked up and thrown away. Usually I use more common names, or just create a secondary persona from an existing person where the two paths are very unlikely to meet.

As for that poster, "IQ > 200", lol. What a genius. Clearly, a vain, psychotic idiot.

I bet, after that guy came down from whatever drugs he is on, he is probably in some room somewhere, drawing conspiracy theory symbols on a wall somewhere.

... hitting that button that came up when the name hit the internet and returning back to my work...

Dirk PraetNovember 22, 2015 5:08 PM

@ Nick P

Finally, I see a mainstream source mentioning Saudi Arabia as instrumental to rise of groups like ISIS.

From the referenced article: "Daesh has a mother: the invasion of Iraq. But it also has a father: Saudi Arabia and its religious-industrial complex."

It's probably one of the best ways I've heared anyone put it in a very long time. There is unfortunately not an easy way out of this conundrum. On the one hand, the Saudi royal family cannot afford to alienate its wahabi clergy, on the other hand the last thing anyone wants is pressing for regime change too hard and risking it to be overthrown by religious zealots on a political mission, consequences of which would be disastrous for the entire region and far beyond.

But which doesn't change the fact that our governments need to start re-thinking their approach to the problem urgently. Fighting symptoms with a global digital dragnet - trampling on everyone's rights and liberties - has proven largely useless in preventing terrorist attacks. Worse, it has done even less about the underlying causes. IMHO, what needs to be done is sending a clear message to all wanna-be salafis and wahabis that their ideology is completely incompatible with our democratic values and that there no longer is any place for them here. Sending back Saudi hate preachers, closing known salafist mosques, putting under a rigorous 24/7 surveillance regime Syria returnees and rounding up known radicals assessed to represent a clear and present danger I think would make sense. But contrary to post 9/11 hysteria in the US, for a limited amount of time and with the necessary checks and balances in place.

Brussels is a city under siege tonight. The entire region is on the highest terror alert. Police and military are all over the palace. The subway has been closed. Banks, telcos and government institutions have asked their staff to stay home tomorrow. Brussels schools will be closed too. We haven't seen anything like this here since WWII. It's completely crazy, and most definitely not what I'm paying taxes for.

Jason Richardson-WhiteNovember 23, 2015 6:58 PM

@ Gerard van Vooren:

I like Bruce's blog and I like commenting, but I need to come more frequently, or stop, because it is bothersome to lose the thread every Friday. :-)

I concur with you. Unfortunately, there are those in the US government sufficiently paranoid about the arsenals of other leading nuclear powers as to make unlikely further major arms reductions. (To be fair, other leading powers are not exactly emanating happy vibes, either.)

So, I have a positive proposal that is relevant. I started working up an essay awhile ago, not yet finished, that I was going to post on a major social media network that I frequented until recently.

In brief, I wanted to argue that we should reduce the US nuclear modernization program by some very substantial dollar amount -- whatever amount is equal to reducing the goal from sustaining 5000 ICBMs to, say, a mere 4000(!) -- and use that money to fund a new regional office of the UN -- in the United Arab Emirates / Dubai. (Aside from New York, there are UN official "offices" in Geneva, Vienna, and Nairobi).

The ***first*** item on the agenda of the new office is to invite Pakistan and India for nuclear talks, aimed at arms reduction.

The proposal has many potential benefits (with at least two "costs", mentioned briefly). First, the US reduces but does not lose its lead in nuclear arms, thus reducing the MAD margin a bit. Second, the US shows that it is *serious* about nuclear arms reduction. Third, the US exerts leadership, which is principally the exercise of *example*, in a positive way. Fourth, the new offices make it that much quicker to organize and convene "impromptu" talks, in addition to more formal ones, being closer to the relevant leadership. Fifth, it undermines the sense that many Arabs have of being downtrodden by the West -- a sense that terrorists use to great effect -- by giving them equal standing.

As for the "costs" side of the ledger, I understand that UAE is not a truly neutral player, though it is sometimes portrayed so. Also, there is the matter of its **very** large immigrant population and the human rights problems associated therewith. Nonetheless... UAE is not Saudi Arabia. And in light of the benefits, I believe the UN ought to consider establishing the office (were an offer from the US in the offing) so long as the UAE promised to take steps to address the immigrant population issue.

Benchmarks would be stipulated for various levels of funding, of course, together with strict, independent accounting to assure that the money went into funding the peace initiative rather than into the coffers of anyone fighting in the region.

Finally, it's worth noting that I am in favor of *full* equality for females in all parts of the world, but I am willing to acknowledge that its path may be different in the ME than it is here in the West (where we still fall short, for what progress we can truly claim). So, yes, even though even "moderate" Muslims may advocate practices for women that we find objectionable (head-covering, for example), it might be worth the engagement to gain the advantage of progress in nuclear disarmament. Therefore, matters of culture would be differentiated from matters of human rights, even as women (and men) of the West were encouraged to engage with women (and men) of the ME about such matters.

Gerard van VoorenNovember 24, 2015 9:20 AM

@ Jason Richardson-White,

Your idea is simply too much. Personally I would separate all these issues.

Talking about the nukes. They are cheap. The Minuteman costs approx 8M USD a piece. Reducing the inventory by a thousand doesn't really do much. The problems with nukes are on an entirely different level. You can't uninvent them, they are a Pandora's box. Nine countries in the world have a nuclear arsenal. All these countries, some of which are at war with another, need to agree to disarm. All have different cultural backgrounds and different reasons of having the nukes. For some it's just power play, for the others they are an absolute last defensive resort. This makes nuclear arms treaties so hard.

WaelNovember 27, 2015 9:31 PM

@Clive Robinson,

I'm going to ask you to watch a British comedy film called "Hot Fuzz".

Found it on Netflix and watched it!

Then get back to me, and we will talk about it.

Ok, I got back to you! "Bring the Noise" ;)

Clive RobinsonNovember 28, 2015 7:11 AM

@ Wael,

So did the film amuse, make you smile / laugh etc?

But have you thought why?

What is it that makes it that way, have you looked below the surface?

How about the "Parish Council" that meets in secret, and agree to the most heinous crimes against the morals and law for "the greater good"... Which excuses the abuse of due process and condones murder, for "the greater good" that is the best kept village award... Even the Borgias and Inquisition would be proud of such subserviance to the "common cause".

The thing is that if you've ever been an outsider living within an English village or small Market town, the cognative disonace you receive from the way things work every day makes a part of your brain think that is how it works, but the other supposadly more rational part says but it can't be true, nobbody would behave that way, but your own senses say against all rationality that it is true...

A true example, a friend has a grade two listed cottage. The planing authority insist that the old Crital metal framed single glazed windows be kept, even though they are drafty and let over 70% of the heat out. Yet they also insist that there be cavity wall insulation and roof space insulation... It's not rational but it is "for the greater good"...

Now watch the film again knowing that such madness does exist, does it make the film more amusing or less amusing?

Then look at who represents which part of the Parish Council, and how they collude "for the greater good"...

WaelNovember 28, 2015 11:33 AM

@Clive Robinson,

So did the film amuse, make you smile / laugh etc?

The first ten or 15 minutes were kind of strange. They had some funny situations that made me smile. I have an appreciation for British humor since my childhood (Benny Hill, Mr. Bean, The goodies, The East Enders, The pink panther, Monty Python, and a slew of other famous movies and shows.)

But have you thought why?

Throughout the movie I kept an eye as to which part relates to this conversation. I found a few one-liners that could potentially qualify, for example:

-There is always something going on...
-I'm not a man of God but I know right and wrong and I know which is which!
-The whole town brainwashed?
-This is a perfect village and kill anyone who threatens that!

What is it that makes it that way, have you looked below the surface?

Yes, I looked a few feet below the surface. Perhaps deeper than you think -- see my last comment ;)

How about the "Parish Council" that meets in secret, and agree to the most heinous crimes against the morals and law for "the greater good"... Which excuses the abuse of due process and condones murder, for "the greater good" that is the best kept village award... Even the Borgias and Inquisition would be proud of such subserviance to the "common cause".

When I reached that part, it became evident this is the crux of the matter you wanted to draw my attention to. There is a lot to be said about that. This part also contained some seens that made me smile. It's not just the Council that met in secret! The whole town was in on it, probably brain-washed to adopt: the end justifies the means, and that includes murdering their own kin to reach their goals. Incidentally, some personal interests are also masked by their actions; that is, they disguise their personal self-interest as the good for the village. Similar to what people do when they use religion as a cover for their wrong actions (which in reality are actions motivated by self-interest in an agenda of a closed group.)

The thing is that if you've ever been an outsider living within an English village or small Market town, the cognative disonace you receive from the way things work every day makes a part of your brain think that is how it works, but the other supposadly more rational part says but it can't be true, nobbody would behave that way, but your own senses say against all rationality that it is true...

I haven't lived within an English village or small market towns. I've been to England twice, mainly London. I visited the typical tourist attraction spots, ate fish and chips almost everyday for lunch and dinner[1]. However, I can say the same statement about any other town in the world. It takes quite a bit of time to understand how a particular relatively insulated group of people operates.

A true example, a friend has a grade two listed cottage. The planing authority insist that the old Crital metal framed single glazed windows be kept, even though they are drafty and let over 70% of the heat out. Yet they also insist that there be cavity wall insulation and roof space insulation... It's not rational but it is "for the greater good"...

I believe that. This stupidity is universal. I'll give you just two examples, one related to securitysdo I don't drift too far off from the theme of this blog.

1- During my early collage days, I borrowed a book from the school library. I returned it a day late. A week later I received a letter saying I owe them 5 cents for the day or two it was late. The letter had a 12 cent stamp on it. I'm not sure of the exact amount on the stamp, but it was more than 5 cents.

2- During my employment at one computer manufacturer, I handled an area of security (deals with TPMs, encryption, BIOS, device drivers, and some applications) we had to conform to export regulations. The funny thing is most of the components and a lot of the software were off-shored. Can't say more about the details, but it came across as stupid. It was only a "check in the box" compliance point.

Now watch the film again knowing that such madness does exist, does it make the film more amusing or less amusing?

I think once is sufficient for me to get the gist of it. I can replay it in mind in retrospect.

Then look at who represents which part of the Parish Council, and how they collude "for the greater good"...

I think the movie may have a deeper meaning and insinuation. I think Sandford represents the US government and other organizations that act as "Judge, Jury, and Executioner.) This is supported by the the "Clint Eastwood" and Wild West resemblance seens. I can map the secret council to other organizations within the government, members of the village to the far right neoconservative population, and the "priest" to other SIGs and organizations.

Now that we're dispossessed with the first mildly enjoyable first step, where would you like to take me in the second step, or have you already done that? ;)

[1] Before I went to the UK, people told me English food sucks. They boil meat until it's grey. I didn't eat meat, but I loved fish and chips (or as you call it "chips".) My favorite was Plaice with the skin on. I can't find Plaice in the US, but I found out that Flounder is the American Plaice. Flounder, as you know, has one eye on each side when it's young. When it grows older, one eye migrates to the other side and both eyes end up on one side. The fish swims "horizontally". In the North Sea, the eye migrates to the opposite side than it does in the Atlantic (not sure about the Pacific.) This apparently may have an effect on the taste, but it could also be the way it's cooked... Incidentally, Flounder has an interesting story from "some" Arab point of view -- I don't say Muslim because I haven't looked at this story in depth, although I do believe that Moses parted the Red Sea. It's called "Moses' Fish". That fish happened to be at the exact spot where Moses hit the Red Sea with his staff to part it. That fish was there and got split into a right hand and a left hand halves. The two fishes migrated to the rest of the world through Bab El Mandab. So now you have the Plaice and the Flounder :)

WaelNovember 28, 2015 11:49 AM

Geeez! I misspelled "College" and "Scene"
I don't know why I couldn't catch these in the 5 previews I did. Freakin' annoying! And there are other minor errors too :(

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.