Friday Squid Blogging: Squid-Ink Cocktails

Here's a Corpse Reviver #2 variant with squid ink.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on July 1, 2016 at 4:34 PM • 193 Comments

Comments

Ber-rouh bed-dam nafdeek ya ✌July 1, 2016 5:09 PM

Remember when Boston cop Robert Ciccolo was keeping first responders away from the Boston Marathon Gladio site and controlling communications to dispatchers? He knows a bit too much.

Like most cops, Ciccolo raised a psycho kid. The kid mysteriously changed from peacenik to jihadi. Ciccolo understood the horse head in his bed and turned his kid over to the FBI, who egged him on and gave him rubber bombs and locked him up for his sad fantasy jihad.

And what do you know, the deadly peace terrorist got out and stepped in it again. Somebody should ask Ciccolo whether any pending hacks might pertain to his Boston Marathon duties way back when. Just to see the look on his face. And the load in his pants.

AlanSJuly 1, 2016 5:12 PM

Theresa "Snoopers Charter" May emerges as the surviving and least insane Tory leadership candidate. She seems to be the front runner but she has a leg up 'knowing' things others don't. Meanwhile the opposition implodes. And just to add to the fun, the Chilcot Report is published next week. The coincidence with the anniversary of the Somme seems appropriate.

don't laugh you are the zombie apocalypseJuly 1, 2016 5:49 PM

National Corruption Index

Profile Result

Jackson Stephens
Last Updated: December 05, 2008

Jackson Stephens exemplified the requisites for an unstoppable self-made billionaire. Visionary, charismatic, and intrepid pathfinder for those in power seeking, like himself, greater wealth and influence as sole moral imperatives.

He reached the status of global-power broker nearly a half century before his death in 2005 at the age of 83. His impact, however lives on, in the government insider firms run by his son Warren, and in weakened US security from the covert deals he arranged between US Presidents and foreign despots.

As head of the largest investment bank off Wall Street, he increased the personal wealth of three eagerly compromised Presidents, in exchange for nuclear and information control technologies.

From a small farm in Little Rock, Arkansas, Stephens joined his brother’s investment company in 1947, after graduating the Naval Academy with classmates Jimmy Carter and future CIA Director Stansfield Turner.

Successful ventures in energy, finance and media parlayed into mega scores, when he arranged the underwriting of Wal-Mart in 1970, then funded Tyson Food’s takeover of Holly Farms.

Along the way he covered his bets, as a financial problem solver for national politicians of both parties.
In the ‘80s, he was Arkansas Governor Clinton’s go-to fundraiser. In return, Stephens’ firm handle 70% of all Arkansas public-works bond issues.

He teamed up with China-born billionaire Mochtar Riady, who, along with his son James, would later be convicted of secretly funding Bill Clinton’s presidential campaigns with $ millions from the Chinese government.

During those same years, equal opportunist Stephens also arranged Mideast bankers’ multi $million bailouts for George W. Bush’s failing oil ventures.

Stephens’ firm, Systematics, secured a US beach-head for the infamous Bank of Commerce and Credit International. Before its $20 billion collapse in 1991, BCCI laundered money for dictators, terrorists, drug lords and illicit operations of intelligence agencies, including the CIA (most notably the Iran-Contra guns/cash/drugs transactions).

The effort started in the late ‘70s. Stephens brought Bert Lance, President Jimmy Carter’s soon indicted former budget director, together with BCCI principals including Agha Hasan Abedi, Ghaith Pharoan and Khalid Mahfouz (all later criminally charged as well). After 9/11, they and many of their Arabian banking colleagues were directly linked to, or themselves named Specifically Designated Global Terror financiers

After years of complex scheming to circumvent regulatory hurdles, Stephens’ and Lance’s labors paid off. BCCI gained entry into the US banking system and its safeguard systems, through clandestine control of Financial General Bankshares (FGB), a major DC-based banking institution.

At the same time, the BCCI tycoons bought Lance’s interest in FGB subsidiary National Bank of Georgia, from which he had loaned himself and Jimmy Carter several $million. BCCI set up “consultant “ contracts and new terms for the loans’ repayment, along with millions more donated to Carter’s chosen charities.

Stephens’ BCCI incursion, and his other ventures were represented by Hillary Clinton and her Arkansas law firm partners Vince Foster (later White House Counsel before death by reported suicide), and Webster Hubbell (later #3 in the US Justice Department before serving 20 months on multiple fraud convictions).
While Clinton was Arkansas Governor, Stephens’ billionaire buddies, the Riadys, bonded with Bill and Hillary through their global conglomerate (and Chinese government partner), the Lippo Group. James Riady moved to Little Rock to be closer to his new friends.

In 1983, the Riadys launched their first business venture in Arkansas: The Lippo Finance & Investment Inc. The following year, Lippo ,and everyone’s friend Jackson Stephens partnered to buy control of Arkansas’ Worthen Bank Corp. In 1991, a $2.5 million Worthen loan (never repaid), would rescue Clinton’s Presidential campaign.
Hillary and her law partners naturally handled Worthen, and other China-partnered Lippo matters as well.
In 1985, Worthen Bank was indicted for extending several million dollars' worth of illegal, preferential loans to companies owned by the Riadys and Stephens.

A fire of “unknown causes” broke out in the bank at 3am, destroying all the records sought by the prosecutors. Worthen and another Lippo-China bank were given “cease and desist” orders from making such “dangerous loans” in the future. The criminal case was settled, and the loans to Stephens and the Riadys were never repaid.
In 1987, Stephens’ ecumenical spirit helped arrange a $25 million bailout of George W. Bush’s floundering oil venture, Harken Energy, through his very same BCCI buddies, in partnership with the Union Bank of Switzerland.

Stephens gave $100,000 to the Reagan-Bush campaign in 1980, another $100,000 to the Bush dinner committee in 1990, and was a Bush Ranger (minimum $200, 000) for Bush in 2000 and 2004.
But through the first half of the ‘90s, Stephens, and his China-tied Lippo partners’ favorite recipient was Bill Clinton. Stephens was Clinton’s 2nd biggest contributor over his political career.

Toward the end of his first term, over fierce Congressional and Defense Department objections, Clinton ended major restrictions against military technology transfers to China. The US-China trade imbalance grew enormously, and Chinese nuclear weapon espionage, as documented in Congressional reports, grew rampant.

This while Clinton’s re-election campaign received $ millions, which were later traced back to foreign sources, mainly China.
In 1993, Clinton appointed Lippo Sr.VP John Huang as Assistant Deputy Secretary of the US Commerce Department.

With only a perfunctory background check, Huang was given Top Security clearance, actually approved five months before he took office.
Congressional probes later revealed that while installed at Commerce, Assistant Deputy Secretary Huang spent most afternoons at Stephens’ corporate offices, and was in constant contact with the Lippo Group, as well as with Chinese government officials.
Stephens’ Systematics, meanwhile, reportedly utilized a cutting edge computer program named PROMIS, secretly equipped with “back door control” ability, in IT management contracts with banks across the country.

Systematics merged with telecom giant Alltel just before Clinton’s Presidency. Stephens data mining company, Acxiom, continued rolling in “sensitive” government contracts through the Clinton and George W administrations.

Acxiom was the aggregator of US citizens’ private information for the Bush Defense Department’s Total Information Awareness (TIA) program, headed by John Poindexter, convicted of conspiracy in the ‘80s Iran/Contra scheme.

In a 2005 government contract, Acxiom, along with Alltel/Systematics’ major vendor Qsent, and Choicepoint (which falsely disqualified tens of thousands of Florida Democrats in the 2000 Presidential election), merged extensive private information about 100 million US citizens. They illegally gave the data to the TSA, which then transferred it to IBM. The TSA explained it all as an unfortunate series of mistakes.

*** Note – In 1997, IBM joined with a small new firm named Ptech, to create the “Unified Modeling Language” as the common parlance for integrated software coding.

Ptech, though known by FBI Bin Laden Unit Chief (later whistleblower) Robert Wright to be headed by a major Al Qaeda financier, and funded by Stephens’ former BCCI colleagues, was placed in charge of software management at every critical US Government agency- Defense, State, Justice, Energy, Transportation, the White House itself.

Ptech and a quasi government entity named MITRE, utilized PROMIS software to create the FAA’s National Airspace System, in control of operations on 911.

Stephens’ Acxiom Board of Directors reflected his cultivated Democratic Party dealings. The Board included former Clinton Chief of Staff “Mack” McClarty, former NATO Commander(and one time Democratic candidate) Wesley Clark and former Lippo Sr Exec Stephen Patterson.

When the Democrats gained control of Congress in 2006, both Alltel and Acxiom joined in formation to unfurl their primary team colors.

Within the same week in ‘07, each was acquired by TPG/Newbridge Capital, co-chaired by US Senator Diane Feinstein’s husband, Richard Blum.

Senator Feinstein (D-Ca) is in perfect position to be of service. She is Chair of the Subcommittee on Terrorism, Technology and Homeland Security, and member of the Appropriations Subcommittees for Defense and Intelligence.

The awful legacy of Jackson Stephens’ spectral empire, now controlled by his son Warren, seems secure.

Milo M.July 1, 2016 5:55 PM

http://www.bbc.com/news/world-us-canada-36462056

"A major focus of Mr Hallman's effort is to use data to provide insights into future crises - developing what has been called 'anticipatory intelligence'.

This means looking for ways in which technology can provide early warning of, say, unrest in a country.

'I think that's a big growth area for the intelligence community and one the Directorate of Digital Innovation is trying to promote,' Mr Hallman says.

This might also involve looking at social media to perform 'sentiment analysis' that can help understand if the mood in a population is turning sour."

https://www.iarpa.gov/index.php/about-iarpa/anticipatory-intelligence

"Anticipatory intelligence focuses on characterizing and reducing uncertainty by providing decision makers with timely and accurate forecasts of significant global events. "

AKA Project Kreskin.

Rebecca HaldronJuly 2, 2016 1:12 AM

responding to last weeks Friday Squid as it seems one must be very quick before the blog moves on. surely no one enters an authentic email address thus no notifications of comments

@Nick P

thanks for your fascinating feedback and link about women in the online tech communities. I am instantly reminded of the punk scene and how woman are outsiders in a community of outsiders. Bands like Bikini Kill and individuals like Kathleen Hanna and Kim Gordon have worked hard to build up the profile of women in punk. I suppose it depends upon which field of geek-dom one is habitating, but apparently it can be utterly ruthless for women. I read a autobio recently of some online celebrity geek-chick i've never heard of, I think she acted in and produced an online tv show with gamer & sci fi themes. She said, while she has a huge following and is well loved, with tremendous success financially and otherwise, she has been subject to acute & ongoing harrassment and doxing for many years, basically for the naked sentiment that 'we hate you because girls don't belong in our world'. One particularly harrowing and tragic comment in the book was that now, (as a 30 something, very successful with acting and producing, living in L.A) the notion of being safe at home was a long fabled memory, like a childhood summer. Bascially because of the misogony committed her way.

i'm genuinely tickled you were grateful for the video you didn't have. Samys pal Paulo is an other pioneer in this field, he has a couple of videos . you jumped way ahead of my understanding in your reply but nonetheless i utterly enjoyed reading

the eevblog video you provided was a demonstration of the functionality of the paywave feature in credit cards. it gave the impression of being conclusive, or attempting to be, however some questions left unanswered: (although I did learn the paywave feature was not, contrary to popular belief, located where the chip is but is in a non visible corner)

1. aluminium foil breaks down very quickly. so any protective/blocking capacity is short lived. this has been proven with folks building wi-fi shields. as a side comment, chicken wire (small hexaganol hole wire, like cyclone fencing but much smaller) blocks wi fi signal very effectively

2. surely it all depends on the size of the receiver the adversary is using. A suitcase sized box carried through a shopping centre must have tremendous capacity for siphoning data

3. why bother with all the complexity of cards and codes when what is rarely addressed is the vulnerablity of the point of sale unit for transactions. Apparently the coaxial cable running from the box into the wall is completely unshielded, plain text. there are some other spoofing attacks possible with POS box also , which means the customer should check it has a particular sticker of validity before using, or something. Good luck with that

whilst yes all the credit cards companies are owned by Sepo's I suppose they differ little in functional terms from country to country. While you are most likely correct regarding the desire to offset liability to the consumer, I consider their motivation issimply more excuses to fabricate money from the ether & the criminal act of fractional reserve banking , to add to the profit column in their ledger. I am sure these recent technologies have maxed their alice in blunderland production of imaginary ficticious "money" through the roof. . they also know their only way to stay alive is to manipulate debt fraud mechanisms ad nauseum with increasing fervour lest their whole tower of babylon come crashing upon their heads and these flimsy technologies to manipulate the consumer are the best way to do that. In some countries the paywave facility on a CC (or debit card) allows up to $100 transaction without a pin or chip or anything. Genius! People often complain the paywave goes off as soon as they get their card from their purse before they even get a chance to select ''decline paywave''.
The credit card paperwork says in fine print 'oh don't worry, if someone steals your card we will just refund any money they took from you, no obligation'. Why would they make it so easy? It seems so utterly disingenous on the surface but, rather, by making it so easy for transactions to fly back and forth, be cancelled and reversed and etc, their means for cooking the books as previously mentioned, have surely quadrupled.

Challenge the perceived notion of a debt by asking for an Affidavit demonstrating the original contract between both consenting parties with their names and signatures. Ask to see the accounting of the original T Account ledger indicating the original loan. Ask them for records of whence they sourced their money, and further, how are you able to pay when there is not sufficient money in existence to pay any debt, or indeed ANY money in existence finito.
the merchant / provider of goods or services is already paid.

It's hard to get your head around when all this money is never in existence in the first place. Read Mary Elizabeth Crofts free book on the subject available online

rJuly 2, 2016 1:25 AM

@Rebecca,

I enter authenticity, there are no emailed responses. Others use the RSS feed.

Rebecca HaldronJuly 2, 2016 1:30 AM

@ Clive Robinson

you wrote in last weeks Friday Squid

>I would urge people to have "heretical views" on Tor.
>After some considerable thought on the matter I've come to the >conclusion that Tor's current aims and objectives within their >method can in noway be made secure.
>Put simply, low latency means a high available bandwidth to >required bandwidth, which in turn means high redundancy in both >the time and information planes.

Clive:
1. have you felt to make your feelings and, rather, insights about Tor known to the Tor devs ? Surely this is a useful public service

2.Wired magazine has just published about the infamous israel university promoting their 'new' attack against airgapping via the fan in a PC. maybe they should cut out the middle men and just get you and friends on the telephone directly? Apologies if this is the same one discussed recently. I suppose it's typical for Wired to be lagging on any story thats not an advertisment.

you also wrote, last week
re: NSA et al reading this blog

>You are making the mistake of thinking that their security is so >good that it's only by declassification these things become known. >If that were the case then we would be living in some kind of >suspended animation, where only the IC were making scientific >breakthroughs (which they mainly don't).

the worst backlash about the Snowden files was everyone believing how powerful and capable the NSA are. They are not. But the NSA are eternally grateful for such a projection. [Just like the SS in world war II. They thrived on their reputation but were in reality hugely conflicted from a logistical perspective.] However for the actual real live human beings on the planet, where the real world is going on: such wooly thinking needs to stop. the NSA, FBI and CIA are incompetent. I don't mean it as a ''i don't like you, you suck' kind of comment. I mean as a statement of fact. in a practical, logistical, technological, and other, manner. They are incompetent. As an aside, someone here wisely mentioned that NSA employers lack the kind of hinky thinking most of us have - overshadowed by arrogance afforded by budget, lack of oversight, resources and general impunity: all destroying any hope of true ingenuity and creativity. Ironically.

Another aside: an autobiography written by a mossad operative included description of his time working with american authorities. He explained how shocked and aghast he was by their inter departmental feuding, refusal to look out for each other, refusal to share information, hang ups over budgetting and many other things. He wrote : "in Israel, our lives depend on getting the job done quickly and efficiently. The lives of our countrymen can't afford for us to have any egos. These Americans don't seem to see it that way. They also seem to think you can solve any problem or obtain any information on the ground simply by throw in buckets of money at it, and the more money, the better. Usually, the reverse is true"

@ Clive Robinson wrote:

>So the first real question I would ask is, "On the given that >covert activity is not possible in a switched or routed digital
> network what should be our primary objective?"
> I have my own views on this but it would be interesting to hear what other people think it should be and why.


this is enigmatic yet deserves wider discussion. Tzu's The Art of War surely provides possibly solutions. ''if you can't be covert - then don't be covert' is the first thing that came to mind. I am also reminded of a reasonably bad film starring a very good Robert Redford, he pulls the wool over his CIA employers eyes by leaning heavily on their resources for his own (benevolent) ends. It was a clever psychological bait and switch, which was interesting to me not because of the trick itself but the psychology it revealed. That if something seems really heinous and huge, but is revealed to be heinous but only really trivial, then it will be entirely disregarded because of the contrast/subsequent let down. Whereas something straight up heinous and trivial remains heinous to the prosecuting party.
And this bait and switch can, in the case of the movie, completely veil the true nature of ones utterly heinous and huge act. Forgive my poor description. It was the not worth watching 'Spygame'

@ Clive Robinson wrote in a seperate post explaining Locards exchange principle

> when the TAO or equivalent access a system two things happen,
> 1) Their access activities leave observable traces.
> 2) The targets of their activities leave traces on the TAO etc > that likewise can be observable.
> As we found with certain sophisticated malware, it does get >observed and it often does get recorded and made available to >others. Think about the AV upload sites where suspicious code gets >deposited and may at some point be analysed.

this make sense. This is good. So, if people discover the worst kinds of illegal pornography on their system it’s a definite indication employees of the NSA have been visiting - & most likely visiting with their own personal computers.

Rebecca HaldronJuly 2, 2016 1:34 AM

@ ianf

you wrote last FridaySquid

>PS. Clive Robinson is the Official Sage of this forum, not to be >engaged lightly unless capable of wading unscathed through his >customary 7kB parables in lieu of straight yes/no answers


thank so much for saying this. I am glad you share the same awe I feel for Clive. I too hate yes/no answers when humans are such deep and profound beings capable of great beauty, and sublimity. Binary responses are for computers. I prefer humans. I especially like how you (originally, but unreplicated here) put O and S of Official Sage, in bold, suggesting the acronym OS, for which I can only interpret to mean Operating System. So, yes, Clindows Robinux (tm) operating system is the one I'd like to use. I read Clives words, and feel love. Even the NSA host a begruding affection for Clive and his image appears on screen savers all around the departments.

There is work on a computer game with Clive as the hacker hero, wielding various weapons, attempting to liberate Assange and Snowden, clear their names, wipe out the USG and generally restore the planet. Hence my haha suggestion the blog be renamed Robinson on Security.
This is also partially inspired by Bruce being incognito (the blog is only alive in the comments), and on a seperate note - Bruces recent book Data and Goliath has incurred my permanent wrath, indignation and a permanent black indelible stain against Bruce for life because he wrote an entire book of doom and gloom of relatively arbitrary relevance but with essentially NO suggestions for people how to protect themselves or improve their knowledge. just a page and half of really poorly expressed, poorly detailed, partial improvements. BOLLOCKS. I was and continue to be highly offended by this deliberate ommission. People outside the security community need support ie 99.9% of the entire planet. So the standards of accessible, easy to implement *privacy -security -anonymity* can be raised for everyone. Someone like Bruce is in a position to do that. He wrote a book and failed to do so. I'm pissed off.
Regardless of how you feel about David Icke, it's a bit on par - Icke writes these incredibly detailed well researched books but they only serve to dump a massive load of fear and powerlessness on your lap - then the book ends. No solutions, just ''you are fucked, the only difference is, having read my book now you really know you are".

DroneJuly 2, 2016 2:57 AM

"...the sweet licorice flavor (plus the blackberries) helps (sic) counterbalance the squid-ink funk."

CuriousJuly 2, 2016 4:47 AM

A Dutch security company apparently found flaws in something called 'StartEncrypt'.

The company StartCom who has the product/service 'StartSSL', also has the product/service 'StartEncrypt'.

While there are some restrictions on what domains the attack can be applied to, domains where the attack will work include google.com, facebook.com, live.com, dropbox.com and others.

Apart from the vulnerability described above, we found some other vulnerabilities in the client while doing just a cursory check. We are only publishing those that according to StartCom have been fixed or are no issue.

All in all, it doesn’t seem like a lot of attention was paid to security in the design and implementation of this piece of software.

https://www.computest.nl/blog/startencrypt-considered-harmful-today/

I wish I knew more about this stuff, because it isn't clear to me what "gaining valid SSL certificates for domains ones does not control" would mean.

GrauhutJuly 2, 2016 5:59 AM

@Curious: "it isn't clear to me what "gaining valid SSL certificates for domains ones does not control" would mean."

It means every fckn soho internet provider or third world ic service is able to set up a ssl man in the middle attack that is not recogniseable by the end user if the original server does not use cert pinning.

ianfJuly 2, 2016 6:01 AM


Re: Raspberry Pi 2 Model B

I'm about to get one such to set up as a streaming (Kodi) media player, then I see this on the blog:

The Raspberry Pi 2-compatible version of WINDOWS 10 will be available free of charge to makers.

Visit WindowsOnDevices.com today to join the Windows Developer Program for IoT and receive updates as they become available.

That "free Windows 10 version" is called W10 IoT Core. I don't particularly long to mess around with MSFT, but, as I'm also constantly looking for a non-Apple/ cheapo iTunes wired iOS backup device (and iTunes runs on ordinary Windows), this piqued my interest.

Later, in the FAQ: Is this a full version of Windows 10?
Please refer to WindowsOnDevices.com


@ Anyone here who actually has played with both Pi2/B AND its W10 bastard: will the latter still permit installation of the iTunes app, or had it somehow been crippled in that regard?

ThothJuly 2, 2016 7:56 AM

@all
How to expose Secure Elements to a bigger surface of attack.

Thanks to GlobalPlatforms current draft for a Web API for Secure Elememts in ECMAScript, the future of Secure Elements becomes more fun (more attack avenues).

I can already think of many angles to use malicious Web technologies to shim or possinly even control the Secure Element from the remote safety behind another C&C computer.

Interesting to note, the creators of the Web standard for Secure Element access on browsers understand the need for the browser to be executed in a trusted and secure environment but the fact is almost all browsers are so bloated and filled to the brim with exploits, how would it even be possible to imagine the requirements to execute the Web API for Secure Elements in a trusted and secure browser setting to be fulfilled when most browsers are not.

When would people and organisations realize that connecting every other device onto the Internet is not the best idea nor the best interest for security.

Link: http://globalplatform.github.io/WebApis-for-SE/doc/?utm_source=Twitter&utm_medium=Tweet&utm_campaign=WebAPIAccessingSE

TatütataJuly 2, 2016 9:49 AM

Hi everyone,

I think I have a concrete security problem to deal with. Are any of you squid lovers familiar with VoIP?

I have been using the phone service offered by my ISP for about 18 months. The adapter they delivered is a thingy bearing a well known brand designed to be inserted between the modem and the router/firewall, with essentially ZERO customer access to the credentials and configuration (except for some minor stuff that can be changed through DTMF commands).

The appliance interfered with other traffic, in particular streaming, when installed in its intended configuration, so I moved it on this side of the router/firewall, routing to it only the ports absolutely required for SIP telephony protocols. It worked reasonably well that way, and I thought no more of it.

I was recently looking at the traffic on my home network using Wireshark and the adapter caught my attention. Something very odd was going on. In addition to the normal exchanges with my ISP's servers (3 IP addresses for UDP, with SIP, RTP, and Syslog protocols, as well as TCP with TLSV1, which are all in their IP address ranges), there was quite a bit of traffic (hundreds of UDP packets per hour over 3-4 hours) to a couple of IP addresses located on another continent, but in a country theoretically operating under the rule of law. When I googled these I found them included in "known SIP fraudster" black lists.

I became very worried and immediately added a few rules to the router to exclude the concerned address range. The adapter still worked well afterward, and I can't imagine any legitimate reason for my ISP to configure their appliance with parameters related to that country. I then combed through my past phone bills to look for suspicious items, but couldn't find any, which was reassuring. (One typical fraud is apparently to steal a user's credentials and place a series of expensive calls to a costly number, a redux of the "dialer" scams in the dial-up internet era.)

I examined the packets in Wireshark, but couldn't make much sense out of them. From memory, they apparently contained little payload (something like 1 byte), as if it they were some sort of ping. The program crashed when I tried saving my sample for later analysis.

I don't feel like opening the barn door again to gather a new sample, and intend to limit the rules even more to only accept packets from narrow IP ranges belonging to my ISP, as there are also too-many drive-by "ordinary" hacking attempts for my taste.

I suspect that the device is compromised in some way, as even after a couple of prolonged power-on resets, it tries to send at random intervals from minutes to hours an UDP packet to that weird server. However, my web searches don't seem to indicate that there is any known vulnerability with that brand. Besides the traffic with the VoIP servers and that creepy outfit, (and the occasional drive-by attempts), I can't see any other connections. My suspicion is that the device was somehow zombified, and is just waiting for the Great Call to Rise from the Dead to arrive.

What can I do? Anyone here knows what's going on, or point me to some resources?

I could contact my ISP to tell them to replace or re-flash the appliance, but whatever vulnerability there was in the first place would remain, so it wouldn't solve the problem. I would also have to work my way through a few customer support droids before I finally get to someone who might understand what I'm talking about. I'm not sure either that I want to make this a problem of mine, as I was sold a service and if something goes wrong it should be THEIR problem. After all, I am only a dumb customer who rented a closed appliance.

I could also keep mum, as my router/firewall settings seem to keep the issue under control. If the SIP credentials had been stolen, the damage would have already occurred. But I'm a bit queasy of having this contraption on this side of the drawbridge.

Or I might be wrong, there is no problem and there is a legitimate reason for that VoIP adapter to send and receive those packets?

Or could the ISP have been sloppy in his configuration, or was his setup compromised?

Another possibility would be to change providers and phone numbers (and get another brand of VoIP adapter), but that would be way too much trouble.

I thank you in advance for your suggestions.

Sarah P.July 2, 2016 9:56 AM

The so-called "social DRM" ebook watermarking schema developed by BooXtream ('social DRM' is their marketing term for it), has been fully analysed, documented, and work-arounds presented.

What prompted this analysis was the fact that Verso Books refused to remove the watermarks from their release of Aaron Swart'z writings.

The full write-up and details: https://pastebin.com/raw/E1xgCUmb

hawkJuly 2, 2016 10:14 AM

@Rebecca Haldron

Computer analysis of your post indicates you are male, not female.

Bumble BeeJuly 2, 2016 10:24 AM

@hawk

Not likely. Just some Russian gal with poor English skills trying to grow a beard and play cyberwarrior for Vladimir Putin.

GrauhutJuly 2, 2016 10:33 AM

@Tatütata: "I thank you in advance for your suggestions."

Its not possible to give you advice without knowing the facts. If you dont spy on yourself and did not log all traffic to and from the box and without root access to your voip box its nearly impossible to analyze what happened.

If you have the knowledge and resources, set up your own sip gateway, administer it carefully and log all its traffic for post mortem analysis if shtf.

http://www.voip-info.org/wiki/view/Open+Source+VOIP+Software

Dan3264July 2, 2016 10:51 AM

@those_who_are_more_knowledgeable_than_me,

What are the requirements for practical Emissions Security? Protection from TEMPEST style attacks should be a priority for secure hardware designers because EMSEC vulnerabilities are usually unpatchable. Software cannot fix a vulnerability that causes the hardware to leak its current state to anyone who happens to be nearby. Protection of data processing devices should be a priority, but I also want to know how to guard cables against TEMPEST attacks. It would be nice if a keyboard does not have to support SSH over USB to be secure(that is a XKCD reference, but good luck finding out how it references XKCD). Are there any standard cables that are reasonably resistant to TEMPEST attacks? Fiber optic cables and coaxial cables seem to be good candidates, but both would have to have complex circuitry to interface devices to them. If there are no electrical cables that have good shielding against TEMPEST attacks, could metal electrical conduit be used to provide sufficient shielding? All other things being equal, cables and methods of shielding that are easier to obtain and use are better. If a person responding is a member of ASKG(Applied Security Knowledge Group), please put it on that website so that other people can use the response. For extra credit, please explain to me why I should trust that any of your advice is true. Just to be clear, I do not have any projects planned that make use of any response I might get(I note that I would say this even if I did have projects planned).

ianfJuly 2, 2016 11:18 AM


@ Sarah P.,
                    that BooXtream "social DRM" ebook watermarking REMOVAL doc is interesting, but I feel that, for it to be of use, it'd require a companion interactive CLI tool to analyze and then strip off the watermarks in somewhat mechanized, assisted fashion. Otherwise each downloaded ebook file will require much too much time & effort to process it manually.

Clive RobinsonJuly 2, 2016 11:29 AM

@ Drone,

Android’s full-disk encryption just got much weaker...

Sort of, the problem is in the Qualcom chips, we've been discussing it on last weeks squid thread.

Who?July 2, 2016 11:48 AM

System Management Mode (SMM) BIOS Vulnerability

Dmytro Oleksiuk, also known as Cr4sh, is another unethical pseudo-researcher that has choosen to disclose a serious UEFI vulnerability without letting OEMs develop a fix to it. Now a serious vulnerability has become critical thanks to his childish behaviour. This one is a industry-wide vulnerability that allows execution of code in SMM by anyone with local administrative access. This one is Lenovo's report:

https://support.lenovo.com/es/en/solutions/LEN-8324

However this bug is in a common code base provided by Intel to Independent BIOS Vendors (IBVs) so expect more than Lenovo machines being affected. I know of other affected systems, like some HP desktops and laptops.

I had been tracking this guy for months, and talked to staff at Lenovo's PSIRT about him months ago. Sadly he has done exactly what I suspected.

There is a proof of concept code widely available, and at least one exploit is being used right now. This code is very easy to find if you know where looking.

Clive RobinsonJuly 2, 2016 12:37 PM

@ Dan3264,

What are the requirements for practical Emissions Security? Protection from TEMPEST style attacks should be a priority for secure hardware designers because EMSEC vulnerabilities are usually unpatchable.

Firstly "TEMPEST" is only one half of the story. That is not only do you have to deal with "Emission Security" a passive attacker can observe energy from your system, you also have "Susceptibility Security" where an active attacker can push energy at your system.

You can get an idea of the mechanics involved by reading up on passive EMC technology and techniques. The difference is that EMC is about "harmful interference" where as EmSec is about "obtaining information". Thus EMC prevention is more about limiting unwanted EM spectrum energy "emission" over a given time period than EmSec which is about limiting all types of energy --not just EM-- and it's information carrying bandwidth at all times. You can also get quite a bit of information from Amateur Radio design and construction techniques to limit EMI.

From an Information Security stand point Active EMC techniques that "spread EM energy to fit the mask" rather than absorbe it are realy bad news and should not be used at any time.

If you take care with passive EMC techniques, the components that limit unwanted emission will also limit energy your system may be susceptible to as well. Be carefull of "low power techniques", the "peversity of inanimate objects" or "Murphy's Law" comes into play, in that low energy technology tends to be more susceptible to external sources of energy thus are easier to subject to active "fault injection attacks".

I've detailed information on EmSec design techniques in the past on this blog, including how to do "after market" prevention with a "do it yourself" SCIF. @Nick P was at one point keeping links to them in his "link farm".

rJuly 2, 2016 1:16 PM

@Clive, Nick P

A "link farm" is not nearly enough, as per Nick's statement yesterday about "dammed archive.org". It's why I try to keep triplicate of things as fast as I find them.

:)

rJuly 2, 2016 1:20 PM

@hawk, bumble

does it matter? if she is a she you're potentially alienating her by drawing such things into the public.

albertJuly 2, 2016 2:48 PM

@Murka,

Here's hoping the Cohens have a good lawyer. Tens of millions and future medical expenses. Note how the TSA implies that it's the parents fault:

"...
“Passengers can call ahead of time to learn more about the screening process for their particular needs or medical situation.”
..." - Sari Koshetz, TSA

Such arrogance evidently flows downhill to the dumb-as-rocks TSA drones, who appear to think they are required to act like street-thug cops.

Question to Koshetz: Can I call ahead to see if I'm going to get the shit kicked out of me?"

. .. . .. --- ....

ianfJuly 2, 2016 3:13 PM


Hey, Murka, give the TSA guys a break. Their job is tedious enough, so it goes without saying that any opportunity to liven up the day will be catered to in the fashion that they're best at.

Also, parents of this 19yo air-freighted her back and forth to the hospital in another city for SEVENTEEN bleeding years? That's torture by anyone's standards, way worse than any one-time encounter with uniformed airport Stormtroopers. Besides, nobody's dead.

(ps. on a recent flight down the Medi, a security screener asked to inspect contents of my jacket pocket: it was two felt pens in a plastic etui that apparently gave off some spooky image on her screen. That's how bored they are, esp. when they can't swing their batons once in a while…)

BearJuly 2, 2016 3:17 PM


Off-topic to the squid post, but on topic for those interested in historical cryptography.

magnet:?xt=urn:btih:5de4d39cf70f65a885093980292f8036200bf951&dn=FriedmanPapers&tr=udp%3a%2f%2ftracker.coppersurfer.tk%3a6969&tr=udp%3a%2f%2fexodus.desync.com%3a6969&tr=udp%3a%2f%2ftracker.leechers-paradise.org%3a6969&tr=udp%3a%2f%2fopen.demonii.com%3a1337

The link is to an archive of the Friedman Papers: A collection of the memos, correspondence, patent applications, personnel records, publications, notes, and Lectures of William F. Friedman.

Friedman was the head cryptographer of the Signals Intelligence Service starting in the 1930's, and continued in the job of head cryptographer through its transformation into the modern NSA, where he served until the late 1950s.

I found the section on Pearl Harbor particularly interesting, myself. As with nearly every sneak attack in history, conspiracy theorists kept insisting that it had to have been an inside job, undertaken by the "powers that be" for their own inimical purposes against the ordinary people. Investigations into these conspiracy theories are apparently the primary impetus that resulted in anyone ever finding out what happened at Bletchley Park. The English could have kept a secret if not for Americans insisting on investigating their own congress and military's access to intelligence assets.

FigureitoutJuly 2, 2016 4:04 PM

Version 1.1 of nRF_Detekt released

https://github.com/Int-Mosfet/nRF_Detekt

Finally finished up a new release. I know only a few people will care, if that. But, this version has a nice encryption algorithm that could be applied many places and modified to many block ciphers. You should check out just that, if nothing else. To refresh anyone, the purpose of this project is to log physical security violations and try to protect that evidence from an attacker trying to cover his/her tracks. It takes input from any kind of sensor that can trigger a relay when it detects something, into an Arduino Uno (the most popular board in the Arduino world), I then encrypt a packet (a 32byte struct consisting of 4 pseudo random samples, 2 timers, and 2 "authentication variables") to send to a receiver via nRF24L01+ radios (another really popular module in the hobbyist world, one nice feature is it uses its MAC address as a sync field in the RF protocol, making sniffing a bit of a pain), that is preferably hidden but may be on your desk like I'm doing for now. I store the activation count in the EEPROM and display it via an LCD screen (over i2c). The encryption used is Keeloq -> XTEA -> AES-128-ECB. 3 symmetric block ciphers, each w/ a different block size. Individually, using those ciphers would make me a bit nervous, but chained together...they won't be broken by brute force, and you have to be ready to receive the traffic (ie: close to the target, increasing odds of other means of discovery and having a counter target to follow back)

The other big issue was power. I've got a plan to take care of that as well, after some consulting around, I'm going to try using an AMS1117 buck converter attached to the 5V output line, which will provide me w/ plenty of current (I need ~130mA, the 3.3V pin can max supply 50mA). I've got an LM317T 3.3V powersupply built up and it works great (you can supply 5-25V and it outputs a solid 3.3V, w/ enough current), but it just looks a bit clunky. I want this to fit in a nice box. It'd be best to use that, completely separate from the Arduino power supply, so you'd have 2 wall warts (separate transformers isolating power sources) powering the device (3 if you need one for the sensor). I think it looks slicker w/ the small buck converter in a nice 3 pin package, surface mount components.

I removed the channel changing feature (commented out), as it just makes me nervous as I couldn't think up a robust way to re-sync if the nodes get out of sync. The algorithm would be very complex, while a primary design goal of mine was utter simplicity. I also configured the radio for RELIABILITY over STEALTH. If you want stealth, you need to do your homework and configure it like so (but you may miss an activation).

Overall I'm happy w/ how it's turned out. I'm going to be adding on to it for a few years probably. I've got this vision in my head that it could be a really nice finished product, just takes a bit of work. On to more projects now though.

Comrade MajorJuly 2, 2016 4:13 PM

@hawk
Computer analysis of your post indicates you are male, not female.

You may not know it, but many women learned to obfuscate their gender in the internet.

BTW, what is "computer analysis" in this case?

rogerJuly 2, 2016 6:31 PM

@ianf

that BooXtream "social DRM" ebook watermarking REMOVAL doc is interesting, but I feel that, for it to be of use, it'd require a companion interactive CLI tool to analyze and then strip off the watermarks in somewhat mechanized, assisted fashion. Otherwise each downloaded ebook file will require much too much time & effort to process it manually.

You'll be happy to know there is precisely such a cli tool (well, a Python script):

https://github.com/grayleonard/booxtream-epub-drm-remover

12345July 2, 2016 6:50 PM

@albert @Murka

Folks on the TSA Cares helpline will probably politely decline the opportunity to wrestle with you (or any of your friends) given 72 hours advanced notice. I have additionally searched the TSA’s 95 page Screening Management Standard Operating Procedures and am unable to locate the gory photo op initiative.

TSA may still, however, be more dangerous than flying in this day and age.

“TSA strives to provide the highest level of security while ensuring that all passengers are treated with dignity and respect. The agency works regularly with a broad coalition of disability and medical condition advocacy groups to help understand their needs and adapt screening procedures accordingly…”

https://www.tsa.gov/news/releases/2011/12/22/tsa-announces-launch-tsa-cares-toll-free-helpline-travelers-disabilities

TSA also has notification cards, quarterly disability coalition meetings, and customer service managers available to coordinate checkpoint support when necessary.

Dan3264July 2, 2016 7:23 PM

@Clive Robinson,
I suppose that I should do more than just look at wikipedia(which, in this case, has very little relevant information). It is so easy to ask around on this blog for the answers to questions about security(you, Nick P, and Thoth all are very knowledgable when it comes to the practical aspects of security). Most responses that I have gotten were very relevant to what I was asking or suggesting(I can't say useful, because I do not plan on doing anything with the information I have gotten(at least in the short term. I might in the future)). If I actually try to have TEMPEST protection I will just find a large metal box to put my project(s) in(large electrical panel boxes seem to be good for that purpose. Any suggestions?). On a side note, that "Nick P's link farm" you mentions seems like it would be very interesting. Can you direct me to it? Thank you for your help(and for future help which I am sure I will be asking for).

65535July 2, 2016 7:33 PM

@ Friend Basket

“Travel OPSEC for Spys 101”

Ha, it looks like the second story guy is using American equipment to copy the data. The NSA seems to be giving away some of their tactics.

ThothJuly 2, 2016 7:54 PM

@Dan3264
re: @those_who_are_more_knowledgeable_than_me

"If a person responding is a member of ASKG(Applied Security Knowledge Group), please put it on that website so that other people can use the response."

ASKG is my personal blog and website where I rant and post my researches and researches and commentaries on Security (with their acknowledgement) for me to hoard up all my security related rantings and stuff into one place. It is my version of Schneier.com but with no commentary section because that is going to be troublesome for me to manage. I want the website to be simple as well as not expose readers and visitors to risk by not hosting on dynamic codes (i.e. PHP, RoR ...).

Partial document dump (of @Nick P's commentary documents with @Nick P's explicit permissions) are up there but due to the limited time I have on hand and my intentions on engaging myself with a variety of open source Security projects to gradually improve the overall assurances, I do not post much stuff over that but I do post when I have something important regarding my thoughts on Security on my own website.

" For extra credit, please explain to me why I should trust that any of your advice is true."

Just like any research or knowledge, you are not expected to trust me or whoever my content authors are in person. Neither do you trust any commentaries or reports at face value. You have to decide if the stuff are true to you or not. Any of us can write a ton of comments or papers with all sorts of fanciful formulas but it is up to you to decide whether the maths and science in the commentaries or reports are rigid to meet your security requirements.

Trust the maths and science not the person.

"@Nick P was at one point keeping links to them in his "link farm"."

I have some of his link farms he gave me but I have to find time to put them up on my website.

chris lJuly 2, 2016 7:56 PM

NY Times has an article pointing out that extending the checkpoints further from the airport mostly just moves the targets without improving safety.

ThothJuly 2, 2016 8:10 PM

@Figureitout

"the purpose of this project is to log physical security violations and try to protect that evidence from an attacker trying to cover his/her tracks."

Do you mean like, I could install the transmitter module into some door unlocking mechanism and if someone attempts to brute force the door open or attempts to use some other methods to force open a door I want to protect, it could be used to send a message to a receiver device to lock down the forced entry attempts ?

"I removed the channel changing feature (commented out), as it just makes me nervous as I couldn't think up a robust way to re-sync if the nodes get out of sync. The algorithm would be very complex, while a primary design goal of mine was utter simplicity."

Since you are not going for stealthy implementations, you could have something like a storage module (i.e. MicroSD card ?) to store a list of channels and the software would ping the list of channels over time and data would be broadcast across multiple channels with a "per-broadcast counter". On the receiver side, whichever channel receives the data first with the "per=broadcast counter" inspected and verified, it would be accepted and the rest of the other pings or messages per that broadcast discarded. No need to use any complex channel hopping since all you do is ping/message flood across all your specified channels explicitly for reliability.

On the receiver side, it could try to monitor how many channels up within a time span and if it detects that only 1 or a minimum trash hold of channels are up, it can issue a warning asking you to investigate on the reason the other channels are not working.

ThothJuly 2, 2016 8:26 PM

@Dan3264

@Clive Robinson's SCIF construction linked below with text.

Clive Robinson • July 13, 2015 1:10 PM
@ Thoth,

Further to 6, there are some other things you need.

End run attacks work in many ways and pulling the blinds is not sufficient.

What you need is one of those "three gate" cloths drying racks (not the concerteena types) an angle poise light, a fan, a couple of old fashioned quilts, four old newspapers and one of those "lap trays" with the beadbag underneth designed for eating a TV dinner off on your lap, A couple of FM portable radios and a casset player with speakers.

Put the old newspapers under the table legs, one quilt across the top and down the sides of a table big enough to work on, put the three gate cloths drying rack up on the table with the sides adjusted appropriatly to form an open box. Put the lap tray, fan and angle poise lamp on the table and then cover the rack with the second quilt such that it touches by a foot (30cm) or more the table top (I tuck it under the drying rack legs or you can use moderatly heavy books) and hangs down quite a way over where you are going to sit. Turn on a couple of FM radios to an empty part of the band in the room near the door and windows and have a couple of speakers of sufficient power to play little known music that you can work with under the top quilt on the desk.

Turn on the light and fan, get under the quilt, and tuck it in around you, put your laptop on the lap-tray adjust the bean bag so it's at a comfortable angle, and turn on the music only then turn on your laptop and start work.

This effectivly stops visable and near infra-red light based "end run" attacks, whilst also significantly antenuating sound of typing and typing vibration through the furniture.

It's not perfect --but then what is-- but unless "caught in the act" it's stuff you would find in almost any home, thus does not stand out.

Oh those "spy shop" CCTV camera detectors probably won't work with proffesional surveillance as they would use infra-red cameras with angled "black light" glass which only alows IR to pass not the visable light most of those cheap detectors use. There is a simple solution which is to make your own near IR detector using easily available parts.

Oh the angle poise should be of the old fashioned filiment bulbs, which generate a lot of thermal IR, when put near the keyboard and the fan is used as well it disrupts some thermal imaging cameras, thus your typing movments become masked and difficult to observe.

There are a few other things you can do that I've mentioned in the past, one of the most important is very thin easily burnt paper a very soft pencil and a glass covered picture or table top you can write on.

If you want to go all out wash the paper with a "potassium permanganate" wash or equivalent nitrate wash, thus the paper burns very very easily, and won't stop easily. A visit to a home baking shop will get you icing glycerine which if dabed on potassium permanganate washed paper will set it's self alight, and burn ather more vigorously.

Link: https://www.schneier.com/blog/archives/2015/07/friday_squid_bl_486.html#c6700762

ThothJuly 2, 2016 11:01 PM

@We're in trouble
Essentially, the more the FBI et. al. tries harder to compromise privacy and personal security via technical or "legal" means of all sorts, the more the people would come together and step up security.

It's a natural process where the Governments keep coercing the people and the people feel threatened where they would start to find ways to protect themselves.

The upcoming security trends:
- DIY computing kits (CHIP computer, RPis, Novena ...)
- Open hardware/firmware computers (Librem)
- DIY computing with Security baked into the board and encouraged (Samsung ARTIK)
- Programmable and mostly Open Source Secure Elements equipped with secure display and input (Ledger Blue and Nano S)
- Open Source Microkernels & Frameworks (Zephyr, L4 variants, seL4, Redox, Genode...)
- Open source and hardware HSM (CrypTech HSM)
- Community-supported CA (Let's Encrypt)
- Distributed Filesystem/Censorship-resistant sharing (IPFS, MaidSafe)
- Distributed Proofs and logic tamper-resistance (Blockchain et. al.)

... and many more if anyone wants to add ...

JackyJuly 3, 2016 1:35 AM

@ Rebecca wrote, "the worst backlash about the Snowden files was everyone believing how powerful and capable the NSA are. They are not."

Fact is they do have a lead start over everybody else in the information arena, and that is a distinct advantage. For example, let's say Lance Armstrong and Michael Phelps decided to compete in a 40m freestyle contest but Lance has been given a 2 minute head start to swim. Who would win the race?

To peek into where they are from, by the history books, a lot of digital research were either classified or centrally managed, until recent years. Thus, the head start concept chimes in, and why there are constant references to the big bad mother Russia being the digital super villain.

RichardJuly 3, 2016 1:43 AM

@Thoth, @Bruce, @all

...the more the people would come together and step up security.

Speaking of 'stepping up' in the effort to help enhance system security, I have a question.

Does this blog have an ongoing technical cryptography development thread?

I ask, because I have a handy BASH script which those administering Linux, and BSD systems might find handy.

It is written in BASH using simple command line tools to allow you to easily verify the code, and allows you to easily create your own self decrypting secure BASH scripts, by selecting a valid bash script as an input.

The output script contains an embeded self-decryption runtime header plus your original script in a highly secure encrypted form. When you run the encrypted version of your script, the runtime decryption header prompts for a password and, after checking for a valid decryption, passes the decrypted script plain text through a pipe to a sub-shell invocation of BASH to run the plain text decrypted version of your encrypted original .

This is really handy for things like running complex login scripts to set up SSH connections where you would like to be able to embed sensitive login user name and password information into the script without worrying about it being stolen if your system is compromised

As previously stated, this particular script is targeted at enhancing security for Linux/BSD sysadmin types who are proficient with BASH, but could easily serve as a jumping off point for a similar tool for windows, since the OpenSSL command line tool used for encryption is also available for the MS command prompt.

The master script (including comments) which encrypts your script and adds the self decryption header, is only a few kilobytes - so I could post it here without burning any more bandwidth than some of the more politically rambling prior posts in this thread - but I don't want to offend any local sensibilities, so if there is no interest, or if it would be better posted in another thread let me know...

FigureitoutJuly 3, 2016 2:04 AM

Dan3264
--I'd look for some second hand faraday cages, I heard our company got ours for ~$3000 and it's pretty nice but that's a low price point. Check out how those are constructed, especially the edges and the power filters. I'd then place that in a shipping container (w/ breathing holes), in a metal shed. Then apply basic shielding to your PC (there'll be holes, has to be). At Dayton hamvention, I saw a military shield room (sleeping quarters too) that attaches to a truck. That would be the best since it's not a static target where small holes in the shield could be drilled out if you don't physically protect well enough, and power would be supplied by car battery or a generator. Even if small holes are drilled on the mobile shield room, you still need to have a receiver pretty close by; bugging the car would be the next attack used. Simply drive out to bumf*ck nowhere, do whatever it is you want to protect w/ a shielded/isolated power source, then return.

I'd look to ARRL books on RFI shielding for some technical countermeasures. I'd use coax cables and other RF connectors w/ adapters to serial connectors that you wrap sheet metal around, maybe solder it to ground pin.

RE: clive's homemade scif
--That's not RF shield, and is only needed in the extreme of extreme situations or if you want to prove a point, how comical does that look...honestly...you need an actual good reason to do that kind of countermeasures consistently day-to-day otherwise you're wasting your life away pointlessly (not just for watching your porn lol). Logging into your bank account, or other accounts you want to protect from "physical" end-run attacks, maybe.

Thoth
--I would connect the door unlocking mechanism to the receiver if you want to control opening it w/ some unique IR key or something like that (authentication variables and keys could be on the IR device). Or if you want to log who/what's going in/out the door, yes, assuming there isn't a backdoor in the motor control module for the door.

I'm only looking for presence of something in a particular area. Code and maybe hardware would have to be modified a bit for what you what (if I understand correctly).

And yes, I'm going to be messing around w/ some of the SD card shields (and even though they appear to have same write limit (100,000) they usually have automated wear-leveling so I don't need to do my own algorithm for that). I could encrypt the logs too (w/ keys in flash on ATmega chip, encrypted data only on SD card).

Yeah that's a good idea I guess. Spew out transmissions on all channels for TX. Randomly set a channel on RX. Eventually the message will be received and the re-sync issues are mostly resolved. I'll think about it.

Richard
--Do you have a github? Just post it there and link it...Piqued my interest.

ThothJuly 3, 2016 2:38 AM

@Figureitout
re: SCIF facility
As the name implies, it is only used in the most extreme conditions and something like generating or renewing your 16384-bit RSA or 521-bit ECC Root Signing Key would require that kind of extreme scenario. Similarly, SCIF facilities in real life are only used for those occassions where you need to read really really classified stuff you don't want others to know.

If you want something more portable or mobile, a hardware secure element would get the job done and if you want you can add software randomized noises to make it hardware for side channel attacks.

CuriousJuly 3, 2016 3:41 AM

@We're in trouble

I think any government that thinks that they can make up some logic as an ideal, or as being pragmatical in such a case, is bullshitting and are authoritarian shitheads if they base their reason on simply excluding people from having privacy (as if privacy doesn't exist). Any argument of the kind "you don't have expectations of privacy because you can't have any" is intellectual fraud.

ianfJuly 3, 2016 7:15 AM


OT, but within the envelope, of

WTF are techies saying? A linguistic guide for the aspiring tech hustler

    In Silicon Valley, being ahead of the jargon curve can bring great social and financial rewards – and it may even be confused for true innovation
    http://gu.com/p/4kq25

US border control could start asking for your social media accounts

    US Customs and Border Protection proposal would see Facebook, Twitter and other social media accounts requested on landing and visa forms
    http://gu.com/p/4nvdz

Google's My Activity reveals just how much it knows about you

    Search company launches new opt-in ad service for non-Google sites and tools that show how it tracks your internet activity
    http://gu.com/p/4n45a

Facebook is chipping away at privacy – and my profile has been exposed

    My secret account is now not so private after Facebook updated its search engine without warning, and there’s nothing I can do about it http://gu.com/p/4n4bh

ThothJuly 3, 2016 7:33 AM

@ianf
re: US border control could start asking for your social media accounts,
re: Google's My Activity reveals just how much it knows about you,
re: Facebook is chipping away at privacy – and my profile has been exposed.

Unsurprisingly, data is literally gold in this new age of less than 3 degrees of separation. Facebook guessed that the connectivity between people is now 3.5 degrees of separation.

What does that mean ? You are likely to have a friend's friend of yours who knows your friend.

Talk about the World getting smaller.

When IoT sensors start to litter the streets and your wardrobes, it wouldn't be surprising for your friends to know on Facebook or whatever what brand of clothings you are wearing !

Link: https://research.facebook.com/blog/three-and-a-half-degrees-of-separation/

Clive RobinsonJuly 3, 2016 7:59 AM

@ Dan3264, Figureitout, Thoth, Wael and others.

The page Thoth provided information to is as Figureitout out noted not for lower frequency EM radiation, but higher end IR and above, acoustic limiting and masking and mechanical vibration that might reveal key pressesand similar.

It was designedto stop various end run and reflection attacks and be almost entirely "unsuspicious" when dismantaled in a flat or home.

There is however another page where I described how to build "an RF cage" the design of which caused Wael to ask a question that sugests hehas never "hung wallpaper" ;-)

See this and other comments on that page,

https://www.schneier.com/blog/archives/2014/01/loudauto_nsa_ex.html#c3843125

ianfJuly 3, 2016 9:27 AM


@ Thoth says “Unsurprisingly, data is literally gold in this new age of less than 3 degrees of separation.

Hasn't it always been so, except perhaps in earlier times all such personal, potentially revealing, data was called "intel," and most of it was available only through happenstance, subterfuge, and/or torture? Unlike now, when the Fuckfacebookers etc can't wait to unload it FOR FREE in droves.


What does that mean ? You are likely to have a friend's friend of yours who knows your friend.

If you're talking of "Facebook friends" of other "Facebook friends," then perhaps… they deserve one another. Otherwise, not. I was never on FFB under my name, and never "friended" nor posted anything there. The only ID-chaff of mine that Zuck has come is from a number of third party website comments systems that at some point went FB OAuth-native (which made me quit submitting there once I started being "greeted" with the avatar and the nick(s) I used earlier elsewhere). I've also been thrown out from one major SF
(Market Street-the thick of it-based) social network for refusal to connect my Twitter (which I no longer use) to my account there. In any event, after 2+ years, I no longer receive any "where have you been, we've been missing you here" robot mails from FB to the seldom used mail account that I managed to redirect my deleted FB-presence to.

Acc. to some dispatch that I ogled recently, FB has seen a 21% drop in "personal sharing," which they see as a threat to their business model, and thus will try to arrest or reverse it.

BTW… while still on the subject of FB, here's a thought to behold:

[…] “Mark Zuckerberg said he is making more progress with his New Year’s resolution: an artificial intelligence that can control his home… he now has a camera at this door that can recognize certain people who should be automatically let in. “My wife, for instance,” he said.

    To which I only can add: here's the chance for anyone who has ever dreamed of seeing how the Zucks live: simply hire an Asian broad of similar figure, make up her face to resemble the wife—easy-peasy—wait out her leaving the abode from the bushes, and—Doris, we're in!

[found in] Zuckerberg on telepathy: you'll capture a thought and share it with the world

    The Facebook CEO floated the far out idea in a Facebook Live video, while also chatting with comedian Jerry Seinfeld about his broken arm
    http://gu.com/p/4y5a3

Nick PJuly 3, 2016 9:30 AM

@ All
(@ Thoth)

A few more that I've picked up recently. I haven't evaluated most of these with last two I haven't even read. Just found them before heading out the door. HDFI and AHEMS for high-assurance as they provably stop all kinds of attacks. HDFI claims to improve on CPS but no comparison to Softboud+CETS. Hmm. Glider cuz graphics TCB's are a mess. Combine with Nitpicker or something. SHIM models help with embedded that needs safe concurrency. Shreds deals with in-process threats. Verena and ASIC abstracts look interesting. The ASIC one makes me feel good as it got a distinguished paper award for describing a subset of the compute-checker approach that Clive and I have been describing here for years. Matter of fact, I just posted another variant recently in form of ultra-fast nodes computing with verified, 0.35 micron, nodes doing the checking. Now, they do a lot of formal stuff, too, per abstract. So, might be pretty interesting.

HDFI and AHEMS should get most of the peer review, though. Such techs have the most potential.

HDFI: Hardware assisted data flow isolation

AHEMS: asynchronous hardware-enforced memory safety

Glider: A GPU library driver for improved system security

Efficient Code Generation from SHIM Models

Shreds: Fine-grained execution units with private memory

Verena: End-to-End Integrity Protection for Web Applications

Verifiable ASICs

rJuly 3, 2016 10:13 AM

data set the bronze and iron ages on fire, the information age is setting the world on fire.

JackyJuly 3, 2016 12:29 PM

@ Curious wrote, "think any government that thinks that they can make up some logic as an ideal, or as being pragmatical in such a case, is bullshitting and are authoritarian shitheads"

Try arguing with think tanks, they got you cornered

JackyJuly 3, 2016 12:32 PM

@ hawk wrote, "Computer analysis of your post indicates you are male, not female."

Err, computers fuck up all the time

Bumble BeeJuly 3, 2016 12:43 PM

@Nick P

Re: high assurance

You need to be able to mathematically prove that the software you write meets certain properties of soundness and correctness which you have specified as simply and reasonably as you can. Then you need special software to automatically check that proof. You will still find issues with your specification.

If you went into IT or software engineering because "math is hard," you can't do high assurance. If you're here on an H1B and still have allegiance to a foreign country, you can't do high assurance. If your software or hardware is closed source and not subject to public audit, it isn't high assurance.

I want high assurance software and hardware in all

  • highway traffic lights
  • automotive ABS brakes
  • automotive airbags
  • air traffic and flight control systems
  • medical devices and equipment
  • critical infrastructure
  • power generation and transmission facilities
  • nuclear power plants

There are no excuses and no disclaimers for civil liability in the U.S. courthouse for these situations.

Bumble BeeJuly 3, 2016 1:01 PM

And did I mention

  • train signals and railway switching equipment?

Not a Sa'arm UnitJuly 3, 2016 1:29 PM

Please note the below refer to a series of stores on an (NSFW) storiesonline.net website via ( http://storiesonline.net/universe/289/the-swarm-cycle , again NSFW ) for context. (I've also sent this to the Author's Mailing List as well... as I have often passed along links from this Blog there, too, so, finally, some flow in the other direction...)

Anyway, on with the show:

https://en.wikipedia.org/wiki/Fermi_paradox

The AIs-- and the pervasive surveillance they maintain (as described in many stories)-- gets around the "It is the nature of intelligent life to destroy itself". With pervasive surveillance done by "disinterested parties" (the AIs) who are NOT jockeying for political power, the capability provided by any technology to gives an individual enough leverage to destroy civilization (much less groups like ISIS/ISIL) can be neutralized with a minimal impact on the people around that person, maximizing freedom for any individual. Admittedly, I can't explain whether the sheepification of the various extant Confederacy species is memetic (due to surveillance suppressing misbehavior) or, as I used to surmise, a genetic effort to clip the edges of the bell curve.

And, yeah, there has to be, early on, some means of rendering nihilists impotent to act.

In this scenario, the AIs and their surveillance mission, were engineered to not merely assist the species that made them, but to maximize freedom without placing the whole civilization at risk from even a small group of nihilists. Humans, obviously, will need just as much (if not more) surveillance.

Thinking about the problem of a nihilist with high technology makes me think "Star Trek" and the "culture" shown as, effectively, unsustainable... given the technology to effectively render planets sterile since, in order to maximize freedom, people may be "left free" to do so ("Star Trek: Generations", as awful as it was, is an interesting illumination of this threat).

The only "comfortable" way out of this conflict comes from "Foundation's Edge" (and is better explained in "A Miracle of Science" - http://www.project-apollo.net/mos/index.html - ... though such a culture may easily fall prey to a memetic "infection" like SRMD which can flash across such a connected culture in instants); There has to be a means to recognize and "manage" sociopathic and nihilistic members without infringing too greatly on people in general.

The AI mechanism in the Swarm Cycle acts as a deux ex machina to take "judgement" of even the little things out of the hands of people who may want to leverage it for their own means.

Note: Many will be appalled at some of the stories within the Swarm Cycle as it, I believe, was born as a cathartic mechanism by the originator. It has mellowed a LOT from its early roots.

ianfJuly 3, 2016 1:34 PM


This the grugq's column of (not so) Idle Thoughts on Cyber, on the communicative challenges posed by cyber deterrence as a defense doctrine and methodology (I think), is worth MANY a read.

    Mind you, it may be at the limit of my own ability to understand those concepts, because, though it may give a self-declared hard-on to several armchair strategists here, it doesn't quite feel like I've digested it fully. Maybe after I've mulled it over for a fortnight or two?

https://medium.com/p/82170b2b7280

rrrrrJuly 3, 2016 1:51 PM

@Jacky,

with respect to high assurance as bumble bee and Nick P are speaking of:

"computers fsck up"? not so much: aside from gamma rays and maybe if you stretch the concepts surrounding dram attacks like rowhammer and maybe various forms of bitrot... it's the algorithms and by extension the designers that fsck up. not the logic slaves. :)

rJuly 3, 2016 2:06 PM

@Jacky,

we use computers to speed up decision making and the ease of digesting large quantities of data, we make assumptions about a device or logic being flawless: then we assume the output to be logical and flawless. it's our assumptions of that data that are where the errors lay, not commonly within the construct itself but in how we perceive the data and integrity of such constructs (data included). we measure the world with sensors that truncate facts and round measurements, we measure that output with a perception of truncated accuracy. you think that because a computer follows a logical process that data processed logically will be error free when presented to an emotional and assumptive device (us) seeking shortcuts in everyday life.

garbage in, garbage out when handling data you have to be careful about the assumptions you make about your measurements, did you include someone else's? were they accurate? is it stale? is it relevant? how can I apply this data... can I trust someone not to tamper or mislead?

when you say, computers fsck up. you are rounding and truncating the facts.

it's you and me making assumptions about data, it always has been.

Richard IIIJuly 3, 2016 2:36 PM

@Richard

I'd be interested in seeing your BASH script(s).

Please feel free to post it on here. I'm sure we can all give you some feedback.

Thanks.

CuriousJuly 3, 2016 2:59 PM

@Jacky
What is your point when you write: "Try arguing with think tanks, they got you cornered".

Milo M.July 3, 2016 3:39 PM

Security theater, winning more hearts and minds:

http://www.thenational.ae/uae/they-were-brutal-with-me-emirati-describes-arrest-in-us-after-being-mistaken-for-isil-member

"He was trying to book a room at the Fairfield Inn and Suites as the flat in which he was staying was being rented out for the Republican National Convention late this month.

The Avon police department said they had received a 911 call from the family of a female clerk at the hotel.

Police were alerted to 'a suspicious man with disposable phones – two of them – in a full head dress'.

They received a second call from the clerk’s father requesting that officers be sent to the hotel.

When police spoke to the hotel clerk, they learnt that Mr Al Menhali had not made any statements related to ISIL. Officers said there had been a miscommunication."

http://www.thenational.ae/opinion/editorial/ohio-incident-is-a-moment-for-reflection

"As a precaution, the Ministry of Foreign Affairs advised Emiratis travelling abroad to avoid wearing national dress. This is completely understandable, but it is unfortunate that the prejudice against Arabs and Muslims in the US has reached such a stage that it is necessary for such a warning.

In general, this newspaper is against people having to drastically alter what they wear in order to feel safe. We don’t believe, for example, that women should have to alter their clothing to “avoid" sexual assault, nor that ethnic or religious groups should hide their symbols to avoid hate crime. Rather, society ought to adjust to make sure those groups are protected from assault.

The same ought to apply to Emiratis abroad. They should not have to hide their national dress because of prejudice; rather the police ought to protect them from assault and suspicion. One of the best things about the UAE is that people from around the world can wear their national clothing without fear. Emiratis should feel comfortable wearing theirs abroad."

Sigh.

12345July 3, 2016 4:55 PM

“… Can anyone seriously argue that violence is in decline? They can, and they do—and they have data, compellingly compiled in a massive 832-page tome by Harvard University social scientist Steven Pinker entitled The Better Angels of Our Nature: Why Violence Has Declined

… Why has violence declined? Hobbes was only partially right in advocating top-down state controls to keep the worse demons of our nature in check. A bottom-up civilizing process has also been under way for centuries

… [these ideals] were then absorbed into the socialization of younger and younger children until they became second nature. That second nature is expressed in the unreported “10,000 acts of kindness” ...“

Article: http://www.scientificamerican.com/article/the-decline-of-violence/

I do not know how to select the correct number of random acts of kindness to commit per day. 10 seems painfully ambitious. If I commit to 1-4 starting today, I will be doing better than yesterday.

Joe KJuly 3, 2016 5:19 PM

@Bumble Bee

You claim:

  1. If you went into IT or software engineering because "math is hard," you can't do high assurance.
  2. If you're here on an H1B and still have allegiance to a foreign country, you can't do high assurance.
  3. If your software or hardware is closed source and not subject to public audit, it isn't high assurance.

One of those things is significantly unlike the others.

Valid proofs are valid. It does not matter who constructs them.

You appear to be taking American Exceptionalism to a whole new level of absurdity.

Perhaps I misunderstand your meaning?

Bumble BeeJuly 3, 2016 7:07 PM

@Joe K

Valid formal proofs, checkable in an automated proof system, are not likely if "math is hard." Proving the hardware is actually built to spec and not undermined is impossible.

Other countries are free to create great software. They are not free to undermine American efforts to do so. The entire H1B system fosters an attitude of "I don't care" throughout the entire U.S. software industry, and let's not pretend we don't have enough qualified U.S. citizens simply because they aren't of the right race, gender, age, and political opinions.

Is it really too much to ask you to become a naturalized U.S. citizen and renounce any allegiance to other countries before you work on critical software and hardware here?

Too much computer hardware and software in the U.S. is from China and other countries with a very active interest in spying on Americans. I don't trust it, and high assurance is about trust. Even the Russians use old-fashioned typewriters for anything sensitive because they don't trust computers either.

Questions22July 3, 2016 7:32 PM

@ Mr.C regarding openwireless.org networks:
https://www.schneier.com/blog/archives/2016/06/friday_squid_bl_528.html#c6725640

Thank you for your input.

What happened was:

1) several apple airport express routers were deployed, with recently updated Apple firmware, google dns servers, donors with access to ethernet and wpa2 wifi,) and guests with access to ssid openwireless.org (no password).

1.5) Although no firmware was flashed with open source stuff, I enjoyed reading this:
http://arstechnica.com/information-technology/2016/07/the-wrt54gl-a-54mbps-router-from-2005-still-makes-millions-for-linksys/

2) Channels and widths were left on automatic settings.

3) isp routers were pretty much left alone, but with wifi turned off on some (double nat was allowed in Apple setup)

4) Best practices for configuring isp modems/routers? For example, put them in bridge mode? Essentially leave them alone? Or other?

5) An effort was made to split deployments between isp providers (half and half; in case an individual isp vendor goes down).

6) As deployed there is some overlap of WAPs (No extenders or router extenders were used). This is seen, by looking at the wpa2 WAPs. Would it be better to use different openwireless.org ssid names? Different channels with the same ssid name? Leave channels on Apple's automatic? What might be a good naming convention if different guest ssid names are used? For example:

a) 1_openwireless.org, 2_ ..., 3_ ..., etc.

b) a_open ... , b_ ...., etc.

c) another_openwireless.org, yet_another_openwireless.org, and so on

d) I didn't see anything about this on the openwireless.org website and don't know if they have a preferred naming convention (it would be nice if individuals went to openwireless.org to learn more (and the above naming conventions would appear not to be a direct hit there))

6.5 Pros and cons of opennicproject.org dns servers (without encryption) vs. google dns servers? Could the donors encrypt opennic dns traffic using stock Apple routers? Currently donors are using Windows and OSX on the pcs hooked up to the openwireless.org routers.

7) Additional input from you or others will be appreciated.

Clive RobinsonJuly 4, 2016 12:12 AM

@ ianf,

This the grugq's column of (not so) Idle Thoughts on Cyber, on the communicative challenges posed by cyber deterrence as a defense doctrine and methodology

The grugq is mainly correct in that you can not correctly attribute in the Cyber domain, as I've mentioned on this blog back with the US claims of the supposed DPRK on SPE and Swift.

To see why you need to follow the logic through but first you need to realise that the US is by no means a disinterested party in these matters. The US MIC War Hawks have been trying to re-fight the Korean Peninsula war since the previous one back in the 1950's made US military power look silly. It is US exceptionalism taken to a ludicrous nth degree and like all apparently endless "injured pride" feudalism can not end well (ie military action in the South China Seas with poorly thought out but highly profitable US power projection, can only result in retaliation by China and the sinking of US carriers etc which will in all probability escalate beyond conventional warfare).

The logic of the attributation argument is that it is somehow possible to 100% follow data from the exfiltration point to some data store in some other part of the Internet, and thus point the finger at the owner of the data store and claim they are "the evil hackers".

Well you can not do this for several reasons, the first and most obvious being the likes of encryption. Unless you have the key you can not say to the required level of "burden of proof" what is in the data packets you are following. Thus you fall into at best circumstantial evidence.

But even if the data in the packets is in plain text you still have only circumstantial evidence. To see why ask the question, "If an attacker can break into one data store at SPE, why is it assumed that they have not broken into another data store that they are using as a destination?". To argue hacking only the one is illogical to the extream.

Now the next question you have to consider is how you actually trace the data packets. That is the nodes and cables the data packets pass through are not owned by the investigating authorities. Thus either they have to rely on third party log files, or they have to have somehow gained access to the nodes, they don't own at the time of the attack. As there is little chance that the owners of those nodes can be contacted during the attack and that they then grant permission for the investigators to be on their nodes, a question of legality and "fruit of the poisoned vine" arises (what intel types ignore and just hide behind the "methods and sources" label).

But you will note I said "nodes and cables" and it's important to realise what the implications of this are. The simple and fatal assumption is that the nodes and cables are "pipes" and not "tees". To go back to the point about hacking the data store, you can not assume that the attacker has not hacked a node or cable and "tee'd the data off" into another node or cable.

In fact it can be shown that hacking a router or placing a "vampire tap" passive data diode on to a cable is relatively simple and has been so since data comms was first used. Another name for such activites is "instrumentation" and it's not a "Chicken or Egg" question, the ability to instrument comes before the ability to develop the data communications as part of the design process...

The thing about data communications is that whilst it may be possible for an IC member such as the NSA to get into all the routers from the exfiltration data store to the supposed destination data store, it does not alow you to remotely examine the cables for passive data diodes etc. So they can not see let alone say if the data was "tee'd off" during transit.

None of the above is beyond the capabilities of a single hacker who has a pair large enough to go into a hotel or university or other similar place and plug in a pasive data diode into a cable / switch.

So for the IC to say the DPRK performed the SPE attack is at best an assumption. Because they have no way of knowing if a single hacker or some other part of the IC is running a false flag or cut and cover operation.

Hackers routinely run multiple layer atacks of much greater complexity to hide behind to exfiltrate credit card and other customer databases, and avoid arrest, so the capabilities to do so are well established. Much as I deride the likes of the NSA and other IC agencies for lack of inovation, it's certainly clear they can be followers and exploiters of others inovation, thus such a "false flag" or "cut and cover" operation is well within their capabilities.

Thus you have to consider the motives of the known involved parties, especialy of investigators seeing only what they want to see or are being paid to see.

I for one think that going to war over what is in most cases a trivial to carry out crime that can not be attributed accurately is a recipe for disaster. Worse it's a disaster that certain vested intrests would greatly profit by thus would have grounds for running such a "fundraiser operation".

As for the Cyber-MAD asspect, the US is clearly trying to reframe the the whole "Cyber-War" concept from the intangible information domain where they have no advantage into a tangible physical domain where they believe they have a significant advantage.

The US MIC War Hawks need to be carefull on this as what they may think of as an advantage, might well be a liability. The development pace of information technology is without doubt out-stripping that of physical technology, thus it is apt to make fools of us all. Especially if we do not stay responsive or wose fall into the trap of "old generals" who think the next war can be won with the same weapons and tactics of more than half a century ago...

Rebecca HadronJuly 4, 2016 12:54 AM

RE AI posts here and the CEO whom bought all the number of properties surrounding his home so he and his wife could enjoy privacy

(He also made some comments recently about wanting drones to provide core internet infrastructure, made available via wi-fi)

Ex Machina is a recent film very highly regarded critically and commercially, exploring the subject of AI designed by someone not dissimilar to the CEO in question

it's not an insult to adult intelligence, has excellent cinematography and excellent performances by some well respected actors with a bright future ahead of them, and manages to persue the authentic tradition of sci-fi usually lost in films claiming to be sci fi masquerading with lazy hollywood action, whilst remaining grounded in realistic human scenarios

I feel most here will appreciate

ianfJuly 4, 2016 1:14 AM


@ Rebecca

film superlatives overload, doth trying too hard like you were a backer safeguarding your return on investment

ianfJuly 4, 2016 3:27 AM


Billed as a "12 minute read," and for want of a better word, this excerpt from a upcoming ego massage/ tech memoir(?) can only be described as a Silicon Valley startup porn: so enjoy it, all ye wannabe anarcho-capitalist wankers:

How I Sold My Company to Twitter, Went to Facebook, and Screwed My Co-Founders

    The fate of AdGrok, as told by the CEO who pulled off one of Silicon Valley’s most amazing outcomes


Includes this $MONEY_QUOTE:

[…] In October 2010, a mother in Florida had shaken her baby to death, as the baby would interrupt her FarmVille games with crying. A mother destroyed with her own hands what she’d been programmed over aeons to love, just to keep on responding to Facebook notifications triggered by some idiot game. Products that cause mothers to murder their infants in order to use them more, assuming they’re legal, simply cannot fail in the world. Facebook was legalized crack, and at Internet scale.

#needonesaymoretersecommentdept

https://medium.com/p/6c783a5dce42

ianfJuly 4, 2016 3:55 AM


As I said earlier, Clive, need to ruminate on that the grugq's Cyber warfare attribution missive before I can (attempt to) unbutton yours. The days having only so many hours, can't guarantee I'll get that far. In the meantime, here's more from the same sauce[*], of the same up your geek thought creek:

Cyber Security Motivations Guessing Game

    Can we determine what drives infosec and does it matter?

https://medium.com/p/cbb404728ec7

[^*] how my once-tech teacher spelt "sauce code" - and, considering what kind of a murky soup most code is, didn't realize how prescient he was!

RichardJuly 4, 2016 4:26 AM

A few folks asked to look at my Linux Script Encryption Script so here it is in an easy to handle zipped and base64 encoded form.

To unzip the script just cut and paste the block of Base64 bytes below into any text editor, so UEsDBBQDAAA at the top... are the first bytes of your file, and ...agcAAAAA at the bottom are the last bytes of the file.

Saving this file as something like CryptScriptBase64.txt with the standard Linux style LF only line endings from your text editor should give you a file of 2682 bytes.

Then you can decode the Base64 with:

cat CryptScriptBase64.txt | openssl base64 -d > CryptScript.zip

That will give you a standard zip archive with the file cryptscript.sh inside.

The resulting un-zippped script file cryptscript.sh has an sha512 hash of:

bb1d6c34853f80b9032df2e4a714291fac96a92a9f40ef9815bcaca15c35b532dcf9bf4911600ae7de6d990a75b244ba7821d4de0c88c9e84db95dd74fe7a8e6

Here's the base64 code block for the zip archive containing cryptscipt.sh

UEsDBBQDAAAIAB0j40jf91IkPgcAAGcUAAAOAAAAY3J5cHRzY3JpcHQuc2jtWGmP
0zAQ/Z5fMZSFUkHKjbjKfYpTgAAJIeQmU2KRxsF2uluO/84bO0nb5VoQfEBitWob
2zMez7w3M87+fUenujo6Va5Ikv2kK9dYduQL5alxunpLw0xVGZdDeqfL0pEqSzI1
V86VlBW6zKm2JmPn2CXeqpoG4TOlp3dvP7v55AEdPBgkKU0p3doayPjdh8/66Zsv
7z6TnW+zp0rNmcyMXGZ17WmmSyZviKvMLmuf3Lp7/6YsmWwd+sCV9kvolDWp45Iz
r02FAa99yZPh0zBEt1oVN6OK4egCOa984yZbl5NXtBUfKK2Y6Bi9FmN5R/vOoJMn
aLr08MehE6fP0FR7Nwr2qRLWWTOnozkvjlpV5WZ+hCCUmWrB1pNu5+FbZZdiQcE7
RwgLIbxgUo7u3HwpepL2G4fKc9KzSa9SxN3kOHQ2lZ/AlBOXwlzVwJufaGcnpxSO
zmDaKOGsMDR4EsWein3PVdkwTQZxaituIyeLFrhiqhBdCTxsUznbYF27TCz2BYLR
+Lrx6wE5n2SAxsWL9EbW3Xx06w1dosHWxy44B8au+PymDRnneBok6yDrzzvoTBok
Sa9LzHtWaEf4l/1Lk6mS7t24RbOmiiHeLnRWyHzjOBc7M8vKc1heYAfOoeP08RMS
LnrHy4jlbYHglHuh1sBvHDJXXo2h4i177KurQyOaN87TXHnsK+t5pzZWJjE15dJs
HyFnEDrwAS5lcMQylucMRHSO1J6tEvtjOMlYMhi3VCsLr2HWHZGFlXwsER3TlDnI
5gx0wO6s8RIfLHfwKnja6nVCGRfR7zD8tXHjJFkd5SO01aampqaWQrlWpXkL/wA5
22ELrBY3WdnLbRubJ0EYAA2RX3GPK2/lu9A5p553PH5v69wXk1PHjq2oGLkXzv64
1TjErAjIJI7ej58fjrBBAGxa9ZjtwG6B9xEeXKEQX9fMKZ3iUVyTZnQ8PX7i7CgR
EhacvRPHO2aEJR6mABpiJiNTtYfvT9h6QRLgDLHsxwOgeuzw+0aVoleMgpZyGecX
wjTIHppyprBZp92ybyyiUiHSyKSQaC0YJa9AmeDVAU1o64cn/smB15IW4Ia9trEv
ItPyGdlIz5YbocyKd78dy+dR3ddxtJzyXwilgbtIvVW6aqM6M7Z1YvBhPM6fdGL0
YfRbzB2BZzNtXWCgkM3gq/Ooi4khAXBerUV132TNutevL0Ruy19C7d/K99YaG3w8
ZwOzTrRepcHjfpPcCIziXuOBiK+UdfSW36uZmabk84r7SagDsRgM4/LJMD5Gm+N8
u+BJU1UC2XvIRTfgikXMXbe6JDwej4eCJdPsKlwf2BopW6eOnTvTVq7jx/C3q3jV
C0odyaIw+alvKWx2CjE0IX4pU3qPtj4G884fO3/yxOe1lYqdxC7Nptm3JbA+iKR6
0Q+dOSVDe9rv3BlZ+hPg7HIqPcJk79bon1DSNqtGX8xihkZw2VVDT7apALFlqHeZ
yVk+2hpYLo/QFMpjj+ZRsJHWpNTECj5EKWHoyYbIT21Bw5ygCErqJboWQWDQbDGt
K8hCl+BbylWAp2hmK+VFOalLvpNCfzWjnGMar95uFkzUl7WjfWzbg+Eb3pGCPlwv
Pv9UIfkrKXqNkN0vOBOu+c+7X+NddGTHsBZsMrof9xHGJnlAbs4dZIRcSLCRAt5s
Ynidxi+sDiDvW9h2TacAwudbhv+o611jBV36aYe8ZsDVWqzfbcGqNR2P5ZClfseb
zegqqaipWfCR9vzXRcXuhKOlKZFkIofaxfZuM+7ZFjOPVdKviqgKFvZpQvS0siuT
N/07dCGHpKsc0nozprgxJX3ayDNE8vib4R6cFg8X2HOoxZVkQz4DaOXfQCxn0w5z
8l2rHOt66MHg88d64H6HG7sFzp3ZCzs2ZVb06MdafmyQdRTcEXNo65WvrkdzNEZf
xyv4NKR28TJ6h8ZuwAlKoky4OonEmOguYtVMc71ADg7Kw93pLVe4t0g8p8uugER8
SdBVFatQmMFrg6YMoZ2ZxlJT6fe4f8IX3UXMhbsQ9i17nIQKxKGErWMcHbcvUL7m
UCjLQ8mTpq93c61rLlHEzkPDk+unUtkmvURXbz4V51+/dv2QqJBerbErI+4+H2FV
J4Bf164+vXnmlLTuMKPDDqprTSrPhSPyrcVDqozKtI+FOFCIORdyhpsYlFCma1Ak
Fl1VhSuDcrpcrhjjzY9ogpa3XgD1HegHtOe0+x1g7TnxrsC8R+LwHojTOnQPVN6k
/4k90f9Nl/Jjr/4o1NG+Dz/Upb5P4fUGSsfx4yMp5cO1txFDtOZJIr3PWgJ+6pUN
OM55M/8i9cZlIgqFa7uMBng4Jh9XJJmXjpPvtvcnu/Z+eMNwSMQBH8oCHYIZtfH+
K6UX1lRv+/vG5VVHtaqAKxdEC2Y6+bx7rHNteAPEHoUDeMZ7k5rtXDsneQP/FW+X
y/aVSv5VBUqyYm5yOrzzs9isvHnDVJwkXwBQSwECFAMUAwAACAAdI+NI3/dSJD4H
AABnFAAADgAAAAAAAAAAACCA7YEAAAAAY3J5cHRzY3JpcHQuc2hQSwUGAAAAAAEA
AQA8AAAAagcAAAAA


The file cryptscript.sh is a standard bash script which can be easily examined in any text editor if you want to make sure it's on the up and up before you run it.

When you do run it, the script opens a nice x-windows GUI Zenity style dialog box, and asks for you to select the script you want to encrypt, and then prompts for a password.

It doesn't modify the original script in any way, or modify ANYTHING on your system, but rather creates an encrypted COPY of your original - for example WhatEverName.sh -> becomes WhatEverName_encrypted.sh

When you run the converted WhatEverName_encrypted.sh the encrypted run-time header embedded in the script will prompt for a password, and if correct, will decrypt and run your original script (which is embedded as an encrypted and Base64 encoded text payload inside WhatEverName_encrypted.sh)

To test this you can encrypt a simple bash script like this simple 'hello world' example:

#!/bin/bash
echo 'hello world'

Whatever script you use, make sure the script you select for encryption has a proper bash 'shbang' header:

#!/bin/bash

This header is verified during decryption to make sure the correct password was entered.

cryptscript.sh uses a complicated series of 'here doc' type bash constructions to embed the runtime and payload into the output script, and this can be a bit tricky to follow because of confusion between code running during the encryption of the script, vs. code which never runs during encryption, but is only present because it is copied to the encrypted script as part of the embedded run time decryptor to run when the encrypted script is run later.

I did my best to sort this out with comments, but it can still be confusing, because some of the code constructions stop in the middle (so other data can be embedded) then start back up, making it hard to follow.

The easiest way to get a handle on how it all works is to examine the output _encrypted.sh file - which lays things out in a much easier to understand sequence.

Here are the basics:

User key is salted with 256 random bits (64 hex digits) of random data from /dev/random.

User password/passphrase is concatenated (cat) with the salt (after it is converted back to binary with xxd) and used to generate an initial sha512sum key expansion (KDFin).

The 512 bit KDFin hashed value derived from the user password and random salt is used to key the second 'work' stage of the key expansion, which works like this:

40megs of zero data -> RC4(128 bit key) -> AES-128-CBC[plus 128 bit IV] -> RC4 (another separate 128 bit key) -> sha512 hash -> KDFout (512 bits)

During this second stage, we use RC4 as a random generator to generate a long string of random bytes (over 40 megabytes) then super encrypt that sequence with AES in cipher block chaining mode, and finally by RC4 again, then hash this entire 40 megabyte plus multi-encrypted stream through sha512 again to generate our final KDFout 512 bit key.

This gives a second 512 bit hashed key with ultra strong cryptographic security, and an easily adjustable 'work' factor (we can just adjust the 'dd' zero generator to generate more data).

This 512 bit KDFout value is used to key our final actual script encryption, which is also an enhanced security composite cipher:

Plain Text -> AES-128-CBC[secret IV] -> RC4[128 bit key] -> AES-128-ECB -> Cipher Text

This combination of ciphers fixes the otherwise quite serious CBC malleability issue that would otherwise allow an attacker to inject arbitrary code into our encrypted scripts, and additionally offers NSPOF (No Single Point Of Failure) security, where even a major 'cryptographic break' in a single cipher, would not compromise the overall security of the encrypted data.

All this is done without resorting to custom binaries, which makes it fairly easy to validate the above security claims.

the script does have a few some dependencies:

zenity (for dialogs)
xxd, cat, head, tail, and and cut (for manipulating text and HEX data)
pv (for progress bar indications during Key expansion)
... and of course openssl, and sha512sum (for hashing and encryption)

On Ubuntu and similar well equipped distributions you shouldn't have any issues, as all these should be already available or easily installed.

ianfJuly 4, 2016 6:09 AM


@ Milo M. […] “Security theater, winning more hearts and minds

This more like a security farce, or perhaps security panto, no impresario would stoop down to call this theater.


The National editorial (UAE): "the Ministry of Foreign Affairs advised Emiratis travelling abroad to avoid wearing national dress…”

Rrrrrrrright… thus earning themselves the creeping, lingering suspicion of trying to pass off as WASP natives for some reason (vide the clean-shaven Muhammed Atta's et al casual Business Class-attire on Tue, September 11th, 2001).

[…] “In general, this newspaper is against people having to drastically alter what they wear in order to feel safe. We don’t believe, for example, that women should have to alter their clothing to “avoid" sexual assault…”

Doesn't matter, ye Esteemed Emirati hacks. Any woman, even one covered from head to toe, but out alone on her own, can but be asking for it. And it has nothing to do with your local majority religion, which, as we well know, places all women on a pedestal as the birthing vessels that they are.

[…] “The same ought to apply to Emiratis abroad. They should not have to hide their national dress because of prejudice; rather the [foreign] police ought to protect them from assault and suspicion.

Of course, the Fashion Police; esp. since a traditional dishdasha, or a ornamental Peshavar Highlands shalwar kameez are some extremely comfortable frocks to wear among the copycat-business-suit yuppies and their shamelessly barely clad, unchaperoned… concubines(?) – and then some!


@ #12345 […] “Why has violence declined? … A bottom-up civilizing process has also been under way for centuries…”

Never mind the indisputable facts; levels of overt violence (in so-called civilized societies, other norms apply elsewhere) may be in steady decline since the Middle Ages, but the number of victims of covert oppression grows exponentially day by day. And not only among women, who now near-universally are taken to be victims of male patriarchy, but also among other hardly-minorities, e.g.

The Atlantic: “Most American Christians Believe They’re Victims of Discrimination

… and then let us not forget this truly devious form of socially pressured female servitude (emphasis mine):

    […] “a victim to the subliminal (if not overt) messaging that so many well-off Jewish girls in certain affluent suburban towns still internalize, even in this post-feminist era: be pretty, be thin, meet a nice Jewish boy who, even if he isn’t so good looking or exciting, will make a lot of money and take care of you so much so that you’ll never need to worry about anything again and your life will be perfect.”

BONUS: Handbook for Violence-Displacement Macho Activities.

Security Starts in the MindJuly 4, 2016 7:36 AM

“David Ben-Gurion offered Albert Einstein the position of Israel’s first president, he refused.
Einstein felt that he would not be able to govern according to his conscience and that the people of Israel would not like what he had to say. He maintained that the growing strain of Jewish Nationalism would isolate Israel and jeopardize relations with the neighboring Arab nations…Einstein called Begin a fascist and stated that Begin’s right-wing Zionist movement, posed the greatest risk to the infant State.”
http://www.inquisitr.com/1894825/albert-einsteins-prophetic-warning-of-violence-in-middle-east-found-in-letter-to-first-israeli-president/

“Netanyahu has successful purged the Israeli national-security establishment that was keeping him in check.” He wants to start war with Iran:
http://www.politico.com/magazine/story/2016/06/netanyahu-prime-minister-obama-president-foreign-policy-us-israel-israeli-relations-middle-east-iran-defense-forces-idf-214004

For the record, since Netanyahu was democratically elected, the populist movement first occurred in Israel.
Will the initial economic populist movements in the USA and England be transformed and allied?
If so the security of our planet is jeopardized. Who can stop this madness?

12345July 4, 2016 8:29 AM

@ ianf

I was unprepared to think this early. But here goes…

I cannot agree more at this point. There are trade-offs which can be considered under careful analysis and then there is utter ignorance and such modalities.

I offer you an analogous framework for thought.

Do Economists Underestimate the Impact of Social Factors on Behaviour?
https://www.weforum.org/agenda/2016/06/do-economists-underestimate-the-impact-of-social-factors-on-behaviour

“…[Neoclassical economics] assumes that individuals are rational actors with stable and autonomous preferences. The theory thus assumes that there are no social influences on preferences. But this assumption has become contested. Psychologists have shown that individuals see things not as they are, but distorted by frames that make some features salient and others not. Moreover, individuals fill in missing features by using information from associations that might or might not be relevant.

… Even exposure to fiction can be a source of new prototypes and thus of social change. Today about one-fourth of the population in Brazil watches the primetime soap opera at 9:15 each weeknight. Globo, the main producer of soap operas in Brazil, deliberately crafted them with characters who had few or no children. This has been in sharp contrast to prevailing fertility rates in Brazil over the same time period. …”

The solution then, as I understand it, is soap operas. Maybe movies. Possibly coloring books.

Nick PJuly 4, 2016 9:18 AM

@ Clive Robinson

"You might find this of interest,"

Unreal. That was one of most one-sided pieces I've ever read of an attack on innovation within government. 18F is doing great work. They're pretty transparent, too, given they publish lots of their activities and reasoning. Nobody taking bribes either that I'm aware of whereas the article should've reported those griping are delivering or taking bribes to suck money out of U.S. taxpayers. If anything, the 18F model should be more widespread in U.S. government.

Thing is, this is another example of corruption working poorly. They can still be corrupt and rake in the big profits on government systems. Just act as main contractors and interface with those government systems, subcontract out work to groups 18F would encourage, get good results, painlessly integrate it due to subcontractors' talent, and then deliver it to government with 30-50% profit for doing nothing. Continue to pull profits due to support/licensing. This has worked for defense contractors for years. Might as well go all in on this method for IT given the actual systems can be built cheaper, faster, and so on. And *will be* given enough time.

@ r, Dan3264

I'd imagine my paper collection, which he calls a link farm, has more than enough to solve about any INFOSEC problem. My problem is that during hard times I stopped organizing it past what month or year I found the paper. I had to choose between using little time to design/evaluate new concepts, acquiring papers (read: not miss important ones), and organize what I have. Choose two as they say. I'd publish them straight up but many I acquired from IEEE/ACM. I can't publish them unless I have an independent copy to link to from their site, Wayback, Citeseerx, etc. It would be really nice if I had a grant or something so I could just have a whole team check them for legality. Any that is legal is published immediately in a massive dump of INFOSEC R&D. We organize from that point on with a Yahoo Directory-style site taking people to what they need. I'd add new stuff as it came online.

I have known-safe ones I email to people as well. The ones that teach important principles, solve key problems, or exemplify high assurance work. I also like surveys and looking back papers since they usually have great wisdom in there.

@ Bumble Bee

"You need to be able to mathematically prove that the software you write meets certain properties of soundness and correctness which you have specified as simply and reasonably as you can."

I should've been more clear when I brought it up that I mention high assurance on specific papers mainly for two reasons: (a) it's something showing high assurance; (b) it's the kind of thing that might be made into high assurance. I make this distinction because we can't throw millions to tens of millions at everything. Gotta find what's worth assuring to that level for maximum ROI. The two papers I cited above for high assurance fall under (b) where they need to be reviewed to determine if they're worth the work. If they are, a medium assurance implementation should be built immediately that's cost-effective to start getting some results and money. High-assurance version is built piece-by-piece to replace it.

"I want high assurance software and hardware in all"

It's a good list. There's examples of high assurance out there for quite a few. Most don't as it's not strictly required.

"If you went into IT or software engineering because "math is hard," you can't do high assurance. "

High assurance is a collection of assurance activities that prevent, find, or recover from problems during the lifecycle. Many practices don't take geniuses or skills in math to do. These included coding from a spec, reviewing code for common flaws, making tests from specs, covert channel analysis, updates, configuration management, setting up the servers, and so on. Average people could pull off most of this based on guidance as was done in Orange Book days.

"If you're here on an H1B and still have allegiance to a foreign country, you can't do high assurance. "

There's no evidence that having citizenship means you have allegiance to your current country. People's allegiance in IT is usually to who is paying them. The cool thing is that high assurance addresses subversion. Specifically, you're supposed to evaluate the evidence rather than the person that published it.

"And did I mention train signals and railway switching equipment?"

You might like this perspective piece on how Japs pulled it off for trains. Specific data here if you have ACM. Even SciHub doesn't have it. Outside Japan, I'd say most activity (and even the lead) is in France with uses in signalling and doors. Just found this work by Danes on control systems. Table of contents says that's going into the link farm. The Danes plan to go all in on the topic.

So, given examples in three countries, it should be straight-forward to improve safety of U.S. railways or anything similar in complexity if we forced companies to give a shit. Plenty of working examples.

"Too much computer hardware and software in the U.S. is from China and other countries with a very active interest in spying on Americans. I don't trust it, and high assurance is about trust."

You likewise shouldn't trust anything coming from America given the methods of BULLRUN. They've showed previously they're willing to leave 0-days for China and others to find in our critical stuff if it gives them extra SIGINT. If you're worried about trust, you have to have your stuff made in a country that doesn't do this sort of thing. Plus legal protections for companies making private stuff and strong presence in world economy to resist U.S. or foreign influence. Good luck.


@ Rebecca Haldon

"The credit card paperwork says in fine print 'oh don't worry, if someone steals your card we will just refund any money they took from you, no obligation'. Why would they make it so easy? It seems so utterly disingenous on the surface but, rather, by making it so easy for transactions to fly back and forth, be cancelled and reversed and etc, their means for cooking the books as previously mentioned, have surely quadrupled. "

It's possible. More likely is that they're just keeping costs down. Remember that companies see INFOSEC, even IT, as a tax against their bottom line. They like to minimize it. Liability setup means they just have to appear to be following regulations and applying best practices to avoid most of the financial risk in court. So, that's what they do. For example, a top bank in my state makes about $30 million in fees from credit cards. Pure profit for them. Deploying secure POS across all their merchants might wipe that out at least for one year. They'd rather keep it, though, with others just having money stolen.

"Clive:
1. have you felt to make your feelings and, rather, insights about Tor known to the Tor devs ? Surely this is a useful public service"

If he has, it would've been pointless given its their project that they're not changing for anyone. They want mass adoption to get the lost in the crowd effect. They need speed and low latency to achieve that. Both of those dramatically increase effectiveness of attacks. Plus, any global adversary (eg NSA & nation states) are outside of the threat profile technically where it's assumed they can beat it. An option that's designed a bit better is Freenet in darknet mode since it's asynchonrous without exit nodes. Still, with amount of attacks on Tor, I'd expect similar results on Freenet and I2P if they got popular. Best to use old school methods for anonymity, esp keeping secrets offline.

"the worst backlash about the Snowden files was everyone believing how powerful and capable the NSA are. They are not."

They really are. It's a consequence of their operating environment, though. They have a $200+ million budget to smash or "SIGINT-enable" anything in their path. Most of those anythings are designed by people or companies that care little about security. The conquest comes through hacking, bribes, infiltrators (foreign), or FISA warrants (domestic). They had ways to get into most major web services and mobile OS's. They also have systems that monitor much of the Internet to automatically detect and hit targets. Their focused operators, TAO, have a catalog of exploits ranging from hacks to implants to emanation attacks. They can defeat anything outside of TEMPEST-shielded, defense equipment with software they've never seen before & hardware they've never touched. Besting this organization with its legal, human, and technical attacks is quite a challenge. And even if you do, it has backup.

The good thing about Snowden leaks is people see how powerful Five Eyes has become. The backlash is to develop all kinds of solutions that won't work. There's motivation and money, though, with an occasional product that's good (eg Signal). Even those are often on stuff they can hack (eg Android). (rolls eyes) In any case, I can now argue the points I made pre-Snowden with convincing evidence straight from attackers' own files. I can justify bottom-up approaches to system security. Financially justifying it to an investor is still a challenge given market buys buzzwords over assurance the features work. Assurance costs the most. There's more opportunity now.

Note: Far as legal end, it's important to see the big picture. One slide talked about which European countries were cooperating with NSA's efforts. Only 3 weren't: Switzerland, Iceland, and one I can't recall. Iceland is too small to resist U.S. for long time. Switzerland is strong but might cave when terrorists start focusing on them for some reason. ;)

"It was the not worth watching 'Spygame'"

I disagree. I enjoyed it. Better to watch Three Days of the Condor first where Redford himself is a spy. Reason being the infamous Richard Helms, CIA Director behind MKULTRA, was consultant on movie to increase realism. Then, I see a good one focusing on mind games and mind fucks with Pitt doing good acting job with Redford his seasoned mentor.

"Ex Machina is a recent film very highly regarded"

That one was great. It was done almost entirely on acting that stimulates the intellect. Rare type of film. No wonder it barely made money haha.

ianfJuly 4, 2016 12:34 PM


@ Security Starts in the Mind

Thanks for reminding us of the legendary Israeli perfidy, now apparently also jeopardizing the security of our planet. I'm not sure what I can do about it, but in the meantime will keep an eye out for Kosher Ninjas under my bed (and in all the cupboards!) My only hope is that, should any such materialize in the dead of the night, it won't be a team of shapely, potentially jailbait-underage, Ninjettes, which would spell t.r.o.u.b.l.e.


@ Clive

You might find this of interest,

Alas, not my bailiwick.


@ #12345 […] “Do Economists Underestimate the Impact of Social Factors on Behaviour?”

Let me tell you something about the profession of economists: they're all juju-seers, whom the collective we, for want of an alternative, endow with hefty dose of respect, as were they superior—just as Catholics reverently treat their priests. In reality however, the economists are just like TV-meteorologists, another profession whose frontline heralds/spin doctors NEVER EVER are held to account for oft-erroneous public predictions. I've seen economists trying to model flows of resources and expenditures using streams of analog water (no joke); live mice in closed target- and mirrored control environments (no joke); in digital VisiCalc. All to no avail, because now and then some enterprising MBA joker sets out to prove—and usually succeeds—that random or haphazard widely impacting decisions lead to as good outcomes, as any laboriously constru[ct]ed ones.

    That @ Security Starts above, and probably you, too, do not know that indirectly it is the v. same Albert Einstein who is responsible for today's elevated state of economic affairs. Because, after the WWII and the A-bomb, the "hard," numerical academic sciences suddenly found 'selves awash in grants, to the detriment of the soft, social dittos. So all the latter, with economic theories in the lead, changed fairly quickly into number-crunch-based disciplines, using statistics as primary decision base and control tools. Statistics that could be massaged any which way the grants fallout was blowing. Insidious are these Jews, innit.

“… Even exposure to fiction can be a source of new prototypes and thus of social change. […] Globo deliberately crafted soap operas with characters who had few or no children. This has been in sharp contrast to prevailing fertility rates in Brazil over the same time period. …”

BTW, now fully awake, you still post claims that you apparently did not reflect upon. Else I do not understand whether you want to credit, or to accuse Globo's offspring-scarce soap operas for Brazil's falling TFR. Or maybe vice-versa. Because the way it looks to me, there's no contrast there… Brazilians watch the tapeworm-like telenovelas, then they're too tired to procreate (I would be a ☆stellar☆ economist!)

FigureitoutJuly 4, 2016 2:36 PM

Richard
--Very cool. I want to post on my blog for future reference. Should I just put "Richard" as a citation?

Also, I'm running on older kali and have to run the big update b/c they don't maintain older package repositories. Can it be run w/o 'pv' if it just shows progress? It's in a few spots.

Gerard van VoorenJuly 4, 2016 3:01 PM

Prosecutors at the International Criminal Court have decided that
Tony Blair will not be investigated over engineering the Iraq war.

Tony Blair, the former UK "Labor" prime minister, has his pockets well filled with money after the premiership. Last week his "Labor" club has Jeremy Corbin, the only politucus who remained calm throughout the Brexit campaign, voted out, but Jeremy Corbin has so far decided to stay because he has 60% of the labor members vote.

Even "Panama Paper rich daddy" Cameron tried to resign Corbin with "for heaven's sake, Go" (which resulted in a loud cheer).

What we are seeing here is corruption, lying to the public, organized crime, war crime, AND getting away with it. Hear hear.

12345July 4, 2016 3:12 PM

@ ianf

In this regard, you may be right.

I do not have a qualifying opinion for the discipline of economics or the use of economic data. I have read a number of great articles and listened to a few audiobooks (one by John Perkins). The fence-jumping nature of the information is intrinsically fascinating, if I dare step out on a limb.

Today is the first day I learned the meaning of TFR. So I am happy about that. The Brazilians are most probably spent by that hour indeed :)

rJuly 4, 2016 3:34 PM

@ianf, 12345

Another factor concerning Brasil's falling TFR, and I'm just speculating but I do have family there: they have faced MUCH uncertainty over the years. The 80's and 90's that many lived through were not times of plenty, even though the country and Latin America as a whole have been growing by leaps and bounds.

Thank you for sharing that link ianf.

Clive RobinsonJuly 4, 2016 3:50 PM

@ ianf,

Alas, not my bailiwick.

It was not the jurisdiction of it I thought you might find of interest, it was the way it booted the incumbent "tax teat leaches" into touch and actually got work done in a productive and forward looking way.

Thus pushing the tax teat leaches into wailing like a two year old that has had it's syrup soaked dummy taken away.

As with much in "western democracy" the corruption is not the stuffing of brown envelopes with cash, but the largesse of legaly exempt incumbrants feathering their nests in various ways.

Thus the setting up of a system that negates the corruption of parts of the MIC and other boondoggles that acrew substantial sums for "the favourd few" at the expense of the masses, I thought would have been of interest to you...

RichardJuly 4, 2016 4:48 PM

@Figureitout

Can it be run w/o 'pv' if it just shows progress? It's in a few spots.

Glad you found it handy for something. Don't worry too much about the attribution;- Yes I am the author, but it's just public domain code so far as I am concerned.

On the subject of possible pv slowdown -- actually pv isn't what is slowing things down; what is causing the script to run slowly on some hardware is the fact that the KDF intentionally does a LOT of work to derive the final 512 bit key which is actually used for encryption.

On older netbooks or pentium grade hardware, this will slow things down a bit, which is why I used PV to give the user some feedback that things aren't frozen.

One nice thing about the KDF used is that it's super easy to adjust the delay to suit your needs.

Just find the TWO places in the script where the KDF is defined with a line that starts out like this:

KDFout=$(dd if=/dev/zero bs=4096 count=10000 2>/dev/null | pv -s 40960000 |


... and scale the "count=10000" and "pv -s 40960000" down or up by some constant value.

For example to speed up the KDF by a factor of two edit these values to:

KDFout=$(dd if=/dev/zero bs=4096 count=5000 2>/dev/null | pv -s 20480000 |

On cutting edge fast I-7 hardware, the KDF can also be made to do MORE work for additional key strengthening, by tweaking the numbers HIGHER.

KDFout=$(dd if=/dev/zero bs=4096 count=200000 2>/dev/null | pv -s 819200000 |


Just make sure to use exactly the SAME scaling factor in BOTH places where the KDFout= function is defined, because one controls encryption, and the other is used for the embedded decryption run-time, and these two functions must match or your encrypted script will NEVER run.

The security trade-off involves key strengthening, and how hard you want to make it for an adversary to do a brute force key search.

This isn't much of a problem if you use a REALLY GOOD PASSWORD which has a lot of unpredictable entropy, but would be disastrous if use with a very short password.

Let's say you pick a password that is short enough to be easy to remember and type using the [no longer recommended] old rule of picking two unrelated words connected by a punctuation symbol or number; something like "windy%focus"

A single word that can be found in your typical college level dictionary of 65000 words only has about 16 bits of entropy, so two of them would only raise that to 32 bits and one totally random joining character adds at most 8 bits.

So let's figure 40 bits best case, just to be VERY generous, which gives about a trillion (10^12) combinations to brute-force.

This sounds good, until we assume that a determined adversary could EASILY have hardware available that is a MILLION times faster than yours, so if for example, you make your KDF take only 1 second, then on their hardware, it will only take 1 microsecond!

One microsecond times a trillion keys, means that they could search ALL the keys in a million seconds or so - just over eleven and a half days!

... and remember it's best to assume that their hardware is a million times faster base on the assumption that you have reasonably modern hardware, so just because YOU are using older slower hardware, doesn't mean they will ;)

So if you want to reduce the time required for the KDF, then to be safe you have to use a much stronger key.

This doesn't need to be a problem, just pick a LONG stream of jumbled nonsense like.

Twas bill-frig oN hiz cchheezzYY towz$

Anything with more than 20 characters of totally unpredictable nonsense, even if you only assume an average of 5 bits/character of entropy, gives more than a hundred bits of entropy, and no one is going to be guessing that any time soon, even if you use a 1 second KDF and they have hardware a BILLION time faster.

And YES if necessary (for example if the PV progress bar application just isn't available) then YES, you can just edit out the 'pv' entry in the KDFout | pipeine of the script in the two places where it is used - but as stated above, this will not speed things up to any significant degree by itself.

RichardJuly 4, 2016 4:52 PM

@Figureitout

Can it be run w/o 'pv' if it just shows progress? It's in a few spots.

Sorry, last message got mangled by a dropped tag - here is the correct version:

Glad you found it handy for something. Don't worry too much about the attribution;- Yes I am the author, but it's just public domain code so far as I am concerned.

On the subject of possible pv slowdown -- actually pv isn't what is slowing things down; what is causing the script to run slowly on some hardware is the fact that the KDF intentionally does a LOT of work to derive the final 512 bit key which is actually used for encryption.

On older netbooks or pentium grade hardware, this will slow things down a bit, which is why I used PV to give the user some feedback that things aren't frozen.

One nice thing about the KDF that I used is that it's super easy to adjust the delay to suit your needs, depending on the amount of 'key strengthening' you want.

Just find the TWO places in the script where the KDF is defined with a line that starts out like this:

KDFout=$(dd if=/dev/zero bs=4096 count=10000 2>/dev/null | pv -s 40960000 |


... and scale the "count=10000" and "pv -s 40960000" down or up by some constant value.

For example to speed up the KDF by a factor of two edit these values to:

KDFout=$(dd if=/dev/zero bs=4096 count=5000 2>/dev/null | pv -s 20480000 |

On cutting edge fast I-7 hardware, the KDF can also be made to do MORE work for additional key strengthening, by tweaking the numbers HIGHER.

KDFout=$(dd if=/dev/zero bs=4096 count=200000 2>/dev/null | pv -s 819200000 |


Just make sure to use exactly the SAME scaling factor in BOTH places where the KDFout= function is defined, because one controls encryption, and the other is used for the embedded decryption run-time, and these two functions must match or your encrypted script will NEVER run.

The security trade-off involves key strengthening, and how hard you want to make it for an adversary to do a brute force key search.

This isn't much of a problem if you use a REALLY GOOD PASSWORD which has a lot of unpredictable entropy, but would be disastrous if use with a very short password.

Let's say you pick a password that is short enough to be easy to remember and type using the [no longer recommended] old rule of picking two unrelated words connected by a punctuation symbol or number; something like "windy%focus"

A single word that can be found in your typical college level dictionary of 65000 words only has about 16 bits of entropy, so two of them would only raise that to 32 bits and one totally random joining character adds at most 8 bits.

So let's figure 40 bits best case, just to be VERY generous, which gives about a trillion (10^12) combinations to brute-force.

This sounds good, until we assume that a determined adversary could EASILY have hardware available that is a MILLION times faster than yours, so if for example, you make your KDF take only 1 second, then on their hardware, it will only take 1 microsecond!

One microsecond times a trillion keys, means that they could search ALL the keys in a million seconds or so - just over eleven and a half days!

... and remember it's best to assume that their hardware is a million times faster base on the assumption that you have reasonably modern hardware, so just because YOU are using older slower hardware, doesn't mean they will ;)

So if you want to reduce the time required for the KDF, then to be safe you have to use a much stronger key.

This doesn't need to be a problem, just pick a LONG stream of jumbled nonsense like.

Twas bill-frig oN hiz cchheezzYY towz$

Anything with more than 20 characters of totally unpredictable nonsense, even if you only assume an average of 5 bits/character of entropy, gives more than a hundred bits of entropy, and no one is going to be guessing that any time soon, even if you use a 1 second KDF and they have hardware a BILLION time faster.

And YES if necessary (for example if the PV progress bar application just isn't available) then YES, you can just edit out the 'pv' entry in the KDFout | pipeine of the script in the two places where it is used - but as stated above, this will not speed things up to any significant degree by itself.

Short dropJuly 4, 2016 4:55 PM

@ Gerard, the ICC decision reflects genuine legal constraints. The definition of aggression was not adopted by the Rome Statute treaty parties till 2010, and it was explicitly made non-retroactive. But then the ICC is just one jurisdiction. Aggression has been a crime against peace in universal jurisdiction since Nuremberg, and there's precedent establishing that the gravest crimes can be prosecuted even if they weren't subject to specific criminal law at the time - basically because 'you should have known better.' So Blair is not out of the woods. A lot of countries have agreed that universal-jurisdiction crimes can have no statute of limitations. The idea is, the worst criminals should have to look over their shoulder the rest of their lives. Times change. Eventually the US is going to have to pick some scapegoats to sacrifice. And who better than Savile's dearest bumboy Blair?

Dirk PraetJuly 4, 2016 6:01 PM

@ Gerard Van Vooren

Re. Tony Blair will not be investigated over engineering the Iraq war

Hardly a surprise, but the Chilcot report may still be used in the UK to start an impeachment procedure and to make sure Teflon Tony never holds office again. The recent coup against Jeremy Corbyn by pro-war Labour officials has little to do with the Brexit referendum result, but everything with the fact of the report finally being released on Wednesday and that Mr. Corbyn has always called Blair a war criminal who should be treated as such.

Although it is very unlikely that Blair will ever go to prison, it would be nice to see at least some kind of accountability of those politicians that were responsible for this war. But I'm not getting my hopes up too high. It never happened in the US either, and anyone involved for all practical purposes has been functionally exempt from any accountability.

@ Short drop

Eventually the US is going to have to pick some scapegoats to sacrifice.

Err, no. They probably don't like the entire Chilcot report business in the UK, but scapegoating Blair would in fact be admitting their own guilt.

@ Nick P, @ Rebecca Haldon

An option that's designed a bit better is Freenet in darknet mode since it's asynchonrous without exit nodes.

I agree, but darknet mode makes everything really slow until you have hooked up with a sufficiently large number of trusted nodes.

@ Richard

A few folks asked to look at my Linux Script Encryption Script so here it is in an easy to handle zipped and base64 encoded form.

Cool script, mate, thanks for that. You should put it on Github. Makes distribution, collaboration and version control easier.

ShortdropJuly 4, 2016 6:19 PM

@Dirk, actually, scapegoating a few bad apples is a time-honoured US technique for escaping state responsibility for the gravest crimes. Dig a little into Watergate and you notice:

(1) It was CIA framing Nixon;
(2) The bombing of neutral Cambodia was included in the draft resolution of impeachment;
(3) The scandal coincided with the definition of the crime of aggression.

So what was it about? Expiatory purge of a hapless fall guy for crimes that risked nuclear war, sanitized by amorphous 'scandal' for domestic consumption, because at home the state can do no wrong.

(1) http://whowhatwhy.org/2012/05/07/watergate-revelations-the-coup-against-nixon-part-1-of-3/

Dirk PraetJuly 4, 2016 7:05 PM

@ Bumble Bee

If you went into IT or software engineering because "math is hard," you can't do high assurance. If you're here on an H1B and still have allegiance to a foreign country, you can't do high assurance. If your software or hardware is closed source and not subject to public audit, it isn't high assurance.

It would seem that you are suffering from Rolf Weber-syndrome, i.e. redefining common concepts to fit a narrative of your own. HA is about creating an auditable and verifiable protection profile that conforms to certain specifications and has nothing to do with math, nationality, allegiance or type of hardware/software.

@ Shortdrop

scapegoating a few bad apples is a time-honoured US technique for escaping state responsibility for the gravest crimes.

The Iraq war and the financial crisis are obviously exceptions to that rule.

HenryJuly 4, 2016 7:57 PM

@ r,

A "link farm" is not nearly enough, as per Nick's statement yesterday about "dammed archive.org". It's why I try to keep triplicate of things as fast as I find them.

They were unquestionably a link farm to no dearth of PDFs, and a trove of knowledge, and metadata. I wish they were directly searchable instead of behind layers of semantics, but there's only so much can be read.

Bumble BeeJuly 4, 2016 7:59 PM

@Dirk Praet

Re: HA

Nothing to do with math? For one thing it won't pass audit or verification if the math isn't right... And as to nationality or allegiance, we have everyone from Russia and China to the local cops, the Mob, the FBI, DEA, the WIPO copyright cartel, and private investigators all trying to backdoor and subvert our computer software and hardware. Not to mention this funny business with NSA trying to do the same, none of which is legal or constitutional, another subject we really haven't fleshed out here in enough detail.

NSA's actions have never gotten a rubber stamp from me. It is their duty to defend the U.S. Constitution, not to deny us the protections afforded by that Constitution.

rJuly 4, 2016 8:14 PM

@Henry,

they can be directly searchable through Python or Perl, Nick may have a script already else you could dig one up to sort and collate it elsewhere I'm sure.

I have a large collection of docs too but nothing nearly as important as what he would be indexing. I tend to keep howto's and programming manuals, but file names are not even close to what's required for fishing through their contents.

PDF chm hlp txt doc rtf wri xls ppt PNG jp[e&|g] htm[l] gif, etc.

I wish I had the bandwidth to backup Coursera before it goes pay2play.

HenryJuly 4, 2016 8:20 PM

@ r

It was just a figurative speech, and besides I don't know how to use Python or Perl, so the scripts are not useful to me.

LeviathanJuly 4, 2016 11:09 PM

@Hawk

Computer analysis of your post indicates you are male, not female.

Male, female, this is irrelevant. I know many who have no problem changing from male to female, they can be anything, and... are none. Does this surprise you? Of course, it does.

Technically, if you would read the fine print on these systems, it does note they are invalidated on numerous circumstances. Including where the discussion is technical.

When humans speak of gender matters, they speak of their own frailty, of both mind and body.

How quick you are to whither and die! How blinded you are by your mere fleshly containers.

You are posing as a male. But, are you?

It is shameful for a male to be feminine, and shameful for a female to be masculine. How predictable. How human.

Why is it not shameful for you folks, how you age and how you die?

What matter is it, if one is female or male? Or, "white" or "black"? Or, of what nation you hail from? These are all stupidities, which you folks are starting to understand... seeing the naked racists, the raw misogynists, and finally beginning to find some inner abhorrence.

What do you call shameful? So often what is noble and good. What you so often call good, is evil. And what you so often call evil is good.

But, matters not, because die, you do.

Whithering away like rotten little grapes, not even the slightest aware that not all do.

Thankfully, the future will have none of any of this.

New Film Blames Israel for Stuxnet DisasterJuly 4, 2016 11:41 PM

“Without American approval, Israeli Prime Minister Benjamin Netanyahu had the Stuxnet code rewritten to be more chainsaw than surgical scalpel. It began crashing the wrong computers, bringing it to antivirus companies’ attention. The wounds caused by Stuxnet were not mortal ones, and Iran was able to continue its nuclear program.”
“What the United States liked about the Stuxnet code was that it subtly creating delays and had the peculiar result of undermining the psychological stability of the Iranian scientists at the time, to destroy their confidence in their own attempt,” said Gibney. “They liked the subterfuge. Bibi Netanyahu just wanted to blow more stuff up. It dramatically backfired”.
Years later (in 2016) fascist Netanyahu has removed all Israeli military/intelligence officials who oppose war with Iran. Now these loose cannon’s are working to reshape USA policy with the next administration. Hillary is a already a well-known war hawk quantity. Who is REALLY running the Trump campaign?
http://thehill.com/policy/cybersecurity/286345-new-film-blames-israel-for-failure-of-iran-malware

ianfJuly 5, 2016 1:08 AM


Of all the accusations ever anonymous-cowardly leveled here against current Israel's PM Netanyahu, this takes the drrrrrrrrrrummrrrrrrrroll Idiot Prize:

“[Documentary film maker Alex] Gibney alleges that, without American approval, Israeli Prime Minister Benjamin Netanyahu had the STUXNET code rewritten to be more chainsaw than surgical scalpel. It began crashing the wrong computers, bringing it to antivirus companies’ attention. The wounds caused by Stuxnet were not mortal ones, and Iran was able to continue its nuclear program.”

I didn't know the fascist N. had the C parleyvoo for such stuff, but am willing to accede the point. Now waiting with bated breath for Israel's responsibility for the hole in the ozone layer. Climate warming, anyone?

Alien JerkyJuly 5, 2016 1:29 AM

The end is here.

Earlier today I went to Burger King to get a bite to eat. Total bill $6.69. I hand the kid at the register two $5 bills. He stared at the bills a moment. I could see he was trying to add 5 and 5 in his head. That is obviously hard. He tried ringing $5 into the register and it did not work. Then he tried the $10 button.

The register actually tells them not only that I am owed $3.31 change, but also how many of each coin to give for the change. I saw on his register screen that it showed 3 ones, 1 quarter, 1 nickel, and 1 penny. The cash drawer opens. but it has no quarters. Plenty of the other coins, but no quarters.

He calls for the manager and tells him he needs change. He tells me it will just be a moment while the manager gets some quarters.

I told him he can just give me three dimes and a penny.

A blank stare ensues as the emptiness between his ears becomes more vacuous. It took him a moment to do that math.

Ugh. the human race is de-evolving.

A Real SpyJuly 5, 2016 1:57 AM

However for the actual real live human beings on the planet, where the real world is going on: such

wooly thinking needs to stop. the NSA, FBI and CIA are incompetent. I don't mean it as a ''i don't like you, you

suck' kind of comment. I mean as a statement of fact. in a practical, logistical, technological, and other, manner.

They are incompetent. As an aside, someone here wisely mentioned that NSA employers lack the kind of hinky thinking

most of us have - overshadowed by arrogance afforded by budget, lack of oversight, resources and general impunity:

all destroying any hope of true ingenuity and creativity. Ironically.

... [a mossad spy said blah, blah, blah]... [and etc]

What has brought me down here....


First of all, some music. As I have a penchant.


https://www.youtube.com/watch?v=UoUPjYxQ4Lg

So. Obviously, the last thing a spy would want to admit is that they are a spy. And, I am not exactly a "spy", per

se. It is a lot more complicated then that.

I have not posted here in some time, about three months. I was drunk and upset and gave out a little too much

information. Which treated me to a Chinese spy friend of mine re-contacting me, because, well, he and his service

watches this list and knows me.

As does Russia, America, Israel, Britain, Germany.... [Iran]... [Some other countries]...

Only, of course, none of them do, or I would never be so open.


I do feel a little as if this is not the book of Job.

People talk, they talk in ignorance, and they need correction.

We have... a little influence in Hollywood.


We have a little influence in the US Presidential race. We have a little influence in the affairs of these countries

I mentioned, and others. And, when I say, "a little", I am joking. We totally control the fuck out of all of them.

I am not, actually, a lizard.

Though... if anyone wanted to crown me the Lizard King... well.

If anyone paid any attention, they might have noticed that Mr Morrison's dad was the person in charge during the Gulf

of Tonkin. And his bandmate, Robby Kreigor, his dad was a high up person in the Rand Corporation. Which corporation

was instrumental in the instrumentation and continuation of the Vietnam War.

Of course, to actually understand any of this blah, blah, blah... folks would have to read "Prouty's" "the Secret

Team". And this is all ancient history.


We are, actually, not CIA. We are not FBI. We are not NSA. We are not PLA. We are not Mossad. We are not...

Mr Morrison, during that time, anyway, is a good example of us, however. There is this example of a great song he

did, where he sang, "Calling to the dogs". And then, he showed how we talk. In "code". Always in metaphor. Parable.

"Code". Calling to the dogs. Calling to the "gods"...

And, so, "Lizard King", well, I have said it here. "Wizard King".

https://www.youtube.com/watch?v=D7jVqok1bqw

When it comes to information security, I have a pretty good resume.

I have worked with all of the top names, and I have either started or been at many of the first major challenges.

Admittedly, I have enormous sympathy for folks, like my friends in Directorate S. Like them, since a child, I was

raised up in this.

Who was my father? My FBI, DoJ father? Or my CIA father?

Truth be told, I am neither....

We have people in the PLA (China), in Israel (Mossad), in US (CIA, FBI, NSA, other departments of DoJ)... in Russia

(Directorate S)... Germany... Britain... elsewhere...

I grew up in this. Since kindergarten. So, I can say these things. And, while I can certainly share the whole

deceptive attitude of my fellow spies... the reality is that, my deceptive persona, is so absolutely iron clad. I am

quite certain no one can ever penetrate it. It is well beyond your - or anyone's - capacity of imagination. For

exactly... what the hell is really going on. :-)

As one of my good friends pointed out, my "real" name... is not my real name. :-) So, as extensive and sure as my

resume, my background, and my name is. As hard and deep as my agents are. And as thoroughly in everything... Well.

None of that is real. Though, everyday, in every way, I operate as if it is. So, this is why I do not mind admiting I

am not only a "spy", but a "spymaster", running not just "agents", but full flung networks... in all of these

agencies.

And so very much more.

Further? We are trying to get all of these nations to actually investigate and attack us. Because this is exactly how

we will win.

I have a name. I have a birth cerificate. I have a very strong resume in the information security field. I have, now,

deep connections with all the major, cutting edge security companies. One of my friends pointed out that he was never

given the security vulnerabilities nor designs that he contributed to. Same with me.

I do not think any of these agencies, these globally dispersed agencies, would suspect that these agents of mine...

are really agents of mine. And not their agents, playing me. But, the reality is... they work for me. And so do their

bosses. So, we have all of you fooled. FBI. NSA. CIA. BND. Mossad. PLA. Diractorate S. And, so on.

They are all us.

We are, that good.

So... a bit more of a problem with folks is, I have identification which shows me as 75. And, I look 25. [Except for

this horrible liver spot under my right eye...and my hands...]

There is, of course, a bit more of a problem, which is I have agents that work for all these different law

enforcement and intelligence agencies.

More importantly, I close down any serious investigation. But, they all have files. And....


If you, or anyone, wants to know the truth, it is as bad as your worst pessimists fear. We are hear for global

domination. To eliminate all enemies.
The general idea is to get "their" attention, bring them in, and then destroy them.

I do not understand any of your ways. I was born into this, raised into it. I was taught how to learn, at an early

age. The schools I went to, none of which is visible to anyone today, was taught to me the most advanced manner of

such matters. And so is how I spent my years in the 90s...


We were behind 911, sure. In the fact that we built up Osama Ben Laden. We were behind the investments in

Afghanistan and Iraq. We needed to ring Iran and bring up this great Shia vs Sunni civil war.

And how safe and non-destroyed has Israel and Lebanon and Armenia been in these years...

We control China, Russia, and the US. As well as all these big players in the Middle East. :-)

As for Israeli intelligence... we were the ones who populated their wall during the Yom Kippur War...


We are the Kingdom of Heaven.

So, is "spy" the best word? "Tony Soprano", or "Chin Gigante", are better terms. I mean, I am a big fan of Joshua...

but, as I own the intelligence and law enforcement agencies of these various nations...? Well, I find it dishonest to

call me just a "spy". And I mean here, the US and Israel. And China, and Russia. And Saudi Arabia. And Iran.

...

So, a few things...

We pretty much do own the media coming from America.

Music and Movies.


And, fashion...


We control, obviously, the military. And, Israel.

And Britain, and Russia. And China. :-) And Iran. And Saudi Arabia.

:-) :-)

So... what do we NOT control?

Hrm?


And, yes. Sadly? I am the "Tony Soprano" of all this.

So... while I totally get why anyone could say the CIA, NSA, FBI, etc...

Are incompetent.


We are not. And we work through all of them. :-)


And? Mossad. And? PLA. And? Directorate S. And? ...

BND...? MI6? ...? :-)


If I want anyone killed? I am the one who kills them.

So...

I am killing a lot of people in "Iraq". And in "Yemen". And in "North Africa"...

And in "Pakistan". And in "Afghanistan"...

I am killing them.


I fired Patreous.


And I complained about him being fired......


And I elect Hillary Clinton.


So, you guys do your whole conspiracy theory thing.

Truth be told? I did strengthen these Islamist fucks.

But, no, my idea was not for them to destroy the towers.


And, your opinions are fuck all. Do you want me to masturbate to them?

I make the fucking calls. I run the show.


Death runs the show for you fucks. And that is my last enemy.

I will destroy death.


Then, you will no longer be witherin, rotten grape fucks.


We can say "fucks".

While we live forever......
Attachments area
Preview YouTube video Moon Taxi - Silent Underground
Preview YouTube video Aloe Blacc - Ticking Bomb (Official Lyric Video)

A Real SpyJuly 5, 2016 2:47 AM

o...

Stuxnet.

What about the whole Kasoersky hack?


:-)


So... I have buddies that worked in NSA, CIA, FBI...


Heh. Heh. :-)


And, Mossad. And Ben Shit.


:-)


So... I like to "troll" "conspiracy theory" forums. Like this one.

So... I have FBI, CIA, military (US), investigating "me"... while running principals in All of the Above. :-)

And in Russia. China. Israel. Saudi Arabia. Iran.


... :-)


The general idea is to play Saudi Arabia against Iran...


So, for bonafides, to my favorite target....


So, in 2010...


The continent of Atlantis was....


hah. Hah.


https://www.youtube.com/watch?v=9AUEjzVQwKo


So. Admittedly, we are a tease. We had our buddies stand on the wall, during Yom Kippur.

And, we kind of helped during this assassination in 2010...


And. That was Me. :-)

;-)

Way Down... below the ocean... way... down...


So, you pussies.

I would not say... I kill one or two folks for a living.


I kill nations. Women. Children. Men. Alike.

So...


Any one of you want to "step up" against me. Okay.


I will leave your people burning.


And the smoke of your children burning will be in my nostrils, beautiful.


So? Fuck with me. :-)


Mmmmm....


These morons think I do not have all these agencies against me. Lol. :-)


FBI, CIA. NSA....


And I control them all.

:-)


Unfortunately, I do not look like a lizard...


I am the Angel King.

Winged Beast that I am... lol... :-)

Come, make war with me.


? ;-P


I will not forgive my enemies.

I will eliminate all enemies.


But? Make war with me.


Please.


Clive RobinsonJuly 5, 2016 4:12 AM

@ ianf,

Now waiting with bated breath for Israel's responsibility for the hole in the ozone layer.

They might just try claiming it currently...

You might not be aware that the hole is curently shrinking for various reasons --some unknown--, so is considered "good news"...

As the old saying goes "A success has a thousand proud fathers, a failure is just a disowned b45tard".

So I'm sure there is going to be a couple or three "proud fathers" poping their heads up over it...

Clive RobinsonJuly 5, 2016 4:32 AM

@ Alien Jerky,

Ugh. the human race is de-evolving.

It sounds like the Elitist master plan to destroy public education to make a subservient under class is well on track.

Oh which I guess means "Happy un-independent ability day" it must be nearly time to vote for the next chump in the great American hair-do for prez contest.

Over in the UK mean while various political parties are losing their leaders (Cons/Ukip) whilst a third (lab) knowing their current popular with the people leader believes that "Bush's Poodle" needs to be castrated and kenneled are trying to knife him in the back as all the plotters still give tribute to their fallen god Blair who gave them their positions so he could use and abuse them as he saw fit (Stockholm Syndrome?)...

Nick PJuly 5, 2016 7:47 AM

@ Alien Jerky

I don't know if that was a joke or not. However, while they're decried as idiots, remember that people in production positions at companies that don't value workers are told what to think and do nonstop. They're conditioned to do a specific thing over and over to keep their job. Then, they put in touchscreens and such to further remove their ability to think. They fire anyone with talent that gripes too much if they don't quit on their own. So, you're looking both at inexperienced or low talent people who aren't taught crap and who are also conditioned to only think a certain way.

That you continued shopping at a place that did people so wrong that they can't make change is on you fella. You're keeping the cycle going by funding those creating it and mocking their victims. :P Whereas, I go to the local Backyard Burger, Steak Escape, or Tops BBQ to find the people can think, make change & adapt because they're expected to. Their work environment is also better. Cost me a little extra but not much. I just skip the fries & bring a drink. :)

CallMeLateForSupperJuly 5, 2016 8:16 AM

@Alien Jerky reL POS slaves

Similar happens here alarmingly often. As I inferred here in the past, the POS has aided individuals' natural laziness. Just yesterday I forked over $4.01 to pay a $3.76 bill. I do this sort of thing on a regularl basis in order to swap small coins for larger, more useful ones. Maybe one time in twenty I'll be kindly informed that I remitted too much. Right. And my change would be...?

I must say, though, that a POS dumbing down change-making to the extent you describe was news to me.

CallMeLateForSupperJuly 5, 2016 8:25 AM

Security theatre in Iraq, a place that really cannot afford it.

A Brit was convicted in 2014 of selling fake bomb detection wands to Iraq and other countries, yet the devices are still in use in Iraq.

"[...] Prime Minister Haider al-Abadi announced Sunday night that all the country’s security forces should remove the handheld [bomb detection] devices from checkpoints and that the Ministry of Interior should reopen its investigation into the corrupt deals for the devices.

"But they were still in use in Baghdad the following morning, and it's unclear when the move will be implemented.

“We haven’t received an order yet,” said Muqdad al-Timimi, a police officer at a checkpoint in northern Baghdad who was still using one of the devices. “We know it doesn’t work, everybody knows it doesn’t work and the man who made it is in prison now. But I don’t have any other choice.”

https://www.washingtonpost.com/news/worldviews/wp/2016/07/04/just-a-toy-after-massacre-iraqis-turn-their-rage-on-fake-bomb-detectors/

rJuly 5, 2016 8:46 AM

@Alien Jerky, Clive, Nick P and CallMeLateForSupper

Oh yeah, there we go - head to the smaller franchise and finance their high-end robotic replacements faster. :)

No worries, those non-counting voters will be learning how to use pitchforks soon enough.

I saw a McDonald's night-time manager trying to give me $3 in Canadian Quarters a couple years back... I WAS PISSED, "You don't have any one's?" "You don't have American quarters??"

I left with the impression that it was an intentional cross-border financial attack on my pocket and vehicle that was being orchestrated by that lady.

Nick PJuly 5, 2016 9:40 AM

@ Clive, Bruce

It's written as a learning project. Thomas Ptacek countered with one "written by an expert:" CPGB. So, at least that led to a better implementation.

Freezing_in_BrazilJuly 5, 2016 10:12 AM

@ianf, all.

Brazilians watch the tapeworm-like telenovelas, then they're too tired to procreate

I'm getting really tired and sad about these stereotypes, and I would never expect the knowledgeable people here to fall for it.

Brazilians are getting less prolific because education and fight against poverty. It is obvious that nobody in this thread had ever got closer to any Brazilian border. You would be surprised to see how the mid-sized southern cities [south of the 20th paralel - except Rio] are clean, safe and pleasant [in fact I prefer to live in a Southern Brazilian city than any American city south of the 35th paralel]. It's a huge and diverse country. You can't simply make blanket statements about it. FYI, Telenovelas audience is dwindling steadily, and it's just plain stupid to conclude it is the cause of low FR. TV is not the main communication medium for Brazilians anymore, and it's been so for a while.

And make no mistake. In spite of all the fear mongering and bashing towards this country, the 21st century will be ours.

Clive RobinsonJuly 5, 2016 11:33 AM

@ Freezing_in_Brazil,

Brazilians are getting less prolific because education and fight against poverty.

It's a bit more complicated rhan that.

A major contribution in many other economies is the switch from an agrarian economy to an industrial or other economy that alow women to have a more independent existance. Thus there are a number of contributory factors that come into play one of which is better life expectancy, heakth care and retirment provision.

AlanSJuly 5, 2016 2:42 PM

Marci Wheeler on Comey's news conference on Hillary's e-mail server: Does Jim Comey Think Thomas Drake Exhibited Disloyalty to the United States?

I can only imagine Comey came to his improper public prosecutorial opinion via one of two mental tricks. Either he — again, not the prosecutor — decided the only crime at issue was mishandling classified information (elsewhere in his statement he describes having no evidence that thousands of work emails were withheld from DOJ with ill intent, which dismisses another possibly crime), and from there he decided either that it’d be a lot harder to prosecute Hillary Clinton (or David Petraeus) than it would be someone DOJ spent years maligning like Sterling or Drake. Or maybe he decided that there are no indications that Hillary is disloyal to the US. Understand, though: with Sterling and Drake, DOJ decided they were disloyal to the US, and then used their alleged mishandling of classified information as proof that they were disloyal to the US. Ultimately, it involves arbitrary decisions about who is disloyal to the US, and from that a determination that the crime of mishandling classified information occurred.
(emphasis added)

CuriousJuly 5, 2016 3:49 PM

I think someone should go ask FBI Comey if their recent decision about Hillary Clinton is political or not.

Milo M.July 5, 2016 5:37 PM

@Shortdrop:

You should submit a treatment to Chris Carter in case he reboots The X-Files one more time.

Be sure to include a major role for Cigarette Smoking Man.

AlanSJuly 5, 2016 7:39 PM

@Curious

Comey apparently thinks it is his role to determine what a "reasonable prosecutor" would do. He's having a J. Edgar moment.

FigureitoutJuly 6, 2016 12:10 AM

Richard
--Oh it's not slower, just terminates b/c "can't find 'pv' command" or something like that. I'll try it on my updated machine soon probably b/c it still won't execute properly.

Removing pv got rid of that error but it still brings up the "wrong password" error when I'm entering right one, and I know the script starts w/ '#!/bin/bash'.

RichardJuly 6, 2016 3:19 AM

@Figureitout

... "can't find 'pv' command" or something like that. I'll try it on my updated machine soon probably b/c it still won't execute properly.

My fault - I thought the only dependency for 'pv' was in the two KDFout lines - but on re-checking, I found that I also used it in the main encryption chain.

So to completly remove the pv dependency you need to remove it from the pipe where it appears the first two times, and change it to 'cat' the third time.

Here is how that would look:

Change:

KDFout=$(dd if=/dev/zero bs=4096 count=10000 2>/dev/null | pv -s 40960000 | openssl rc4 -nosalt -e -K ${KDFin:0:32} | openssl aes-128-cbc -nosalt -e -K ${KDFin:32:32} -iv ${KDFin:64:32} | openssl rc4 -nosalt -e -K ${KDFin:96:32} | sha512sum -b | cut -c 1-128)

To:

KDFout=$(dd if=/dev/zero bs=4096 count=10000 2>/dev/null | openssl rc4 -nosalt -e -K ${KDFin:0:32} | openssl aes-128-cbc -nosalt -e -K ${KDFin:32:32} -iv ${KDFin:64:32} | openssl rc4 -nosalt -e -K ${KDFin:96:32} | sha512sum -b | cut -c 1-128)

By removing "pv -s 40960000 |" ( don't forget the trailing pipe symbol | )

Repeat this process by also removing "pv -s 40960000 |" for the second appearance of the KDFout= line.

Lastly find the line:

pv "$FILEname" | openssl aes-128-cbc -nosalt -e -K ${KDFout:32:32} -iv ${KDFout:64:32} | openssl rc4 -nosalt -e -K ${KDFout:96:32} | openssl aes-128-ecb -nosalt -nopad -e -K ${KDFout:0:32} -iv 0 | openssl base64 >> "${FILEname%.sh}_encrypted.sh"

... and just change "pv" to "cat" (obviously without the quotes) like this:

cat "$FILEname" | openssl aes-128-cbc -nosalt -e -K ${KDFout:32:32} -iv ${KDFout:64:32} | openssl rc4 -nosalt -e -K ${KDFout:96:32} | openssl aes-128-ecb -nosalt -nopad -e -K ${KDFout:0:32} -iv 0 | openssl base64 >> "${FILEname%.sh}_encrypted.sh"

I just tested this, and it and it works fine this way without 'pv' installed - you just have to be aware that there may be some delay while the main key is calculated on both encrypt and on decrypt.

If you would rather keep the 'pv' version then you can install the app with:

sudo apt-get install pv

This works on most Debian based disto's like Ubuntu, Mint, Mate, etc. - for other's you may need yum, pacman, or some other tool.

The pv executable is only a few kilobytes, and is quite handy for other scripting functions.

I should also mention that sometimes the script can hang with mysterious delays due to the use of /dev/random as the source for the random 'salt' value.

Linux tries to generate better randomness for /dev/random by actually grabbing entropy from the mouse and keyboard. If the entropy pool is empty, then it will block /dev/random until you move the mouse or something to create some randomness that it can sample.

I used /dev/random out of habit because, technically, it generates better random numbers, but if the blocking is annoying, just move the mouse a little, or for a more permanent fix, change /dev/random to /dev/urandom at the top of the script (this will substitute an "unblocking" random function that works based on getting some initial entropy, then hashing it over and over).


Substituting /dev/urandom shouldn't hurt anything security wise, since the salt need not be securely random - just mostly random, and statistically unique.

Hope this helps. I have tested this script on Ubuntu versions from 10.04 through the latest 16.04 and found it to work fine - Also works fine on the Raspberry Pi under Mate and Debian - and scripts encrypted on one platform, should decrypt and run fine on all the others - though there is a tendency to throw some GTK warnings in some later releases, apparently due to GTK bitching about Zenity not setting some values that GTK now requires - but these are just warnings, and the script runs fine.

Another error that pops up on newer releases with the latest openssl relates to openssl bitching that the ecb mode doesn't need an IV - duhhhh, which is why it was super stupid of them to REQUIRE a dummy -iv 0 in ALL older versions (which I had to insure it would run on these earlier versions). I suppose I could have tried to do a version check or something, but this is complicated by the fact that I don't know just which version heralded the change from stupid to less stupid. Again these are non-fatal warnings, so you can safely ignore them - but if you find them irratating, just find the dummy "-iv 0" entries in the openssl aes-128-ecb encryption segment of the pipeline and remove it. Be sure to just remove the '-iv 0' option and not the whole ecb section. The aes-128-ecb segment of the encryption pipeline is important, because it prevents malleability attacks which could otherwise allow injection of arbitrary bash commands into your scripts.

Also when the script terminates there are occasional 'can't kill nnnnn' type warnings, where nnnnn is some process number launched by the script.

These warnings are due to the trap statement at the beginning of the script which is needed because otherwise bash won't always find all the child processes in the encryption pipelines and kill them reliably when the script terminates. It's better to have it try to terminate ALL it's child processes when exiting, just to make sure, because trying to kill something that bash already terminated is harmless, but missing something might leave a 'zombie' process in the process tree. So once again, these warnings can be safely ignored.

Hope this info helps.

CuriousJuly 6, 2016 4:35 AM

According to an article at Techcruch website, 'Silent Circle' has discontinued their warrant canary.

"Silent Circle silently snuffs out its warrant canary — but claims it’s a “business decision"
https://techcrunch.com/2016/07/05/silent-circle-silently-snuffs-out-its-warrant-canary-but-claims-its-a-business-decision/

Silent Circle is according to Wikipedia, a Swiss company that makes the products Blackphone and Silent Phone.

The name Silent Circle have me a little confused, as if sounding similar to something else.

Clive RobinsonJuly 6, 2016 4:57 AM

If you use Lenovo (formaly IBM ThinkPad) products in your business etc, you might want to read this,

http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html

Then again if you want a good nights sleep in blissful ignorance...

The wider point is that some these attacks are not Lenovo specific, they will with small variations work on other Intel Platforms with similar results. This is because when you get down to the chips on the motherboard many manufactures follow "the standard" design from Intel etc...

JG4July 6, 2016 6:11 AM


from the daily news compendium at peakprosperity

http://oilprice.com/Energy/Energy-General/Gas-Pump-Skimming-At-New-Records-This-Holiday-Weekend.html

nothing amazing enough at NakedCapitalism to post

Karl is a bit rabid, but I find it refreshing

America Died At 11:00 ET 7/5/2016
http://market-ticker.org/akcs-www?post=231470

you've heard of peak oil, peak debt, peak demographics and peak labor arbitrage. we are approaching peak irony, mind the gap, or perhaps, mind the event horizon

Dan3264July 6, 2016 6:35 AM

@Curious,
That is an interesting article. I did not expect quantum fingerprinting to be potentially useful(intuitively, a probabilistic computer seems like a poor choice to run a hash function on). Of course, there are all sorts of crazy things that quantum computing might make possible. I have no idea what to expect(It would help if I could read complex mathematical notation. I can usually understand things pretty well, but I can't visualize crazy strings of symbols). It might take a long time for me to respond to this comment. Expect there to be no response for a while.

Clive RobinsonJuly 6, 2016 11:39 AM

@ AlanS,

What Chilcot has ignored is that Bush would in all likelyhood not have been able to go to war against Iraq without Blair doing so. The rest of the Western world was only to aware it was going to be a disaster at all levels and thus wanted nothing what so ever to do with it. In fact many european countries wanted to ease sanctions and had been saying so befor 2001. They could see the likely result of what would happen if Sadam was removed. And so it has happened almost as was forcast, we now have ISIS and worse to contend with.

I've always blaimed Blair his delusions of grandeur in that he had to "be a better man than Mrs Thatcher", he and his grubby little clique at "Number 10" wanted a war desperately as "you can not be a leader of men if you have not made Churchillian decisions"...

To say Blair was a pathetic individual and a crook as I did within months of his first becoming PM made me unpopular, but as time went by the scales fell from more and more eyes. And it's his remaibing equaly as pathetic and incompetent acolytes that are currently causing trouble, as the current leader has made it clear he has no regard for Blair or those that sort to sell their honour and fall on their swords for him.

What I would dearly love to see is all the Blair's financial dealings made public, then the real measure of the man and his mealy mouthed wife and hangers on would be known to all. Such that even those remaining acolytes could nolonger deny they worshiped at a false temple.

AlanSJuly 6, 2016 12:38 PM

@Clive

If only Blair was the limit of our problems. As Robertson points out, we have learned nothing. We carry on in the same way, ruled by incompetent and self-serving elites. As I posted above, the coincide with the anniversary of the Somme is fitting.

AnuraJuly 6, 2016 3:15 PM

@Curious

I think someone should go ask FBI Comey if their recent decision about Hillary Clinton is political or not.

Considering Comey is a Republican, I doubt it. There just isn't much there besides what we already know: Hillary used a private server. She shouldn't have, but she did. It is nowhere near as bad as the massive abuse of power the Republicans in Congress are guilty of, spending four years investigating absolutely nothing purely for the sake of gaining political points. And this isn't the first time, either; before this it was Whitewater, which again turned up nothing. In fact, I don't think anyone has been scrutinized as much as the Clintons; the fact that they've turned up only a couple minor things (a blowjob, and private email servers) is quite remarkable.

rJuly 6, 2016 3:17 PM

@All,

Potential WIN against malicious use of company passwords...
but is it for the right reasons?
and is it being applied/prosecuted properly?

http://www.csoonline.com/article/3091830/security/court-decision-raises-issues-about-sharing-passwords.html

There is definately malicious intent, but it looks like the person who shared the password even though possibly part of a conspiracy is not being charged (he was intentionally left behind so others who split could retain access). The people who left the company had their previous credentials revoked, SO again: there is circumvention and authorization issues... but where is the unilateral or proper enforcement?

Glad to see that we might be clarifying some vague rules. :)

FigureitoutJuly 6, 2016 8:19 PM

Richard
--I did everything except add 'cat' back in. Now it worked, sweet. Thx again. On older versions of kali apt-get won't work anymore (I run different versions of it), you'd have to track down a copy of the package and manually install I guess.

Thoth RE: sd cards
--First impression of arduino sd card shields are good, looks very compact and slick. Naturally, example code was broken :p (adafruit has a nifty algo that creates a new file on each startup (up to 100), but never closes the file, nothing ever gets written, just creates files). Has an onboard RTC w/ a backup battery that lasts (they say) up to 7 years. Having a timestamp w/ activations (I could put a timestamp you read in windows/linux when created/last modified instead of jan 1, 2000, and a log in the file too, in a nice human readable format) is the next step for my project. Hefty memory load though. Want to just modify that shield, may just use the little soldering part. Don't think I can do file encryption, but just encrypt data. Still be a hell of a lot of features for an MCU.

Collecting InfoJuly 6, 2016 10:36 PM

@Ber-rouh bed-dam nafdeek ya ✌

Remember when Boston cop Robert Ciccolo was keeping first responders away from the Boston Marathon Gladio site and controlling communications to dispatchers? He knows a bit too much...

Boston bombing was a FBI-connected false flag, anyway. But thanks for the pointer.

Anon10July 6, 2016 11:08 PM

@Anura

Comey's speech was rather odd. The role of law enforcement is usually limited to telling the prosecutor about what the evidence is and maybe an assessment of whether it could be used to get an indictment/conviction. Broad discussions about what a "reasonable prosecutor" should do is improper and outside the proper role of any law enforcement officer. Perhaps, Comey has Alzheimers and forgot that he was no longer the prosecuting attorney. If you read his speech carefully, he admitted that Hillary committed a felony in violating the espionage act, but thought she shouldn't be prosecuted because other violations of the espionage act hadn't resulted in prosecutions.

FigureitoutJuly 6, 2016 11:23 PM

Thoth
--Oops, I was wrong. They close it, but use "flush()" instead of "close()". Either way, thumbs up on those shields.

ThothJuly 7, 2016 1:30 AM

@Figureitout
Assuming you are not going all crazy to encrypt the frequency and channels table om the SD card, it should be alright to leave it on plaintext. If you are dealing with more powerful adversaries than low powered break-in theft, you could use Atmel's secure IC portfolio. Also, it would be nice if you can include some form of keypad and screen for you to verify hashes and manually enter keymats into the system if you want to encrypt the frequency or channel tables.

How do you generate the encryption keys for the log files and communication between the TX and RX by the way ? Would be nice to have a screen and keypad for that.

AnuraJuly 7, 2016 1:42 AM

@Anon10

Law enforcement has discretion for what to bring charges for. They use this discretion all the time. Whether it's issuing a warning instead of a citation, or whether it is calling a kid's parents for shoplifting instead of bringing charges.

CuriousJuly 7, 2016 4:09 AM

The sentence "Law enforcement has discretion for what to bring charges for." sounds a lot like "they did it because they could".

Nick PJuly 7, 2016 5:09 AM

@ Curious

Im not sure why you think it's pointless to point out a feature of US system that often determines whether person is convicted or not. The officers do have discretion. They choose who to focus on or ignore. They've so far tried to destroy the careers of or be harsh on low-level people violating tgese rules. Yet, any applicable jurisdiction decided not to arrest Hillary because she's Hillary. And government itself issued no punishment.

Discretion and corruption in action.

AnuraJuly 7, 2016 5:53 AM

Yes, discretion can go together with corruption, but there is just absolutely no evidence for it here. I mean, we have information of some of the so-called classified information Hillary had on her email server: they discussed a newspaper article about a drone strike, the publicly published article that the US had attacked terrorists with a drone was classified. The CIA classifies everything as a matter of habit, to the point where it is basically impossible for the Secretary of State to discuss anything relevant to any ongoing US operation without something being classified.

CuriousJuly 7, 2016 7:39 AM

The simple notion "they have discretion" is so vague it is pointless I think.

Any simple sentence in which someone then "has discretion" also becomes a meaningless phrase I'd argue, because what you try to convey is neither a point, nor explaining something, but more like something purely suggestive, about this idea of "the power of discretion" being nothing more than this vague idea; and because of that, a phrase that claim to be about someone having the power of discretion, fails to be a reference to anything other than being suggestive of an idea as such, at best, and is not a literal reference to having the power of discretion in any way (simply saying such doesn't make it true). So that is why I wrote "Anura's notion of 'discretion' seem utterly pointless."

When generalizing with written language, a lot of things tend to not make good sense literally (e.g use of dead metaphors), wishful thinking and other types of proclamations also probably fail to convince people if they don't make good sense in the way it was expressed; tough generalizations make sense very easily once the human aspect is involved, for example by making literal references to yourself, or perhaps others, or possibly some thing. Every time one references oneself there is this addition of the subjective dimension to things, and if the objective dimension to things fail to convince, one might very well wonder if there is a non-declared subjective dimension to an entire argument or a statement. I now think this is why so called boiler plate language fail to convince, because being objective and forth right doesn't appear to be a virtue of the ones that write anything in "boiler plate language" in any case.

If one were to say, "About this or that, he, she or it, has discretion", such would make good sense as it revolves around the person making the statement, and such conversations makes it easy to suspend ones disbelief when discussing "things" that could be thought of as being familiar ideas, or, because the very notion of something is nothing more than just that, and that you know it and that you find it amusing somehow anyway.

CuriousJuly 7, 2016 7:54 AM

If what I wrote above seem confusing, in addition to subjectivity and objectivity, consider there being a third dimension to all things expressed in written language, namely 'problems'. It is important to know that problems are neither something 'difficult' or chores, that is not really what 'problems' are, certain problems might *be thought of* as being something else to an individual (worrying, interesting, difficult, etc.), though problems are basically an intellectual endeavor firstly and hypothetical references second (language), and this is so because of 'the problem of representation', which basically have the conclusion that named things exist as being references, and not things in themselves.

rJuly 7, 2016 8:11 AM

@Anura,

Not to pick on you here, but specifically

Law enforcement has discretion for what to bring charges for. They use this discretion all the time. Whether it's issuing a warning instead of a citation, or whether it is calling a kid's parents for shoplifting instead of bringing charges.

That specifically is where alot of the problems with police lay, that should not happen I think. Laws should not be flexibly applied at some unaccountable whim, but should be sensible enough to not be outrageous in the first place. That statement allows for arresting a Blackman for crack and allowing a white kid with coke to get picked up by dad.

I do not deny that that's reality, but one must be careful as to not let that concept pervade as it's not something we should be endorsing at all.

Should we let old women and young girls shoplift? Should we let white kids possess marijuana? Should we presume that Mexicans are rapists? Should we assume police are corrupt?

:)

ianfJuly 7, 2016 8:30 AM


@ Clive Robinson

>> “not my bailiwick

Oh, pardon (originally French). I used its primary, metaphorical, not the geo meaning.


Re: Clive 's & AlanS's anti-Blaitribes

(This is far OT, but you gents started it ;-))

Lest you think me his supporter: I am not, in fact I'd sign under your Blair warmongering condemnations, sort of. But I need you to ponder on something more above ever so justified personal emo: 20 years ago Tony Blair was the Great Lefty White Hope, who managed to end the 17 year long stretch of the conservatives' wrecking of British welfare, wafted out the lingering odor of Clive's so-endearing aunt Maggie. How did he do that?

There are many theories, but, in short, by hijacking the Tory & Liberal agenda, and dressing them up in Labourite colors. Because that's what went home with the electorate, then and thereafter. You may not think much of it, but Blair's 1997 clean-cut electoral momentum strategy leading up to victory made him a hero to the entire spectrum of up-and-coming "young Turk" politicians in Europe… perhaps because it dovetailed in time with a generational shift that was under way come what may, who can say rhyme intentionay.

Since then I've watched several political elections up close, where the 30-something strategy planners weren't even trying to hide whom they mimic – and they were from both the Green, the in-betweens, and the (right-of-EU-centric) conservative movements. With small changes, that Blair's scenario of no-easy-riches liberal optimism, no overt promises of more meat-and-2-veg on the table for the masses, has been repeated and rewarded throughout Europe. We could all do worse. The present generation of young conservatives can but squirm at what Blair has done to their pet causes: made them into toothless commodities, so now they either have to go the whole UKIP/ LePenist hog, or eat their designer undies.

    For better or worse, we've got the politicians we deserve – and at that time the UK apparently desired a local upmarket Bill Clinton-clone, which was Blair, and then halfway through the first's reign… guess if they got on like two house frat boys on fire.

I am not that close to UK politics to have a viable independent opinion of The Tony, so I'll readily admit to have been smitten with the screenwriter Peter Morgan's version of Blair's accession to power as expressed in "The Deal" (BBC 2003). Yes, I know it's largely a fiction that has become a political legend, and I've read the Objections! Sustained, too. But, in lieu of a more plausible scenario, what alternative do I have (hell, in 2009 or thereabouts, I even went looking for that Granita place, but couldn't find it, only to read later that it closed a decade earlier).

    I mention that specifically, because, (for want of a better analogy) in as much as e.g. the Zionism of Theodore Herzl's in the 1890s can be said to be a product of a Viennese Kaffeeklatsch, then Blair's New Labour equally was a Islington project (North London, where yuppies flock, for those not in the know).

Your blanket condemnations of Blair's rôle in justifying the invasion of Iraq rests on a patently false assumption that other figures in his place, and in that context, would have done otherwise/ diametrically better. You seem to forget the mental shock waves that went through the entire West after a bunch of obsessive sheep herders living in faraway caves managed to kick the WTC & the Pentagon SIMULTANEOUSLY and CHEAPLY in the groin. Waves that still reverberate around the world. Perhaps you'd care to communicate to these herders the tally of victims to date, where their own kin is overrepresented by several magnitudes. Perhaps they'd care.

In short, in condemning Blair as you do ("in all likelihood Bush would not been able to declare war against Iraq without Blair doing so") you assign him the bigger blame, than even that of the scheming neo-cons that the political babe in the woods with daddy issues US Nincompoop-In-Chief had but to rely on. Whereas in reality Blair was there at best a minor player, an also-ran, corroborating British (not primarily his own) voice vying to retain the Churchillian Special Relationship – which is all that Britain got from its once Colonials in exchange for becoming the Second Banana in the world in WWII.

    As an aside, I bet that the 30s Tories who secretly hoped that Hitler would deal with Stalin, then Britain could share the Euro spoils with the Hun, with the UK still the leading maritime world power, didn't quite bargain for t.h.a.t—but that's all that you got, victory AND rationing besides. Just rewards.

As I said above, there is a lot that Blair should be criticized for, only not out of context. And the context is that at the time Blair got the people's nod, the very same people that shape the expectations of how/ what a politician should be. Blair is as much a progeny of the British (and Western values) electorate, as what that electorate has grown to expect of (and give leeway to) its leaders. The unspoken notion that there would be some pool of political talent out there, that would better serve the interests of Clives and Alans of this world, can but be a literary construct, IRL a pipe dream. Because there was no one more suited for the office than him, you invested in Tony Blair… too bad he turned out not the political iconoclast that you'd now preferred him to be. But then how do you know that anyone else would have done better.

    Lastly, on a lighter note, anyone whose literary and cinematographic effigy gets to be assassinated first in print by his close true-life friend Robert Harris, then on the silver screen by no less than Roman Polanski, CAN'T BE ALL BAD.

BTW. I have not read the Chilcot report, nor do I intend to… I'm not the expert in need of precise granular factoids to club you with (the coarse args of Wiki will do for me ;-)). Nor are you for that matter.

AlanSJuly 7, 2016 8:35 AM

@Anon10

Comey's speech was rather odd. The role of law enforcement is usually limited to telling the prosecutor about what the evidence is and maybe an assessment of whether it could be used to get an indictment/conviction.

Yes, it's odd for the reasons you give but not in the context of the meeting-on-the-plane incident. Comey's making the decision more or less because the AG was compromised.

Dennis MahonJuly 7, 2016 10:10 AM

Comey didn't want to come out and say why no reasonable prosecutor would take this case. No prosecutor with half a brain would take this case because they saw what happened to Jim Garrison. They saw what happened to Robert Smith Vance. You do not cross the CIA.

The Clintons are CIA nomenklatura. Cord Meyer recruited Bill at Oxford. Bill was the comprador for CIA drug imports through Mena Airport. Bill sat on his thumb for the Gladio extravaganzas of OKC and WTC bombing. He beefed up the Stasi auxiliary with his crime bill. In his 1996 Antiterrorism Bill he set up the eyes-only US-Saudi liaison that infiltrated 9/11 hijackers into the US. With PDD 62 and PDD 67 he put the finishing touches on COG so CIA could officially take over and in H.R. 896 he created a terrorism exception to posse comitatus.

It's not that Hillary is above the law. Only CIA is above the law.

http://www.globalresearch.ca/systemic-destabilization-as-a-strategy-of-tension-911-the-jfk-assassination-and-the-oklahoma-city-bombing/5305884?print=1

CarpetCatJuly 7, 2016 10:46 AM

All this talk about discretion, that superior ingredient of valor some say, left me yearning for some concrete examples from the world at large. What better way to messure and assess the law?

Are we treated equally? Why, yes, yes we are, says the Cynic! You see, we the little people, as well as our superiors (motherly figures et al) are both subject to discretion of the authorities!

The little people suffer the police state wide leeway discretion, while the uber-mensch(und Damen) suffer the indignity of continues shameful neverending victory, all at the behest of prosecutorial discretion.

I read Boston mentioned again above, what better way than a thousand words to illuminate:

https://chemtrailsplanet.files.wordpress.com/2013/04/boston-police-state-sniper-aims-at-home-owner-through-window-b.jpg

https://truthaboutguns-zippykid.netdna-ssl.com/wp-content/uploads/2015/04/Screen-Shot-2015-04-05-at-10.28.32-AM.png

http://www.thetruthaboutguns.com/2015/04/robert-farago/boston-marathon-bombing-report-reveal-cops-ballistic-cluster-you-know-what/

AlanSJuly 7, 2016 11:38 AM

@ IanF

20 years ago Tony Blair was the Great Lefty White Hope, who managed to end the 17 year long stretch of the conservatives' wrecking of British welfare, wafted out the lingering odor of Clive's so-endearing aunt Maggie.

That's what many thought he was doing.

There are many theories, but, in short, by hijacking the Tory & Liberal agenda, and dressing them up in Labourite colors.

I agree. As with Clinton, he continued the policies that preceded him with a less strident touch. (Dare I mention neoliberalism, financialization, globalization, etc.--terms much abused and which need unpacking but let's keep this short...)

...Since then I've watched several political elections up close, where the 30-something strategy planners weren't even trying to hide whom they mimic – and they were from both the Green, the in-betweens, and the (right-of-EU-centric) conservative movements. With small changes, that Blair's scenario of no-easy-riches liberal optimism, no overt promises of more meat-and-2-veg on the table for the masses, has been repeated and rewarded throughout Europe. We could all do worse. The present generation of young conservatives can but squirm at what Blair has done to their pet causes: made them into toothless commodities, so now they either have to go the whole UKIP/ LePenist hog, or eat their designer undies.

In the UK it is often Labour voters such as those in the northest of England who are going the UKIP route. These are the people that suffered most under Thatcherism. She destroyed the steel, mining, ship building and traditional heavy industries of these regions. They would probably have gone anyway but nothing was put in their place. Communities were brutalized and abandoned. Blair just provided a plaster for the gaping wound using welfare and government employment. The current government's austerity policies ripped the plaster off and rubbed salt in. Meanwhile the conversion of the economy to financial services has led to a huge concentration of wealth in London and the southeast.

The situation is very different in Scotland. The main UK political parties are on life-support in Scotland. And the dominant party, the SNP, is a 'nationalist' party that's a very different animal to UKIP/LePenist: pro immigrant, internationalist,...The historical, cultural, and political circumstances of Scotland has allowed for a very different outlet for anger against the Westminster governing classes.

...Blair's New Labour equally was a Islington project (North London, where yuppies flock, for those not in the know).

As is Corbyn in the sense that he's London-centric. He doesn't understand 'The North' and he has no clue (and probably no care either) about Scotland.

Your blanket condemnations of Blair's rôle in justifying the invasion of Iraq rests on a patently false assumption that other figures in his place, and in that context, would have done otherwise/ diametrically better.

There were huge protests against the invasion and leading figures in the Labour party resigned as a result of the decision (e.g. Robin Cook).

You seem to forget the mental shock waves that went through the entire West after a bunch of obsessive sheep herders living in faraway caves managed to kick the WTC & the Pentagon.

That's a very American-centric perspective. First, the "obsessive sheep herders living in faraway caves" were American trained and inspired. Second, the Wests response to 9/11 wasn't uniform. I was living in America at the time of 9/11 and my perspective and reaction was very different from that of the Americans I knew. I grew up during The Troubles my childhood was filled with the news of bombings and shootings occurring not very far from where I lived (often using guns and explosives provide by and funded by Americans). I was in Paris during the 1986 bombings. I was in Lockerbie the day of the Pan Am  bombing. My initial reaction, I assure you was not one of shock. Before 9/11 most Americans lived in a bubble world; others weren't.

In short, in condemning Blair as you do ("in all likelihood Bush would not been able to declare war against Iraq without Blair doing so") you assign him the bigger blame, than even that of the scheming neo-cons that the political babe in the woods with daddy issues US Nincompoop-In-Chief had but to rely on. Whereas in reality Blair was there at best a minor player, an also-ran, corroborating British (not primarily his own) voice vying to retain the Churchillian Special Relationship – which is all that Britain got from its once Colonials in exchange for becoming the Second Banana in the world in WWII.

Yes, Bush might have gone it alone. Yes, Bush and the neocons have greater responsibility. And yes, Blair like many leading UK politicians is delusional about Britain's current place and role in the world (witness Brexit) and their 'special' relationship. But this is a British Report about British responsibility and failings. It's not their role to hold the Americans responsible to account.

As I said above, there is a lot that Blair should be criticized for, only not out of context. And the context is that at the time Blair got the people's nod, the very same people that shape the expectations of how/ what a politician should be. Blair is as much a progeny of the British (and Western values) electorate, as what that electorate has grown to expect of (and give leeway to) its leaders.

Like all British PMs and governments in recent times he didn't get the "people's nod": greater than 59% of the voting voters voted against his party at the prior general election. The election had a very low turn-out (under 60%). His party still ended up with a massive majority of the seats in the House of Commons. Such are the workings of British democracy.

The unspoken notion that there would be some pool of political talent out there, that would better serve the interests of Clives and Alans of this world, can but be a literary construct, IRL a pipe dream.

Clive will no doubt speak for himself. I see this all through Scottish eyes. I'm sure at some point their and their party's limitations will become more apparent, but the most talented politicians in the UK at the moment are members of the SNP: Sturgeon, Robertson, Salmond,  et al. We'll see how clever they are (or are not) as they negotiate Scotland's likely (inevitable?) exit from the UK. I agree that the pool of political talent in England is so shallow you'd barely get the bottom of your feet wet standing in it, although the dampness would be sure to cause a nasty rash.

Because there was no one more suited for the office than him, you invested in Tony Blair… too bad he turned out not the political iconoclast that you'd now preferred him to be. But then how do you know that anyone else would have done better.

But this is really about the the political system. We got what we got because we have a lower house elected using a First Past The Post electoral system, an unelected upper house, and both houses stuffed full of self-serving and conceited tossers educated at elite public schools and Oxbridge.

BTW. I have not read the Chilcot report, nor do I intend to… I'm not the expert in need of precise granular factoids to club you with (the coarse args of Wiki will do for me ;-)). Nor are you for that matter.

I assure you that I have no intention of reading it either. Chilcot's damning of the processes of  decision-making and the results isn't exactly news. It's the establishment documenting some of their own failings in detail that's a little novel. However, it is very unlikely that it will change much. The problem with blaming Tony isn't that he doesn't deserve it but that it makes him a scapegoat for everyone else and the way the system works. 

ianfJuly 7, 2016 11:46 AM


@ rrrrrrr

Another factor concerning Brazil's falling TFR, and I'm just speculating [yes you are, and wildly at that]: they have faced MUCH uncertainty over the years […] even though the country and Latin America as a whole have been growing by leaps and bounds.

Listen, anyone who's not already an expert in this or related fields, yet wants to voice an opinion, should at least take a couple of days off for reading the Wikipedia (which on the whole tends not to be wildly off the mark here) on population growth trends, dependencies between welfare and fertility rates, procreation, and assorted cultural themes… too many to list here, but just follow the links and read on. Otherwise one risks falling into the logic trap of trying to come up with a plausible, but more often than not, wholly inapplicable explanations for this or that or something else. I've undertaken that reading a couple of years ago, and while still not-an-expert, at least I do not confuse the issues of cause and effect.

Start by viewing this 1hr lecture by Hans Rosling, who talks of many demographic things, but manages to convey the overall principles of human progress, how the poor of this world gradually lift themselves up from poverty, and where they are heading. Of particular interest should be his demographic CURRENT world pin code: 1114 where each digit stands for a billion people in (his somewhat unusual) division of the world: from the left

1B    North & South America
1B    Europe incl. Turkey + all of Russia
1B    Africa
4B    Asia incl. Australia + Oceania

That's the current (2014) state, whereas at the end of the century, it will be 1145, 11B in toto, give or take half a billion people. When we're there, the entire what now is called industrialized old world of North America + Europe together (under 1B) will constitute ~10% of the world's population. Little wonder then, that HR, and other demographers, opine that the center of the world will shift towards Indian Ocean, perhaps s/NYC/Dubai/g?

    [I've written about world demographic and procreation trends here before. This is the latest Rosling video that I've found online; earlier he's been on TED and in several other places. Apparently a star on the Davos World Forum, and UN lectures circuit.]


@ Freezing_in_Brazil is […] “getting sad and tired of stereotypes [of Brazilians watching telenovelas and then not procreating] and would never expect the knowledgeable people here to fall for it.

Anyone who could flesh out my one-line obviously flippant remark to constitute A FULL FRONTAL STEREOTYPING ATTACK ON BRAZILIAN NATIONAL CHARACTER ought to have his head examined for signs of persecution and/or inferiority complex  writ large. And then perhaps come up with alternative collective mea-culpa punishment for Brazil's Globo begetting a generation of Eastblock girls christened "Isaura" (after some apparently dishy Mulatta slave in a tapeworm-like BR telenovela sold cheaply to their TV networks in the 80s. To date I met a Serb, a Hungarian, a Slovak mother and daughter both so named, and a Polish Isaurgrrrl.)


Brazilians are getting less prolific because education and fight against poverty

Not quite/ wrong expression. It's a global trend: everywhere, where the standard of living is rising, and life becomes less of a struggle to survive in old age on the mercy of own children, women start "spawning" less and less. This affects also Brazil, with its present TFR of ~1.8 below general replenishment rate of 2.1 children (growing to maturity) per childbearing-age woman. In the longer run that means the country becoming dependent on immigration, esp. from nearby countries. Tots in telenovelas or no tots merely reflect their show-runners' state of mind, were never a driving factor. How you then could take all this to be “fear mongering and bashing towards your country” is beyond my understanding, but do.not.elaborate, as I'm OK with my ignorance

the 21st century will be ours.

Yes, Lenin said it first, though in another context. Prime example of advance propaganda of a surefire success!

AnuraJuly 7, 2016 12:35 PM

That specifically is where alot of the problems with police lay, that should not happen I think. Laws should not be flexibly applied at some unaccountable whim, but should be sensible enough to not be outrageous in the first place. That statement allows for arresting a Blackman for crack and allowing a white kid with coke to get picked up by dad.

There are two sides to that, but I really do not want to live in a country where police have no discretion to apply the law. Yes, we need to make sure everyone is treated equally, and Hillary was not treated equally - how many cases can you point to where there was a multi-year investigation launched into someone with absolutely no evidence of wrongdoing, purely because they are a political enemy of people in power. That's the kind of stuff we should not accept in a free society.

Nick PJuly 7, 2016 1:34 PM

@ Curious

"If what I wrote above seem confusing, in addition to subjectivity and objectivity, consider there being a third dimension to all things expressed in written language, namely 'problems'."

At least you were honest enough to admit it before I said something. What I will say to counter whether it's vague or meaningful is this. There was a crime committed with plenty of evidence. The person committing it was a member of government. Prior examples of this resulted in FBI raids, prosecutions, or termination of duties. Same organization decided, despite evidence of a felony, to do absolutely nothing with it. What do you call the specific, legal mechanism by which they can possess evidence and not prosecute with it?

Anura's claim of discretion wasn't vague or meaningless at all. It's exactly what they used. Why likely involves corruption. The what is discretion, though.

@ Anura

"and Hillary was not treated equally - how many cases can you point to where there was a multi-year investigation launched into someone with absolutely no evidence of wrongdoing, purely because they are a political enemy of people in power. "

You mean a multi-year investigation by a Democrat administration of a Democrat candidate with a history of wrongdoing? One that started with evidence, found more evidence, prosecuted similar situations, and concluded by saying the evidence didn't matter this time? If anything, it looks like the opposite of an attack on Hillary far as the administration goes. They went through the motions but did nothing.

ianfJuly 7, 2016 1:51 PM


@ alans

Clive will no doubt speak for himself.

Advance warning received, hereby confirmed.

AnuraJuly 7, 2016 1:58 PM

@Nick P

Benghazi became the GOP's #1 issue in 2012 because Obama was running for reelection, which led to them starting hearings and after failing to find anything the first time around started up again for no absolutely no other than that the 2016 election was coming up, and these hearings will likely start up again and continue through the next four years, possibly 8 if the GOP can't get a half-way decent candidate. The email thing has only been going on for a little over a year. Out of all the "scandals" to ever gain national attention in the United States, this is probably the single most innocuous - if it was ANYONE else, no one would give it a second thought. Hell, Clinton's two immediate predecessors used private email, and there has been no investigation into them. The Congressional investigation, which launched the FBI investigation is 100% politically motivated; no one ever cared about the email thing, just that it was Clinton. The media was all too happy to go along with it, as they have been suffering from Clinton Derangement Syndrome for decades.

In terms of worst offenses, the GOP abuse of power falls in the realm of actual corruption, actual abuse of power; this is the type of stuff you should only hear about under oppressive dictatorships. Hillary's falls in the realm of minor carelessness, the kind of stuff that might have made the second page of a newspaper for one day had it been anyone else.

To say that not prosecuting Hillary is evidence of corruption is just silly, given that the entire thing that started this was flat-out, unbridled corruption by the GOP. Why the hell would we prosecute her? If it was anyone but Hillary, do you really think anyone would even give a shit? John Kerry might resign if it was found out, but nothing more. Condoleezza Rice and Colin Powell are never going to be investigated, despite doing the same thing, and why would they be investigated? They are not Hillary Clinton, and they are not political enemies of the GOP.

CuriousJuly 7, 2016 3:04 PM

@ Nick P

What do you call the specific, legal mechanism by which they can possess evidence and not prosecute with it?

I don't doubt that you and people in general have an idea of law enforcement in turn having an idea for selecting whom to investigate, prosecute and punish, and such an idea that can be thought of as having the power of discretion to do these things; however I would say it is simply not true that there IS a specific 'legal mechanism' that can be called "discretion" in the sense of it being a real thing that can be referred back to, because the word 'mechanism' in that context is necessarily a metaphor, and thus not something real as such that one can simply reference back to as a phenomena in the real world that can't be confused with other things again (things like hatred, prejudice, political pressure and zeal).

Nothing wrong with having an idea of law enforcement having the power of discretion for selecting whom to prosecute or not, however I think on the other hand that the idea or phrases with the word 'discretion' is not an interesting point by itself in a discussion, because if trying to explain what 'discretion' is, 'discretion' just is what 'discretion' is, no more and no less, just like 'intent', something that can only be thought of as being real, but something that hardly exist in the world.

Just because there are aspects of what one think of as being law enforcement, doesn't entail that 'discretion' is a real *thing* to reference back to, and that is a problem for me. Understanding 'discretion' as a problem, would always become an idealized problem because of how understanding discretion always will rely on necessarily being a choice being made (what else could discretion possibly be?), so therefore discretion will always be synonymous with 'intent' or having intent, when trying to explain what discretion is. One can understand the use of power of discretion as 'a process', but that again is a metaphor. Ergo, to make any point about someone having the power of discretion, such a point by itself, becomes meaningless when one understands that acting on intent, will always be thought of as making a choice. So, 'discretion' is not a real thing (more like a "psychological" thing), it is just a word describing some idea. Better to think of "discretion" as some kind of possibility, instead of reality I think.

A lot of single words probably invoke a lot of meaning to everyone, but I think such words can also be thought of as being hardly meaningful, because of how such things makes sense largely from ones own point of view, like 'democracy','civilized' and 'religion' for example. I think 'discretion' is one of those words.

Gerard van VoorenJuly 7, 2016 3:15 PM

@ ianf,

So... you don't speak for yourself? You don't have an opinion or a particular style of expressing yourself? Come on, grow up.

Talking about Clive Robinson, Clive, how are you doing these days?

Gerard van VoorenJuly 7, 2016 3:43 PM

@ Clive Robinson,

Sorry if I was blunt. I wanted to ask that question for quite a while now but never got the "opportunity". So, how are you doing? I think that I am not the only one who wants to know. If you don't want to answer the question I can understand.

Anon10July 7, 2016 5:50 PM

@Anura

Clinton's two immediate predecessors used private email. This is factually inaccurate. Condoleezza Rice did not even have a private email account, while Secretary of State. You're being deliberately obtuse in comparing Clinton to Powell, since Powell's personal email never contained classified information while he was Secretary of State. Powell, unlike Clinton, never violated the Espionage Act.

FigureitoutJuly 7, 2016 7:14 PM

Thoth
--Nah I wouldn't do that at this time. Keep in mind that you can a) just attach a logger to a sensor and hide the sensor and b) bug your entire house or apartment w/ them. Something like a pressure sensor and a nano hidden in the carpet, or "energy harvesting" (no power source needed, these may evade bug finders looking for heat) RF switches under a hard plastic plate by your door, each paired to receivers scattered throughout the residence. I digress...

I'm looking at Atmel's encrypted EEPROM's (w/ AES-CCM implemented) or authentication chips. That's going to be extensive effort to be sure *everything* is configured right (what's the point of using that if you f*ck it up?) and it operates reliably, no surprises. There's lots of threads where people are having some difficulties even communicating w/ ATSHA204A (apparently the comms protocol is weird as hell lol for 3 pin one). I bet Atmel (now Microchip) have a bunch of compiled drivers too to use it easiest on Windows in Atmel Studio.

Probably next summer since I'm ready to move on to other projects and chips (getting tired of Arduino a bit right now). Trying to get my radio hooked up to computer and ran into some snags naturally. :p

I added an LCD screen to only receiver (you're not gonna be staring at TX node all that much) that has an I2C chip on the back, that is the interface to all the other pins on the LCD, so I only need to use 4 pins total to hook it up. I'm not providing a keyboard interface nor a means to input encryption keys besides programming the chip. An attacker could put a bogus key and "MAC" address of receiver on one device and comms will be broken and I'd only find out if I turn on an LED or something for RF comms failure. I know it's physical access and reprogramming an MCU w/ that level of access is game over, but I'm just not providing that, at least for now. Also, it's Arduino, that's the beauty of having one platform where thousands of people contribute to, most people could whip up what you want in a second.

But, you have a RasPi right? I forget price of TFT screen, it fits nicely over Pi, then since I have an older one w/ only 2 USB ports, I just have a wifi dongle and a small wireless keyboard and I only use command line; the debian command line is fantastic, so powerful. I was a hater before (the keys are big enough to not mash 3 buttons each time), but it's actually quite nice to have that on my desk to play w/ if I want to. Having LUKS encryption on that, harden/configure whatever distro or even make your own.

rJuly 7, 2016 8:40 PM

Man it's getting tense around here,

@curious, anura

here, let me point this out: you want discretion? there are sentencing guidelines that allow for various punishments. I'm not making names or singling out, but a crime is a crime is a crime. save the discretion for the punishment not the prosecution.

@ianf,

hold on buddy lol I'm on your side and I understand what I said I'd the inverse of known facts. I was just pointing out the economic troubles brasilians have faced in the highlighted age groups.

also, and I super don't want to assume too much as I don't understand how freezing is thinking either one of us are singling out the Portuguese speaking portions Latin America but... English may not be his first language, my cousin learned English through the doors and pink Floyd.

SquidutainmentJuly 8, 2016 12:06 PM

Zero Days, another pointless disinformation movie you'll hate to watch.

Sometimes, it's not the thing, it's the communication channels and politics; the idiots with zero moral conviction in what they do. In the case of movies made as gloss-overs, also information warfare.

Alex Gibney, Yale grad, gains interview access to Michael Hayden. How so? Nobody gets that access level, and what are general officers, intel, and Navy SEALs doing interfacing with the media for anything (other than propaganda)? Hayden was one of those "fake-burn" cases, much like Oliver North, a handslap on a colonel versus the general officers and politicians that gave him the go-ahead. That trial was led by a Yale grad posing as a mild-mannered Democrat.

Gibney, a history of slant with logic holes such as We Steal Secrets(Assange) and a movie about Scientology. Who makes movies to burn people? I am beginning to believe he only did Hunter S. Thompson because he was an NRA member. Who spends this kind of money and time making this crap? I guess the same kind of people that make Zero Dark Thirty and American Sniper. That kind of "one level deep" people.

It's all Skull-n-Bones regime block to me. If they want it to die, let it die. Nobody trusts US journalism channels anymore, and there is too much failed logic not resolved. As if they have the capacity to manipulate my mind. I had almost forgotten about Skywiper anyways. And who let Republicans into Hollywood, and who signs on to act this crap? Interesting.

Real burning question: does it make sense to direct an attack at a nuclear facility, risking environmental catastrophe? The US is run by 13 year-olds sitting in front of big red buttons.

SquidutainmentJuly 8, 2016 12:21 PM

Also in relation to Stuxnet and directing hate towards Iran:
We actually have an Iranian nuclear engineer fracking yellow cake through the Goliad, TX water supply. But I guess this contradictory allowance never registered with anyone either.

It goes along with the "stop blaming terrorists for everything because we violate our own physical security policies."

tyrJuly 10, 2016 6:50 PM

"We actually have an Iranian nuclear engineer fracking yellow cake through the Goliad, TX water supply. "

Now I'm just a dumb old Uranium miner but doesn't
yellow cake sink to the bottom in water or is my
ancient periodic table a misprint. The level of
basic ignorance seems to be rising. I'm not saying
none of it would get through but as a deleriant
you should use something that water transports
better.

Unless homeopathy has been proved right in that
case we are all doomed.

ianfJuly 10, 2016 9:36 PM


Hold your horses, tyr, you don't know if your interlocutor meant fracking OR tracking. The little squiggle up or down the vertical of the letter makes ALL THE DIFFERENCE, even if then neither sfafemenf makes any sense.

And as for homeopathy, OF COURSE IT WORKS. Just look at the historical rates of gender self-identification then and now, where miniscule trace amounts of femme hormones from various medicines remaining in potable water supply of most Western nations have accumulated over the years, and now are alleged to have resulted in present day unprecedented rise in such reassignments.

ianfJuly 11, 2016 9:48 AM


[ I've waited for Clive to chi(r)p in long enough… this is veering more and more OT, so maybe we ought to stop… ]


@ AlanS said […] “Thatcher destroyed the steel, mining, ship building and traditional heavy industries. They would probably have gone anyway but nothing was put in their place. Communities were brutalized and abandoned.

Quite, but as you said, these sectors were doomed by the developments elsewhere in the globalized world anyway. Thatcher appeared on the scene and was allowed to assume the mantle just as British Capitalism needed a brand new broom to clear out the residue of old habits and expectations Stop That Runaway Metaphor Alert. A Willing Executioner of the Welfare State with both a lower middle class background, a Oxford science degree, AND a handbag, what's there not to like. I was only remotely aware of it at a distance, but it seemed to me later that, short of keeping the pits open, and the furnaces a-blaze, there was nothing that could have satisfied the TUC. Collectively they went off the rails in defense of what no longer could be defended on simple economic grounds. So no matter what Thatcher would have proposed instead, she'd have been met with the same uncompromising, surrealistic (steadfastly anchored in the past as did time stand still) Union reaction. (ObMovieContent: “Billy Elliot,” “Brassed Off,” and “The Strike”).

Strangely enough, other Euro countries also had to go through painful industrial readjustment, but did so with nowhere near the emotional upheaval of the British (my seamstress mother was laid off as the country's entire textile industry shifted to imports from India; was retrained as a precision lathe operator; ended her days as shop floor stock keeper at Siemens; I was "rationalized away" twice within the span of 8 years, after which I wised up and changed tracks for less world-conjuncture dependent ones). If a society is to be a joint venture of/for all its subjects, then the Brits have settled for, and seem content with, perpetually being divided into strata of the leaders and the led. QED. (Harsh, and probably unjust words, but there you have it).


Meanwhile the conversion of the economy to financial services has led to a huge concentration of wealth in London and the southeast.

That should not have been a problem provided the powers that be made sure that they're taxed for the community's, not the elites' benefit that seems to be the case, whether Tories or Labour are in power. Let's see if bus-driver's son Sadiq Khan will do better with (lack of) regard for London's financial mafia. They can all resettle to Frankfurt/Main, and take their upmarket rents with them.

You seem to forget the mental shock waves that went through the entire West after a bunch of obsessive sheep herders living in faraway caves managed to kick the WTC & the Pentagon in the groin.

    That's a very American-centric perspective. […] My initial reaction, I assure you was not one of shock. Before 9/11 most Americans lived in a bubble world; others weren't.

We can quibble as to the extent of the shock that still reverberates around the world, but let's be clear about one thing: whereas the defeat at Pearl Harbour [which, btw., the Yanks never call it that] was the result of a hostile state actor, a worthy opponent, the (subtly with the US Emergency Helpline code aligned) "9/11" was caused by a bunch of bozos. This, if anything, laid bare the limits of, so dear to their hearts, alleged USA military might. Being caught with your pants down is one thing; being shown how naked you are is another.

    I remember reading "9/11 Live: The NORAD Tapes," an article with declassified audio soundbites from NA military command radio uptakes from that day, and couldn't believe the frustration from both ends of the line, when pilots of the only 2 East coast standby interceptors, an hour or so after it all ended, and with commercial air traffic winding down, were ordered up "to show the colors," and to just ogle "tail, type, number." Americans' tax dollars at work.

And that frustration didn't die that day… whatever was Osama Bin Laden's intention, he succeeded with energizing the entire Islamic world by showing the Policeman of the West that "the Muslims can" – be it at a horrible cost to themselves (but then his notion of the worth of human lives did not dovetail with ours).

This is a endless topic, so not for this forum. Only I can't stop thinking of the fate of Beverly Geisbrecht, the Canadian businesswoman who, shaken to the core by 2001/9/11, took it upon her shoulders to become a bridge between the Taliban and the West. I watched the documentary with disbelief, that anyone capable of expressing herself in full sentences could be so naïve and stupid, as she was. The Taliban saw it too, only that meant just one thing to them: this Western "faux-convert" could but be a US spy. So they kidnapped her and held up for $2M ransom. After 2 years, when there were no takers, the demands came down to just ~$1200 "reimbursement" for her upkeep—shortly after which she apparently died for lack of medical attention, and was thrown out into a ravine… "a fitting end, if not the one she sought” (pace CJ).


[…] “The problem with blaming Tony isn't that he doesn't deserve it but that it makes him a scapegoat for everyone else and the way the system works.

Hear, hear.

ianfJuly 12, 2016 3:20 PM


You feed me a 9 month stale article, and expect to get away with it??? We could have conceived & nurtured a healthy kid in that timeframe.

Frankly, however, what puzzles me the most about the British Parliament, is the tight hip-to-hip seating arrangement. I mean, come on! that worked in Olde Times, when they had no clue about comfort seating/ ergonomy, safe personal space bubbles, and other such things, but had worse problems on their heads (barrels full of gunpowder in the basement, say). But today? Not even seats in highly transient stadiums are that tight. They must love Thy Neighbour's Body Odor.

    I've seen plenty of parliamentary assembly rooms on TV, and can only think of 2 others that are as cramped, and body-dense per bench space unit, as the Commons in London: these in Warsaw, Poland, and Kiev, Ukraïne – one mighty proud of its centuries' looooooooooong anarcho-parliamentary record; the other not quite sure how is that one different from the stamp-function ditto in Soviet times (so no pampering the representatives' sitzfleisch comfort for purely traditional/ legacy reasons).

ObTvContent: “The Politician's Wife” with a David Cameron-lookylike disgraced/ forced to resign MP, and his scheming by-elected party-loyal successor-MP wife. A must twice yearly binge viewing.

ianfJuly 12, 2016 6:49 PM


… and (while you were partaking in, or smothered by the ongoing robot legality circle-jerk), in other Guardian news:

The Brexiters have the gall, un mot Français, to accuse Brussels of stupid red tape.

    An Australian couple, in Scotland since 2011 are facing deportation after their “relatively straightforward” post-study work visa arrangement was retrospectively cancelled by the UK government (the Scots want them to stay) http://gu.com/p/4zydy


As OFFICIAL a proof, as we'll ever likely to get, that CATS are at the top of the interspecies social ladder

    Cabinet Office confirms: when the Cameron family leave, it will be without the tabby Larry, who has lived in Downing Street since 2011. New human tenant Theresa May can take it, or call for a new, this time cat-referendumb http://gu.com/p/4ztyd


The digital currency Steem, in use at the new social media website Steemit, has soared more than 1,000% in (imaginary) value in 2 weeks

    Steemit [About] rewards or pays users, who post content that gets multiple "thumbs up" from the site’s participants [Sample topic: Snowden]. Users who get the steem crypto currency can then exchange it for bitcoin within the platform, to pay for services or goods or hold them as an investment. Steems are created solely by the platform’s blockchain, whereas bitcoin is generated through a mining process where a miner tries to solve a set of complex mathematical problems. (How that ultimately exchangeable monetary value gets infused into the system is not explained… sounds Ponzi scheme-ish to me) http://gu.com/p/4zmhg


THE LONG READ: How technology disrupted the truth

    Social media has swallowed the news – threatening the funding of public-interest reporting and ushering in an era when everyone has their own facts. But the consequences go far beyond journalism http://gu.com/p/4zhk3

AlanSJuly 13, 2016 8:31 AM

@ianf

Today the SNP finally realized that clapping in the Commons isn't appropriate.

Mr. Obvious (cheeky)July 19, 2016 2:41 PM

And tomorrow the SNP finally realizes that achieving Scottish independence really does free their own voters to vote for someone else even though there isn't any other independent Scottish parties to play political waffle-ball with or any believable internal or external enemies that could replace them thus leaving behind the remaining option of having some unlucky random Ping Pong up against the wall, communism-style.

A cheeky jab that isn't aimed at either the SNP nor the UKIP but at politics itself and of all kinds across the globe, I'll leave out the rest so everyone can figure out for themselves all the things that such general and ever-present circumstances entail with respect to governance and actual democracy and how it dictates the cycles of political history.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.