Ross Snider January 20, 2017 5:48 PM


Your link is amazing.

Actually, it’s startlingly similar to Washington’s developing use of hybrid, cross-domain coercive strategems. Clinton’s phrase for using elements of soft and hard power together to shape behavior of adversaries was termed “Smart Power”, but other labels and marketing for it exists.

This snippet from the article reads exactly like “Smart Power”:

“… present day understanding of the changing nature of warfare “matured into a corpus of ideas” with its conceptual core “an amalgamation of hard and soft power across various domains, through skillful application of coordinated military, diplomatic and economic tools.” ”

The coordinated use of sanctions, special/covert operations, political mobilization, insurgency support, and deterrence/forward deployment is what Washington has been implementing since the turn of the millenium.

Why is Russia taking the United States to the table, with a strategic toolkit so mirrored?

I think there’s two answers:

  1. Russia is backed into a corner by decades of US aggression and success. The current front against Russia means it has more “skin-in-the-game”. It’s going to fight harder for every inch at this point than the United States. That said, Russia isn’t doing particularly well if you look from a larger trendline. So it’s hard to take victories in Crimea and Syria and project them too very far.
  2. Russia’s asymmetric advantages lend it more leverage in many on the soft power domains. In public diplomacy, the US is made to look like a dunce, as its narratives have no clothes. It’s a lot easier to point out the flaws and manipulations of American propaganda than it is Russian propaganda because the US invests so much and broadcasts so widely. In cyber, there’s similar scale of investment: the United States, due to success, is operating on every continent on the globe. Russia is focusing on its region. It’s easier to take America to town.

What is your take?

Sancho_P January 20, 2017 6:17 PM

@Ross Snider
”The coordinated use of sanctions, special/covert operations, political mobilization, insurgency support, and deterrence/forward deployment is what Washington has been implementing since the turn of the millenium.” (my emph)

[cough] My memory goes back to

Ross Snider January 20, 2017 6:49 PM


It would be very interesting to map and study the history of the evolution and deployment of hybrid warfare from the Americas. My guess is that all elements of power have been used to pursue national objectives, but not necessarily in a coordinated “multiplier affect” fashion. The Cuban Project, for instance, is an attempt to use covert political mobilization to take down the Cuban government (similar, incredibly, to Zunzuneo in 2011, a half century later). What it doesn’t seem to be is coordinated with trade, diplomatic, military, special ops, etc – not formally other than they share the same general goal.

But I’d be willing to believe that “smart power” and hybrid warfare aren’t really new. I bet you could find Sun Tsu discuss it and I bet you can find it in military manuals and interagency quips/exchanges from every period of history.

What I think we’re witnessing right now is both a rediscovery of old elements of power projection from new administrators, and we’re seeing those old concepts become something ‘new’ because the recipes and contexts are different. There was information warfare during the crusades, but it looked a lot different than the Bureau for International Information Programming, the Board of Broadcasting Governors, and the USIA. They spread rumors, but they didn’t have “cyber” or Facebook.

Anyway, I think we’re both on the same page here. The old is new, but at the same time the new is ephemeral and distinct.

Arc de Trump January 20, 2017 7:58 PM

The USA has a new president and a new foreign policy

As relevant to this blog the USA is now officially engaged in cyberwarfare…

Administration will work with international partners to cut off funding for terrorist groups, to expand intelligence sharing, and to engage in cyberwarfare to disrupt and disable propaganda and recruiting.

Neyt January 20, 2017 8:11 PM

Conceptually, the article on Russian thinking by AlanS is interesting but it largely misses the point. Russia’s main purposes is to serve as a domestic stalking horse, a convenient political distraction for Americans. In the larger long-term arc Russia presents no genuine threat to American strategic interests–at least not with Putin in charge. The major global player of this century remains China and in reality to a large degree the USA has already capitulated in that war. Of course, there is some value in terms of Russian domestic politics to Russia “punching up” at the USA and to the USA playing sparring partner but such antics shouldn’t be confused with anyone’s vital interests.

WhiskersInMenlo January 20, 2017 9:09 PM

About secondary passwords.

A friend noted:
“1password allow you to bypass secondary passwords with your fingerprint/touch ID). That might be cool however ALL that is needed to add a new fingerprint is the code to log into one’s iPhone (which I would assume you have if you are even in the app)? How is a fingerprint even remotely perceived to be a secure method of validation when it’s SO easy to add a new fingerprint?” (paraphrased)

Secondary passwords are a tangle and a pain.
Applications that attempt to manage them risk a lot
if done badly or misunderstood by the user.

With numerous accounts today I can imagine lots of circular password attacks
where a user fearing being locked out of one uses a second account and fearing
they get locked out of that uses the first… or a chain of them.

Using a company account to recover a home account is problematic as well.
Jobs are ephemeral as are system administrators at companies. Using a home
account to recover a work account… is a risk for the company.

buckaroo January 20, 2017 9:19 PM


True. Russia has interests which coincide with ours, e.g. eliminating Islamists. Bush the Younger made a monumental blunder when he snubbed Russia in the war against Islamists.

China is indeed our nemesis. The Strait of Malacca is almost in its backyard, with 25% of all oil being transported through there. China proved its intentions when it denied aid after typhoon Haiyan because the Philippines refused to acknowledge China’s bizarre claim to the entire South China Sea. And the fact that we coddle libertarians such as Jeff Bezos, the Walton family, and others who earn billions on trade with China continually demonstrates to China that the U.S. is a (green) paper tiger.

Ted January 20, 2017 9:41 PM

ITL Bulletin January 2017 “Dramatically Reducing Software Vulnerabilities”

“There are many approaches, at varying levels of maturity, which show great promise for reducing the number of vulnerabilities in software. NISTIR 8151 describes some that are reasonably mature and have shown success, so that it is possible to extrapolate into a three-to-seven-year horizon. This list is not exhaustive, but rather is meant to show that it is possible to make significant progress in reducing vulnerabilities and to lay out paths to achieve this ambitious goal.”

Hacker News thread (NISTIR 8151 draft)

Hacker News thread (NISTIR 8151)

AlanS January 20, 2017 10:08 PM

@Ross Snider

I don’t really have a take. It’s not an area I claim any great expertise in. Elsewhere I saw some people posting links to it and thought it was an interesting read. Whether you agree or not with it, it seemed like something that might spark some interesting discussion.

Thoth January 21, 2017 1:17 AM


re: Lavabit 2.0

Too many companies and people try to setup their security services that relies on HSMs blindly without knowing what they are doing. The end result is a HSM or a fleet of HSMs that cannot be properly managed and recovered. This makes the professionals in this field (myself included) cringe while reading through the operations procedures and OPSEC people devise without professional consultation.

I have personally seen customers in the sensitive fields setup the HSMs in the way that was not suppose to (it still works though) but the ensuing headaches which includes support starts to trickle in. I am not discouraging people away from secure hardware. I am just stating the fact that if you want to use something, you need to know how to use it otherwise start asking the professionals (and pay a little cash for professional help if needed).

I will give a short guide (shorter than HSM manuals :)) on the mindset to start off, what to expect, how to cope with and the lifecycle of managing HSMs in as compact a form as possible.

For those who are interested in managing or possibly setting up your own HSMs in the future, you may want to keep this in your arsenal. Take this as a free gift from me to the open security community.

A Quick And Dirty Guide on HSM

Before we begin, all HSMs are simply tamper resistant hardened machines with more security engineered into them than your normal PC or server. They will still run into glitches, bugs and be subjected to system failure like any other PC or server. There IS NO DAMN SECRET SAUCE except the usual tamper meshes, tamper switches, some custom ASICs or FPGAs with other tamper sensors and sometimes omes with side-channel prevention mechanisms usually in the form of whitebox crypto implemented on the ASICs or FPGAs.

Lifecycle of the HSM(s) are generalized as:
– Setting up of HSM
– Initialization of new environment
– Management of keys and certificates
– Backup of environment
– Disaster Recovery
– Destruction of environment

With the above structure of the lifecycle for managing HSM(s) in mind, one has to choose the appropriate actions and settings to prevent the accidental lost of critical credentials and keys.

Most HSM(s) are sold with the issuer’s environment in the HSM. The customer is not allowed to access the issuer’s environment which is typically used as a Root of Trust for the HSM device. The end user would have to create their own environment within the HSM(s) before being able to generate or import their keys and certificates. Environmental variables minimally would include the creation of a Security/Crypto Officer (SO) token and for some HSM models, the SO may have a different role than a HSM Administrator. We will touch more on the different roles in the Access Control segment of this document later on.

After the initialization of the HSM(s) and the creation of the basic environmental variables and access roles, one could usually start importing keys and certificates that are associated with different access roles in the HSM(s).

Before we can even think of initializing the HSM(s), we have to consider how the HSM(s) is accessed. Due to the variety of HSMs in the market, there are standalone with networking capability and there are HSMs that rely on physical attachment in the form of PCIe cards, USB connectivity or in some cases, MicroSD card form factor or smart card or SIM card form factors.

If the form factor is a network enabled HSM appliance, be sure to setup proper external firewalls and if necessary, remove their connectivity from the outside network either by physically not running a network cable or connection to the HSM’s Intranet environment. HSMs with network capabilities may come with their own internal firewalls and IP lists and one should diligently study and draw out one’s network before using the ad hoc approach of allowing every single connection to touch the HSM’s network interface. There are also routing tables available in some models of HSMs and if possible, the HSM should use a static IP address over a static route instead of an ad hoc dynamic route to ensure that only trusted network are allowed to handle traffic that would go to the HSM(s).

Non-network capable HSMs do not have the problem of network connectivity but they would need to rely on a PC or server for networking capabilities. In such a circumstance, the PC or server which the non-networking HSM(s) are attached to must do the due diligence of protecting itself against network attacks which includes IP handling, IP routing, firewalls and so on.

The use of Data Diodes and Guards or any other particular techniques other than the more common use of firewalls, IP listing and IP routing are beyond the scope of this highly generalized guide.

Once the environment of what the HSM in general have been settled, it is time to initialize the security environment which the HSM would use for it’s security sensitive operations. Most of the security environment (similar called the environment) would be a HSM master key that is randomly generated to protect all the other sensitive logical objects within the operating environment of a HSM. This is done automatically during the environment initialization phase which at that very point in time, administrators, SO and other roles are defined (which may change as time passes).

Besides the defining of the users and custodians of the HSM and it’s environment, other sensitive settings maybe required to be toggled to improve the security of the HSM. One important setting for many commercially certified HSMs in the NIST CMVP program is the FIPS 140 mode. The FIPS 140 mode usually instructs the HSMs to only use certain ciphers (AES, ECC, RSA and 3DES), key sizes, hash algorithms, key export policy controls, access control and role definition and many more fine details.

Once the HSM has been loaded into the FIPS 140 mode, a reset of the environment and possible destruction of all security parameters and objects within the environment would usually be required to put the HSM into an uninitialized mode where the end user can initialize another new environment and decide whether to toggle the FIPS 140 mode for the new environment or not. Under the FIPS 140 mode, different HSM manufacturers may implement varying degree of strict key export policy on FIPS 140 mode and access control policy. Some manufacturers would simply switch to the most strict key export policy while others may not. The end user must clearly consider whether they want their environment to be capable of exporting keys or not. If they want to ensure that the HSM environment meets FIPS 140-2 Level 3 and above rating (prevents key export), they will have all their keys prevented from export as a blanket policy. There will not be such a thing as allowing a single key to not follow FIPS key export control once the FIPS mode (for FIPS 140-2 Level 3 and above mode) has been enabled.

HSM users and custodian role assignment is vital to the security of the HSM. When the HSM asks for a quorum of users to act as custodians or administrators, do not be the lazy person who sets a 1/1 or 1/N quorum as this is the worst quorum ever and simply defeats the purpose of secret sharing and voting by custodians over critical management matters. Clearly defined user roles are required and it is best to ensure the roles have minimal overlap whenever possible to prevent a conflict of interest.

Most commercially available HSMs have a Security/Crypto Officer (SO) which is in charge of handling all the keys and cipher management and some HSMs might have a separate HSM Administrator role to handle the network, reboot, upgrade and other miscellaneous administrative issues concerning the HSM. It heavily depends on the security modeling and architecture that each HSM adopts which requires professional advise from the vendor.

Most HSMs usually allow key and certificate imports besides on-board key and certificate generation. For those who are paranoid, one might be interested in generating their own keys and certificate before hand before submitting it to the HSM which after that point in time, if the FIPS mode has been enabled, it is impossible to export the keys outside the security confines of the HSM(s).

HSMs are like any other electronic appliance which will be subjected to wear and tear. Procedures to backup and restore the HSMs and prevent the unnecessary lost of sensitive keys and certificates are paramount in the operation of HSM(s). The naive thought of creating and importing a key into the HSM and then shredding the smart cards or other controlling devices or secrets is a really bad idea in an attempt to prevent adversaries from gaining control of the HSM(s) or secrets.

Even if the smart cards have been shredded into a pile of dust, the adversaries who can gain access over the network or physically to the HSM(s) can use the HSM(s) as a black box oracle to send queries or manipulate the HSM(s) as best as they can although it is going to be an uphill battle for the adversaries.

The issue of device maintenance, backup and scaling comes to question if the smart cards or authorization codes are naively lost in an attempt to throw off adversary. At the very least, the key that has been assigned under the care of a particular role would become unmanageable due to the lost of authorization codes or smart cards and for the worst cases, the lost of SO smart cards and codes are highly damaging as the SO is in charge of the entire cryptographic operation and sanity of the environment and by losing the smart cards and authorization codes for the SO, one immediately loses the capability of managing the HSM environment starting from that point in time. The end users becomes unable to migrate keys and certificates from existing HSM(s) when a need to scale to a bigger fleet of HSMs becomes a necessity or when the sole HSM crashes and stops working due to electronic failure or some system faults that requires device maintenance and restoration of the previous HSM environment and also the inability to backup the HSM environment in a timely fashion to anticipate for device failures or migration.

To prevent shooting oneself in the foot, it is recommended to toggle on the FIPS 140 key export restriction capability and to prevent the control of keys and certificates by a central role, it is best to create multiple roles that govern small security groups of keys and certificates and to always enable quorum based voting and security over the security groups and refrain from shredding the smart cards and losing the authorization codes. The smart cards and authorization codes can be secret shared and split across multiple trusted custodians stationed at different legal and geographical jurisdictions.

Shredding smart cards and losing authorization codes are the worst idea unless one is very certain they want to discontinue the existence of the current HSM environment.

Thoth January 21, 2017 1:33 AM


re: Lavabit 2.0 Part 2

Now that I have briefly gone through the operation and management of HSM(s), we should realize that HSM(s) are not magical panacea we hoped.

In Lavabit’s case, the better architecture to protect user account information is to not store information in the first place but inevitably, as an email provider, the email messages would need to be stored.

The better procedure for Lavabit to secure themselves and their users would be to create a password and username derived cryptographic seed that will seed a user side CSPRNG in the browser via Javascript that would create a predictive private key. The username can be used to salt a very strong password hash to password hash the user’s password which is to be carried out on the user’s browser.

The user would submit their public key to the Lavabit servers which would be used for challenge-response login and also for Lavabit to use the stored user’s public key to encrypt all their incoming emails coming to their accounts which the Lavabit users would then re-create their private keys to decrypt the enciphered emails. The emails are not considered secure despite using the user’s password derived asymmetric public key to encrypt their incoming emails. The users must use PGP or some E2E encryption ot be considered secure.

The use of user’s public key to encrypt incoming user emails is to prevent the need for Lavabit to reveal any information as only the user has the capability of generating their private key. This scheme of using password derived key pairs to protect incoming emails are not good enough as the use of centralized servers would meant that Lavabit could be compelled to have an escrow key that would also encrypt the incoming email messages besides encrypting under the user’s public key.

A store-and-forward over a distributed secure network could be possible but that would immediately render the use of IMAP, SMTP and POP protocols (common email protocols) useless as now you would have a distributed mail system that would not comply to the standard email protocols and services (including MX records and all that).

A slow introduction of E2E secured messaging and eamils would be the best course of action by using easy to use PGP plugins inside browsers or better GUI applications that allow the use of cryptographic hardware tokens.

Wael January 21, 2017 3:49 AM


re: Lavabit 2.0 Part x

Good information. I have one observation, though: There is a subtle difference between techniques used in HSMs to protect against side channel attacks, and what’s called WBC.

Whitebox Cryptography is a mechanism that aims to achieve two main things:

  • Protect information by using pure software constructs
  • Protect Symmetric or private keys at rest and in use (runtime)

This is different than the protection mechanisms used in HSMs to protect against side channel attacks. These protection mechanisms include: dead-code, false operations, noise injection, in addition to shielding and other hardware means. They may also overlap with some of the mechanisms used by WBC.

WBC is functionally equivalent to regular crypto algorithms (some call them black box Cryptography,) but it uses various forms of mathematical obfuscations to protect against ‘white box attacks’. So WBC is used to protect ‘assets’ on a ‘Hostile Execution Environment’ that lacks hardware protection constructs. You can think of WBC as a more robust software execution environment than a typical crypto algorithm on the same environment. Concrete usage example:

Suppose you have a device that needs to perform some sensitive operations (as in confidential,) and you leveraged a symmetric key crypto library to protect the data. Let’s say the algorithm uses twofish. The question becomes: how do you protect the symmetric key? Encrypt it? How do you protect the KEK or the root key?…

That’s where WBC can come into play: The key is provisioned in the algorithm (exported or white-boxed.) The symmetric key is transformed into a white-box key that’s obfuscated within the code using various known published and proprietary non-published techniques.

I’m aware of some HW solutions that use WBC in tandem for specialized situations, but I’m not aware of ‘WBC proper’ implementations within an HSM. I could be wrong and I would be interested in a link, if you have one.

You see, HSM and WBC have different goals to achieve. The HSM sufficiently protects the keys with its HW features and OPSEC requirements. HSMs need to be placed in a protected environment (didn’t we talk about this in the past?) But WBC mechanisms are ‘out in the field’, in harm’s way…

  • There are several good descriptive papers available that describe to a great detail how some WBC implementations work.

Jonathan Wilson January 21, 2017 4:57 AM

According to the article, the SSL hardware security module is just the first part of the security.

If you pick the “Paranoid” level of security your secret keys are never even sent to the Lavabit servers and all the encryption is done client side so there is no way that anyone can possibly get at your encrypted emails.

Oh and they say they plan to release the code to their server as Open Source meaning that it can be fully audited and if you want to you can run your own server.

I see nothing in the article I linked earlier to suggest lavabit 2.0 (once all the work is finished and the 3 different encryption modes are working) wont be 100% secure against even state level attacks (or an NSL for that matter). Bit hard for Lavabit provide secret keys they have never seen.

Thoth January 21, 2017 5:04 AM


re: WBC

The WBC is pointed at smart card implementation of HSMs to be more specific. All the DPA and SPA protection seen in smart cards are mostly WBC and that was what I was referring in a very vague and generalized manner due to trying to keep the content as compact as possible and not bore readers out.

Dead codes, false operations and all that are part of the more standalone or powerful variant of HSMs that can afford the space and resource in the form of ASICs logic or FPGAs. WBC maybe used in the more conventional HSMs but as I have noticed in recent years,
smart cards are turning into HSMs (i.e. Smartcard HSM … literally … and the Yubikeys as well).

HSMs are indeed mostly placed in protected environments but they are also designed with the capability to protect itself in the event someone sneaks in or in instances of the rare insider threat scenario.

Thoth January 21, 2017 5:07 AM

@Jonathan Wilson

Good to know they offer a Paranoid mode. They should not rely on symmetric or secret key to encrypt user email contents. They should use password hash derived public key so that they really have no way to know any content whatsoever unless they are forced to escrow a duplicate of the email contents.

Thoth January 21, 2017 6:14 AM


re: Lavabit 2.0 Part 3

Also, to prevent an SO or Admin user quorum from being sbjected to “black bag job”, asking famous security celebrities like @Bruce Schneier, DJB or Matthew Green to be part of the custodian quorum would make kidnapping or coercing these academic celebrities a very risky job to do just for their quorum besides using geographical and jurisdiction splitting of the key quorums.

VinnyG January 21, 2017 6:51 AM

@buckroo re Strait of Malacca:
I suspect the US is near the point where domestic shale oil capacity could replace OPEC oil for a longer period than the weakest OPEC states could go without US oil revenue (given the will to increase production and pipeline delivery, and pay somewhat higher prices, of course.)

Dirk Praet January 21, 2017 8:34 AM

@ Wael, @Thoth


What’s with hard-coding the key into the code? Is that actually a good idea?

JG4 January 21, 2017 8:38 AM


as solar and wind become cheaper than fossil fuels, OPEC grows weaker. the rub is that there still is not an effective way to power transportation with wind and solar. electric cars will help, but I don’t see lithium-ion displacing diesel in trucks, trains and ships. OPEC’s back could be broken with CNG in those applications and the CNG can be made from coal and renewable hydrogen. it is a crime against humanity to burn coal for electricity. I have much less of a problem with using nuclear or renewable hydrogen to convert coal to CNG. I think that I am on the record suggesting that humans appear not to have the technological sophistication to use nuclear power safely. I’m told that Chernobyl translates into English as wormwood. that made the hair on the back of my neck stand up

Wael January 21, 2017 8:48 AM

@Dirk Praet,

The key is transformed from ‘data’ to a set of code and data, it’s also masked and scattered across the binary so that it can’t be found in a contiguous memory location. The key or parts of it is effectively moved from the data segment to the code segment, This means its resistant to static analysis (dump the binary and search for the key), and resistant to dynamic analysis (use a debugger and observe memory during execution.)

To extract a key or reverse engineer a WBC instance, the adversary needs to possess the required math skills.

Operations that use the key never reconstruct the key, The key is used in its ‘WBC key’ state.

This was the cliff’s notes version,

buckaroo January 21, 2017 9:04 AM


Yes, the U.S. is producing a great deal of oil from fracking, though I’m not convinced it won’t cause long-term water woes. But that was not the point of my comment regarding the Strait of Malacca. Many of our allies, especially South Korea and Japan, depend upon oil coming through the Strait. China wants to force them and some other countries in the region into accepting its dominance. China intends to make the South China Sea lakefront property, with all of the geopolitical implications. It’s all about oil. The map at the below link illustrates my point.

Java Lava January 21, 2017 11:36 AM

Re: lavabit 2.0

Technical considerations aside the biggest factor that will force me to take a look at their service is their track record. The way they behaved the first time earned a great deal of credibility and trust from me. My one worry about services like ProtonMail and others is what they will do under serious pressure…something that they haven’t been tested on yet. Lavebit went through a real world legal stress test and won an A+ from me.

A Nonny Bunny January 21, 2017 1:56 PM


blockquote>This graphic shows the important difference between arms and tentacles.


blockquote>I don’t think it did.
It states there’s a difference, and show what number of each some cephalopods have of either. But I still don’t know what makes an arm different from a tentacle.
But nevermind, I’ll just google it.

albert January 21, 2017 2:33 PM

@JG4, VinnyG, et al,

Future energy production needs to be renewable, emission-free, and safe.

More efficient storage systems make wind and solar more practical, and they meet all three criteria. Harnessing ocean tides is being done.

I’m against nuclear. It’s not safe, it’s very expensive, and it creates huge amounts of hazardous waste. I’d like to see the physicists develop a way to render it innocuous. This would be a great boon to everyone, even if we stopped using nuclear power today.

There are mitigation techniques that we can use right now to reduce our energy consumption. (Given that we can’t go off fossil fuels cold-turkey)

  1. Increase efficiency of devices already in use. LED lighting will save a fortune in energy costs. VFDs for fan and pump systems often have 1 year paybacks in commercial systems.
  2. The US military burns a tremendous amount of diesel and jet fuel. Most is unnecessary waste.
  3. Increasing the amount and quality of public transportation.
  4. Railroads are a very efficient means of bulk transportation.
  5. So are our waterways.
  6. Reduce air and truck transport of non-time critical goods. (why do we need everything yesterday?)

Reduce the entrenched ‘build there, use here’ system of economic development.

I gotta go..
. .. . .. — ….

My Info January 21, 2017 4:20 PM

@ Jonathan Wilson & Thoth’s long posts

Before we begin, all HSMs are simply tamper resistant hardened machines with more security engineered into them than your normal PC or server. They will still run into glitches, bugs and be subjected to system failure like any other PC or server. There IS NO DAMN SECRET SAUCE except the usual tamper meshes, tamper switches, some custom ASICs or FPGAs with other tamper sensors and sometimes omes with side-channel prevention mechanisms usually in the form of whitebox crypto implemented on the ASICs or FPGAs.

That’s like some homeless guy with $1,000,000 cash, bearer bonds, and stock certificates in his pocket trying to sleep in a sheltered corner somewhere rather than on a park bench out in the open. In other words, I’m not buying it. Those posts are too long and buzzword-heavy.

When we have that much cash, let’s build ourselves a proper home for our crypto, and keep our secrets secret. Where there’s a will, there’s a way. I say provably high-assurance security properties for hardware and software, and when I say “provably,” I mean free and open source with formal proofs verifiable by an automated proof-checking system. Right now we are struggling to clean the pigeon droppings off our computers, and we don’t even have bird netting for security.

Sancho_P January 21, 2017 4:47 PM


Wait a moment!

While efficiency is valuable, it is the wrong end of the sausage.
Increasing efficiency inevitably leads to more consumption.
This is a sad but longstanding truth [1].
We super technicians accelerate our train to death and no one stops our eagerness, because it can be made to money.

The principle:,_William_Stanley
Some actual facts by Robert Bryce (take care, long excerpt):

Thoth January 21, 2017 5:57 PM

@My Info

You can tell @Moderator to set a 500 character limit on all posts of you don’t like long posts. Maybe @Moderator and @Bruce Schneier would be happy to save database space.

Buzzword heavy ? I am simply stating the mechanisms that Lavabit can utilize when they setup their HSM and gave them a bunch of proper use ideas instead of their poor idea of shredding or destroying their administrator codes and cards.

HSMs are difficult to use and administer for those who have never used it before and they will make a ton of very bad decisions. I simply ease those up by putting some of my experience of deploying HSMs for organisations up here for free which I could have kept quiet or charged for a hefty amount due to the amount of work need to be proficient at using a HSM.

You talk about building process and high assurance security ? Do you have any suggestions or projects or will you be simply copying the works and words that me, @Nick P, @Wael, @Clive Robinson, @ab, @RoberT, @Figureitout, @Markus Ottela and many of us have painstakingly formatted, put together and some of us even have working projects of higher assurance systems. Maybe you can brong something onto the table for some high assurance desugns and projects instead of only baseless criticism ?

If you do not know much about what is a HSM and simply jump in and call it buzzword and not the internals, please go and ask @Nick P for his link farm on design papers on HSMs or go to for their Open Source HSM (lower cost than commercial HSMs but still can pyt a hole in the pocket) and go and use one before critisizing.

I could have kept my mouth shut on all these details on HSMs and how to properly use them from my experience at helping organisations deploy these stuff and let any first timers trip up and most of the time the consequences are pretty nasty. Also these knowledge are usually kept behind close doors in the industry and most wouldn’t come out to talk about it in the open whereas I made the exception to not collect a hefty fee and gave it freely here amd did what most of us don’t do which is to open the once closed doors on these machines.


JG4 January 21, 2017 6:43 PM

you could do worse than have a visionary for science advisor

David Gelernter, fiercely anti-intellectual computer scientist, is being eyed for Trump’s science adviser

some fascinating history in here

Seer of the mirror world

In his book “Mirror Worlds”, published in 1991, he accurately described websites, blogging, virtual reality, streaming video, tablet computers, e-books, search engines and internet telephony. More importantly, he anticipated the consequences all this would have on the nature of social interaction, describing distributed online communities that work just as Facebook and Twitter do today.
…[that probably should be Dr. Kaczynski, not to split hairs]
The publicity around Dr Gelernter’s work may explain why Ted Kaczynski, an anti-technology terrorist known as the Unabomber, decided to target him with a letter bomb in 1993. Mr Kaczynski hoped to foment a worldwide revolution against the “industrial-technological system” and sent a series of letter bombs, causing three deaths and many injuries before being arrested in 1996. The letter bomb sent to Dr Gelernter put him in hospital for weeks, required him to undergo extensive surgery and left him with permanent injuries to his right eye and right hand, which he covers with a glove. “Whenever I get to feeling a bit morose and missing my old right hand, I wind up thinking instead how privileged I am to be an academic in computer science,” he wrote to his friends by e-mail after leaving hospital. “In the final analysis one decent typing hand and an intact head is all you really need.”

r January 21, 2017 6:46 PM

@Thoth, All

I thank you for your hard work and dedication to your beliefs, no matter what they are.

Life, inter-living – is a WIP.

Thank you.

Even you criminally minded and privacy invaders, I read and write assembly I thank you for sharing your exigent code intentional or not.

I’ll C your bet and raise you with some random hex.

r January 21, 2017 6:51 PM

@Java Lava,

RE: Lavabit v. ProtonMail,

Assurance wise, we know within a reasonably quantifiable limit how Lavabit responds to such pressure – where ProtonMail is concerned one cannot consider a lack of visual evidence of their success thus far in the face of what lavabit went through as even the remotest of respectability.

A lack of evidence of coercion is not evidence at all.

Thoth January 21, 2017 7:20 PM


Not surprising to know that the US Crude and Bold Pirates are thieves who legally steal travelers belongings to make up for the lesser paycheck.

Also, my usual travel advise is to travel light and expect your stuff to be stolen or yourself to be kidnapped and roughed up. With that in mind, bring as little electronics as possible (especially disposable burner phones).

If you are going to Western countries, bring Chinese made phones and if you are going to Chinese Allied Territories (vassal kingdoms or main land of People’s Communist Imperial China), you should bring phones made by the West (which doesn’t really exist in substantial amounts). Use a Full Disk Encryption with file level encryption and just for the additional kick, rename all the files and make some fake files.

Do not rely on biometrics but strong passphrases made up of 32 characters (or a MD5 asciified hexstring if you can remember). Travel light and expect personal harm and danger even in “civilized countries” during this time of global strife and disorder.

r January 21, 2017 7:23 PM


If you’re arrested and charged, your phone is kept indefinitely currently for mining purposes.

We already know that computers and HDD’s are treated that way so phones are hardly a surprise but I’m putting it out there as an irrefutable fact at this point so that people are aware of the situation at hand.

So it’s not just border patrol and customs, it should be expected.

r January 21, 2017 7:36 PM

If you’re pulled over for texting and driving they will save it for later under the excuse of ‘pending further investigation’ or other more general rules of evidence. Until which time such things as deleted or encryption data can be resurrected or fabricated (because they never existed in the first place) I don’t think one can expect the expedient return of said devices.

Travel light and use inexpensive devices that carry agnostic volumes encrypted off-device.

Thoth January 21, 2017 9:40 PM

@Clive Robinson

What is the likelihood that biometric authentication and the What You Are factor is going to still be good in a MFA scheme since now almost every Government of Banks (and other organisations) are collecting so much biometric data to a point I am starting to doubt if it’s secure to use anymore.

The What You Know, What You Have and Where You Are would make a good 3FA by replacing the What You Are/biometrics.

Jen Gold Stockholm January 22, 2017 12:17 AM

@ FigureItOut

“Jen Gold Stockholm
thanks for patience everybody
–We love to think we’re helping people who need the protection (I do too), that’s what motivates me. Most of us have been on the other side, some of us still reside there mostly (not me, but I will make occasional trips back to keep my skills up and “spy on the enemy” :p). All it takes is a decent amount of planning, OPSEC, and hiding behind others to attack undetected and you won’t ever get caught. Unsolved mystery.

But it doesn’t take much thought to realize, strong defense is the way forward for humanity. Attacking is for the mentally unstable/insecure usually. Imagine, say NASA or SpaceX having a rocket crash due to a diliberate hack from a human, that would be really sad. An example of one mentally unstable human ruining research and “a way out” for humanity. ”

Love your work all round, FIO
It’s nice of you to respond personally and write something interesting!
Although I can’t see how it relates to my quoted text. I found my original reference and I was saying ‘thanks all for your patience’ meaning, being off topic for writing specifically to Clive about a therapy. But I then immediately agreed the whole forum is very patient with extraordinary rendition being performed for pages and pages upon otherwise unsuspecting threads, so I was sure my one post was tolerable.

PS what if NASA, SpaceX (or DivX, or triple X or whatever they’re called) and other such billionaire CEO ‘tech problem solver’ heroes, (lets dig tunnels to solve congestion! Hooray! ) spent their money trying to solve homelessness and poverty instead? Would that be a sufficient ‘way out’ for humanity?

Wael January 22, 2017 4:55 AM

@JenGold Stockholm,

President Obama commuted Chelsea Manning’s prison sentence yesterday, reducing her time required to serve behind bars from 35 years to just over seven years.

Must have appointed the same attorney:

Attorney: Good news, cheer up!
Death row inmate: I’m all ears!
Attorney: I reduced the sentence for you
Death row inmate: Best news I heard today, you’re the best.
Attorney: We aim to please!
Death row inmate: Tell me more, I’m ready to celebrate 🙂
Attorney: Reduced your sentence from 50,000 volts to 35,000 volts
Death row inmate: Get out of here.

Let’s have a moment of silence,

Sing Sing along

Amazing farce how sweet the ultrasound
That saved a wretch like me.
I once was crossed now I’m conned
Was blind but now I see.
‘Twas TAO catalogue that taught my heart to fear
And grace my fears relieved.
How suspicious did that graze sneer
The hour I first believed.
When we’ve been there over seven years
Bright shining as the dun
We’ve no less days to sing sing BND praise
Then when we first begun.
Amazing farce, how sweet the ultrasound
That saved a wretch like me.
I once was crossed, but now I’m bound.
Was blind, but now I see

r January 22, 2017 5:38 AM

@Jen Gold,

Well now, if I don’t need to be eating the paper my snark isn’t written on.

Why does he even need to travel to the US?

Good for him, hopefully the Swedish stuff is a farce and he can enjoy actually stretching his legs in the NWO.

r January 22, 2017 7:13 AM

Average detection rates for known malware went down a couple of percentage points slightly from 2015 to 2016, he said, while detection rates for zero-days dropped in a big way – from an average of 80 percent down to 70 percent or lower.

“If the industry as a whole is dropping 10 to 15 points in proactive protection, that’s really bad,” he said. “Anti-virus isn’t exactly dead, but it sure smells funny.”

Dirk Praet January 22, 2017 9:04 AM

@ My Info

Those posts are too long and buzzword-heavy.

No they aren’t. They are quite adequately addressing real issues in the complex realm that is high-assurance security, and which unfortunately cannot be reduced to Twitter-like “Where there is a will there is a way” slogans.

KDTAM January 22, 2017 11:22 AM

“and we won’t have columns, do you understand that?”

Explicit public presidential reference to CIA criminality.

Good thing there were no Swiss-made IMSI catchers at those meets with Tam

Figureitout January 22, 2017 11:26 AM

–I wouldn’t get too bent out of shape by people that just criticize but never put their work up for critiquing (that’s highly prevalent in security community btw…). Especially general or non-technical critiques, those are the worst wastes of time.

Jen Gold Stockholm
–Yeah I got off topic, don’t worry about Clive, he just moans and groans any chance he gets. :p

And no don’t think those problems are solvable globally, only locally. Clean water is a huge issue that’s going to blow up in our face. I said everyone have a small garden in surburbia and it would be a huge influx of food that could be donated or eaten, which would make existing food cheaper, but most are too lazy for that. Since some of it is bad money management, drug addiction spending all your money and I don’t think you should be told how to spend your money. And an extinction event would wipe that all out anyway. We need other colonies on planets.

I mentioned it b/c a lot of malware infects your PC’s for no reason, so it would also infect any server hosting a database for humanitarian efforts and tools used. I’ve heard malware at water treatment plants that put too much chlorine in the water and they just hope it gets diluted enough (won’t hear that on the news b/c it’s scary and there’s nothing you can do about it, it seems).

Anura January 22, 2017 11:45 AM


I said everyone have a small garden in surburbia and it would be a huge influx of food that could be donated or eaten, which would make existing food cheaper, but most are too lazy for that.

Because of economies of scales food is actually significantly more expensive that way. Remember, any time you spend gardening is a lost opportunity cost. Now, if you enjoy gardening, that’s great but if you don’t then it’s just work and most people in developed economies can get paid more doing other jobs.

The reality is that prices alone don’t matter, only affordability. Food gets more expensive over time if only because of Baumol’s cost disease – that is, if food prices don’t go up, it wouldn’t be worth it to farm. However, as productivity goes up our ability to buy food goes up even if the relative cost of food has increased.

This line of thinking, making things cheaper, is why we have been struggling so much. We are building a bargain basement economy because we are obsessing over absolute prices, when we should be focusing on making sure that everyone has the income to afford it (inflation and deflation just change relative prices – our ability to purchase items overall does not change, but it changes on an individual basis). Cash transfers like an unconditional basic income can ensure that no matter what the relative price of food is, people can afford it.

We see this same thinking with environmental issues as well. We cannot tax fuel, because it will hurt poor people more. Now, they ignore that if you tax fuel and then pay that money out equally, then poor people actually have more money after paying for fuel and the environment will improve as there is the same disincentive (e.g. any money spent on gas takes away from alternatives). It’s how businesses are ran, and so it’s how the wealthy like to run the country, because everything is just numbers to them.

Figureitout January 22, 2017 11:55 AM

–It may if you do a lot of transporting it, if you just eat it, it’s about as green as you can get. I think you’re overestimating how much effort it would be, unless you’ve done one yourself. It takes like a few hours to till and plant the seeds depending on how much you do, use some fertilizer (or not) and get them to sprouts, takes like 10 minutes at most to pull little weeds until plants take hold, and just water a little after work each day, like seriously 5 minutes every other day at most. You could use water from a rain spout into a barrel.

Even just flower pots on a deck, peppers work really well in little 6″ and you will be blown away how many peppers you get. No weeding, you just water occasionaly, takes like 2 min. every couple days.

Many times this land is just being maintained anyway for “looks”, like landscaping and large things of grass. Doing a garden would be less work (less oil consumption and pollution from mowers) and looks cooler IMO and you get food, not grass clippings.

I’d be interested to test if it makes food more expensive or not.

Wael January 22, 2017 11:58 AM

@Clive Robinson,

European Readers, This might be of interest,

Seems it should be interesting to more than European readers. The question I have is: Assuming terrorists know how to read English, and this information is obviously public domain, what’s the effect of such programs?

  • Give them a warning that nothing you communicate is going to be a secret? Something like putting a sign that says “This house is protected by xxx Alarm system”
  • Force the bad guys to use slower methods of communications
  • Something else

Wouldn’t it be rational to expect the bad guys to adapt one way or another? Or is the plan to catch the petty schmucks who can’t read English?

My Info January 22, 2017 12:17 PM

@Dirk Praet

Those posts are too long and buzzword-heavy.

No they aren’t. They are quite adequately addressing real issues …

if (real_issues == $$$MONEY) {yes;}
else {bool shit;}

… in the complex realm that is high-assurance security, …

False. Complexity is antithetical to security. Otherwise known as KISS: Keep it simple stupid. Don’t build it and sell it to me unless you can prove its security properties, or else I’ll kick you out the door and send you on your way just like I did the other day to the Schwan man selling TV dinners out of his freezer truck. Yes, I know, I’ve been told already. I’m taking candy from children. That’s the dentists’ retirement. I’m still not buying it.

… and which unfortunately cannot be reduced to Twitter-like “Where there is a will there is a way” slogans.

“Can’t. Won’t. Don’t.” Stop pouting like a little boy.

Anura January 22, 2017 12:17 PM


Non-farm labor productivity is around $50/hr or more in Western countries. 2 minutes of work every other day = labor cost of $0.83/day. Say 5-10 weeks, depending on the plant, and that alone is a base cost of between $4 and $9 just for your time spent watering. 10 minutes for weeding is another $8-$9 of effort.

Okay, granted, average wages are significantly less than $50/hr, but that’s the point – fix inequality, and the cost savings become too small to matter to most people, and gardening becomes about the satisfaction of growing your own food itself.

Anura January 22, 2017 12:19 PM

I’m a programmer, dammit, not a mathematician! You can’t expect me to remember to include all the terms in my calculations!

$0.8375 = $29.05 (there is more than one day in a week now)

My Info January 22, 2017 12:33 PM


Non-farm labor productivity …

Meanwhile, back at the ranch, we need someone to reprogram those GPS-controlled tractors that are supposed to carefully adjust fertilizer application based on an analysis of last year’s aerial photos of the greenery of wheat fields. Not to mention those computer-controlled combines are breaking down at harvest time, and we can’t get these non-farm techie laborers to help fix them.

Wael January 22, 2017 12:36 PM

@My Info,

False. Complexity is antithetical to security. Otherwise known as KISS

You’re absolutely correct. When @Dirk Praet said:

complex realm that is high-assurance security, …

It’s clear the adjective “complex” applies to: “realm that is high assurance”. That is to say: methodologies of formal methods – not ‘Security’ – is a complex field. Slight miscommunication, that’s all.

Anura January 22, 2017 12:44 PM

@My Info

Huh? Farm productivity is irrelevant to a suburbanite, only the price of food, their income, and the effort it would take for them to produce.

JG4 January 22, 2017 1:00 PM


robotics is poised to take over a major share of tending plants. it is interesting that the debt bubble and the sickcare scam will unravel at roughly the same time that a major shift in the nature of work is playing out. you’d prefer that the headwinds weren’t all coincident

@My Info

it is not complexity itself that is the problem, but the probability of system failure associated with new systems where the links are uncertain

as an example, cockroaches are a marvel of complexity, as are most living systems. apparently cockroaches, in spite of their complexity, are thought to be one of the more robust species on the blue marble of unanticipated consequences.

the F-35 and a recently launched US supercarrier are good examples of overly complex systems. the problem isn’t complexity per se, but fragility, because the subsystems are poorly designed, poorly implemented and poorly coordinated. more to the point, critical system functions are premised on unproven subsystems where both the subsystems and links between subsystems are prone to failure. a chain is only as strong as its weakest link

the key question is, “where do you want to be when the grid fails?” it is not a question of whether the grid will fail, but a question of when, and for how long. there should be a power law that describes the probability of failure and the length of failure. any failure can be the last failure

Anura January 22, 2017 1:05 PM


Poised? US manufacturing output is up over the last decade, manufacturing jobs are way down. It’s already happened for the most part.

Dirk Praet January 22, 2017 1:59 PM

@ My Info

False. Complexity is antithetical to security. Otherwise known as KISS …

Look, mum, more slogans 😎 Suffice it to say we are all eagerly anticipating your simple but very secure solutions, and preferably explained in as few words as possible. Because less is more!

PS As @Wael already pointed out too, please try to read my comments correctly. I don’t think either my vocabulary or grammar are overly complex.

@ Wael, @ Clive

Wouldn’t it be rational to expect the bad guys to adapt one way or another? Or is the plan to catch the petty schmucks who can’t read English?

What we’re seeing here on the old continent is the same sort of over-reaction as in the US after 9/11. I highly doubt that any of the newly adopted draconian surveillance legislation is going to make us any more secure. While impacting the entire population, the only people that are actually going to get caught by it indeed are the schmucks and the entrapped.

And expect @Rolf Weber to be entirely up in arms against the article’s (mis)representation of the grounds on which Safe Harbor was repealed by the EUCJ. In July last year, he apparently even filed a complaint for “misrepresentation of facts” with the NDR German TV station that had alleged the same in a news program.

MarkH January 22, 2017 2:14 PM

SLBM Went Wrong Way in UK Firing Test

This happened in June, but wasn’t news at the time because:

• the missile was not armed
• though it went in the direction of the USA, it presumably didn’t land there (more’s the pity, but better luck next time to all you Great Satanists!)
• the UK government hushed it up

A few weeks later, the UK Parliament (unaware of this malfunction) voted GPB 40,000,000,000 for “renewal” of Trident.

Questions which spring to mind:

  1. When a missile designed to carry a nuclear warhead, and with enough range to threaten five continents at once from a broad area of the Atlantic ocean goes the wrong way, is that bad?

  2. Might the Parliamentary vote have gone differently, had the members known about the failure?

  3. What does it tell us about PM May, that when asked in the house four times by an MP whether she knew about this mishap before the big-money vote, she refused to answer?

  4. How will this play out for May, when she is already summoning mythical forces to explain why Brexit won’t be tough for the UK?

Anura January 22, 2017 2:28 PM


Before deciding the entire future of European nuclear policy, the question that needs to be asked is “How many failures out of how many tests?” A single incident of a machine failing is not evidence of a flaw or a problem; all machines fail some of the time. It doesn’t even indicate that a warhead would detonate if this was a real scenario (which I have absolutely no knowledge as to the safeties, but even RPGs have arming safeties so I suspect there’s been some consideration about what happens if a warhead goes off target).

Figureitout January 22, 2017 2:38 PM

–Depends on what you define as “productive” and creating value, not just pushing money around, stacking papers…actual value creation. I don’t trust those numbers, generally find a big BS method they use, like unemployment.

It’s not work either if it relaxes your mind and “gets you away from the computer screen”. I surround myself w/ computers so I don’t need that much but others do. A lot of places in my area have “community gardens” that get you acquainted w/ your neighbors which would have mental health benefits and even security a bit too if everyone knows who lives in community as opposed to strangers.

I agree w/ inequality but this is about actual food production when we start running out of space for more farmland, it could be pretty big IMO w/ minimal work and if you use water from drain spouts, won’t take water (unless you live in a desert).

Wael January 22, 2017 2:57 PM

@Dirk Praet, @Clive Robinson,

While impacting the entire population

Although the ‘terrorism’ reason was given as the main trigger, the implications mean constant monitoring of internet activities: web browsing habits, emails, social media connections, etc… that would be collected in a big data perhaps to predict potential threats. I wonder if TLAs spy on one another within the same country.

Anura January 22, 2017 3:08 PM


Labor Productivity = Total value of all goods and services produced/Total hours worked. What matters to the individual is whether or not they can work for more money than they can buy the food with in the same effort. That said, the reason that production seems so virtual to you is because so much of it is just irrelevant overhead (rent and the cost of the infrastructure for collecting rent, as well as the externalities and the cost of the regulation required to reduce them) which is significantly reduced if you significantly lower inequality, and thus the number is much more representative of the average person’s potential real income. I also suspect that inequality is lower productivity just due to the emotional toll.

I’m not convinced we have a land shortage problem; we have the capability to feed the world, we lack the infrastructure to do it. Now, I’m all for urban gardening, but if in terms of land use you are better off having more farm land and less urban land in terms of both cost and housing space. A large farm can use land significantly efficient than a bunch of small gardens.

I’d rather spend the time on vertical farming, put resources on polyculture farming rather than monoculture – the latter takes more work, but produces higher yields with less use of pesticides and herbicides (and possibly water, but I can’t find enough confirmation). Vertical farming is something we need to tackle before we can realistically move to space colonization (which seems to be a little higher on my list of priorities than the rest of the world)

Wael January 22, 2017 3:12 PM


This happened in June, but wasn’t news at the time because:..

One day a weapon strong enough will be developed. This weapon won’t need a delivery vehicle. Country X says: attack us, and we’ll detonate it in our own land. Say goodbye to your miserable blue marble. We’re all living on the same ship. Does it matter where the big hole is poked?

January 30th, by the way happens to be the birthday of someone who saved the world from a nuclear war: flotilla commander Vasili Arkhipov. I wanted to keep it for a “happened on this day, 61 years ago” post, but I knew something will come up and make me forget (and I put it on my calendar, too.) Better to be early than sorry…

albert January 22, 2017 4:15 PM

I take your point, but you’re still thinking in the old capitalist paradigm: higher efficiency -> lower prices (-> higher consumption). It’s true if your goal is lower prices. My goal is lower -emissions-. So you don’t lower prices, you take part of the windfall as profit, and invest the rest in renewables research.

Traditional responsibilities for energy suppliers include maintaining and upgrading infrastructure. These responsibilities are traditionally shirked. Companies usually need to be dragged, kicking and screaming, to the fire, where they are forced to do the things that they ought to do.

Everyone in the energy sector needs to participate. If the gov’t needs to force them, then so be it.

. .. . .. — ….

Clive Robinson January 22, 2017 4:38 PM

@ Wael, Dirk Praet,

Wouldn’t it be rational to expect the bad guys to adapt one way or another?

Yes and no and it depends on the type of bad guys.

In the case of ME terrorist organisations looking to recruit from the West for the so called “Jihadi Brides” etc, it’s a no. There is only a very limited Number of things they can do and still reach out, even with recruiters in the West the likes of traffic analysis will pick up changes in traffic patterns irrespective of encryption or mix-nets etc.

If however you are looking at what most of us would regard as Organised Crime, they have many more options with current technology like burner phones etc.

If you then look at the more technicaly sophisticated then even State level surveillance is going to end up wanting with the likes of SDR and similar to even not particularly sophisticated ham radio enthusiasts. The simple fact is that with sub $1000 you can get equipment to put together MIMO systems that to all intents and purposes can be made not just secure but in a radio network make working out who is communicating with whom and when a real if not bordering on impossible challenge.

Thus the level of surveillance is not going to be effective for the stated purpose… And I guess I don’t need to say more in this respect.

My Info January 22, 2017 5:06 PM


… flotilla commander Vasili Arkhipov.

Yeah. Like some gangster on a street corner who was about to stab someone to death with a knife, and then decided not to, so he is credited with saving that person’s life. Right.

@albert (¬ einstein)

My goal is lower -emissions-.

I’d suggest that you figure out how to lower your own emissions first and stop infringing on my right to fart. If you want to go nuclear, stop talking like a jailbird about it and come out and say so.

@Clive Robinson

Re: unencrypted burner phones etc.

That is, if you talk on the phone. Otherwise, well, there are browsing habits, texting/typing biometrics, linguistic analysis etc. to go by. All of this seems to be available by a simple Internet search, and none of it seems to be top secret. I’d rather follow a discussion in plain English than all the buzzwords, jailhouse talk, and drug dealing cant.

Anura January 22, 2017 5:09 PM

@My Info

When you find your own planet, you can do whatever the fuck you want to it. Until then, stop pretending like people are infringing on your rights for telling you you can’t poison them.

Dirk Praet January 22, 2017 5:39 PM

@ Wael, @MarkH

This happened in June, but wasn’t news at the time because:..

Downing Street obviously covered it up to prevent the impending Common’s vote on the renewal of the Trident program to literally blow up in their face.

There will be some pretty annoying parliamentary questions in the days to come, but I somehow expect the debate to rapidly shift from what was covered up by whom to who leaked this sensitive information and what foreign government was behind it 😎

@ My Info

Please send your resume to the new US Department of Alternative Facts. I hear they have some interesting vacancies and judging from your communication style you’d fit in perfectly with the rest of the crew.

Wael January 22, 2017 6:04 PM

@My Info,

Like some gangster on a street

Evidently analogies aren’t your forté. But I give you a +1 for the good chuckle I got out of your cockeyed analogy 🙂

and stop infringing on my right to fart.

You ‘leaked’ too much information, so to speak. Apologies for the ‘buzzword’. You live in West Virginia, right? You didn’t get away with it the first time with LE. Learn from your mistakes!

65535 January 22, 2017 8:03 PM

On the Lavabit 2.0 [Lavabit reloaded] start-up, aside from the theoretical crypto problems, there is the much bigger problem of banking OPSEC. Lavabit 2.0 requires payments. You have to signing up and sending money via some method. That is the banking business record trail problem. Traditional banking records eventually lead to your Name, age, Social Security number, physical address and phone number [your phone number may also be your internet connection if you use DSL] and so on.

All most all banking transactions are traceable in the long run. Sure, Bitcoin with mixers and blind pre-paid credit/debit cards are possible – they are cumbersome and eventually leave some trial to the owner. That could lead to one being placed in a database or two.

Lavabit 2.0 should have a free version that is comparable to Proton mail or Hushmail. Sure for 5 to 20 GB service a price is warranted. I know that Ladar Levison needs startup capital just like any business – and he did spend time and money fighting the government for his customers – which I like.

But, any banking transactions open up a possible trail and possible identification of the individual accounts [the business records rules – “National Security”… blaa..blaa..blaa].

In fact, the whole privacy movement needs a way to capitalize their projects without painting a target on the back of their customers. Maybe, privacy laws for business records and banking transactions need to be implemented. Maybe, the use of off-shore digital currency needs to be simplified. Or, maybe a good discussion on banking OPSEC needs to take place. Do we have any financial guys on this board that could come up with a solution? If so, speak up.

Figureitout January 22, 2017 8:14 PM

–Ok, depends on definition of “value” then. I’ll leave it at that since this’ll go on forever. Some individual’s think about where their food’s coming from and the effects of GM is an experiment where we’re the guinea pigs…We know that having only one type of pollen in an area affects bees, generally the hives are shipped in, then shipped out, and it stresses them out. The honey doesn’t have a mixture of all kinds of pollen that some people swear helps w/ allergies.

Automatic tractors and other tech in agriculture is kinda interesting. More robots would be great so long as they’re reliable and long-lasting. But relying on large farms, if there’s a drought somewhere, then at least that crop will take a big hit and prices go up like $5-$10 at worst.

I’m saying do both at the same time, to have a surplus of food, farmers and people who trade crops on the market won’t like that b/c it’d drive down prices. Lots of food can be frozen or canned. I’m not going to be optimistic that’d happen but I imagine so much food, the only reason people starve is b/c people don’t want to interact w/ the homeless etc. I don’t like getting panhandled, don’t even like looking at them getting negative thoughts or walking under dark bridges at night and other day I felt slightly threatened and prepared to fight during broad daylight. Wanted a gun.

There’s a ton of little pockets of useful land that does nothing, takes practically no maintenance, and produces food. Urban planning is..well it doesn’t change much once roads and buildings are laid down, you get stuck w/ whatever stupid layout of the city from 100’s years ago.

Yeah we talked about that here a couple years ago, I was thinking either mountains w/ steps (like in South America), extra water trickles down to lower layers so more efficient w/ heavy rains. Or spirals that spin in the air, so all sides get sunlight, same amount of sunlight is coming down on earth, there’s just lots of it that gets wasted. Personally tried cucumbers (they grow in long vines you can put whatever way you want) on corn plants, they both grew well, the extra weight didn’t collapse the corn plant. Corn doesn’t have huge output though. It’d be really interesting if some combination does well together and we get more food per square foot/meter.

Other scientists are/have thought about this I’m sure though…Last comment to you if you want, back to work.

Anura January 22, 2017 8:45 PM


Don’t get me wrong, I have nothing against (sub)urban farming, but the reason to support it simply aren’t because of the cost of food. It’s because it is just plain satisfying for many people whether because they enjoy gardening, or they enjoy vine ripened tomatoes that were ripened on an actual live plant and don’t taste like water.

Really, we need to focus on outcomes, not output. Cost is something you focus on if you want to maximize output (the focus of Western economic policy for some time now), while the quality of food, use of pesticides, environmental damage, etc. are things we should be concerned about (well, starvation takes higher priority in my opinion, but we can end hunger with good food).

GM crops are one of those things that aren’t inherently bad, but how we are currently using them is in two primary ways: 1) To make the crops resistant to pests and 2) to allow massively increased use of herbicides in no-till farming. That heavy use of monoculture farming makes plants extremely vulnerable to disease, pests, etc. and require significantly more chemicals. This is why I advocate large scale, organic, polyculture farming – using multiple crops that keep disease and pests from spreading, and that can keep them under control using natural pest control (e.g. carnivorous insects), while also choosing complementary crops in rotation so they use the nutrients in the soil more evenly and require less chemical fertilizers. So not only is it more land efficient, but it is healthier, and better on the environment.

And yeah, value is one of those things where we like to pretend like it’s something, but it’s really not. Technically, it is the maximum someone is willing to pay for a product but behavioral economics pretty much refutes the idea of this being meaningful. So, really, when everything is said and done, when we talk about macroeconomics value and price are basically interchangeable. So for the sake of avoiding further argument, value = price for the purposes of my statement.

As for the cities – if you want to look at wasted space, look at how much space is used by roads and parking lots compared to sidewalks and buildings (as much as 50% in some cities in the US). It turns out a car is larger than a person[citation needed]. Imagine what you could do with all that space if people only used public transportation, bicycles and legs to get around. Not to mention

Thoth January 22, 2017 8:52 PM


Monetary transactions would leave trails and that’s how it works. An interesting idea would be a community funding pool and runs off crowdfunding. Emails would be available for community starting with very low email storage and inbox capabilities. The more funds collected over a month, the inbox and email storage would expand a little but if the next month it were to see lesser funds, the storage would hover about the same and if the fundings are seeing a downward trend for 3 months in a row, the email storage and inbox would start to shrink.

The mix pool method for using crowdfunding is that each transaction are traced to a pool of funds but the pool of funds means nothing and does not mean the person who donated to the funds is an account holder and vice versa.

This allows some pseudo-anonymity and even a flexible plan for the email storage capabilities.

r January 22, 2017 8:55 PM


RE: Free Lavabit a la ProtonMail see: Sigaint.

With Tormail gone, it’s the only alternative in the same flavour that I’m aware of in operation currently.

r January 22, 2017 8:57 PM

There’s also musings about something called Monero ?

Might be worth looking into.

Could be a honeypot as always, but if your opsec is good your opsec is good… right? 😉

65535 January 22, 2017 10:21 PM

@ Thoth

“An interesting idea would be a community funding pool and runs off crowdfunding. Emails would be available for community starting with very low email storage and inbox capabilities. The more funds collected over a month, the inbox and email storage would expand a little but if the next month it were to see lesser funds, the storage would hover about the same and if the fundings are seeing a downward trend for 3 months in a row, the email storage and inbox would start to shrink. The mix pool method for using crowdfunding is that each transaction are traced to a pool of funds but the pool of funds means nothing and does not mean the person who donated to the funds is an account holder and vice versa. This allows some pseudo-anonymity and even a flexible plan for the email storage capabilities.”

That is a good idea. I am not sure how varying size of donations to the pool would be allocated to mailbox size and so on. But, it’s not a bad idea.

@ r

“see: Sigaint. With Tormail gone, it’s the only alternative in the same flavour that I’m aware of in operation currently.”

Ouch, the speed of Tor is not a selling point. This is true which a doctors, lawyers and hospitals have to attach several 900 page pdf’s with insurance, medical, and financial transactions to several different entities… [cough Medicare]. If you are tech savvy and have time to spend it not too bad of a solution.

Clive Robinson January 22, 2017 11:33 PM

@ My info,

That is, if you talk on the phone. Otherwise, well, there are browsing habits, texting/typing biometrics, linguistic analysis etc.

You also forgot location / time of day habits as well.

Not sure what you are actually referring to with “texting/typing biometrics” but if you are talking about typing cadence/timing in terms of key presses, that requires there to be additional software on the phone. Which currently would suggest the phone is already associated with a person of interest, so would suggest it has not been used as a burner phone.

With out going into the long details, suffice it to say that all these systems are statistical in nature. Most require rather more than a single use to provide an indicator of who is using, it’s the “Find Fix and Finish” (FFF) issue that “brings hellfire by drone” that ME terrorists have developed OpSec methods to mitigate.

Further if you go and look at my comment again I said,

… they have many more options with current technology like burner phones etc.

I didn’t mention the use of codes and ciphers. As I’ve indicated before One Time Systems are rather broader than just One Time Pad ciphers, it also covers One Time Phrase codes. These are the equivalent of the WWII “and now some messages for our friends” broadcasts by the BBC to SOE and other agents in occupied Europe.

Further I did not limit the technology to just burner phones. There are a large number of alternative technologies available to those who put a little thought into their OpSec.

There is however a funny side to this, which is getting the Law Enforcment Organisations doing your research for you and telling you what works and what does not work… If you look at the likes of the UK’s Association of Chief Police Officers (ACPO), they are a “trade body” with all the failings of trade bodies. That is they make much of their work public including their “scare pieces” to put preasure on those who hold the purse strings. The thing about the scare pieces is that they have to be well researched if they are to work, thus you can read the Police current capabilities and future worries in such documents. Likewise student thesis and dissertations are available as are many academic papers. Whilst not an “in” to the “methods” of the national signals agencies do provide fairly current methods that can be implemented with quite small budgets.

For those that are realy cautious, the old time proven OpSec methods are available in any number of books and manuals etc.

Unlike many people Organised Crime participents have not got to where they are by being incautious. Thus unlike most people who won’t follow good OpSec procedures because “they get in the way” those in organised crime tend to, rather than the alternative of spend long periods in jail etc.

People tend not to know the early history of “technical measures” in criminal activity and law enforcment. In that it was the likes of the Mafia deploying listening devices against the LEO’s rather than the other way around. The nature of this information war between “Cops-n-Criminals” is we generaly only get to hear about a small percentage of the failures by some of the criminals, as it’s not in either sides interest to make the successes known.

Jen Gold Stockholm January 23, 2017 3:41 AM

@ Nick P

reviewing some of the links to squids you provided – or maybe it was Wael,
to 2012 Castle vs Prison

the overal discourse as a whole in freya squids from years back seems stronger and more cohesive, and indepth , than it seems to more recently

If it’s not too redundant 4-5 years on, you said the following to Wael –

And Clive definitely wont be offended by anything u say unless you’re trying to insult him. This blog’s readers are quite diverse but the regulars are laid back about things. We just come to share knowledge and have good discussions. > We also shun Slashdot types 😉

what is a ‘slashdot type’ in the perjorative? (I get that it’s a tech forum, never spent time there and I know Clive has written about avoiding it’s shoddy code + js like the plague. I guess you mean a particular kind of fixated, finicky mindset hung up over specifics and not relaxed enough to tolerate anything broader

@ Wael
by the way thanks for the amazing grace rendition. Now once more, in Arabic (with feeling)

tyr January 23, 2017 3:48 AM

Check out this honeypot. The implementation of the
dangan makes Orwell look like a simplistic type
of pollyanna.

Best of all it apparently thinks obscurity is the
way to do security of records.


The interesting thing to me was that Al Capones
businesses were mostly staffed by undercover
police agents. Later on most of the KKK were
FBI agents provo. So the interconnected nature
of cops ‘n robbers sometimes becomes quite a
comedy of implementation.

Wael January 23, 2017 4:52 AM

@Jen Gold Stockholm,

Now once more, in Arabic (with feeling)

Getting a bit on a topic that I can’t easily tie to security, but I’ll try…

First of all, the Arabic versions I found didn’t sound as nice as the English originals. It’s easy to search for them to see what I mean. The words are also different and I can’t translate while I’m multitasking with work things. Perhaps another time! By the way, I rarely listen to music.

But: For your eyes only! Jennifer Grout. It’s remarkable that her pronunciation of all letters is perfect! Strange name similarity coincidence, wouldn’t you say? You’re not Jennifer Grout, are you? 😉

This one may sound somewhat familiar to you.

I predict in the future we’ll be playing a game of: post arbitrary topics, and see the most innovative ways to tie them to security. Lol

Security piece: Jennifer made it safe back home. There!

I exceeded my quota and increased my noise to signal ratio. I’ll need to take a small break. And I had less than 5 hours of sleep this weekend.

ab praeceptis January 23, 2017 7:49 AM


OK, OK, I got the message.

Beautiful woman comes here, I get a nice sentence and Clive gets the kisses.

(Which could be interpreted as: on top of it she is smart, too, and comforted the ugly guy somewhat but kissed the handsome one).

MarkH January 23, 2017 8:03 AM


Minuteman III test launches have the capacity to abort in the case of going off course (range safety). Perhaps Trident can do the same thing. Of course, war launches cannot apply such a system.

If a missile goes the wrong direction because of a failure in its flight control system, it might be able to detect that and not arm the warhead. If the guidance system is giving wrong data, however, that condition might not be detectable.

As a practical matter, once long-range nuclear missiles start flying, it won’t make much difference if a few make 50 km2 holes in friendly territory.

Nick P January 23, 2017 11:00 AM

@ Jen

I’ll illustrate the drop in comment quality of Slashdot by showing the same article in it and Hacker News: Hacker News and Slashdot. The Schneier forum is at a low point right now (almost chaos). Some good discussion was happening recently, though. It’s sporadic. A great example of the older discussions is this one that resulted in patentable inventions. Coincidentally, my skim showed I had a comment in there bragging of the blog’s quality. Uniquely, appropriate reference I guess. Haha.

I have links to a lot of my old essays and designs that were hosted here. I might post them if you want. Either now or later when I have them trimmed up. Accumulated too many files from years on the site. 😉

Ted January 23, 2017 11:54 AM

The Senate Armed Service Committee will form a new Cybersecurity Subcommittee.

SASC Chairman John McCain voiced his desire to create a cohesive policy framework to guide the U.S. response following a cyberattack. According to this article, the Armed Service Committee is empowered with significant legislative oversight of military and national security policy, as well as the Pentagon’s budget. Mike Rounds (R-SD) will serve as chairman, Bill Nelson (D-FL) as ranking member.

AJWM January 23, 2017 2:06 PM

robotics is poised to take over a major share of tending plants.

That’s been happening for a while now. Not so much in food, but mostly in the area of a certain cash crop which is still illegal in a few states. 😉

vas pup January 23, 2017 2:55 PM

Cambridge scientists consider fake news ‘vaccine’:

“The idea is to provide a cognitive repertoire that helps build up resistance to misinformation, so the next time people come across it they are less susceptible.”The study, published in the journal Global Challenges, was conducted as a disguised experiment.More than 2,000 US residents were presented with two claims about global warming.
The researchers say when presented consecutively, the influence well-established facts had on people were cancelled out by bogus claims made by campaigners. But when information was combined with misinformation, in the form of a warning, the fake news had less resonance.”

Time and again, that may work if you really looking for truth, i.e. open-minded

Sancho_P January 23, 2017 4:47 PM


I think we still have a misunderstanding:
Technics doesn’t necessarily solve our problems, on the contrary.

Re: ”I take your point, but you’re still thinking in the old capitalist paradigm: higher efficiency -> lower prices (-> higher consumption).”
Um, the old capitalist paradigm – but when will it end, – when we end?
No, it isn’t “my goal against your goal”, it’s about reality:
The windfall won’t happen.

So you’ve changed the focus from efficiency to lower emissions
that’s a slightly different target, but again,
it’s the wrong (technical) end of the sausage (as are the renewables [1]):

Whatever we achieve in efficiency and low emissions, we can’t outpace the growing demand from (already existing) world population without devastating our spaceship.

The problem is the factor of un- (or low-) developed populace and their desire + “right” to our (so called western) basic affluence (housing, water, electricity, heating/cooling, education, job, mobility, …).

The appropriate formula is: I = P A T
(Impact = Population x Affluence x Technology)
[Paul Ehrlich & John Holdren] See: [2]

When we accept our all entitlement, then we must accept that technics, including renewables, can’t hold that promise.
On the contrary, until technics is used to hide the real problem from society,
technical measures just increase the speed to a dire end.

We should understand that our planet is an island.
– A small one:

He Wa’a He Moku,
He Moku He Wa’a

[A canoe (is) an island, an island (is) a canoe]
(ancient Polynesian / Hawaiian saying)

I’m afraid we enthusiastic technicians are drilling holes in our canoe.

Energy supply is paramount, one step behind potable water.
Sadly ‘renewables’ is a disguise for business by taxpayer’s money and doesn’t hold water (pun intended) in large scale and durability.
Take solar electricity, too much technology involved for 7 billion people, let alone the unsolved storage issue (Lithium isn’t a large scale solution).
In countries with plenty of sun the (dust covered) panel temperature easily rises above 160 °F (= low efficiency). Due to high UV and temperature changes the durability is 3 – 5 years (should be 20 to repay investment and use of resources for production + installation).
Also the technology is too much for the simple minded people, we have dozens of (EU- subsidized) units here on public buildings, I bet not one still working, just toxic waste.

For an eye – opening starter (and interesting reading) I’d recommend:
– although Alan Weisman seems to have some hope to stop the self-destruction.

Clive Robinson January 23, 2017 6:08 PM

@ vas pup,

Time and again, that may work if you really looking for truth, i.e. open-minded

As Sir Terry Pratchett once noted

    “The trouble with having an open mind, of course, is that people will insist on coming along and trying to put things in it.”

possibly_clever_stupid_or_other January 23, 2017 7:01 PM


From above:

“I wonder if TLAs spy on one another within the same country.”

I don’t know, but:

1) That might not be legal; Thus various tlas, leos, etc., might need to launder intelligence thru an accomodating Five Eye, Israel, Russia, China, etc., if available. In other words, similiar to how historically NSA and GCHQ may not have spied on citizens in their respective countries; to keep it legal they may have spied on citizens elsewhere (NSA on citizens in Great Britain; GCHQ on citizens in the USA)

2) OT. I assume that numerous tlas and leos routinely, if not constantly, surveil the internet in the USA. When I am surfing the internet in the USA (w/ or w/o Tor), for example, say I click on a FBI link. Then I might click on, from among, DNI, NSA, CIA, DEA, HSA, local or state police or sheriffs’s departments, etc., links or websites to perhaps get interest or attention from various other tlas or leos.

Clive Robinson January 23, 2017 8:07 PM

@ possibly_clever_stupid_or_other, Wael,

In other words, similiar to how historically NSA and GCHQ may not have spied on citizens in their respective countries; to keep it legal they may have spied on citizens elsewhere (NSA on citizens in Great Britain; GCHQ on citizens in the USA)

There is no “may have” in it, it’s exactly what they did and will continue to do even with the likes of the “Snoopers Charter”.

The whole IC system was designed as such prior to the BRUSA –now UKUSA– intelligence sharing agreement, in part on the principle of “Keep your enemies close, but your friends closer” and the fact the IC in no way trusts politicians or the other elected representatives, and see themselves as above national politics almost as a brotherhood or fraternity. UKUSA is all the so called “Special Agreement” officialy is, which UK Politicos try to talk up as something else entirely for the sheeple, much to the UK citizens loss.

I’ve mentioned it a number of times on this blog long prior to the Ed Snowden revelations, however dissenting voices raised the noise floor above the signal level of the message. Even now dissenting voices are still trying to raise the noise to hide and thus quench the message, and unfortunately they are succeeding. Thus the general populous sticks it’s head back in the sand, leaving their nether regions both raised and undefended for not just the FiveEyes but others to take advantage of by invading the intimate parts of the general populous’s lives as and when they please, over and over. On the excuse of “All for the greater good”[1].

[1] The phrase “All for the greater good” is even more blood chilling than “I was only following orders”. Because it is the excuse those giving the orders use to absolve themselves of any of their excesses or worse that they ask their authoritarian followers to do. It is the collective “Divine Right” that is an anathema to the democracy and meritocracy of any nation and it’s citizens.

r January 23, 2017 8:50 PM


If communication via dead drops is too hard for you there’s always meeting someone at your local police department (craigslist style). Sarcasm aside, there’s always side channels that are reasonable faster and you just have to perform the modulation over Tor or ‘directly’ anonymized channels.


Imagination is the key to sharing ideas.

There’s no reason for frame size to stand in your way.

r January 23, 2017 8:53 PM

My main problem has always been comfortably getting a PSK outside of the border, that’s not an easy task within the current environment and my lack of actual mobility. Not that smuggling a PSK outside of the states is at all that important or anything… BUT having redundant paths is always a nice feature.

Wael January 23, 2017 9:52 PM

@Clive Robinson, possibly_clever_stupid_or_other,

That might not be legal

Who’s going to catch them, and what could they possibly do about it? Sue them?

The few neurons left are firing blanks right now, so I can’t tell you what happened in court after the CIA sued the FBI for spying on them. The judge happened to be in someone’s pocket. Complex litigation! The jury? Hand picked by yet anothet TLA… what a mess.

leaving their nether regions both raised and undefended for not just the FiveEyes but others to take advantage of by invading the intimate parts of the general

Oh, the English Stiff Upper Lip! I don’t mean to be rude, but what exactly are you insinuating? 🙂


Kind of* not kind have.

That’s just great! Add to my misery… Couldn’t sleep and I’m approaching my record…

Kinda expected it! Old habits die hard. Still, be careful. And I’m keeping score.

possibly_clever_stupid_or_other January 23, 2017 10:04 PM

Attn: Anybody
From: Possibly clever, stupid, or other

From @r above:

“… there’s always meeting someone at your local police department …”

How about state or federal departments, if available nearby, too?

From @Clive above:

“… The nature of this information war between “Cops-n-Criminals” is we generaly only get to hear about a small percentage of the failures …”

The above mentions of constables on patrol (cop) and police reminded me of something. That something is:

Around 15 years ago, post 9-11 in the USA, iirc a local police union representative was on a radio talk show. Iirc he said something like “it is often deadly for local police when they are working a case with federal police on that case”. It wasn’t clear if he was discussing independent or joint investigation.

Regardless, I never found that radio show with a broad internet search.

Could that mean the federal police get their undercover officers out first?

Does anybody have any other:

1) ideas about what the local plice union representative might have meant?

2) books, novels, or other (including fiction or non-fiction sources) that pertain to this?

Jen Gold Stockholm January 24, 2017 1:11 AM

@ Nick P

“I’ll illustrate the drop in comment quality of Slashdot by showing the same article in it and Hacker News: Hacker News and Slashdot. The Schneier forum is at a low point right now (almost chaos). Some good discussion was happening recently, though. It’s sporadic. A great example of the older discussions is this one that resulted in patentable inventions. Coincidentally, my skim showed I had a comment in there bragging of the blog’s quality. Uniquely, appropriate reference I guess. Haha.

I have links to a lot of my old essays and designs that were hosted here. I might post them if you want. Either now or later when I have them trimmed up. Accumulated too many files from years on the site. ;)”

appreciate the response. great experiential comparisons between forums there! Perhaps you could :CC both forums on your example also 😉 in line with the advice in a famous book by Dale Carnegie. Not.
still getting stuck into the EBS post – gosh theres some gold in the archives here!
“Bruces Golden Goose”

thanks for essays suggestion. I know you have some serious resources – rather than impose with a specific enquiry pointing in certain directions, anything you feel inspired to share will be certainly appreciated , no less because you may feel to choose your contribution en par with the zeitgeist. or the present time psycho climate/ brain-culture of some of the regulars here. Did I just use the word psycho, and regulars, in the same sentence?

I have a link to your link farm from mid last year which was hidden amidst some detailed startup advice you gave a budding infosec HW enthusiast. The merest notion of ‘da farm’ is daunting so I sheepishly admit I haven’t ventured into it yet – like many here, already many pages of links to review & grok

sorry if it’s not your thing at all but for you, there’s this for you @ Nick

Timmy January 24, 2017 1:11 AM

Many servers still remain unpatched and vulnerable to stolen credit card details and credentials. Very easy to make automated multiple captures of online payment on vulnerable systems. Management continue at failing to secure online stores handling large quantities of online payment and properly vet staff or take security warnings seriously.

42,032 Heartbleed vulnerabilities US

15,380 Heartbleed vulnerabilities RoK

14,116 Heartbleed vulnerabilities China

14,072 Heartbleed vulnerabilities Germany

Wael January 24, 2017 2:54 AM

@Clive Robinson,

Roger that! Cleavers to moil seep through transparent fingerprint(s) obfuscation techniques.

Jen Gold Stockholm January 24, 2017 3:10 AM

@ Wael

what sublime music! Habibi! one of the intertubes links you gave wasn’t available outside of your country though. Thanks so much !
now, just to retrospectively make it OT. People that don’t speak english are human beings too? With better singing voices? well, for the DOS trolls (two are currently engaging fertile minds on other threads) that there’s a start..

Thoth January 24, 2017 3:26 AM


re: Failed SSL/TLS setup allowing Heartbleed

Not surprising that security is difficult to setup. Some devices are not going to see updates any time soon especially for IoT devices or remote stations.

One example is to tell a web administrator to deploy TLS certificate on their Apache web server and give them the link below, I wouldn’t be surprise the web administrators who have never touched security or the sorts would make a ton of errors.

One part that most people get wrong is the key generation where people without the know how will have no idea what is the difference between a private key or a public key and probably don’t care to know more than to simply mimic the command line examples (especially those with bad documentations and poor examples).


Clive Robinson January 24, 2017 3:36 AM

@ ab praeceptis,

Beautiful woman comes here, I get a nice sentence and Clive gets the kisses.

Age hath it’s privileges, oh and creaky joints…

@ Jen Gold Stockholm,

You may or may not know, that there is a secret under current of esthetics in this blog, for instance Wael does poetry as well as humorous song.

So a little poem,

Roses are red,
Violets are blue,
You blew me a kiss,
For which I thank you.

You have fluttered a heart,
In young AB aloft,
And inspired Wael to words,
In a tune quite as soft.

But not to forget,
Nick with a P,
With link farm immense,
As you will see.

Thoth January 24, 2017 3:53 AM


Good luck to all my U.S friends and readers.

Brace yourself for a tyrant that will make your life only worse than ever.

Someone who does not blame himself for failing in the popular vote but to put the blame on “illegal immigrant voting”, are we going to see a yet another war started by the US (probably in the South China Sea) ?

You can start to imagine the power such a tyrant can wield with the surveillance infrastructure that Obama put in place and the expanded presidential powers that have been granted.


Clive Robinson January 24, 2017 5:53 AM

@ Thoth,

Brace yourself for a tyrant that will make your life only worse than ever.

From the link you gave is this interesting quote,

    Trump told the congressional leaders — including the Democrats — that it’s his intention to provide “something that is better and more affordable” than Obamacare

From what I can tell the only real winners out of Obamacare is the rent seeking midlemen insurance companies and those associated with them. One key indicator of this is to look at their share price etc throughout the BO administration.

Thus if the Donald wants to do what he indicates the best thing would be to put a bullet in the insurance companies heads and take the financial and administration “in house”. It would probably half if not quater the payments made by people virtually over night.

Only he’s going to face realy stiff opposition, those insurance companies are dug in worse and are more dangerous to US citizens health than ticks with lymes disease… Also to the Republican’s increasing the size of Government, which bringing in house would do –even though more efficient and less costly– is a total anathema.

I can see the Trump Administration, having to fight the GOP at almost every turn with libetarians tea baggers and worse screaming “impeach” at every opportunity. I’m suggesting that a comfy chair and endless refills on popcorn might be in order for non US citizens this is going to be “real reality entertainment” with no TV punch line.

JG4 January 24, 2017 6:11 AM

Big Brother IS Watching You Watch

The best days of the internet are over – now our privacy will suffer New Statesman

Edward Snowden: ‘Faith in Elected Leaders’ Is a Mistake Americans Keep Making Truthdig

Chelsea Manning’s Existential Threat to American Innocence The Baffler

r January 24, 2017 7:47 AM

So Snowden weighs in from Russia with an opinion piece based off his impartial view of the construct he saw as a lowly windows technician. Mouths are open leaks, mine is too. But his true credo drops less and less considering when did he have time to view all of his exfiltrated data? prior to HK? prior to RU?

So does he have it now?

Has he been able to wade through all of his leak?

He’s done at this point, nothing more than a duck call – a false mouth piece for spooking the spooky out of the swamp.

I am not impressed now that things have calmed down.

Duck Duck Gustav.

r January 24, 2017 7:50 AM

At this point I think he’s part of the long game of arborists everywhere, a plant.

A masterfully organized well placed future trellis for your eyes only.

Open your eyes, let the light fill your brain like a lightbulb.

Clive Robinson January 24, 2017 8:53 AM

@ r,

Is there anything else that’s been fudged outside of your bubble?

Well… The usual suspects for this sort of fudging is food and it’s adatives, closely followed by beauty products.

Possibly the most obvious these days is “vitimin pills” and “supper foods” where kale is the new spinach. Not so many remember spinach as a “super food” these days but at one time a slip of the decimal point put it’s iron content up so far it should have been attracted to magnets, which as it was not, should have caused pause for thought amongst scientists. As part of this propergander it got included in a well known and at the time liked cartoon “Popeye the Sailor Man”.

The fact of the matter is dark green leafy vegetables can and do kill people with certain quite common illnesses. Ask anybody on blood thiners what happens to their INR if they are not careful with such vegtables. But simply your INR heads rapidly south and your risk of heart attacks, strokes, TIAs, cerebral edema (CE), pulmonary edema (PE) and DVTs heads north just as fast if not faster.

One common blood thinner is Warfarin, better known as “Rat Poison” which should give you a hint as to why they don’t want you taking a great deal of the stuff. If you decided to follow some of those “nutribullet” recipies for breakfast etc you would need to take larger quantities of rat poison, certainly enough to make doctors quite twitchy in prescribing it (to see why there is something known as a “loading dose” where due to the three day half life of warfarin you take a double dose for three days, fine if your normal dose is 2-5mg daily, but what if it’s 13-16mg? the usuall guidence for warfarin stops well below 20mg because the prescribing model is also nonlinear…).

Dirk Praet January 24, 2017 9:51 AM

@ Thoth

Brace yourself for a tyrant that will make your life only worse than ever.

I don’t usually share YouTube videos – especially if they’re not on topic or have little to do with security – but this here one in which a Dutch talk show host introduces The Netherlands to Donald Trump is just too good. Chuckles guaranteed for both supporters and, err, other people.

@ Clive

I’m suggesting that a comfy chair and endless refills on popcorn might be in order for non US citizens this is going to be “real reality entertainment” with no TV punch line.

The unfortunate difference with shows like “Temptation Island” and the shenanigans of the Kardassians being that this comedy of errors is likely going to affect us here on the other side of the pond too.

zuc January 24, 2017 7:41 PM

A report with the University of New South Wales and the University of Berkeley has revealed that these apps are not as secure as they make out to be.

The report looked at 283 Android VPN apps, investigating a wide range of security and privacy features.

Alarmingly, the report uncovered that not only did 18 per cent of the apps fail to encrypt users’ traffic but 38 per cent injected malware or malvertising. 84% leak user data.

Full report:

Timmy January 24, 2017 9:36 PM

Thanks for the link Thoth, I’ll pass
along to some of the admins who seem to still be having trouble a couple years on from being warned the customers on their online stores were actively having their CC details snaffled (though I do wonder if some care and leave the banks to pick up that bill).

On a brighter note.

Owners of the following Netgear routers can install firmware updates to the old snaffle your admin interface vulnerability that has been available to remotely log in to for quite some time now.


Get your firmware updates

Jen Gold Stockholm January 25, 2017 12:12 AM

@ Clive Robinson

“You may or may not know, that there is a secret under current of esthetics in this blog, for instance Wael does poetry as well as humorous song.

So a little poem,

“Roses are red,
Violets are blue,
You blew me a kiss,
For which I thank you.

You have fluttered a heart,
In young AB aloft,
And inspired Wael to words,
In a tune quite as soft.

But not to forget,
Nick with a P,
With link farm immense,
As you will see.”

@ Clive:

I see your hand, and raise;

Clive the Tech Wizard
Abides in Shakespeares land
He inherits Electro Mystery
from Ancestors grand

Weaving thread all esoteric
With comrades fair footed and clued
Like Dirk Wael Nick and AbP
And the odd tricky fool ta-boot

With such splendid EdumacKation
And former military stripes (Ivan Reitman?) & shoes
I dinnae ken what crypt-tech portal
Magus Clive Sage canna purview

The lone question on Schneier lips
The sole thing confounds us so
If Clivey be a bona fide bonnie Bard Englishman
Why he be spelling esthetics the way he do?

Clive Robinson January 25, 2017 4:08 AM

@ Jen Gold Stockholm,

If Clivey be a bona fide bonnie Bard Englishman
Why he be spelling esthetics the way he do?

A good question esthetics / aesthetics can be spelt either way…

However for an excuse made up on the moment… As I’ve mentioned afore I use a touch screen mobile phone and the distance between the E and the R is small and I occasionally hit the R not the E this I am in danger of mispelling AES as something more base, and thus causing embarisment…

So how do I score on the “wriggle out of that” scale? 0:)

P.S. With words like bonnie, canna, dinnae and ken, you might be suggesting not Englands bard, but Scotlands Robert Burns who’s birthday it is to day.

So for those who’s kin hail from north of the border, may you be blessed with afair puddin this night,

Fair fa’ your honest, sonsie face,
Great Chieftain o’ the Puddin-race!
Aboon them a’ ye tak your place,
Painch, tripe, or thairm:
Weel are ye wordy of a grace
As lang ‘s my arm.

And raise an honset dram in appreciation.

Oh and for those Scots “down under” I hope you have the stamina to keep going and sing tommorow a verse or two of the unofficial national anthem with the vim and vigour it deserves.

Douglas Fairbanks Jr January 25, 2017 1:16 PM

“Oh and for those Scots “down under” I hope you have the stamina to keep going and sing tommorow a verse or two of the unofficial national anthem with the vim and vigour it deserves.”

the day widely known as Invasion Day (1) you mean? there are gradual moves to use another day to acknowledge the founding day. Most people are offended by the occasion.
A current crowdsourced advertising campaign is using the anti-piracy advertising concept known in australia (you wouldn’t steal a car…you wouldn’t steal a handbag..) and saying “you wouldn’t celebrate hiroshima. You wouldn’t celbrate 11-9 , you wouldn’t celebrate the nazi death camps. So why celebrate invasion day?’

(1) 26 January, the offical day the english (Clives ancestors) established a presence in sydney, australia, after/during the wholesale genocide of the indigenous population

Jen Gold Stockholm January 25, 2017 1:44 PM

@ Clive Robertburinson

Robert Burns knew a thing or two about security

no justification for spelling necessary. You’ve explained before about using hand-phone & possibly suggested another sensitive reason for your spelling choices. I was just teasing about your non-english [read: US] spelling of esthetics. The potential for mishap with AES is hilarious!!

I initially wrote ‘military stripes & shoes’ then delighted in the idea your memories (1) of basic training may be akin to the movie Stripes, with yourself as the Bill Murray character. Hence inserting the name of the film’s director

(1) this is verging dangerously close to a ronnie reagan, for which I apologise

Anura January 25, 2017 2:54 PM

So Donald Trump has recently bragged about how the markets react to his tweets. So, imagine you hacked Donald Trump’s twitter account. What tweet could you send out to do the most damage to the economy? Like, imagine saying that you are no longer going to honor foreign-owned treasury bonds. How much damage could that really do? Obviously, there would be a sell-off of stocks and bonds, mostly automated, followed by a closure of the stock market, but depending on how large and how quickly it happens, as well as whether or not confidence is restored, we may or may not be able to recover.

So, worst case scenario, twitter could be a single failure point for the US or possibly even global economy.

gordo January 25, 2017 4:15 PM

The World Economic Forum is treating fake news as an urgent matter of global human rights
Alison Griswold | | January 25, 2017

While Davos concluded last week, WEF is set to continue these conversations through its Global Future Council on Human Rights. Over the next two years, the 20-plus person group will look at how large internet companies are governed, especially where privacy and free speech are concerned. The council will examine how algorithms can act as a “form of de facto governance,” co-chair Michael Posner told Quartz, as well as how best to limit the spread of misinformation, political propaganda, and extremist content online.


Meanwhile, Facebook CEO Mark Zuckerberg has hired the men who got Barack Obama and George W. Bush elected and plans to tour about 30 US states in 2017, raising questions about his own political ambitions. (Last week, he met with pastors in Waco, Texas.) A world in which Zuckerberg pursues public office while also retaining control of his company is one where matters of data privacy, free speech, and the governance of powerful tech companies become even more important.

See also:

The Fourth Industrial Revolution: what it means, how to respond
Klaus Schwab, Founder and Executive Chairman, World Economic Forum
14 January 2016

Ultimately, the ability of government systems and public authorities to adapt will determine their survival. If they prove capable of embracing a world of disruptive change, subjecting their structures to the levels of transparency and efficiency that will enable them to maintain their competitive edge, they will endure. If they cannot evolve, they will face increasing trouble.

This will be particularly true in the realm of regulation. Current systems of public policy and decision-making evolved alongside the Second Industrial Revolution, when decision-makers had time to study a specific issue and develop the necessary response or appropriate regulatory framework. The whole process was designed to be linear and mechanistic, following a strict “top down” approach.

But such an approach is no longer feasible. Given the Fourth Industrial Revolution’s rapid pace of change and broad impacts, legislators and regulators are being challenged to an unprecedented degree and for the most part are proving unable to cope.

Associated graphic: Navigating the Next Industrial Revolution

shhh January 25, 2017 4:18 PM


Don’t give away the name of the game before everyone else has the chance to understand!

shhh January 25, 2017 4:32 PM

@Dual Use

Two opposing answers. Neither of them have to be specified for the more thoughtful in the audience.

65535 January 26, 2017 6:19 AM

@ r

“…there’s always side channels that are reasonable faster and you just have to perform the modulation over Tor or ‘directly’ anonymized channels. Imagination is the key to sharing ideas. There’s no reason for frame size to stand in your way.”

That still does not answer the question of OPSEC. What methods other that very secure email solve the small business owner’s problem?

On on-job injury case, include huge quantities of privileged [lawyer] information in pdf froms have to flow back an forth between two, three or more parties securely. That is just the way USA laws are written. This same factor applies to journalism and many other communications.

All of that information is high privileged yet must be transmitted and digested between the owner his attorney and Medicare… and various workmen compensation state organizations.

There HIPPA and Medicare laws and other laws with secure requirements and time limits. This occurs frequently in the States. Yes, speed is very necessary given the personal injury lawyer that could be hired by the opposition. Tor is slow and hard to widely adopt.

You recommend dead drops and advertisement forums which are clearly illegal in these cases [dead drops don’t prove you received the email and wide open add list are a violation of confidentiality].

Which bring us back to the public email service available [hushmail, proton mail and a small group of marginal email providers]. Do you suggest Tor? Do you suggest dead drops for Medicare? I don’t see it happening – until the speed of delivery is improved.

This whole issue circles back to wide spread state sponsored spying with then slowly becomes the standard for private investigators and hackers. We see this race to spy with various fiber choke points. We can guess what the NSA used a few years ago will now be standard for police and private investigators in due time.

The race against spying on the wire must be beaten by encryption and anonymity on the wire – which Tor is only helpful in small cases. If any of you posters have better solution to private email servers, hushmail and proton mail [and maybe the new lavabit 2.0… when ever it is available] speak up.

Dirk Praet January 26, 2017 6:55 AM

[Moved to Squid to avoid @Moderator from slapping us on the wrist for straying too far off topic]

@ Clive

The question in both cases is “Why not?”

It’s probably a combination of riding the wave, nest feathering and the assumption that eventually he will change. History, however, has taught us over and over again that this type of person does not change. Once they have tasted power, it just emboldens them. Whatever Paul Ryan & co. are thinking, they are at a very real risk of going down in history as the Philippe Petains of their generation.

History shows that a US President, whilst not a figurehead is constrained in a number of ways by the other elected representatives who can significantly modify, delay indefinitely or out right deny a Presidents policy objectives.

While technically true (and also pointed out by the WSJ and @Skeptical), POTUS does hold a significant amount of executive powers he can still do a lot of damage with. We are already seeing that with the pile of EO’s he’s signing.

I’m only partly joking when I say that I think some of the Older GOP members would see a Presidential Assassination as the best option if timed right

I concur. They can also hope for (or concoct) a Greg Stillson scenario. But I guess you’re familiar with the work of Stephen King.

Re. First they came for the Iranians

A most chilling read indeed.

r January 26, 2017 7:02 AM


I wasn’t modeling that, In the case of medical info a two channel solution may still work. E.g. bittorrentesq of a double encrypted container who’s identity/knowledge/where-abouts were shared over tor.

Sony happened somehow, you’re right about those circumstances requiring a standardized and reasonably effective means though.

Lawyers have the same problem, you’re absolutely right I wasn’t thinking of ‘required communicae’ but emergency ones.

possibly_clever_stupid_or other January 26, 2017 1:30 PM

Could the below indicate some sort of turf war. December arrest.

From the Washington post (print edition, today): “Former extremist who became FBI informant allegedly caught in sting”
another source:

What might, or is likely, going on here? Anyone care to speculate?

possibly_clever_stupid_or_other January 26, 2017 1:40 PM

First paragraph:
“WASHINGTON — It contained crossed-out phrases and typos. It said that the Sept. 11 attacks occurred in 2011, rather than a decade earlier. It was clearly not meant for public consumption.”
another source:

Clive Robinson January 26, 2017 2:15 PM

@ 65535,

Your problem is more complicated than many other communications due to,

1, proof of delivery,
2, in a timely fashion,
3, with high confidentiality in,
3.1, message contents,
3.2, message meta data,
3.3, message traffic.

Working in reverse order you need a constant data (ie padded and rate controled) token ring pipe to one or more store and forward mix net nodes at the lowest layer to hide the fact there is actual message traffic. To hide the meta data you will need Onion routing as the next layer up and a mixture of padding etc of plaintext prior to encryption to reduce the possibility of known plaintext attacks due to standard file format.

The notion of timely delivery is problematical in that the lower the latency in a mix network the easier it is to do correlation attacks. Likewise the proof of delivery by definition has to be low latency and also provides an attacker with a second attack point in the opposite direction which makes things easier for the attacker.

I’m not currently aware of any solution that fits all your requirments especially at the lowest layers where High Level Attacks are most likely to run “passive attacks”.

Clive Robinson January 26, 2017 2:51 PM

@ Dirk Praet,

Moved to Squid to avoid @Moderator from slapping us on the wrist for straying too far off topic

Fair point.

I don’t know if you have heard the latest, but from what’s been said The Donald has decided to –illegally– withold federal funding to places like New York etc that are not going to play ball –illegally– to his edicts.

And a news item that “all” the seniors at the US State Dept have resigned,

What is not clear is “if they jumped, fell or were pushed”. There is the argument that “political appointees” resign when there is a change of President but that is not always the case, and for an entire team to leave means there are continuity issues.

It’s known that Rex Tillerson was at the very least a controversial appoitment and that there have been indications via the usuall “unnamed sources” that many in the State Department will not work with Trump&Co.

There is already kickback from federally employed scientists etc at agencies where Trump has issued “gag orders”.

This makes the then outrageous “stealing of W keys” from keyboards and typewriters when Bush Junior got controversialy elected appear very tame in comparison.

I wonder if I’m the first to point out that the President can only govern with the consent of the governed. With Trump asking federal employees to do what is at best questionable and probably illegal he is going to get push back. After all it was the US single handedly that destroyed the defence of “only following orders” at the close of WWII and in the process set a legal precedent that still holds today. Thus any government employee, not just military personnel are duty bound not to follow orders if they have reason to think they might be or are actually illegal.

Douglas Fairbanks Jr. January 26, 2017 3:45 PM

@ Clive Robinson

“What is not clear is “if they jumped, fell or were pushed”. There is the argument that “political appointees” resign when there is a change of President but that is not always the case, and for an entire team to leave means there are continuity issues.”

to quote Malcom Tucker, Minister for Communications in the pilot episode of The Thick Of It, to a minister he is kicking out

“We want you to draft a press release saying you jumped before you were pushed. Of course, we’ll say you were pushed before you jumped”

Dirk Praet January 26, 2017 4:58 PM

@ Clive

I don’t know if you have heard the latest, …

I’m absolutely gobsmacked by everything I’ve seen passing by in my Twitter and RSS feeds during the past week. I do not recall ever having seen anything like it, well, at least not in the US. The Twitter row between Trump, Peña Nieto and former president Vicente Fox, I think, is unprecedented, the most recent update being that Trump has announced a 20% import tax on everything coming from Mexico to finance his wall.

The resignations at the state department and US Border Patrol – whether forced or voluntary – are of particular concern indeed, as foreign policy is a domain in which POTUS has very broad executive powers. Needless to say how dangerous this is in the hands of a thin-skinned, loose canon assisted by a secretary of state neither of which have any political or diplomatic experience.

Thus any government employee, not just military personnel are duty bound not to follow orders if they have reason to think they might be or are actually illegal.

Yes and no. If my understanding is correct, POTUS is the head of every single government agency (with the exception of Congress and the judiciary), and can single-handedly impose rules on every agency or even individual within those agencies. We have just seen him exercise that authority in gagging the EPA.

If the last week is somehow indicative of what’s to come, we are facing a president decided on governing by decree, which is perfectly within his powers. Although executive orders can be challenged, the thing to note here is that they can only be challenged by someone with legal standing, i.e. someone who must prove that he/she has been personally harmed by said order. Only then can the court system step in, e.g. by declaring the EO unconstitutional for going against the will of Congress. That rarely ever happens, especially when both houses are dominated by the party POTUS belongs to. Remember Bush Jr.’s Stellar Wind program. And that was not even an EO but two flimsy legal memos.

So in practice I think that any agency or civil servant refusing to obey an EO will first have to prove standing or else will just be gotten rid off. Which not everyone can afford.

To cut a long story short: anyone who believed that Trump was not to be taken seriously or, at least, not literally has just been proven dead wrong and I sincerely hope that at least some of the Vichy Republicans in Congress start to wake up and smell the napalm.

Anura January 26, 2017 5:38 PM

@Clive, Dirk

This is just the first week. Wait until you have the first crisis. Hell, I’m willing to bet that Trump would declare a state of emergency and close all borders at the first sign of a disease outbreak in a foreign country. Hard to say though, we haven’t witnessed how Trump would react to something like that… Honestly, it’s most likely up to his advisors on Fox News, anyway.

JG4 January 26, 2017 6:16 PM

There is another excellent example of a system where staggering levels of complexity don’t adversely affect reliability. Your modern multicore CPU. Like the cockroach, the underlying subsystems are very, very robust. Even though a given state or output has millions or billions of links in the chain of causality, the probability of failure in any one of those links is very small. If we take a system like highway transportation, where the roads are flooded with idiots, psychotics, criminals and sociopaths, enough links in the causality chain fail every day to send 100 people to the morgue, and that’s just in the imperial homeland.

r January 26, 2017 9:06 PM


Well, the idea was to ‘clear the swamp’ or cause a ‘shutdown’ as demonstrated in recent years.

Oh yeah! and with the deficit in such huge disarray Trump did say he was going to work for free – maybe we can apply that to his minions while they wreck shop.


tyr January 26, 2017 9:43 PM

@the usual suspects

The wall is to keep the demo part of the Crats
from escaping to Mexico.

Tor has couple of new browser updates up for


Those are citizens and it includes a few other
types who cause accidents as well.

Its time to buy stock in a popcorn company.

@furloin January 27, 2017 2:45 AM

@tyr @Anura @Clive

“What tweet could you send out to do the most damage to the economy?”

Very simple. All the elected king or suicidal hacker would need to do is say: he and the republican congress is abolishing the federal reserve and the fake currency/fiat known as USD.

WWIII/war against European NWO leaders, China, and Mexico cartels start, assassination of national leader(s), total economic collapse for nations trading USD globally, federal reserve notes become valueless and American debt is payed off, within the following hours if the king did not have a good currency in place to replace the USD or if some nations are actually controlled by the NWO then Russia and Australia would also join in war against the USA, and buying stock in any wall street company will be useless if NWO leaders ditch the USD as currency/nuke the USA. Until their new currency and base of operations appear that is.

Here comes the spammers now….
This blog is about technology. Let us stick to those topics for now instead of the impending doom.


The best move is not to play that way.

If you are transmitting the data across the same physical lines which are being read by the same adversary. Then they have all the data no matter how obscured it is by any method. It is only a matter of time, short or long, depending on how much you confused them from obscurity.

Or if you transmitted only part of the data within their ability to see it. But that implies you have another way(location) of transmitting the data and that the receiver also has that luxury for receiving outside of the same adversaries’ view. Or you can always go back to paper ‘securely’.

Clive Robinson January 27, 2017 4:29 AM

@ furloin,

But that implies you have another way(location) of transmitting the data and that the receiver also has that luxury for receiving outside of the same adversaries’ view.

No you can do what the military do which is set up a fixed bandwidth point to point encrypted link between nodes that remains fully occupied. An observer just sees continuous encrypted traffic, not groups of data that are identifiable as individual messages. Thus the observer has no idea if there are even messages at all, nor how many or when.

One way to set up such a link if bidirectionality is required is to do it as a packet based “token ring”. That is you have a fixed number of packets going around in a circle between two nodes at a constant rate. As these are encrypted at one node decrypted at the next node then changed or ignored before re encrypting to be sent back to the first node the observer just sees encrypted packets. Provided each path in the link uses a chaining mode for the encryption, and a different key and IV for the path, then the observer will just see what is in effect a random packet that is independent of all others.

If a number of nodes are connected up to form a network and the nodes can store and forward then the observer just sees a constant number of encrypted packets that are independent of each other. The observer has no idea of if packets contain message data, signalling or are empty.

It’s something Tor studiously does not do, thus Tor remains subject to “traffic analysis” that a token ring packet passing network does not.

With regards,

Or you can always go back to paper ‘securely’.

The passing of paper is neither anonymous or unobservable in it’s traditional form via a Snail Mail or Courier service. The actuall packets and their addresses can be observed (and apparently are,in the US) and they can be opened without a warrant by a mail “fraud” inspector and the contents copied and logged.

JG4 January 27, 2017 7:01 AM


I might suggest, in addition to long positions in popcorn production, long positions in pitchfork, rope, torch, tar, and feather production.

I did not flog nearly hard enough the brilliant fiction that I posted this week

Privacy concerns prompt protests in California

Public-sector employees across California have camped out in the tens of thousands to protest the state’s new law requiring SAFE (Secure Assessment for Employment) screenings at all government workplaces. The screenings use a machine-learning algorithm developed by Brazil-based NeuroExpose to visually assess an employee’s cognitive competence and level of stress on arriving at work (see figure 1). “Our technology is efficient, accurate, and discreet,” says NeuroExpose spokesperson Julia Krieger. “The assessment process is no more invasive than walking through an airport scanner. And the data collected are automatically encrypted and secured.” Governor Javier Powers, who fought for years to push the new law through, notes, “The screenings will save lives. This is about keeping workplaces safe from those who seek to cause harm.”

turns out that isn’t 100 years in the future

Anura January 27, 2017 12:31 PM

@Dirk, Clive

I’m sure you will find the comments of Trump’s UN ambassador reassuring:

“Our goal with the administration is to show value at the U.N. and the way that we’ll show value is to show our strength, show our voice, have the backs of our allies and make sure that our allies have our back as well,” Haley said.

Well, maybe not when taken as a whole:

“For those that don’t have our back, we’re taking names, we will make points to respond to that accordingly,” added Republican President Donald Trump’s U.N. envoy.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.