Observer March 10, 2017 4:38 PM

FBI Used Best Buy’s Geek Squad To Increase Secret Public Surveillance:

I think there have been rumblings in the past about this? No? Regardless, if true as described then file it under, “Abrogated 4th Amendment”.

But wait, there’s more…

So, law enforcement in the USA can break the law to enforce the law? Very dangerous.

Nick P March 10, 2017 6:03 PM

Thanks to, I found out about a better QuickCheck-like tool called Hypothesis. Currently works with Python. Feel free to check it out.

Also on that site was a TLA+ tutorial by hwayne that uses its PlusCal substitute. TLA+ is the easiest of formal methods to learn and use. PlusCal might be easier. The tutorial shows users how to get immediate benefit out of model-checking for real-world problems. The author used it to knock out all kinds of flaws in their software at work. The tutorial is a work in progress (beta) where author solicits feedback on the good and bad of it. Anyone interested in trying formal methods should try it as it’s never been easier.

Recently looked up the Combinatorial, Testing Presentation for a discussion on testing methods. Still find it amazing how many errors it caught with so few tests in such diverse codebases. One of those things that should be done in fire-and-forget, FOSS software for about every mainstream language to see if it lives up to that claim. Here are some tools for that. The jenny page was interesting because the developer applied it to itself. Resulted in finding 9 bugs.

A while back, I found this presentation by a Stratus representative. Stratus has long made fault-tolerant systems with five 9’s uptime. Main competitor to Tandem’s NonStop (now HP-owned). The presentation does a good summary of the many issues in getting software or systems to run correctly.

On the high-end, this work combines Event-B with SPARK Ada to get benefits of both. Event-B, part of the B method, was used for proofs of correctness in many high-assurance systems deployed commercially & by governments. The method gets to be a pain once working with low-level, concrete software. The SPARK language can automatically prove the absence of a pile of errors that are common in software. It also can take user-supplied conditions about the code to prove automatically or manually. It’s better at low-level stuff than modeling high-level conditions. By combining the two, the full-correctness can be done in Event-B with the SPARK tools reused to prove they hold in the generated SPARK code.

On memory protections, a recent method leverages Intel MPX to do some SFI-style stuff. These kinds of things have a history of getting cracked. However, it’s worth reading and thinking on them for (a) peer review along with (b) ideas for even better ways to leverage MPX or other schemes in commercial CPU’s.

On protocols, here’s an updated presentation on the AnBx method of automatically generating security protocols from specifications.

Maybee March 10, 2017 8:50 PM

@Nick P

Thanks just the mention of TLA (is that Temporal Logic of Actions?) to get me side tracked. I’ve had enough problems trying to understand plain old modal logic. I’ve played around with a probalistic model checker PRISM but I suppose that’s a little different than the model checking you speak of. OK OK back to what I was doing – trying to solve logic puzzles ( ) and proofs in a statement calculus by way of algebra, Groebner Bases, and probablstic methods, but with g generators, 2^g atoms, and 2^(2^g) elements in the statement calculus or worse and network of n objects with n^2 genetators, 2^(n^2) atoms where each atom is equiv to an adjacency matrix, and 2^(2^(n^2)) elements – not possibly manageable numbers of entities and boolean polymonials with up to 2^(n^2) monomial terms, Large disjunctive normal forms ugh!

Need to stategies to whittle down the numbers of generators. Need compact notation to represent sets of conjunctions…
Let’s say abc = 111, ¬abc = 011, etc and x11 = {abc, ¬abc}

And I can’t find this paper “It Probably Works” online anymore, seems paywalled by those evil Academic Journal Publishers…

Nick P March 10, 2017 10:30 PM

@ Maybe

Lamport specifically designed TLA+ for usability over power. He’d rather you get some benefits in hours to days vs jaw-dropping ones over months to years. You should have a lot more luck with it. Hwayne’s tutorial focuses on practical use-cases, too. Good luck.

ab praeceptis March 11, 2017 5:33 AM

Nick P

(re. March 10, 2017 6:03 PM)

Sorry to disagree but to make it short: any and all kinds of unit testing, incl. pimped up ones and nist recommended ones are not solving the problem but rather demonstrating that people haven’t understood the problem field or, more probably, that they want to please the industry crowd (“it must be simple and produce results quickly”).
Combinatorial, pairwise, or whatever, forget it. All of it are post-factum and explorative.

Gladly you also mentioned examples of how to properly do it, tla[+], B, etc.

One point I’d like to emphasize which is also found in harpers/stratum paper is “unexpected situation”. One can hardly stress that enough, i.a. because the monsters that survive proper spec/modelling are to be found in exactly that grey cloud.

The source is the fact that any and all systems are based on assumptions that are a) too simplistic, b) perspective biased, and hence c) quite ignorant.

Probably the main culprit is the still applied paradigm of “step by step recipe”, of a rather serial perception assuming well ordered steps with some limited surprises (e.g. interrupts). THIS IS WRONG, VERY WRONG.

We must learn to perceive our designs, our code, and the “world” within which it executes to be pseudo chaotic. A helpful image/term from our domain would be to not assume a procedural model but an event model.

Any and all systems and parts of systems are a part of larger and more complex (not necessarily IT only) systems in which there are laws that are mostly obeyed but which should be considered as pseudo chaotic anyway.
What we really know (best case assumption) is those laws and the type and kind of interactions that are possible_and_ probable.

That is a major reason why I like the B family: it lends itself well to that realistic perception, it supports “reactive” models, an approach that assumes a chaotic environment, which is the only realistic paradigm.

You mention E-SPARK, one of the most brillant and useful attempts ever undertaken and immensely valuable as it bridges the gap between spec/model and code – unfortuantely at the same time you also mention a demonstration of how rotten and idiotic the academic system is: E-SPARK is all but dead; as soon as a PhD is done, as soon as some grants are used up, they basically drop everything and walk to the next grant.
I say this so clearly because it shows an important problem we have that, however, is rarely seen. Without a proper academia – which is lightyears away from the current grant party whores – we will fail. Simple as that.

So, what’s actually left available? Thet pretty much boils down to microsoft research, Ada/Spark and the works of a few occasional stubborn researchers who refuse to do short lived grant cuircus throw away work (like Prof. Abrial).

ab praeceptis March 11, 2017 5:42 AM


Nick P is right re. TLA+ – but still, that’s with modelling in the software context in mind.

For what you describe you might want to look at SetlX (a modern more powerful Setl) or one of the prologs (which are, contrary to wide beliefs, not logic only). Both are very useful, quite powerful and also nice enjoyable toys. I often use them when playing with algorithms in earlier stages.

ab praeceptis March 11, 2017 5:54 AM

Nick P

re lobster/drmacivern

Pardon me, but I’ve read that drmaciver “article” already a while ago and I found it plain stupid. That guy is a typical example of what I call the evangelizing believers. Yet another member of the “we need to pimp up testing and throw in some (pseudo)science stuff” sect.

I’m so harsh because all those testing fans (probably not even knowing it) usually tell me one thing mainly, namely that they are “hack and test” people striving to get a better reputation while still ignoring principles of proper engineering.

The issue is NOT static verif vs testing.

The issue is whether one acts like an engineer by first properly Spec/Model/designing or whether one is a hacker “rebel” trying to somehow make believe oneself and others that ones work is anything but hacked up crap.

r March 11, 2017 6:28 AM

Too soon?

Germophobes rejoice!

I/This could be fear mongering I suppose, but the word around the office is our resident cancer dog smelled fear in the bathroom yesterday.

We’re not discriminating enough! It’s not about you, there’s alot of unknown unknowns at work here… Your lung cancer might be due to an undermining class IV RNA virus, we’re not discriminating against people when we test and reject you based on your long term prospects of survival and our pocket books.

Like a “good” neighbor, state pharm is? (in your house when you’re gone).

We all have goals, it’s just that some of our goals are more Olay! Olay Olay Olay!

JG4 March 11, 2017 7:00 AM

I was surprised to see a mention of Clive at NC. It’s an unusual name in the belly of the beast. See for example,

here’s today’s dump

Vault 7

The CIA are the real ‘threat to national security’; leaks show they treated software exploits like toys Leak of Nations (Rory). Short and makes an important point re Windows vulnerability.

Julian Assange Press Conference and Q&A on Vault 7, Year Zero and the CIA (03-09-2017) YouTube (furzy)

Or Maybe America Post-9/11 Inspires More Disillusionment? March Wheeler (Chuck L). My view is that this is all due to neolibearlism. You turn everyone into a free agent (in the private sector) or a flexian in government/power circles (see Janine Wedel’s The Shadow Elite) and what do you expect? Loyalty is so 20th Century!

Big Brother is Watching You Watch

Internet of things: Home is where the hackers are Financial Times. Clive will have much to say if he shows up. Oh, and my bank keeps offering me voice verification, and I keep saying, “No way!” And my God, who needs to operate a Roomba remotely?

Congress begins rolling back Obama’s broadband privacy rules engadget (furzy)

Suspect In House IT Security Probe Also Had Access To DNC Emails ILR (Dan K)

Police State Watch

Software results in mistaken arrests, jail time? No fix needed, says judge ars technica (Chuck L)

GOP Bill Would Let Your Boss Demand to See Your Genes New York Magazine (resilc)

House GOP would let employers demand workers’ genetic test results Business Insider (Chuck L). Why aren’t all those freedom-loving libertarians all over this?

Class Warfare

A Family Adventure in Medical Tourism New York Times (resilc). Class warfare because: 1. People should not have to get on a plane to get affordable treatments and 2. Only the at least somewhat well off have the time and money to do that. Having said that, one of the reasons I go regularly to Alabama is dental work there is it is 40% of the cost in NYC (and Birmingham by virtue of being home of the best medical school in the South, does have decent practitioners). And not that I ever want another root canal, but the endodontist I have there is terrific and has quite a few other fly-in patients.

JG4 March 11, 2017 7:09 AM

I think that this comes close to advocating extra-judicial punishment, which generally is counterproductive.

“Every normal man must be tempted at times to spit on his hands, hoist the black flag, and begin to slit throats.” H. L. Mencken US editor (1880 – 1956)

I continue to demand fair and speedy trials before the lamp-posts are festooned with the bodies of the criminals. With that said, I think that we need to see more black flags about. Perhaps as bumper stickers.

Nick P March 11, 2017 11:21 AM

@ ab praeceptis

“Sorry to disagree but to make it short: any and all kinds of unit testing, incl. pimped up ones and nist recommended ones are not solving the problem but rather demonstrating that people haven’t understood the problem field or, more probably, that they want to please the industry crowd (“it must be simple and produce results quickly”).”

Oh no, they are solving the problem. The problem is that engineers unwilling to learn the kind of methods you prefer will nonetheless be developing all kinds of critical stuff. They will have limited time and money for verification. Even those with big budgets prefer methods of thorough testing because the certification bodies prefer that over formal methods [so far]. Therefore, any tools that can find bugs in a push-button way are valuable. One can even argue for that among the formal engineers since it’s a push-button method to get either extra defects or those same ones that slipped past formal methods. Defense in depth applied to verification tools before it was a security strategy.

I think it helps in these discussions to illustrate the point with examples from high-assurance projects that recorded how many defects were caught with each technique. In most, the formal stuff only catches so much. The other methods catch the rest. Two examples: LOCK; Praxis. Formal methods caught even less in many other works since it was too hard to formally express the necessary properties or too hard to prove them.

ab praeceptis March 11, 2017 12:12 PM

Nick P

I disagree, except for the sad but realistic premise that most will do pretty much anything but proper design. Now, if the premise is “proper design? Yuck, no! Let’s just hack” then testing may help to a degree.

That, however, is a premise that is not forced upon us but it is a wanton decision.

As for “the formal stuff only catches so much” I have a clear response: Then they should learn more and do their job right.

(By no means attacking you, but rather the argument) That’s just bullshit.

Granted, formal spec and modelling and design isn’t comfy (in part due to lack of friendly tools) but it is well doable. To avoid misunderstandings: I’m not a formal methods nazi. One may, for instance, check ones model also using, say, Prolog; actually that might even be smarter than force-feeding everything through an SMT solver for some cases. But – and that’s the important point – an engineer does properly research the involved domains.

Funnily that discussion would be moot in most engineering disciplines. Telling a machine builder that he need not care about some metals properties or the environment properties or, hey why not, being at that, that he mustn’t care about the laws of physics would have the engineer looking in a rather strange way at you and possibly call the local mental asylum – but in software dev? Any-fucking-thing goes and the dos and don’ts for engineers weigh little.

Or try telling an electronics engineer to not care about the involved spectrum or about the junction temperature and he’ll have you thrown out of the building. But in software dev? No problem, just hack some’in up.

Math has served us well and didn’t fail on us whenever we needed to describe the physical world. And no some guys want to tell me that “some problems can not be well formulated in a formal way”? Bullshit!

The truth is more like: That industry a) is about turnover and profit and b) it has to work with the human resources that are available.

Who? March 11, 2017 1:57 PM

@ Thoth

I would expect more from Matthew Green. Android and iOS are owned right now, as has been clearly shown in the first batch of the Vault 7 classified documents. I do not trust at all on Apple and Google and have serious doubts staff working on these corporations have the knowledge (or will) to fix their own devices, not to say most devices will never receive a security upgrade! I do not trust on Microsoft either for obvious reasons.

As shown on the Vault 7 documents Signal is vulnerable, not because it uses bad cryptography or the app has bugs that can be exploited. It is vulnerable because it is running on incredibly weak operating systems like iOS, Android, Windows and OS X.

My advice would have been running these tools on the right platform. Why not suggesting at least a sligthly more secure Linux distribution instead?

I agree, journalists are not experts on security. OpenBSD and good security practices are out of question here, not to say specialized operating systems like Genode. But it is not a reason to recommend iOS instead! Perhaps journalists working on information intended to be kept secret should get support from experts hired by their news agencies. Not perfect either, but much better than saying “don’t worry, iOS is for you”.

Who? March 11, 2017 2:11 PM

To be honest we should note that Matt Green’s post was written two days before Wikileaks publication of the first batch of Vault 7 documents. However it has been known for years that IC prefers targeting weak end nodes than cryptography. This is exactly what CIA does to compromise secure communication apps like Signal, this is what NSA does too.

reader March 11, 2017 2:28 PM

Is there a way to deal with trollbots, or is that something we are stuck with, going forward? And how long has it been going on?

ab praeceptis March 11, 2017 2:47 PM


“I would expect more from Matthew Green.” – Why?

I would not. In fact, I find parts of his article plain idiotic. I would expect intelligent and knowledgeable utterings in the field of crypto from Green (which he usually delivers). To expect smart advice from him on other “you know, kind of security stuff” is akin to expecting good cooking from a surgeon.

But – and that’s an important but: He has been asked (probably many times) for advice that is clearly outside his field. Maybe it wasn’t the smartest thing to do for him but I’m under the impression, that Green tried hard and with best intentions to deliver what he was asked for.

The main problem here isn’t on Greens side; it’s on the side of the people who turned to him and bombed him with questions because “you know, he is a security guru”.

Moreover: Nowadays every clueless Joe can’t stop to vomit his “opinion” and views into the public without even being asked; not running away is fully sufficient for many out there to spill the non existing contents of their brains.
I do not at all see any basis to criticize Green. He was asked and begged to say something on that matter and he did; simple as that. And btw., while Greens article is certainly nowhere near the peak of wisdom it’s still lightyears ahead of the average crap offered in the wild out there.

NystagmusE March 11, 2017 5:31 PM

Why would somebody praise a set of sentient beings for their glorious intellect, amazing survival skills spanning thousands of years, problem-solving abilities, sensorial insight, and aesthetic appeal… AND THEN RECOMMEND EATING THEM????


Reconsider what is actually being communicated AT ALL TIMES.

Yes, perhaps you comprehend the behavioral epidemic, also, now friend.

Recipe rejected.
Intellect of the human brain should not implode simply because the stomach is hungry.

“Freedom is the right of all sentient beings.” –Optimus Prime

Bod Dylan's Trembling Eye March 11, 2017 5:41 PM

Re: Signal security

Human Rights Activist: Why am I in jail! I thought Signal was safe?
EFF: Signal is safe!
HRA: Then why am I in jail?
EFF: Because you used it on hardware that wasn’t safe.
HRA: You never told me about that!
EFF: We didn’t want to confuse you. Security is hard. Best to keep it simple.
EFF: Use Tor. Use Signal.
HRA: So what do I do now?
EFF: Tell everyone Signal is safe.
HRA: What?! They read my messages off Signal.
EFF: That wasn’t a Signal problem, it was a hardware problem.
HRA: Is there any hardware that one can run Signal on that is perfectly safe?
EFF: No.
HRA: Then Signal isn’t safe.
EFF: Signal is safe.
HRA: Signal is safe but my messages aren’t safe is that what you are saying?
EFF: Yes.
HRA; Then why am using Signal?
EFF: To keep your messages safe.
HRA: But my messages aren’t safe if the CIA can get to them!
EFF: Don’t worry about the CIA they only target a minority of people.
HRA: But how am I supposed to know who the CIA targets?
EFF: Do you use Signal?
HRA: Yes.
EFF: Then the CIA targets you.
HRA: So what do I do if the CIA targets me?
EFF. Use Signal. Use Tor.

Team Pigkim March 11, 2017 5:52 PM
Developed by OSB (Operational Support Branch), a division of the CIA’s Center for Cyber Intelligence, Fine Dining includes modules that can be used to weaponize following applications:

VLC Player Portable
Chrome Portable
Opera Portable
Firefox Portable
ClamWin Portable
Kaspersky TDSS Killer Portable
McAfee Stinger Portable
Sophos Virus Removal
Thunderbird Portable
Opera Mail
Foxit Reader
LibreOffice Portable
Babel Pad
Iperius Backup
Sandisk Secure Access
U3 Software
7-Zip Portable
Portable Linux CMD Prompt

Thoth March 11, 2017 7:35 PM

@Bod Dylan’s Trembling Eye

You may complain a billion times and it is not just you who is complaining about security not being complete. Most of us on this comments section have already expressed the same concerns but the fact that nobody cares is what is concerning.

We have complained many times bit it had never been heeded.

We shot ourselves in the foot. I guess I am tired of repeating same are many of the regulars. I guess we have to live with it … sadly …

Oh … and profits are more important in most cases 🙂 . That explains the unwillingness to do higher assurance security as it is not profitable.

mostly harmful March 11, 2017 8:35 PM


Is there a way to deal with trollbots, or is that something we are stuck with, going forward? And how long has it been going on?

By “trollbots” do you mean, specifically, people who post comments on this blog that you would prefer not to see?

Myself, I like the ecclectic almost-anything-goes nature of the comments here, and the wide variety of technical/political sophistication represented. The mix enables entertainment and learning opportunities that wouldn’t arise in a more homogeneous venue. And I find it alarming how frequently someone turns up to suggest, one way or another, that all “right-thinking people of good faith” will percieve precisely the same class of comments as spam/trolling/worthless-trash/etc.

Why not make a local copy and edit, for yourself, what you want to read?

Do you honestly trust any stranger (ie, Moderator), however well-intentioned, to curate your reading for you?

Lately I’ve been working on a stylesheet to whitelist/blacklist whoever/whatever I want to see (or don’t want to see) at a given time. I’ve got working a rudimentary version that whitelists/blacklists by commenters names. It’s my XSLT Hello World! project, I guess. (I think it would be cool to be able to whitelist/shitelist comments depending on other criteria, like whether the content matches a given regular expression, but I haven’t gotten that far.)

John Smith March 11, 2017 8:44 PM

Nick P:

Thanks for the links to TLA+. I had an interest in formal methods many (many) years ago (PVS, HOL), but I never got to try those tools on a real project. Slowly, then quickly, I lost touch with the whole FM field.

I have the opportunity now, with a s/w project for automated data acquisition project using legacy (but valuable) test equipment. The TLA+ docs are now on my reading list for my daily commute. And its great to see that this work came from the legendary Leslie Lamport.

Thanks again.

Q March 11, 2017 8:56 PM

Question: Am no security expert and i definately agree with @ab praeceptis that on this issue my opinion should be moot but how would using a live cd ( not tails or the like of that os) be more advantageous than installing an os on a hard drive?
I can definately see how installing updates will be problem. You would be going through CD’s like paper. There is also the issue of installing software and like you pros have said there is no actual hardware controlled USB. Except using two CD’s?( This is what @ab praeceptis was talking about).

But i fully understand what @Bod Dylan’s Trembling Eye is talking about. CIA can’t see what i am doing, we must know what he is doing. CIA can see what i am doing they still want to know what i am still doing.

Wikileaks was actually attacked on twitter for saying that the CIA has broken into Signal and some of these people are actually infosec pros and journalists (like that lady from NYT that always right hit pieces on Wikileaks and also said greenwald was manipulating Snowden leaks) and should know what Wikileaks meant and Julian had to clarify this. CIA does not just target a minority of people. How people can say this is insane.

Winter March 12, 2017 3:43 AM

“In fact, I find parts of [Matthew Green’s] article plain idiotic.”

Then, a pointer to a “correct” instruction manual should be given to journalists and Human rights activists.

What I see instead is only advice to give up and shut up. As Green pointed out, journalist have work to do, and human rights activists will not just be silenced waiting for perfect security.

Until the moment has come you will have constructed perfect security, these users will take what is available.

Who? March 12, 2017 6:12 AM

@ ab praeceptis

I would not. In fact, I find parts of his article plain idiotic. I would expect intelligent and knowledgeable utterings in the field of crypto from Green (which he usually delivers). To expect smart advice from him on other “you know, kind of security stuff” is akin to expecting good cooking from a surgeon.

In my humble opinion Matt Green should refrain from writing such class of advice in the future.

Matt Green is very good in the field of cryptography, so lots of people consider him a guru in security (and I have written “security”, not “cryptography,” here). His post will harm journalists and other people trying to keep their communications secure because most of them will blindly follow his advice as they think “it has been written by an authority in that field.”

No, security and cryptography are not the same… but it has been proved a lot of times in this forum that you cannot have the one without the other.

Clarity Through Simplification March 12, 2017 6:30 AM

The press performs in-depth technical analysis on the many surveillance laws, their terms and policies. Their qualified straw-man analysis allows for both plausible dependability and endless technical arguments. Their real objective is in fact, to generate confusion to obscure the simple truths.

One author finally concluded the surveillance did not occur at least from PUBLICLY available!
One simple fact is the government will do everything within its power to hide its dirty laundry.

Subjects who believe they are under surveillance should never initially get caught up in technical terms except much later in court.

Effective Example
Senator Wyden: “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?”
Director Clapper: “No, Sir.”
Clapper stated that he had misunderstood Wyden’s question and answered in what he thought was the “least untruthful manner”. Later, in his letter of apology, Clapper wrote that he had only focused on Section 702 of the Foreign Intelligence Surveillance Act during his testimony to Congress, and therefore, he “simply didn’t think” about Section 215 of the Patriot Act, which justifies the mass collection of telephone data from U.S. citizens. Clapper said: “My response was clearly erroneous—for which I apologize”. Snowden Justice!

Stop this Nonsense
Have any White House, Trump Tower or campaign communications been subject to eavesdropping or monitoring?
If so, who approved it, when and under what authority?

Thoth March 12, 2017 6:42 AM


“What I see instead is only advice to give up and shut up.”

Good luck for trying 🙂 .

Myself, @Nick P, @Clive Robinson et. al. have tried and have been giving ample warnings and advises and even designs and codes. Some of us (@Markus’s TFC and @Figureitout’s hardware detector thing) goes to the extend of hardware instructions and circuit designs. This blog forum is filled with designs which simply requires searching.

History will repeat itself unless someone makes the due diligence to protect themselves and drop the excuses of not knowing about tech and not wanting to learn.

JG4 March 12, 2017 7:23 AM

I managed to get enough peace of mind out of bottles yesterday to have some lucid thoughts today. We are reasonably clear that the security problem isn’t just writing/finding/testing/getting the right code, because that would be relatively easy. The problem is running code on hostile devices on hostile networks. That neatly boils down to C-v-P. There are solutions, but there has to be a business model to make them viable. The fact that maybe 0.1% of people care about security makes it a lot more difficult to sell enough of anything to to anyone to ever break even. A convenient framework is barriers to entry, which might be bypassed piecewise if some small widgets could be produced that solve even part of the problem. I am ignoring the issues of misuse of security, because that is just as deeply intractable as the misuse of government power.

Big Brother is Watching You Watch

This USB firewall protects against malicious device attacks ZDNet. A public service announcement from Chuck L.

How the UK police can coerce journalists into surrendering photographs CityTor (Chuck L)

Winter March 12, 2017 7:43 AM

“History will repeat itself unless someone makes the due diligence to protect themselves and drop the excuses of not knowing about tech and not wanting to learn.”

We are talking about jornalists, Syrian, Tibetan, and other activists fighting to get the information out. Your “advice” is impossible to follow for these people. It amounts to “give up”. On the other hand, those complaining keep using this insecure technology themselves.

I completely understand how Mat Green’s instruction (with his warnings about its limitations) could become more popular than the fatalism displayed here.

If I were a conspiracy guy, I would suspect most of the complaining about Mat’s advice to be driven by the fear that he might get a following and work would become more difficult for the “bad guys”.

Tor and Signal are far from perfect, but much better than nothing for most journalists and activists. And security is also a matter of the cost of breaking through the protection measures of activists.

Maybee March 12, 2017 7:59 AM

House Republicans would let employers demand workers’ genetic test results:

Now we wouldn’t use AI to do anything like this:

A Chinese government program called the Social Credit System, which is currently in “beta,” seeks to rank everyone in the country.

The Chinese government is compiling data on all citizens based on their legal or criminal records, their financial activity and their activity on social networks. All this data is to be collected, compiled and crunched, resulting in a “social credit score” for each citizen. The score will determine rights, privileges and acceptability in various realms.”

@ab praeceptis

I always wanted to explore prolog, I hadn’t heard of SetLX. Analyzing large data and drawing conclusions is an interesting problem like Ice 9. First there’s the collection of it thru mass surveillance then it needs to be misused…

ab praeceptis March 12, 2017 9:37 AM


a) While the sentence you quoted by itself seems to show me attacking M. Green, my post was indeed defending M. Green.

b) Yes, we are still far, far away from having good solutions. Bruce Schneiers article and some comments clearly show it and remind us of the age-old rule: the weakest link of a chain defines its strength.
Right now, Signal (which, btw, I do not at all trust) and all the other tools are next to worthless as 99,999% of the systems that are used basically are attack vector collections.

c) That does, however, not mean that “the security guys” are bad and incompetent and that everyone else is a poor little victim.
A journalist, for example, should as a reasonable minimum apply no less street smartness than a criminal – in fact, both have to fear very, very similar opponents.

So, just using an iphone or android smartphone and using signal or similar, is, Pardon me, plain stupid and worse, utterly careless. One can do much much better.


I agree. Yes, as I wrote myself, the wisdom of M. Green writing that piece is quite questionable.

However: I – like pretty much everyone with some reputation/knowledge in IT – also get many many requests to give advice on this or that. Most people simply don’t understand that IT is a very large field, easily large enough to be an expert in one corner and an amateur in others. So people keep asking. I know M. Green situation and there is a strong social and psychological element in it, creating pressure to not simply send the people away.

The way I see it, M Green once gave in to that pressure, well intended and under quite some pressure. That was wrong but it was understandable from a human perspective. I see no reason for the harsh criticism that M. Green has to eat now.

ab praeceptis March 12, 2017 9:55 AM


Tor and Signal are far from perfect, but much better than nothing for most journalists and activists. And security is also a matter of the cost of breaking through the protection measures of activists.

Pardon me, No. That’s very bad advice and actually an affirmation of idiotic behaviour based on wrong assumptions.

So, let’s look at just one example to protect themselves better that I would consider much better in terms of safety and security:

Why not use a reasonable perception of reality as a basis rather than signal fairy tales?
That reasonable perception would be something like “I’m a journalist who is quite clueless in ITsec and particularly in ComSec stuff and my opponent is very mighty. So I’ll assume that each and every bit I transmit will be intercepted“. Moreover I could look for information (which is a major part of my job and competence as journalist, no?) about major problems and solutions for mere mortals.
Doing that I would quickly find out that smartphones of any kind are utterly insecure. And I would find out that safety of my data is one thing and that safety of transmission is another thing.

Hence I would ask someone I trust, maybe the IT guy of my newspaper, to prepare a reasonably priced reasonably secure “mobile workstation”, say, a randomly bought good quality notebook with, say OpenBSD on it (and XFCE. I’m a journalist, after all and not an IT guy).

And then I would use that notebook to write and to then encrypt my sensitive files. When I need to transmit some files, I’d buy some USB stick in a random computer shop and transfer the encrypted files onto it. To transmit the files across the globe I would then use another computer with some kind of signal or similar.

That is still far away from the kind of security one would need against an opponent like the fbi but it’s dimensionally better than “oh, just use signal on your smartphone”.

And THAT is also, where M. Green utterly failed. As a cryptologist he can not be expected to be an expert in everything security-related. He can, however, be expected to do MUCH better than basically saying “oh well, use signal and you’ll be fine”.

Winter March 12, 2017 9:56 AM

“a) While the sentence you quoted by itself seems to show me attacking M. Green, my post was indeed defending M. Green.”

Then I misunderstood.

My point is that, e.g., a Syrian refugee in Europe who wants to contact relatives or activists in Syria has few options. Some are better than others. The same holds for underfunded journalists. Instead of villivying Green, I think the world would be better of with an evaluation of the available options.

Thoth March 12, 2017 10:07 AM

@ab praeceptis

Wasn’t there any reviews on the possibly of the App Stores sending corrupted packages into smartphones ? Maybe most people are too happy clicking on that “Install” button to bother to think of the content they downloaded.

I think we are wasting our breath iterating the same thing again and again. The smarter ones (@Nick P, @Clive Robinson et. al.) have not been too concerned anyway 🙂 .

ab praeceptis March 12, 2017 10:20 AM


Oh, the good old “activists” and “refugees” story. Let me tell you something: That “refugees” “activist” pal in Syria needs a bullet proof vest and not a secure communication device (which is provided anyway by cia & accomplices). And frankly, as far as I’m concerned he deserves what he will probably get (a bullet into his head). That just as an aside.

“I think the world would be better of with an evaluation of the available options.” – Well, where is your article? What work have you done so far in that regard? Or are you just demanding?


Yes, probably (reviews). And a loud YES again at “happily (and stupidly) clicking OK on no matter what. Hell, I even read discussions where iphone victims (proud and stupid anyway) actually felt superior to android users because apple has “a better track record in security”. I’m not sure but I seem to have read something along that line from some “experts”, too.

To me those idiocies always sound like “stroke a southern american rattle snake with bare hands rather than a northern one. They have a better track record of being docile and friendly”-

r March 12, 2017 11:26 AM


As per your response to @Winter,

Do you think the FBI possesses attacks far better than the CIA? (Outside of an actual warrant?)

What does the current CIA leak tell you about the FBI and their capability of attack?

What does the current FBI leak about Geek Squad tell you about the FBI?

And you’re still scared?

I’m omitting the rest of my response/rant, I find you exhausting.


Mind you, OpenBSD did just have a ‘client side’ exploit for their WPA2 implementation but I think you will find that for the most part time and time against resources are spent (and allocated) based on a percentage of use… There are more people using linux and windows that sit under their crossherrs than there are OpenBSD users.

That is not negating any specific exploits they may have for such a system/implementation, but considering Theo and crew’s general attitudes towards security and correctness it should be considered considerably more secure or securable than the others.


You will be delighted to know that I no longer think you’re a Russian puppet, but more likely a GCHQ or BND fear monger working hand en hand with the “not-allowed-to-execise-at-home” CIA.

😉 Have a Nice (as in France) day.

r March 12, 2017 11:31 AM


Grab an old Teac CDR, I bet you going to the PROM with it is a far more contrived situation than modern HDD’s.

That old whore of a device has considerably less brains upstairs than a modern HDD and in certain very likely situations older CDR’s you’ll find that some of them aren’t able to be upgraded on the fly.

ATA/ATAPI anyone?

Go check, and start blocking THOSE ‘packets’.

Who? March 12, 2017 11:49 AM

@ ab praeceptis

To me those idiocies always sound like “stroke a southern american rattle snake with bare hands rather than a northern one. They have a better track record of being docile and friendly”-

Something related to the coriolis force on the snakes, I guess…

I am sorry if my words on previous comment sound like an attack against Mr. Green. They were not. But he must understand he is in a position that makes his words being taken [too] seriously by most readers. If he is not an expert on a field he should at least ask his friends and colleagues for advice before posting.

While here, I would say it is time for Open Whisper Systems to reconsider the platforms its Signal client supports. This corporation has no chance to fix the underlying operating system (at least in the case of Apple, Google and Microsoft), and it is currently the backdoor to read messages transmitted using Signal. Same about other secure messaging systems or anything security-related.

Journalists are special as they are sometimes a target of state-actors surveillance, in most cases from corrupt governments around the world.

Dirk Praet March 12, 2017 12:02 PM

@ ab praeceptis, @ Winter, @ Thoth

Tor and Signal are far from perfect, but much better than nothing for most journalists and activists. And security is also a matter of the cost of breaking through the protection measures of activists.

Yes and no. Tor, Signal and the like are quite useful as long as your opponent is not a resourceful state actor and you are not a person of interest to them. If your personal risk assessment results in a critical yes to both, then all digital solutions, including *BSD and XFCE, are out of the window and you will need someone to implement and train you in methodologies and techniques as described by @Clive et al.

To me those idiocies always sound like “stroke a southern american rattle snake with bare hands rather than a northern one.

Whereas arguably it is a choice between Spanish flu and bubonic plague, the entire Android ecosystem is so horribly diseased that I generally recommend iOS to common users who couldn’t care less about corporate or nation state tracking but are weary about falling victim to script kiddies and cyber criminals.

My Info March 12, 2017 3:56 PM


Re: Chinese government program called the Social Credit System and U.S. proposal to let employers demand workers’ genetic test results

Why aren’t all those freedom-loving libertarians all over this?

That is exactly the right question to ask. And the answer is that they are not freedom-loving. This is part of a new wave of hate sweeping America, Europe, and Asia. It goes by many names, but it has always been and is always the same thing:

  • anti-federalism
  • nationalism
  • white nationalism
  • national socialism
  • social Darwinism
  • Nazism
  • neo-Nazism
  • anti-Semitism
  • eugenics

In this paradigm or view of the world, each race, class, or ethnicity has its place and is to be kept in its place. The same holds of each profession or means of livelihood, and genetics, intelligence testing, and psychological profiling are used to determine suitability for employment. There are no human rights in this world view, in particular no right to work, and all rule is, in effect, mob rule, because there is no basic conception of right or wrong, only of the survival of those deemed fittest, and a Holocaust of those deemed “undesirable.”

It is exactly against this that we struggled, fought, and waged war in bloody battle and hand-to-hand combat in the Civil War, and even to the detonation of nuclear weapons in anger in World War II.

Terrorism and jihad are but specks on the windshield, minor distractions to this great war we now once again face after 72 years.

My Info March 12, 2017 4:09 PM

And remember this: those that deemed themselves the fittest to survive are precisely the ones who failed to survive, precisely because they never obeyed such a basic concept of right or wrong: God’s Law is indelibly inscribed into the tables of the heart of every man, woman, and child alive.

Sancho_P March 12, 2017 4:46 PM

@ab praeceptis, Thoth, Who?, Winter, …
Re Matthew Green’s “advice”

”So, just using an iphone or android smartphone and using signal or similar, is, Pardon me, plain stupid and worse, utterly careless. One can do much much better.” (ab praeceptis, my emph)

So, um, HOW?
I think it’s easy to dismiss suggestions (and kill / derail a discussion), but hard to come up with improvements.
There were some hints scattered over the posts here, wouldn’t it be worth to bring that in line?

So, at first, who is the adversary, what is the threat model?
You have to know your enemy and assess their capabilities.

Second, compare that to your own knowledge and capabilities.
After that one can decide to proceed (with xPhone, …) or give up.

Matthew Green’s example was that of a typical (of course western origin) journalist.
Let’s stick to that, as it’s a good example because it is not related to any criminally deemed activity (from our actual point of view, at least …).
Say 3 to 5 years jail time + extradition would be the worst?

It fully depends against whom you are exactly what to try.
And where you are. (think of e.g. Yemen / UAE / Cap Verde / UK / Turkey / …)
Your risk. Your knowledge.
Your stores (COTS / DIY, what can you get / bring in).
Your neighborhood (is a satellite telephone very common there?).

Seriously. Would be “CD-OS (to encrypt) + USB connect to transmit via xphone” an improvement?
And metadata? Using TAILS (“Hey look, here I am!”)?
Combine them?

Any concrete proposal?

@Moderator: Probably it would not fit our host’s blog?

Bod Dylan's Tremebling Eye March 12, 2017 4:46 PM


I agree that insecure hardware is a problem but that was not what I was mocking with my post. I was mocking article like the one below:

There is a great deal of effort by certain parties to try and spin the CIA leak material and discredit Assange. Yet fundamentally Assange is correct about the security of Signal. The amount of fake news, misinformation, and sheer double think in that article by Zeynep Tufekci should alarm everyone in computer security. If there is hackery quakery it is she and not Assange who is peddling it.

ab praeceptis March 12, 2017 6:07 PM


Let me start seemingly unpolitely. You forgot an important factor: What’s the political and social context?

Many are looking for the magic formula. It doesn’t exist. One reason being (you already hinted at it) that there isn’t one danger but many and complex ones. One being particularly ugly is this:

Assume I had the magic formula. Assume I had the special hardware, the secure OS, and the secure coms software. Would that be good? Would that make me a friend of washington, london, brussels, berlin, paris? I don’t think so. Quite probably it would make me a man who gets robbed and then thrown into a prison. Or even a dead man.

That whole thing is a rigged game with walls and mirrors of lies. Nice lies with nice names. Lies that are tasty and easily swallowed. But lies.

“We want security” ? Is that so? Really?

There are billions and billions of $ spent every year for ITsec and even more billions are lost due to bad ITsec. – yet we never arrive; actually we do not even make significant progress.
There are many universities spending fortunes – yet we never arrive; actually we do not even make significant progress.


“We want people to be well and free and healthy” (blablabla) – yet millions and millions die every year while some tens of thousands are getting ever richer.


We know that killing millions of people is considered an acceptable price for getting, say, control over oil.

So, let me ask a question: What is an acceptable price for getting control over almost all information and communication of almost all people?

Answer that question and you find out why IT is not getting more secure but less secure although billions are spent to make it more secure – or so they say.

My servers seem to run ssh. But they don’t. It seems to be broken, my SSH. The very moment when I share what I have developed my servers won’t be secure anymore. So, Pardon me for being an evil man not sharing all his work.

Funny, isn’t it? Those who have secure tools don’t share it (for different reasons). And those who seem to share tools for security don’t offer security but have journalists end up in prison or dead. But they are the “good guys” (TM) and those groups have nice names, preferably with “open” in it or with “free”. Sounds nice.

I have only one solution to give away and I keep doing that (so much so that some consider me boring and unnerving). THINK. Properly. Analyse. Properly. Design. Properly; like an engineer and not like a “cool hacker” (idiot). Then implement. Properly. And always verify.
If that is asking too much, security seems to not have high enough a value.

r March 12, 2017 6:37 PM

@Bob Dylan wanna be,

Listen, nobody wants to bang assange. Nobody, the women who slung accusations at him certainly didn’t want to either. Now that that’s out, how is Astrange a better person for publishing CIA docs?

Certainly HE didn’t leak them, certainly someone merely picked him as a source for such a leak. And yet you would have us hail him as if he’s Snowden?


Spin me around some more.

The only haccusation I’ve seen leveled against him is a) the first one above, and b) that he is serving someone else’s agenda and in doing so serving his own.

Edward lol

Assuage my fears. March 12, 2017 6:39 PM

What Astrange fellow to be most comfortable skirting shirttails for a living.

Sancho_P March 12, 2017 6:53 PM

@Bod Dylan’s Tremebling Eye

Re Zeynep Tufekci

I don’t think it’s written deliberately wrong or with bad intentions, it’s just a bit clumsy, not the straight the technical thinking.
It starts with a stereotyp, makes a questionable turn, next a halfwit statement and then rides that out to the horizon so no one could make it back to the start.
We have a somewhat frequent poster here who is master in that class.

First, she is arguing against the messenger, not the content.
(She doesn’t attack Assange personally, which is noble)

However, here in the interesting part:
”Which brings us to WikiLeaks’ misinformation campaign. An accurate tweet accompanying the cache would have said something like, “If the C.I.A. goes after your specific phone and hacks it, the agency can look at its content.” ”

she makes the turn to CIA and agency.
(Mind you, the good ones, our honorable, legal and authorized personnel – so the whole WL campaign is on the wrong side of law – she intonates the national anthem here, get up!).

Instead, the truth is, the vulnerability is open to friend and foe, the good and the bad, only that we, the users, are the victims in each and every case, from the US to China and back.

But at the end, contrary to our other poster, she’s suddenly back to the core of the issue:

”As with most misinformation campaigns, the dust that is kicked up obscures concerns over a real issue. Device and information insecurity, overzealous surveillance by governments — these are real concerns that call for real attention. Yes, we need to have extensive and thoughtful discussion of these topics. But that’s not what the WikiLeaks misinformation campaign has given us.” (my emph)

A lot of smoke and noise, but here is at least one serious statement.

Sancho_P March 12, 2017 7:00 PM

@ab praeceptis

The political and social context – certainly that’s a point for the story, but it’s only a guide to think about:
– How to dress it up so that the patriots also can think about without fear to act disloyally,
– A kind of handle for others to draw analogies to similar (their) activity / threats.

The innocent (!) journalist reporting abroad about human right issues, bribery, environmental scandals or such. Against the intentions of gov. (e.g. Standing Rock)

No, I don’t think there is one solution for all.
But for your assumed possession of the magic formula be aware that if it would exist it’s an intangible good, no reason to rob or murder – and very likely it would be worthless the other day.

It can’t be one scenario and it can’t be one solution.

Your (SSH) example isn’t about communication, it’s out of context.

Personally I have a different one: The businessman who wants to contact home office to negotiate or change contract terms and doesn’t want competitors (say, the Chinese, the Russians, the Israelis, just to have picture, I apologize) to know before the the own company knows.

Clive Robinson March 12, 2017 7:21 PM

The Security Problem

Is actually two fold, the first part is mitigating what you can not trust, the second is limiting the reach of attackers.

It should be considered utter madness to put a security end point where an attacker can “end run” it either localy or remotely. If that is not clear to people then they should stop reading and go take up some totally inoffensive life style like arts and crafts.

It should likewise be considered utter madness to trust any current hardware, OS or Applications. No if’s no but’s no maybe’s. Go down that track and somebody is going to get as the NSA TAO euphemistic put it “Found, Fixed & Finished”. Which means communicator identified, communications end point fixed by DF or equivalent and hellfire missile dropped in at the earliest opportunity to finnish off the people at the communications end point. If you don’t understand the mentality of the people that do this, maybe stick to flower aranging as arts and crafts might be to racy for you.

The first step is to identify where you can stop the attacker reaching forward. Put simply if it communicates in any way you can not 100% control you can not stop the reaching forward by an attacker. Traditionaly this was done with a trained typist an “air gap” and a print out of what was to be transfered. This was a typical setup in diplomatic and military ComCens. Telegrapher Operators were trained to not just accurately type apparently random five letter groups, they were also taught to read both five hole and six hole punch paper tape and later both seven and eight hole tape. It was tough work especially on eight on four off rotating shifts that could last for twenty or more days at a time, but thats what you got your Special Duties pay for, oh and short sightedness, migranes and chest and gut pains as your stress released bile ate through you guts and gizzard.

As some remarked “there’s got to be a better way” well there is thanks to more modern technology like OCR. Thus you can “Print out, Police and Scan in and edit errors”. The easiest way to police it is to print it out at the destination as well put the two printouts on top of each other on a light box and diffs can be seen. If they match then the chances are everything is OK for that “air-gap” crossing.

The problem with modern hardware is you can not trust it and with various forms of communications built in you need your own SCIF for the end point computer.

That is the bare bones on awful lot of flesh has to be hung, but it gives you the idea of the day to day work “work flow”.

I guess I should ask “Any questions?” but I think I’ve answered most of them in past postings.

Oh one last thing if you can make the air-gapped machine one from 1995-2003 with Win2000 or WinXP or a 32bit version of a *nix and use “ASCII text” only editors, and command line tools from that period you stand a much better chance of controling the end point.

r March 12, 2017 7:23 PM

His ssh example serves to illustrate side-channel alternatives to the open decision to eat at the table the rest of us dine upon each other’s delights at.

I refuse to be a deer in the headlights, locked-in to a tidy little panic before the big splat!…

Obviously, if “they” know who “you” r then you’d better think bigger than swatting flies with your horse tales.

Did I say fish?

The economy of security is a wall to overcome for everyone, if you have breathing room you can give yourself more space – if you do not then it may already be too late for you and no amount of self advertising or agrandeasement will abate the langoleers gnauuing at your open source frets.

We can feel your dismay, it’s not empathy.
We can smell your fear.

Thoth March 12, 2017 7:24 PM

@ab praeceptis

“THINK. Properly. Analyse. Properly. Design. Properly; like an engineer and not like a “cool hacker” (idiot).”

We gotta thank the old days where it is cool to write some random encryption algorithm and everyone gets excited about it. The end result is algorithms and theories that cannot work properly without a proper platform to do it’s security stuff.

The same effect continues with all those FOSS hype and crap going on and people think that a few lines of codes that calls the OpenSSL or libgcrypt library or even NaCL would suddenly make all their communications secure without thinking deeper.

Everyday, new protocols are invented by those who have no idea how to completely secure the stack and simply thrown into the wild and a journalist picks it up and gets beaten up without having to leak their keys since the keys are stored in RAM memory and scrapping the RAM is pretty sufficient since most people don’t turn off their smartphones and even then, could anyone switch off their smartphones fast enough before the attackers snatch the phone and pin the journalist to the ground before the shut down button has been activated.

There is a lot of depths the regulars have brought up. Most people are too concerned with how cool their codes are and their new shiny buttons and GUI while they forget or prefer to ignore the fact that security goes deeper.

Most simply are too stuck on the idea that their smartphones would be good enough encryptors when it has been shown time and time again that smartphones fail at security no matter how hard anyone tries to make it robust using the usual commercial chipsets. When the idea that the few of us here proposed to use an external encryptor, the argument would be the convenience of wielding the handheld encryptor and smartphone at the same time. Most people are not interested when the solution is made up of more than the smartphone itself.

A rather low assurance technique using an external smart card as encryptor (not as a ful security solution) would not even cut most people’s usability scores since it uses a second device and would just create some sort of mental prejudice and barrier in their brains before they even started learning how to use one.

My Info March 12, 2017 7:51 PM

@Frank Wilhoit

Simpler and less loaded: if you act like you’ll never need a friend, then when you need one, you won’t have any.

The only true friend I have ever known is Jesus. Even Jesus’ disciples fled: Judas betrayed him with a kiss, Peter cursed and swore and denied him, and Thomas was in unbelief at His resurrection.

Friendship cannot be forced on anyone. Those who take away minorities’ means of survival and self-defense in the name of the “civilization” of the majority are not friends, but enemies and traitors to all that is good and right.

@ab praeceptis

Assume I had the magic formula. Assume I had the special hardware, the secure OS, and the secure coms software. Would that be good? Would that make me a friend of washington, london, brussels, berlin, paris? I don’t think so. Quite probably it would make me a man who gets robbed and then thrown into a prison. Or even a dead man.

That whole thing is a rigged game with walls and mirrors of lies. Nice lies with nice names. Lies that are tasty and easily swallowed. But lies.

“We want security” ? Is that so? Really?

There are billions and billions of $ spent every year for ITsec and even more billions are lost due to bad ITsec. – yet we never arrive; actually we do not even make significant progress.
There are many universities spending fortunes – yet we never arrive; actually we do not even make significant progress.


No. Not at all a coincidence. You are 100% correct. And “washington, london, brussels, berlin, paris?” Total bilderberg trash! We’re talking David Rockefeller, Zbigniew Brzezinski, Illuminati, royal bloodlines, trilateral shape-shifting reptilians, and all that nonsense. The Asians? TPP? Now you have it, now you don’t!

These elitists are just interested in enriching themselves at the expense of the subjugated classes, and deep down inside they are no different and certainly no better than the Russian thieves in law and Eastern European oligarchs whom they so pointedly snub and exclude from their little club. They’re all a bunch of liars, thieves, and murderers. Every last one of them.

As usual: one wealthy cartel shedding commoners’ blood to fight another wealthy cartel, and no rule of law anywhere.

Figureitout March 12, 2017 10:33 PM

Until the moment has come you will have constructed perfect security, these users will take what is available.
–Then they have a death wish. No when you’re dealing w/ people that will kill you if they find out who’s doing certain investigations or who’s talking to who…not taking the utmost caution and instead just using an iPhone is so careless and will get you killed. Using an iPhone for that threat model is wrong. If you don’t know how to do this securely, then you don’t do anything, you wait and you research until you feel confident enough to risk your life trying. It took me 7-8 years and I was a total novice initially who got lucky I didn’t get caught in my prior life.

If you don’t have any skills in OPSEC, electronics or COMSEC, and you’re trying to fight a dictator online with a movement and exposing corruption etc., who has hitmen at his/her disposal, it likely won’t end well. Plus both ends of the conversation need to be as careful as the other, or one side gets exposed and an investigation begins into the other side.

You use Signal and iphones and the like for conversations w/ your lover (if you care, me and my partner don’t and anyone eavesdropping will probably throw up from the lovey dovey back-n-forth). You use things like TFC, hand-crafted MCU and other hardware endpoints, encryption on air-gapped systems w/ as many transducers and radios removed, OPSEC, data diodes, and other dumb comm endpoints that don’t know who the user is for exposing corrupt governments.

–It was meant for the western world mostly, detecting intruders and providing some court admissible evidence of potentially planting other evidence or just the break-in itself. It was based on my experiences on the attacker-side…the best thing you can do for an attacker is hiding traps and other hidden data loggers, give them tunnel vision and they’ll make plenty of mistakes to give themselves up.

Much more cool gadgets coming in future, but will be awhile. After a few more gadgets I’m going to get into my own computer which will be slow going but hopefully rewarding.

Dilma Jenkins March 12, 2017 11:40 PM

@ Sancho

“We have a somewhat frequent poster here who is master in that class…
..But at the end, contrary to our other poster, she’s suddenly back to the core of the issue:”

who is the other poster you refer to?

No need to bite your tongue. If nothing else the Moderator appreciates self-regulation here

Dilma Jenkins March 12, 2017 11:42 PM

@ Maestro Clive Robinson

“I guess I should ask “Any questions?”

thanks for sharing and for asking. I have a question. Your thoughts and feelings about Elon Musk? I am sure your enlightened musings will be of fascination to us all

Clive Robinson March 13, 2017 4:55 AM

@ My Info,

These elitists are just interested in enriching themselves at the expense of the subjugated classes, and deep down inside they are no different and certainly no better than…

Enriching themselves certainly, but that is not actually their aim which is status, at the least to be “first amongst equals” if not “King makers” and “holding the power behind the throne”.

Many will read “enriching” and make the mistake of thinking it’s just the accumulation of money thus assets that is important to them. That could not be further from the truth, to them money and assets are tools by which status and power are wrought to their will.

Which means that sometimes the things they do will appear to be madness. Status is about a differential that can be observed thus act as a badge of position. Under several old feudal systems the clothes you were alowed to wear fixed your position, likewise the birds of prey you were alowed to keep and all manner of easily seen differentials. It’s one of the driving forces behind idolatry in religion, which was for hundreds of years the equivalent of modern politicians.

It’s a matter of historic argument as to the how, why and when of the first seeds of comerce driven by an industrial manufacturing process began but many quote “pin making” as being the first market disrupter. The result was that the previously very expensive hand crafted pins of very limited supply became much more available, and as basic economics predicts the supply -demand balance point dropped to a lower cost point. What is not talked about as much is the effect on status. Pins were not just utilitarian befor, they were works befiting of status. By concentrating on the utility and fractioning of the task you ended up with high utility pins with minimal adornment thus little or no status mark. The result was to not just reduce the status difference on the pins, the increased utility made the making of clothes easier and thus of higher quality at any given price point, thus the pin knockon effect was to reduce the status differential in clothing. Like it or not but industrialisation reduces the signs symbols and trappings of status. Which is something you realy do not want if it diminishes your status above “the lower orders”.

The result is some strange quirks that, as has been joked, “economists fear to name lest their masters beast be recognised and slain”. Put simply those of high status will quite chearfully –like turkeys voting for Xmass– vote and act to make their lot worse, if it effects the “lower orders” more thus increasing the status gap.

The only use those with status desires have for industrialisation is how to use it to increase their status, which is why we have “luxury goods”. You see this where the fruits of the idustrial process such as force multiplying machines are used to make marks of status. For example a hand bag has basic utility and design. For those seaking utility not status, strength and lightness increase utility, but for those seaking status fragility of adornment and weight of adornment are more important. But to disguse this you hear “hand made”, “hand finished”, “quality of workmanship” etc etc applied to the “look and feal” of the adornment implying rarity thus status without naming the beast.

Oh and of course the manufacture of other status symbols and force multipliers for the guard labour of those with status. Standing armies are status symbols to wave in the face of others, and only used to increace power thus status. The uniforms and insignia reinforcing in the minds of the guard labour their place in the order of things / death.

As a well known Scotish comedian actor and observer of life once pointed out we all suffer the indignity of bodily functions –but not quite in those words– and that nudisum is a leveler of mankind as it strips away the pretention that the enforced uniform of clothes alows.

If you want an upto date examplevof the idiocy that the desire for status brings look at the UK Brexit process. The exiters from the EU have bleeted year after year not about what has been gained, but the loss of their status and the symbolism that represents it. They also lie both directly and by ommision about how much better things were or will be once we have left the EU. The fact is it will be an unmitigated economic disaster their popularist arguments about having hugh savings that will get funded into “social good” such as health and education will not happen it will be frittered away on privatising and selling off of assets cheap so that the politicians friends will suffer the indignity of an increase in status. I fully expect that almost the first signs will be a drop in the life expectancy, with the brunt falling on those without status. Thus the life expectance gap will rise again with those with status living long lives whilst those without status dying at half that age or less. We see this already in London, life expectancy to the west is up over eight years, whilst to the east by a similar distance it’s down in the fifties and well below the increasing age of retirment. Thus those of low status are forced into buying pensions etc they will never live to see, much to the enrichment of those with status that fully expect to live atleast 17years of enjoyable retirment paid for by the deceaseds and soon to be deceaseds contributions to the fund that pays the pension of those with status…

r March 13, 2017 6:37 AM


Where primates are concerned, I doubt there will be too much arguing when I state that in the primate mentality: there are no equals.

There’s silverbacks, women and upstarts.

Are we trying to overturn nature here? 😉

Clive Robinson March 13, 2017 7:07 AM

@ r,

Are we trying to overturn nature here? 😉

As has been noted in the past there are “Hawks and Doves” “The hunter and the prey” or more euphemistic “We went for lunch hand in hand, but only the eaters came back”.

For a dove, getting rid of the hawks that prey upon them will make their lives initially less stressful and longer. To maintain that happy state though, the doves have to learn and practice self constraint, and responsability to the weak.

Most humans do not want to practice self constraint and care nothing for the weak, that is for others in the future to worry about. Thus rather than the stability that constraint –by self or hawk– brings, they prefere the excesses that leads quickly to instability, chaos and extinction of their way of life, if not themselves…

You mean thatvsort of nature?

Winter March 13, 2017 7:19 AM

@Figureitout • March 12, 2017 10:33 PM

Until the moment has come you will have constructed perfect security, these users > will take what is available.
–Then they have a death wish.

I do not know where you live, but over here, we have streets and monuments named after such people from various wars. Think, from other continents, Steve Biko, Nelson Mandela, the Dalai Lama, Ghandi and those helping them.

If you are from the USA, think the likes of Martin Luther King and his people, the underground railroad, the Sons of Liberty.

In your vision, nothing more than a bunch of people with a death wish.

Thoth March 13, 2017 8:50 AM


Smartphone being used as security devices are a very poor idea.

Let’s repeat one more time why they are bad if people still don’t get it. I won’t touch on the more advanced topics like energy level attacks that @Clive Robinson usually mentions. I would only touch on something that would be more available and understandable to the masses.

1.) Bloated Proprietary OS. That’s exactly the problem for Apple. Android is not really open source despite having an open source git repository and is licensed under Apache License. Many vendors implement their own variant of Android on top of the core Android build released from Google and these vendors have the rights to not show you their implementation of Android.

The use of a bloated Linux kernel for a phone OS is problematic as with any other bloated TCBs. Bloated TCBs have more chances of hiding tonnes of critical bugs and patches may introduce more bugs. It becomes an endless crap patching cycle that goes on for infinity since the TCB is a huge bloat of codes.

2.) Insufficient sandboxing and resource protection. Applications are known to be able to interfere with other applications via vulnerabilities in applications and kernel. ASLR for Android have been defeated and who knows how many more memory related weaknesses are hiding somewhere in the bloated TCBs. Back to 1.) where the bloated monolithic TCB is a huge pain and it is a gift that keeps giving. Better examples are separation microkernels engineered for security. One example is the seL4 microkernel which have been designed to take security as first class citizen and the Apache Zephyr microkernel that can be run on portable devices and still in the making is another portable microkernel that has security as first class citizens. No one seems to bother to do more research and fully develop these microkernels into proper smartphone secure OSes. Blackberry have the QNX microkernel but they are now less interested in smartphones and more into sueing others just to gain some cash.

3.) Insecure key storage and key usage. Not all smartphones have hardware backed key storage capabilities and key utilization and management capabilities. The chips themselves are not designed for security in the first place and security are only added as an after thought.

4.) Slow patching and fixing. Not all vendors release their patches on time. Some patches takes ages to roll out and patching should be seen as an “Oh Crap !” thing where the system have already been infected and there is a possibility of mutation. Micro-TCBs would make the infection less effective and the use of proper allocation and handling of resources would limit infection to a very small area. The iOS and Android kernels are monolithic and thus lack the security benefits that security centric microkernels have.

5.) Mass infection. Combining all the above problems mentioned, it is getting cheaper and easier to infect many devices within a short period of time and then over time update the infection to do all sorts of stuff like stealing keys and dumping memory securely to the C&C servers. The assumption that infection have to be difficult is an old idea. Tonnes of undiscovered vulnerabilities in hardware and software are still around and patching may lead to problems when not done properly. Infection can be spread to other non-smartphone devices (i.e. portable USB devices) and these can pose a severe threat.

6.) Opaque and inert hardware subsystems. All ARM A series chipset (A7 and above) comes with ARM TrustZone which the chip maker may or may not include. The kernel and firmware for the TZ partition is behind closed doors and red tapes. Even if the chipset used have TZ “disabled”, it is another avenue where it can be turned into a backdoor (theoretically) due to it’s opaque nature. ARM TZ is only backdoor safe if you manufacturer your own ARM A series chips and write the kernel and firmware for the TZ partition. Due to the immense privileges that the ARM TZ enjoys (imagine a silent super duper root on hardware) that has the ability to inspect the userspace and halt processes as it wishes for dumping and inspection, the TZ partition is extremely powerful and there’s always a what-if that the phone’s TZ is not doing as the phone owner expects.

7.) OTA backdoor. Over-the-Air updates and management can be silently forced to users and this is no secret. It has been used many by certain vendors and unsurprisingly, Amazon have used such feature “Over-the-Air book deletion” feature to quietly remove eBooks from Kindle. Due to the opaque nature of commercialized Android and iOS OSes in real world smartphones, OTA updates can be forced at any moment to supplant your beloved Signal or iMessage with another variant that contains backdoors which you don’t even know.

8.) AppStore backdoor. Do you really trust the software you installed from the AppStore ? What is the likelihood that the binaries have been tampered with already before and after delivery to your phone ? Well sideloading would be better ? Good luck compiling from source and then sideloading. No sane journalists wants to deal with sideloading and compiling from source if they cannot even secure themselves with use of multiple layers of security approach.

These are just the tip of the security pitfall iceberg.

So what are we waiting for ? Propagate the use of Signal, WhatsApp, Snapchat et. al. and tell everyone that insecurity and false truths are actually security and truth 😀 .

There is no solid ground for security on smartphones except for having a separate secure encryptor with it’s own screen and input.

albert March 13, 2017 11:17 AM


Re: Cylance UEFI exploit.

And here I thought it was a major PITA to move a jumper on the MB in order to re-flash the BIOS!

That’s progress….I guess.

. .. . .. — ….

ab praeceptis March 13, 2017 11:36 AM

@My Info

I’m afraid you stopped quoting too early and hence focussed on bleeding dry V. 1.0.

Version 2.0 isn’t simply stealing and enrichment. It’s about full control and
manipulation of the global population.


It’s about time we ask why that is so. Is the problem that thousands of developers and billions of money were just not enough to develop something proper? I don’t think so.

Is it that everybody was really stupid enough to think that being cool, social aspects and a cool T-Shirt was all it needs to develops software? I don’t think so.

Is it really so that some world renowned professors who had actually written OSs, one of them even expressely with solidity and safety in mind, were utterly ignored and sometimes even ridiculed while some first walking attempts in OSs by some finnish student were energetically hyped up and celebrated? I don’t think so.

Is it really so that security experts (and in banking they do take security seriously) thought that basing a major stack on java whose real name should “trouble generator” was a smart thing to do? I don’t think so.


We europeans, too, but especially the americans are largely story based. There often and in many cases is very little reality involved but fairy tales, hypes, show.

Just look at some of the posts here. They really and seriously believe all that fairy tale shit. And they (and we) are intensely trained (indoctrinated?) to react properly. Examples: “refugee” – positive (they may rape, plunder, and slaughter, no matter, they are the poor victims), “activist” – positive. “democracy” – excellent!. “Regime” – evil!

OK, certain “lighthouses of democracy” are actually the worst terrorists and mass murderers in human history but most do not even understand that. They hear and see “democracy” and smile happily like trained Pavlov dogs.

Now, one might ignore the masses of sheeple out there – but: they’re not just out there. They are inmidst of us, of the engineering community, of the security community, of the research community.

What we now see with nsa, cia and accomplices is simply that they played their game too well, up to the point that they themselves have idiots and the work of idiots, too. Just like us.

My prognosis: The real race now is who will develop his own safe stacks and will such escape the panopticon and become a master in the international arena. I bet on Russia and China. The us of a is lost, it’s utterly stupidized and captivated by the ultra capitalism monster it created. And the europeans are hardly more than rotten vassals.

Have a nice day with all the electronic gadgets.

Nickie Halflinger March 13, 2017 12:02 PM

With the TLAs compromising devices and gaining access to text before encryption, does this make cracking the encryption easier since they also have the encrypted text too?

albert March 13, 2017 12:31 PM


Give credit where credit is due.

The UK (along with most every Western “developed” nation) was in a downward spiral long before the Brexit movement. It’s entirely due to fiscal mismanagement by out-of-control financial terrorists, i.e., the banks, in collusion with the Elite-controlled governments. Brexit is Political Threatre*; again by demonizing the EU*. Bad EU.

The banking system is the 362.87kg gorilla in the room. Keep the EU if you must, but kill the gorilla.

  • Didn’t this start with the Immigration Issue?
    ** Ironically, the EU is a big promoter of The System.
    . .. . .. — ….

Dirk Praet March 13, 2017 2:10 PM

@ albert

The banking system is the 362.87kg gorilla in the room. Keep the EU if you must, but kill the gorilla.

Gorillas, elephants and rhinos are critically endangered species we should stop killing. I propose we change the idiomatic expression to “the 500 pound turd in the room” and replace “kill” by “flush”. Especially when talking about banksters.

@ ab praeceptis

The real race now is who will develop his own safe stacks and will such escape the panopticon and become a master in the international arena. I bet on Russia and China.

The US already has all the secure technology and stacks it needs. The question is rather who will find a way to make these technologies both economically viable and appealing.

Scared March 13, 2017 3:55 PM
American Citizens: U.S. Border Agents Can Search Your Cellphone

Rubber hose cryptography:

“One of the officers calls out to me and says, ‘Hey, give me your phone,'” recalled Shibly. “And I said, ‘No, because I already went through this.'”

The officer asked a second time.

Within seconds, he was surrounded: one man held his legs, another squeezed his throat from behind. A third reached into his pocket, pulling out his phone. McCormick watched her boyfriend’s face turn red as the officer’s chokehold tightened.

“The shackles are off,” said Hugh Handeyside, a staff attorney with the ACLU’s National Security Project. “We see individual officers and perhaps supervisors as well pushing those limits, exceeding their authority and violating people’s rights.”

And multiple sources told NBC News that law enforcement and the Intelligence Community are exploiting a loophole to collect intelligence.

Under the Fourth Amendment, law enforcement needs at least reasonable suspicion if they want to search people or their possessions within the United States. But not at border crossings, and not at airport terminals.

“The Fourth Amendment, even for U.S. citizens, doesn’t apply at the border,” said Callahan. “That’s under case law that goes back 150 years.”

Customs and Border officers can search travelers without any level of suspicion. They have the legal authority to go through any object crossing the border within 100 miles, including smartphones and laptops. They have the right to take devices away from travelers for five days without providing justification. In the absence of probable cause, however, they have to give the devices back.

albert March 13, 2017 4:00 PM



I need a better metaphor. Gorillas are not dangerous unless they are threatened in some way, such as challenging their territory or dominance. Ditto for elephants (endangered as well). Neither reflects the parasitic behavior of the financial terrorists, who suck all of us dry for the benefit of the 0.1%. How about the 362.87kg tapeworm in the room?

. .. . .. — ….

Clive Robinson March 13, 2017 5:33 PM

@ Albert, Dirk Praet,

Give credit where credit is due.

I can’t theres not enough space even on the NSA Utah “time machine” to list them all let alone “their crimes against not just humanity, but sanity” 😉

Brexit fascinates me as an object lesson in mindless arrogance of the sort that “Bold but dead and beaten” military campaigns were once all about. It has an enevitability of stupidity about it that is so “English” the Scots are going to have another “fair the well referendum”. Oh and “Claws Junker” is going on about how the brits will rejoin as the brits do well in life boats or some such. It is the like of euphemisms we have not seen in a couple of decades since Eric Cantona’s famous “seagulls follow…” statment,

Clive Robinson March 13, 2017 5:50 PM

@ Albert, Dirk Praet,

Speaking of “gibberish spoken in public” there is a scene in Mel Brook’s “Blazing Saddles”,

That makes both me and my son laugh till tears flow. However my son has comnented that I’m starting to get cranky in my dotage and look like a 600lb gorilla version of “Gabby Johnson”.

I know the Film is “un PC” and one scene “work a number six” should be removed, but it is still one of Mel Brook’s finest, especially with little details like the Gucci saddle bags and orchestra.

Sancho_P March 13, 2017 7:12 PM

@Dilma Jenkins

The poster in question very often is skeptical at points that seem to be obvious to manny. He’s mostly about the messenger, not the message.
Watch out, and you’ll realize immediately 😉

Btw: Diversity is why we are still alive.

Donna de Lory March 13, 2017 8:03 PM

@ Clive @ commenters to recent password thread

bumping this to Squid.
What I haven’t seen mentioned prior is a combination of what you know and what you are. With the proviso there are much smarter minds than I here

So, a password list ( on paper or in a password file) , that contains only part of the puzzle. it also requires you to add or change something, with what only you know.

Three ideas:
1. obscure the name of the account the password belongs to.
2. secondly don’t just have one password for a single entry – have 7 ! which line of random gibberish is it?
3. Thirdly add something only you know. Is it the number 77 exactly in the middle? Is it the second half of the string typed backwards? Something REALLY easy that won’t mean you lose your entire database because of your cleverness

whatever obfuscation is added be totally idiot proof and following simple rules, or just one rule for everything, that is easy to remember when hungover.
for example, when 7 passwords are listed it’s always the sixth one.
just enough obfuscation to confuse an interested party.
incidentally the only password manager I trust is keypass , not least because it is entirely under your control offline, FOSS, allows for a separate key file , and nice features like optional delay for the time to crunch your master password to access, to frustrate brute forcing

Feedback appreciated

Donna de Lory March 13, 2017 8:05 PM

sorry, it would be obvious but meant ‘combination of what you know and what you have’

r March 13, 2017 8:48 PM

There’s a game,

A secure sort, of game

One could call it a shuffle of sorts

Persistence, Depth, Recursion,

Initiated from the first spark of language,

From the first spoken word.

Was it the name of God to utter forth an imagination or an imagination to usher forth?

So yesterday there were little ie pads to leap from point to point,

Today we have two way mirrors with third parties and the real housewives of the district of columbia,


SSDD, welcome to the old world order.

Get with the program,

Chris March 14, 2017 1:12 AM

Hi anyone use firejail sandbox for linux, just did a quick search and didnt find alot of info on schneier regarding it, seems to add some more endpoint security?

Clive Robinson March 14, 2017 8:01 AM

@ Thoth,

Browsers simply take the input as is…

Yes… back in times past browsers did automatically convert %xx back to chars because MicroSoft as usuall at the time decided to “break the standard”.

It’s one of those things you forget about over time, untill you get reminded.

I’d simply cut the body of the URL from a Google search result and forgot to check it.

Whilst I don’t do YouBlube due to javascript my son however against my advice does which is how I knew it was there. Apparently his group of friends finds it funny as well but I don’t know if that is because the clip is funny, or my son has told them he thinks I look like a “600lb Gabby”. I feel it better not to enquire 😉

Any way thanks for fixing it, hopefully you and others will be ammused by it.

Dirk Praet March 14, 2017 8:15 AM

@ Clive

Brexit fascinates me as an object lesson in mindless arrogance of the sort that “Bold but dead and beaten” military campaigns were once all about.

I’ve always thought the UK were only in the EU to hold it back and that the economic benefits it brought especially to the Tories were more of an accidental side-effect than an intended purpose. The Brexit campaign in itself however was like you say an almost unprecedented display of arrogance, deception and cheap demagoguery by a group of people that had no clue whatsoever and who paved the way for a power grab by an unelected authoritarian who is utterly delusional in thinking she can somehow restore the UK (or what’s soon left of it) to its pre-WWII glory.

That said, Brexit and the refugee/immigrant crisis have made it abundantly clear that the EU in its current incarnation is an abject failure. The inability to protect its outer borders, non-existence of a common foreign policy, the “a la carte menu” attitude of the UK, Baltic and Visegrad states and the social safeguards-free implementation of neo-liberal economic policies regarding free movement of goods, services, monies and people have caused massive anti-EU sentiment and the rise of populist parties in what was once the heart of the EEC.

For better or for worse, the EU in its present, Weimar Republic-like form is doomed. Either it transforms itself into a full political, confederalist union in which member states concede (large) parts of their national sovereignty to democratically elected supranational institutions, or it falls back on a more traditional trade bloc in which many of the current achievements and open border policies are turned back. The alternative is staying the course and seeing the whole thing fall apart as one Western European nation after another under pressure of nationalists and populists will bail out.

Last year, nobody really believed Trump could become president or the UK would actually vote itself out of the EU. It would be kinda ill-advised to just assume that folks like Wilders, Le Pen, the German AfD et al in the upcoming elections aren’t going anywhere because the same pollsters who got it spectacularly wrong last year are again saying it’s not going to happen.

JG4 March 14, 2017 8:20 AM

Big Brother is Watching You Watch

Why a House bill wants workers’ genetic information Christian Science Monitor (furzy). Headlines like this make me nuts. Isn’t “why” obvious by now? The “why” is the excuse “why,” not the real reason.

Canadian agency breached as hackers exploit new software bug Reuters

News of the Wired

To spot a liar, look at their hands” [Quartz]. “Those who were lying were found more likely
to have animated hand movements, make strong eye contact, nod their heads, and scowl. When researchers transcribed the audio, they also found that liars were more likely to say ‘um’ and to use pronouns that distanced themselves from the action, such as ‘he’ or ‘she’ rather than ‘I’ or ‘we.’” Now you’ve told them!

“These are the signs a civilisation is about to collapse – and they’re here now” [Metro].
Sort of amazing to see a UK free tab citing Peter Turchin and Arthur Demarest, “a professor at Vanderbilt University who specialises in the end of civilisations… Demarest says that the collapse, when it comes, can be very quick indeed – with Mayan civilisation going from a relative peak in 790AD to being ‘in pieces’ by 810AD.” Not sure what that does to valuations….

Big Brother IS Watching You Watch

Use of high-tech tool to locate shooters may greatly expand in California under proposed bill LA Times

Scrutiny Intensifies on the Warrantless Collection of Americans’ Communications MIT Technology Review

This troubled, covert agency is responsible for trucking nuclear bombs across America each day LA Times

albert March 14, 2017 12:51 PM


Good links.

What’s up with the LA Times? Good coverage of an important issue? A lone voice crying out in the Wilderness?

They’d best be careful, lest they lose their MSM status:)

. .. . .. — ….

CabbageControl March 14, 2017 1:45 PM


I seem to remember that even old Teac CD readers had a firmware updater.
Also, old CD units of any kind tend to have reliability problems.

r March 14, 2017 5:27 PM


Yeah I think the TEAC’s specifically were updateable, it’s a currently open-question of mine so you’re aware it wasn’t intentional misinformation at least.

Thanks for the nudge, but as I said the PROM space is likely far less if one restricts himself/herself to an OLD ata/atapi CD-ROM.

It took me a while to gather up PATA DVD-ROMS but I have a stack of all going at this point.

I have neither resources or time, just questions and ideas.

But! With ATA/ATAPI being backwards compatible who’s capable of creating an ATA33 intermediary for the “parallel” interface? 😉

It’s kind of along the lines of my question about the forensic disk hardwares that are being discarded currently.

Sancho_P March 14, 2017 6:14 PM

@Donna de Lory

Your post wasn’t answered and I’m not an expert in this field.
However, there is a basic point (my pet) that you should be aware of.

There’s a huge difference in online and offline password use.

1) Online: Transmission and service are crucial for security.

The remote server / machine is responsible for defending brute force attacks (e.g. a banking account, an ATM, even simple pwds like 3241 are relatively secure).
But with social accounts there is rarely a protection (like time delay, blocking account) against trial and error. The only improvement would be not to use insecure services, but how would you know their level of security when they don’t tell you.
Due to our crippled capitalism the risk remains at the user.
The other danger here is that the attacker may “legally” access the server.

2) Offline: This is a password used locally on your computer / machine.

Depending on the HW there are two possibilities:

a) The protected data (on (hard)drive, chip) can be duplicated endlessly, transferred to multiple machines or a simulator, and the cracker might even use a modified version (no time delay) of the original SW.
if “decrypted” means already readable plaintext (any language but dictionary words)
the SW mounts the volume (as e.g. Truecrypt did in case of pwd match),
= your data are lost, nearly regardless of pwd strength, it’s only a matter of time / resources of the attacker.

b) If the protected data and the encryption method are part of a specialized SOC, and the decryption is part of that SOC:
Any aggressor will have a hard time to extract, analyze and transfer data and encryption mode to then use option a).

Only one problem: Option b) is very rare.

All your mentioned little helpers to remember the master password of your password manager (?) very likely place the manager into the offline domain (onto your harddrive). Easy to copy, no self destruction mechanism implemented.
Depending on your threat model (your adversary) they don’t need “what you know” because their tools (brute force, insider knowledge, zero day)
will crack your master password eventually.

Political Thoughts March 14, 2017 10:01 PM

For Europeans, and the Dutch in particular, I hope Wednesday’s election goes well.

After Brexit and the US election, it seems that we live in relatively uncertain times.

Figureitout March 14, 2017 10:14 PM

–Yeah we do too, normally those streets are pretty rough areas (MLK street for sure)…w/o taking some precautions or having a good plan, then yeah they did have a death wish or just being dumb. I think the Dalai Lama has a security detail now, no? Those people lived in a different time though, the threats are different now.

Your vision though, in today’s world, an iPhone w/ an encryption app is good enough.

WeVibe March 15, 2017 3:17 AM

“We-Vibe, a line of vibrators that can be paired with an app for remote-controlled use, have reached a $3.75 million class action settlement with users following allegations that the company [‘s policy authorized] collecting data on when and how the sex toy was used [, along email adresses].”

This is privacy enforced by a class action. Neat. Do someone know similar examples ?

JG4 March 15, 2017 8:07 AM

most of the topics at nakedcapitalism already have been covered, but I spotted a couple worth linking. I like the quote from Bunnie Huang in the Shenzhen video(s) from Wired News, but I can only paraphrase, “weaponized consumer software and consumer electronics.” The objectives of weaponization are the same primates have pursued for much longer than anyone can remember. Numerous commentators have covered them here in appropriate detail. A brief summary might include self-defense/survival, social status, access to mates, money and power. Disinformation always has been weaponized, long before the proto-primates prowled the savanna. I regard self-defense as an appropriate goal, but the illusion that the elites give flying f@@k about anyone else’s survival or defense is part of the disinformation screen. Everyone else is cannon fodder.

New Cold War
When ‘Disinformation’ Is Truth Consortiumnews (martha r)

Big Brother is Watching You Watch

Is Facebook A Structural Threat To Free Society? TruthHawk (Paul R). I hope to get Marina to comment on this. This strikes me as a rather large exaggeration of what The Borg can/could do. For one, mapping to external databases is not reliable. I know of at least 2 databases (one that you would expect to be pretty rigorous) that thinks a different person with a similar name in the NYC metro area is me.

Anselm March 15, 2017 12:12 PM

Last year, nobody really believed Trump could become president or the UK would actually vote itself out of the EU. It would be kinda ill-advised to just assume that folks like Wilders, Le Pen, the German AfD et al in the upcoming elections aren’t going anywhere because the same pollsters who got it spectacularly wrong last year are again saying it’s not going to happen.

Both the Brexit referendum and the Trump win were within the margin of error of the relevant polls. They weren’t “spectacularly wrong”, it’s just that in both cases there was a result that was less probable and that many people didn’t like.

We’ll have to keep an eye on Wilders and Le Pen, but the German AfD is already on a downward trajectory – they can’t sort themselves out between the neo-cons and the neo-Nazi rightwing kooks, and that hurts their popularity. In any case nobody else wants to be in a coalition with them and (even if the pollsters get it “spectacularly wrong” à la Brexit/Trump) they’re not anywhere remotely near the majority they would need to form a government on their own. Anyway, here in Germany we have proportional representation, which ensures that the outcome of an election is closer to the actual distribution of opinions than in the US or UK with their “winner takes all” systems.

ab praeceptis March 15, 2017 12:32 PM


That’s ridiculous. Neither merkel/cdu nor gabriel/spd did get a majority and many members and voters of those parties are acutely against the other one, i.e. many spd voters hate the cdu and the same goes vice versa. A cdu/spd coalition is almost like reps and dems in usa forming a coalition.

Yet they took the government. Two parties, none of which got a majority simply grabbed power.
So, stop painting germany as somehow more or better democratic than the us of a.

Moreover you seem to “forget” to mention that all parties are running a witch-hunt against AfD. That’s not normal politics, it’s a witch-hunt and one with the sharpest weapon of in germany, namely calling AfD “Nazis” and frightening the population.

There have been cases where people merely for being “close to AfD” have lost their jobs or their small companies went bankrupt.

You also “forgot” to mention that AfD members are but fair game. Burn their cars, destroy their offices, attack them, everything goes and the police will look away.

I tell you what the real outcome will be: germans will vote massively for AfD – not because they like AfD but because they – justifiably – hate the other parties who just f*cked them over and over.

Dirk Praet March 15, 2017 3:16 PM

@ anselm

Both the Brexit referendum and the Trump win were within the margin of error of the relevant polls.

True. But almost all of them saw Clinton win and the UK stay. Not the other way around with similar margins of error. Hence my “spectacularly wrong”. I guess I should have phrased it differently.

Anyway, here in Germany we have proportional representation, which ensures that the outcome of an election is closer to the actual distribution of opinions than in the US or UK with their “winner takes all” systems.

In most EU countries the outcome of the election would have been decided by popular vote: one (wo)man, one vote. That’s called direct democracy. The US is a representative democracy, which is a different political system.

In any case nobody else wants to be in a coalition with them and … they’re not anywhere remotely near the majority they would need to form a government on their own.

Over here in Belgium, we call that a “cordon sanitaire“, i.e. political ostracism. Whereas in itself it’s an effective strategy to keep extremists from getting any executive power, the downside is that in a context of political splintering with lots of small parties, it becomes increasingly difficult to form a stable government and execute on clear policies. In 2010-2011, it took us exactly 541 days to form a coalition government. Yes, 541. You read that right.

@ ab praeceptis

germans will vote massively for AfD – not because they like AfD but because they – justifiably – hate the other parties who just f*cked them over and over.

They will get a significant part of the votes, especially from people who oppose Merkel’s open border policy and the total “Staatsversagen” in the 2015-2016 Cologne’s New Year’s Eve and Anis Amri Berlin attack. Although AfD contains quite some unsavoury characters, their demonisation is indeed off the scale.

ab praeceptis March 15, 2017 3:37 PM

Dirk Praet

One will find unsavoury characters in every political party; that’s just the nature of political parties. In the parties that stick to the (mafia like) “rules”, however, that is usually hushed up while with non conforming parties like AfD it is hyped up.

Fact is that at least 90% of the accusations against AfD are either simply lies or made up or crudely bent and or hyped up and blown out of proportion part-truths.

The basic actual points of AfD are roughly a) get out of the euro, b) more national power again (instead of the despotism of unelected brussels politicians), c) germans must not be 2nd class citizens in their own country.

There is nothing whatsoever “nazi” about AfD. None of their demands is “nazi” and, in fact, quite many of them are former cdu demands. As soon as AfD picks them up they somehow miraculously become “nazi” …

It’s noteworthy – but virtually never mentioned – that there are indeed multiple “nazi” (“extreme right”) parties in germany, which are typically hovering at 1% to 3%.

Anura March 15, 2017 3:53 PM

@Dirk Praet

Over here in Belgium, we call that a “cordon sanitaire”, i.e. political ostracism. Whereas in itself it’s an effective strategy to keep extremists from getting any executive power, the downside is that in a context of political splintering with lots of small parties, it becomes increasingly difficult to form a stable government and execute on clear policies. In 2010-2011, it took us exactly 541 days to form a coalition government. Yes, 541. You read that right.

This is one of the problems with the way most legislatures are structured – they are representative approximations of aristocracy, where the ruling class was simply replaced by the ruling party (which is still an improvement). However, this is fundamentally undemocratic; the majority has significant power over the legislation introduced, which means that the voice of the minority is suppressed.

The alternative is to structure the legislature as a representative approximation of direct democracy, in which the roles filled by the hierarchy are replaced by petitions and procedures, and every representative inherently has equal power, and no representative explicitly has more power. Whenever you have an actual position in government that needs filling, you can simply nominate candidates and vote via a Condorcet method so there is no unnecessary obstruction of government.

Donna de Lory March 15, 2017 10:30 PM

@ Sancho P the Diode Dude

thoughtful of you to reply. While I
wasn’t claiming to have a perfect
solution, simply a way of raising
the stakes in the password game ,
nonetheless your stance appears
basically one of ‘all is lost so
don’t bother trying’

online passwords: act as if their
security is moderate to poor to
begin with, and mitigate as
and to answer your point: anyone
gaining access ‘legally’ transcends
all degrees of password strength

using a password manager, that
means requiring a master password – that
is seperate from my concept – i was
not saying one should record or
obfuscate it somehow.
nonwithstanding, my reasoning was
forget trying to remember any
passwords. Any methodology that
relies on that is too weak and any
methodology creating passwords that
is stronger is subsequently too hard to

Therefore: have all passwords on a
list (paper or digital)
Which is also to say, use best
methodology passwords, randomly
generated, high entropy – recorded
not memorised.

and act as if the list
is accessible to an interested
party. hence obfuscation.

If obtaining list, the interested
party will also assume they have
caught the golden goose
However some simple private memory
rules will mean the list does not

user name,
additional units missing from
(possibly) the order in which to
enter the password.

the IC never call a human
asset by their real name. On paper
a code is used.
But, then whats on the paper isn’t
real either, it’s merely a pointer
to the real code name know only to
the parties concerned with said

(seperate to my point, also has the
side benefit of betraying who has
accessed the paper version without

stripping the need to remember a
master password for a digital list,
means using paper, which, using
proper passwords combined with
obfuscation, means anyone siezing
your list is still going to be in a
relatively poor position.

anyway it’s just a different angle
that’s not either/or. thankyou

Clive Robinson March 16, 2017 6:46 AM

Shred your old SSD

This article,

Tells you somethings that are correct but others not about removing the data on your Solid State Drive before you “Passon or Dumpit”.

The elephant in the room with some SSDs is “the storage you can not see” as an ordinary user…

Back a few years ago solid state storage had issues firstly each writable block was only good for 10,000 or so writes, secondly the block size was 2Kbits or larger and had to be set to all ones (a slow process) before it could be writen to with new data.

To get around these peoblems manufacturers put extra memory in that was hidden from view by the device control chip. This memory got rotated through the “user window” which ment that often blocks of data you thought you had deleted or overwriten were in reality just rotated out from the users view with their contents very much intact.

So not only does delete and overwrite not work on these blocks neither does encrypting at a later date…

Thus if you are going to encrypt the SSD it MUST be done before you put any data on it. Or any technician working for those you do not trust will simply take out the PCB wire the control CPU into reset and then put a chip clip/clamp over the chip and read out all the memory including the memory that was not in the “user window”…

Oh and those devices that supposedly crunch up / shred an SSD check the specs, some may not actually damage the silicon chip, just some of the chip packaging or PCB. Unless you know at a fundemental level what you are doing destroying silicon chips and the data that is on them is far from easy. Which is why they have replaced “wire recorders” in the flight data / cockpit recorder systems more often called “Black Boxes”.

But just to add to the fun there are new RAM chips working their way down the development pipeline. Such as Feroelectric RAM also called FeRAM and Magnetorisistive RAM also called MRAM. The up and down side of them is that they are Non-Volatile, that is if you just remove the power it remembers everything that was last written to it. Great if you want very long hibernation modes without having current drain on batteries, very bad for computer security…

Thoth March 16, 2017 7:07 AM

@Clive Robinson

re: Shred SSD

Just do what the GCHQ people did to The Guardian people’s computer that held the Snowden archive.

Grab the PCB board and find every IC chip to put a drill or grind it off till it’s flat. Now it’s dust 🙂 . Job’s done.

JG4 March 16, 2017 8:21 AM

I failed to mention the weaponization of medicine in the US as a tool for asset stripping. Even people here with $15M in the bank are scared the sickcare cartel. It doesn’t come up in today’s news. The three sectors most ripe for disruption by information technology are education, government and sickcare.
Nevertheless, the reason for featuring this post is how it depicts robots as a threat to emerging economies, when the implicit assumption of most English-language business reporting is that advanced economy work is most at risk, while lower-wage jobs are pretty safe.

New Cold War

Hillary Clinton Campaign Was Connected To Russian Government ShadowProof (Judy B)

John McCain: Rand Paul ‘Is Now Working for Vladimir Putin’ Daily Beast (Dan K). So this is now what you say in Washington when you’ve run out of arguments?

Big Brother is Watching You Watch

The Irredeemable Silicon Valley Pando

A Very Dangerous WikiLeak Bloomberg. UserFriendly: “Just kill me.:

World Bank’s top economist says India’s controversial ID program should be a model for other nations Quartz. Jerri-Lynn provides more background: What is Aadhaar ?

Imperial Collapse Watch

Can China leapfrog US in scramble for world’s best aircraft carrier? South China Morning Post (J-LS). Help me. Aircraft carriers are a cross between sacred cows and white elephants. See here for details. This has been known for a long time but no one is wiling to call off such a big ticket buying program.

Anselm March 16, 2017 8:29 AM

The German AfD consists basically of two blocks – one whose goals are similar to those of, say, Trump (“Germany first”, leave the Euro, leave the EU, close the country to refugees, etc.) and one that is farther right, towards the neo-Nazi end of the spectrum (as exemplified by, e.g., Björn Höcke). Both of these are represented at all levels of the party right up to the top, and the AfD’s problem is that they are not quite sure how to deal with that. People who tend toward the more moderate wing of the AfD are often uncomfortable with the more kooky extremist wing, while the more kooky extremist wing is what causes other parties not to want anything to do with the AfD as a whole. Of course there is a certain group of the electorate which likes the neo-Nazi bit, but as has been mentioned before, the neo-Nazi parties in Germany don’t usually get a lot of traction.

The moderate wing of the AfD would like the right-wing kooks to shut up because they’re aware that the things the right-wing kooks say about, e.g., Jews and Africans, make the party look like a neo-Nazi party, and hurt their “democratic” image. On the other hand, the right-wing kooks like that the AfD gives them a somewhat more respectable platform than the “traditional” neo-Nazi parties (which themselves have come a long way since the paratrooper-boots and bomber-jacket times of the 1980s) and don’t want to shut up. We will have to see whether the AfD will manage to come up with (and stay on) a unified message for the upcoming Federal elections later this year, or whether the two blocks will split before that happens (it’s happened before when the original founder of the AfD was ousted, which moved the party farther right).

Anyway, it seems that issues like the refugee situation in Germany are consistently overblown by the non-German (or especially non-European) media. Things have settled down for the most part, and the influx of new refugees has slowed considerably. There are some trouble spots but on the whole if you do the statistics you will find that there is, for example, no refugee-driven crime wave. As a matter of fact Germany needs skilled immigrants, and the main problem is how to best go about figuring out which refugees get to stay and how best to integrate those into both German society and the workforce. Many of the problems that need to be solved in that respect are legal in nature, not necessarily inter-personal. Parties like the AfD ĺike to paint refugees, if not as outright criminals, as lazy welfare-sucking free-loaders who take jobs away from honest Germans, but most people here seem to be smart enough to figure out that a refugee can’t be both a lazy welfare-sucking free-loader and someone who takes a job away from a German worker. We’ve seen the Netherlands kick their right-wing populist party’s behind in yesterday’s election, and I for one am pretty optimistic that the AfD won’t be taking over Germany anytime soon, either.

Dirk Praet March 16, 2017 11:17 AM

@ anselm

As a matter of fact Germany needs skilled immigrants, and the main problem is how to best go about figuring out which refugees get to stay and how best to integrate those into both German society and the workforce.

Me thinks you’re painting an overly positive picture. Yesterday, I read in Die Welt that out of the 1.5 million refugees that arrived in Germany over the last years, only 7,000 have found a job yet. That’s less than 0.5% of the total. Statistics are showing that about 20% of them is completely illiterate and not even 50% has completed elementary school. Many never make it through even the simplest language and job training courses. How on earth are you going to create a “skilled workforce” out of these people in less than one generation?

Identity and social fraud is rampant. About 60% of immigrants don’t carry passports, full background and nationality scrutiny being the exception rather than the rule. And even when someone is deemed not to be entitled to refugee or other protection scheme status, it is almost impossible to remove them because their countries of origin refuse to take them back. There’s IIRC about 100,000 North Africans alone that are either tolerated or have to leave the country, NRW even refusing to accept any new ones. And that’s all on top of alarmingly bad levels of integration within already existing immigrant groups.

If you want, I can provide sources and references for all of these. And I didn’t get them for some local AfD pamflet, but from Die Welt, Der Spiegel and Die Zeit.

However much from a humanitarian vantage one can laud Angela Merkel for opening the borders, it is an absolute fantasy that all these people – many of them traumatized, most of them poorly educated and with non-European social, cultural and religious backgrounds – somehow can be gracefully integrated into German society and workforce. The more likely scenario is that it’s going to cost German society hundreds of billions of euros and that it will have a profound impact on both the political and socio-economic landscape in the years to come.

Whereas I agree that populist parties like AfD are never the answer, a return to a more common sense-based Realpolitik really is in order here, the alternative being the inevitable rise within AfD party ranks of someone who, contrary to the current sorry lot, does know how to manipulate the masses and turns everybody against everybody.

ab praeceptis March 16, 2017 11:52 AM

Dirk Praet

Sorry but there is no “humanitarian” side. The “refugees” were a provably organized invasion with soros and other well known acute criminals involved. It is also a simple and provable fact that the “refugees” were illegaly entering europe and the “governments”, most probably remote controlled by the obama administration, did illegaly ignore the relevant laws.

To make it even more clear there is a clear eu-ropean legal framework that states very clearly that refugees can not legally pass through eu-ropean countries. That is, a refugee entering the eu through, say, bulgaria, must stay in and be handled by bulgaria.

All that, all the relevant laws, agreements, and legal frameworks were thrown over board in what can only be seen as a criminal act by the eu-ropean “governments”.

Moreover there is plenty evidence and witness statements by professionals that what really was sent (and often let go) was criminals, sociopaths, and other people creating lots of trouble in their countries of origin. There are even known and evidenced cases of african countries opening their jails and sending the worst of the worst as “refugees”.

Interestingly, comparisons are feasible, due to two circumstances: a) real workers coming to europe and b) real refugees.

Ad a) There are millions of aliens in germany and other european countries. Those have been invited and wanted because worker were needed. Tha vast majority of those has behaved well and has more or less integrated into the society they came into.

Ad b) There is a long and very, very sad track record of eu-rope with respect to real refugees. Series of scandals have happened; in shockingly many cases, for instance, real refugees have been forcefully sent back to their countries although medical examinations showed that they had been tortured.

So, if on one hand we see a very sad track record re. real refugees, and a sudden spike of humanitarian intentions flooding europe with criminal invadors and often the worst scum of their originating countries, it seems more than cynical what Anselm tries to sell us.

It’s also interesting to mention that germany alone has lost some 4.000 millionaires in 2016! In other words: Those who can easily afford to leave germany do so. Certainly the top stratum of skilled workers, engineers, etc, is also bleeding.

That’s important insofar as the european countries do not somehow “win” new and more worker that are needed (so it’s said). What really happens is some kind of exchange: The good people leave if they can while largely worthless (as workforce) and criminal “refugees” enter.

I might be wrong (I’m foremost an engineer and not a sociologist or politically savant) but I can’t help to be reminded of some context, namely friedmans (stratfor) brutally clear statement that the us of a will under no circumstances allow Russia and western europe to come together.
Looking at the state of things it seems utterly clear to me that the us of a might, in best of cases, survive but they will definitely not keep their hegemonial position and they, btw, also don’t have the necessary military force anymore. Eurasia WILL (again) be the center of the world – so (and it wouldn’t be the first time) the us of a, or more precisely, the clinton/cia/soros faction follow a scorched earth doctrine.

That is what’s happening in europe. The logic is simple and ugly: “We can’t stop europe drifting into Russias sphere so we make sure that Russia finds scorched earth only”.

Nick P March 16, 2017 2:00 PM

@ Clive Robinson

The Lobsters are shredding his ass for that. Bullshit like this doesn’t go far over there given the number of talented coders.

ab praeceptis March 16, 2017 2:10 PM

Clive Robinson

Maybe I missed one but at first sight I’d say that he used all the major ways to demonstrate his utter cluelessness and lack of any professionality whatsoever. Plus a bonus point for his adherence to the credo of the “testing does the miracle!” sect.

Bob Paddock March 16, 2017 2:53 PM

@Clive I had to design OUT MRAM parts from our design because I found them far to easy to damage with a refrigerator magnets used to activate a reed switch in close proximity to the MRAM.

I returned some of the now non-functional parts to the Big Name Manufacture of MRAM parts for analysis, these are the replies I received:

“Please see the below stack-up of the MTJ [Magnetic Tunnel Junction, they sent nice color graphics]. The bottom magnetic layer is set at the factory with a high powered magnet. It is this layer that can be disturbed by a near field magnet (which is what seemed to have occurred in the device you sent us). After re-initializing the magnetic moment of that bottom layer of the part you sent us it tested fine.”

“I [the test engineer] measured the magnetic field of the magnetics for 150g (which is the spec for our parts) and found that the closest the MRAM can be to the top or bottom of the magnet [Our tiny refrigerator magnets that I supplied] is 8mm and the closest the MRAM can to either side of the magnet is 5mm.”

Clive Robinson March 16, 2017 4:10 PM

@ Thoth,

Grab the PCB board and find every IC chip to put a drill or grind it off till it’s flat. Now it’s dust 🙂 . Job’s done.

And twenty years down the line, COPD, silicosis (Also Known As grinder’s asthma, potter’s rot, miner’s phthisis etc) and similar from silicon and other dust entering the lungs…

Oh my fave for nasty is “Beryllia”[1] –Beryllium oxide– a known nast nasty carcinogen is used in quite a few “high power” electronic components and other devices including “silicon chips”. In my home lab/workshop I’ve maybe sixty or seventy different component types in a locked draw unit including CPU, GPU, DSP chips and some SRAM chips and many RF devices all of which contain “white berylium oxide” heat sink material. Which whilst having very good thermal conductivity has very high electrical resistivity and benificial dielectric properties and… “Significant Toxicological Disadvantages” (AKA premature and painful death).

If you read the Guardian article, they said they were just using ordinary –home depot style– face masks, not the microparticulate or seperate air supply ones. Opps, hopefully the clock is not ticking for them…

JG4 March 16, 2017 4:14 PM

@Bob Paddock

It isn’t convenient, but can’t you just put some appropriate shield metal around the MRAM chip to protect it from external fields? Like the little Faraday boxes you see on circuit boards, but made from soft iron.

Thanks for jogging my memory. I was shocked to see four applications of GMR in a Digikey flyer a few years ago. When I was a kid, it was only used for sense heads in disk drives, but now it is used for MRAM, electrical isolation (in lieu of optical isolators), current sensing and orientation sensing.

Clive Robinson March 16, 2017 4:33 PM

@ JG4,

Aircraft carriers are a cross between sacred cows and white elephants. See here for details. This has been known for a long time but no one is wiling to call off such a big ticket buying program.

Yup the UK is building two of these boondongles…

As I’ve mentioned before “Carrier Groups” are “sitting ducks” and have been since the middle of WWII. The only reason people do not realise it them is that the German Sub fleet was penned in and suffering from Enigma decrypts, and the Italian and Japanese subs were how shall I put it “out of date befor the blueprints were drawn” thus ineffective in use.

Not only are carrier groups very vulnerable to submarines, the aircraft that fly off of them have less range than fairly cheap missile technology. Worse there are combined torpedo – missiles that can be used as effective stand off weapons. Then there are also “stay behind” type weapons, that like old style mines can sit on the sea bed waiting for certain signitures then launch up like homing torpedos. If the worst comes to the worst a tactical bomber can fly in and do a “lob shot” with a tactical nuke and it’s good by flyboys and bucket riders.

The navy of the near future is going to be sub based with longrange / stand off weapons including nuke / cruise missiles, drones and staybehind seabed weapons, if you are on the surface then you will rapidly be fish food, unless you are beating up on a third world technology nation.

Freezing March 16, 2017 4:54 PM

My prognosis: The real race now is who will develop his own safe stacks and will such escape the panopticon and become a master in the international arena. I bet on Russia and China. The us of a is lost, it’s utterly stupidized and captivated by the ultra capitalism monster it created. And the europeans are hardly more than rotten vassals.

I don`t understand why South America is a blind spot in your considerations. There are people down there who dream of ruling the world too.

@ Q

Live OSs run in the RAM, enabling anamnesicsession. Thus, nothing can be written to the Hard disk, in theory. Sometimes I use live systems booting from CD, since I dont trust USB drives. Keywords to search: Live distro, Puppy Linux, TAILS.

Clive Robinson March 16, 2017 5:13 PM

@ Bob Paddock,

I had to design OUT MRAM parts from our design because I found them far to easy to damage with a refrigerator magnets used to activate a reed switch in close proximity to the MRAM.

Ouch not good, you’ld not know that from the data sheets I’ve seen.

It’s been a while since I used magnetoresistive devices (for mag stripe card reading) and I would have expected the technology in use to be a bit more stable.

Look at it this way what’s going to happen when a netpad etc using MRAM, not just to replace conventional RAM but BIOS ROM gets put on the conveyor belt at an airport…

ab praeceptis March 16, 2017 5:24 PM


For a start my comment wasn’t about ruling the world. It rather was about a) not being and staying a victim and b) about reaching a “master” level. Maybe the latter created confusion, so I’ll elaborate somewhat.

If one is depending on critical hardware (or know-how) from a potential opponent then one can’t be a master. And by master I mean not hegemon but rather independence, self-reliance, and hence a certain level of significance.

As per today only Russia and China have the know-how, the technology, and the (industrial) means to produce processors. Some more countries can and do produce processors but those are either not relevant and/or just license based (with us of a being the license holder).

Concerning south-america I simply do not see anything significant. Both potential candidates, Brazil and Argentina have been corrupted, blackmailed, and terrorized by the us of a. To make it worse, south-america is the backyard of the us of a and at the same time the geostrategically worst spot for Russia and China, which means that they won’t be able to militarily protect south-american countries should the us of a desire to plunder, rape and abuse south-america (which is a habit of theirs for decades).

Looking at europe much depends on politics. If the french succeed to get rid of the pro-euro gangsters (in all parties but one) then there will be a major (and very positive) shift in europe and france might become europes first not insignificant processor builder, probably based on existing designs such as the open Sun designs.

I think that the issue I brought up is of utmost significance for europe. Most countries in europe are quite much depending on industry and not the low-tech type. Look at cars, for example. It seems strikingly obvious to me that the european car maker who first succeeds to build a car that can not be remote controlled by the cia will sell its cars better than sliced bread.
Or look at the german machine builders with a very significant part of their products containing lots of electronics. Now imagine a german machine builder trying to sell his machines to Russia or Iran. Nobody in his right mind will buy them as that would mean to put ones production working or standing still into the hands of cia and accomplices.
If, however, the germans would succeed in building their own (verifiable) processor, that would doubtlessly translate into tens of billions of sales per year – or losses if they dont succeed (which seems to be very probable as german education has been largely “us-americanized”, i.e. it’s quite worthless).

So, there are tangible reasons for quite some of my clients to go to great lengths in trying to be as us of a free as any possible. It simply translates to selling or sitting on products that are considered poisoned. And one shouldn’t be misled by the fact that most europeans don’t talk much about it; that does certainly not mean that they don’t understand and make plans. It just means that they want to fight openly as late as possible as almost nobody dares to publicly speak out against the us-americans.
So usually it’s disguised e.g. as “worries about customers privacy” but in closed sessions it’s bloody obvious what it’s really about. It’s about breaking free from the Ex-hegemon us of a and about preparing to getting completely rid of them.

Dirk Praet March 16, 2017 5:57 PM

@ ab praeceptis

Sorry but there is no “humanitarian” side.

There certainly is, and I do understand the moral imperative of a vicar’s daughter to reach out to those in need. It’s not like you can deny that half of the Middle East is on fire or that those fleeing war and persecution under international law are entitled to protection. And that most of those refugees had already previously overrun neighbouring countries such as Jordan, Lebanon and Turkey.

My main issue however is that Merkel all by herself decided for the whole of Germany and Europe to open up the borders and by effectively getting rid off the Dublin protocol in essence invited not just legitimate refugees but pretty much every African or Asian economic migrant a fully divided EU was completely unprepared to either cope with in a controlled way or to shield its outer borders from. And which they still aren’t.

To make things worse, she again single-handedly brokered a haphazard deal with Turkey that not only cost us billions but also delivered us to the every whim of a wannabe dictator who as a result of which can now insult and humiliate us like there’s no tomorrow. Not to mention her unprecedented move vastly contributing to Brexit and the anti-EU sentiment of populist parties growing like a cancer all over Europe.

From a moral and humanitarian perspective, Angela Merkel should get a statue. From a political vantage, she should be ousted or put on trial for exercising an executive power nobody in either Germany or the EU ever gave her, and so should every politician that did exactly nothing to stand up to her. As much as she may be the exact opposite of Donald Trump, at least in the US some judges and politicians have the balls to say no to executive overreach.

Sancho_P March 16, 2017 6:20 PM

@Donna de Lory

I’m not sure if we are in one line (not online :-), let me clarify:
”… nonetheless your stance appears basically one of ‘all is lost so don’t bother trying’”
On the contrary, I’d say ‘be aware of the individual risks of each method / service’.

”… and to answer your point: anyone gaining access [to your data at the provider] ‘legally’ transcends all degrees of password strength anyway.”

To put it straight:
Your pwd controls your account’s front door, but there is no building behind …

Let’s read the fine print of the term ‘legally’, in particular the part that’s called the
Third Party Doctrine (TPD).
Basically it says that everything you voluntarily disclose to your service provider is fair game.
Because you have it knowingly revealed to the third party you gave up on privacy of it. You have donated the content to the provider. Your choice.
So the TPD clearly states how and where privacy ends:
Voluntarily, at the third party.

Yes, “voluntarily” is sardonic to the bone here, worth it’s own revolution …

But simultaneously this word is the solution, the redemption of privacy:

*** Whatever we “voluntarily disclose to a third party” ***
*** must be encrypted to keep it private. ***

Our special thanks go to Prof. Orin Kerr for making that obvious.

Btw, read his impudent “Introduction” (on p. 562) to learn that you and I, we, are the criminals:

For the pwd paper obfu-mnemonics, I do not oppose it, my only problem is:
When I have my 21 ‘strong’ pwds, with 14 characters each, obfuscated on one paper it might not only confuse the attacker 😉

Again, my main point was:
When the mechanism to try a pwd was secure, a simple pwd would suffice.

ab praeceptis March 16, 2017 6:31 PM

Dirk Praet

Nope. Sorry.

You know what the trigger was? It was the eu – with full merkel support – striking down the already immensely tight financial support of refugee camps in the mid east. It was a figure like 25 or 30 euro per month and refugee and they brutally slaughtered that down so much that there was no way whatsoever to somehow keep refugees alive for what was left in “support”.

Need another reason? Here you go: The eu – with fully merkel support – changed the refugee rules quite harshly so as to keep them away. I remember well how it was basically an attack on any and all refugees that was halfway disguised as insane bureaucracy. One striking example was that airlines who transported refugees without full eu acceptance papers had to fly those refugees back at their own cost. Of course – and exactly as planned – airlines from then on double- and triple-checked anyone from the relevant countries and refused to take them aboard unless everything was 100% correct and double checked. THAT is what they did.

So, if you for whatever reason like to believe the “humanitarian” BS, just go ahead and enjoy but please don’t propagate it.

Besides: Even if that “humanitarian” fairy tale were true – which it is provably not – that would still not just make a whole lot of laws and international conventions vanish.

To give you an example: One “ultra-right” german politician was hunted into a corner by the “innocent” question how one possibly could protect the german borders and finally she said that the border guards have weapons and could quite well do their job if only they were let.
BANG – that’s what they wanted. All hell broke lose and the media (accomplices) titled that the right wing people wanted border guards to kill (* scream *) innocent poor little refugees.

No-fucking-body dared to ask a simple question: Why do german border guards (like all others, too) have weapons since decades at all? Is it so that their belts don’t wiggle? And no-fucking-body cares about simple facts like that border guards must protect borders by law and if needed they, of course, can and must shoot. Simple as that.
And btw, european military is active in Africa right now, producing new (real) refugees. Humanitarian or to secure Uranium mines?

Short, merkel and her german and european accomplices, who formerly sent back without any qualms really tortured refugees, acted acutely criminally.

“Humanitarian” is but a perfidiously abused and emotional label.

JG4 March 17, 2017 6:42 AM

Big Brother Is Watching You Watch

Judge issues search warrant for anyone who Googled a victim’s name in an entire US town The Register

Judge Rejects Google Deal Over Email Scanning Fortune

This laptop-bricking USB stick just got even more dangerous ZDNet (Chuck L). Be sure to bring one to your job interview! Kidding!

Zero Days, Thousands of Nights RAND

Imperial Collapse Watch

Someone thought it was a good idea to blow up a $300 drone with a Patriot missile Quartz (Re Silc). Boom. Ka-Ching. Boom. Rinse and repeat.

Lockheed Martin says it’s ready to hand over laser weapon to Army for testing WaPo

Fury in Cambodia as US asks to be paid back hundreds of millions in war debts Sidney Morning Herald

It’s payback time, America VN Express

Class Warfare

Oxford comma helps drivers win dispute about overtime pay Guardian. Being careful and precise about language helps working people. Who knew? (And in Maine, too!)

The Revolution Will Not Be Curated Thomas Frank, The Baffler. This is a good Baffler issue.

The Wrongest Profession Dean Baker, The Baffler. Economists.

Dirk Praet March 17, 2017 8:02 AM

@ ab praeceptis

You know what the trigger was?

The EU at some point cut deep in remote support budgets for refugees not just to uphold “Fortress Europe”, but because most of those monies and goods disappeared into the pockets of NGO’s, local authorities and gangs, with only a tiny fraction ever reaching those in need themselves. Likewise, border controls for anyone arriving by air were tightened when it became clear that neither authorities or carriers in a lot of especially African countries could be bothered to properly check if passengers actually had the right visa and were perfectly happy to take a small bribe instead. As usually happens when rampant abuse is discovered, it did affect not just the cheaters but many legitimate refugees as well.

In the middle of the refugee crisis, AfD’s party chairwoman Frauke Petry indeed suggested to just shoot refugees at the border if that was the only way to stop them. It was a completely outrageous brainfart she got exactly zero support for, not even in the Visegrad states. It does however say a lot about the mindset of certain folks in AfD upper management.

However much nation states not just have the right but also the duty to protect their borders, shooting immigrants or torpedoing their life boats at see are criminal acts for which under international law no justification is possible. Conversely, allowing everyone in, cluelessly trying to sort the problem on the fly and without adequate means to send back those that get rejected is an equally bad idea that eventually and inevitably will lead to entire societal groups being pitted against each other.

Every time I hear some politico on TV, they repeat the same platitudes: we need to protect our outer borders, do more to support refugees on site, fight the causes and agree on annual quota and fair redistribution over the entire EU territory. The simple fact of the matter, however, is that for a whole lot of reasons these EU fatcats are just incapable of doing so and in their incompetence well on their way to destroy the very project they’re feeding off.

ab praeceptis March 17, 2017 11:04 AM

Dirk Praet

I’m surprised to see a bright man like you bringing forward half-cooked and partly bent facts.

I’ll pick out just a few.

No, the trigger was some camps in and around Syria, afaik mainly run by un, which had budget of something like 25 or 30 euros per refugee and month which was very tight. Shortly after that budget was brutally cut down the refugee wave started.
I do not know whether that cut was intentionally done so as to trigger the wave or whether it was just the usual lack of humanity by those politicians which love to make lots of noise about “humanitarian”, but it was that event that started the wave.

“AfD / border”. No that was not a brainfart of Petry but a simple and legally sound statement. Getting or not getting public support is not a relevant criterion when judging the legality of something. Btw, some eu countries did shoot at criminal “refugees” and that was perfectly legal.

Which brings us to an important issue. What has actually happened (i.a.) is the “democratization” of law. Almost all the political parties (the usual culprits) and the almost all western media colluded in establishing the impression that public opinion or the will of the majority is above the law and defining it.

That’s an intellectual shortcut that may seem logical to the stupidized masses but it’s plain wrong. The correct statement is, that the majority can change the laws so as to fit their wishes – but whatever happens to be written law at any point in time is valid and binding.
It is an interesting issue, btw. that most eu countries did not change their laws in any significant way (re “refugees” and borders). In other words: They intentionally based their actions upon what they themselves through propaganda had established to be seem being the valid set of rules. Classical politicians; such they can later cleanse themselves post facto.

“sinking refugee boats” – That’s, pardon me, bullshit to the cube. Look at it from a legal point of view and based on what actually happens out there.
Those “refugee” boats do not come into emergency within the european waters; they are usually “rescued” mere miles outside e.g. libyas waters. Moreover the boats are often not at all seaworthy and running them more than a few miles off a coast is illegal.
So what really happens is that european ships, in part from the states, in part from diverse organisations, are cruising close to the african coast, sometimes even in territorial waters, and the “boats full of desperate refugees” head out a few miles to be “rescued” and transported to the eu.

Finally what you tell about the politsters is easily explainable: Those criminals know exactly how much the eu-ropeans HATE the “refugee” invasion project and hence they, of course, say whatever is needed to calm down their voters.

Again: It is provable that multiple laws on different levels were broken by the politsters. It is provable that most of the “refugees” are, in fact, anything but refugees. Even worse, the few real refugees among them steadily complain about being terrorized by them. And: The law doesn’t just demand from the “rescuers”; it also demands from the “refugees” and they utterly ignore any and all demands. Insofar as they occasionally really risk their lives on the ocean they do so in grave ignorance of laws and reason.

Dirk Praet March 17, 2017 2:20 PM

@ ab praeceptis

I’m surprised to see you bringing forward half-cooked and partly bent facts.

Let’s just say that we don’t entirely see eye to eye on this matter, but that’s OK.

While I agree that Frontex and Triton for all practical purposes have become more of a ferry service or rescue-at-sea operation than a border patrol, the question remains what to do with all these people crossing the Aegean and the Mediterranean. Irrespective of its legality, am I correct in understanding that you would really let them drown at sea or shoot them at border fences?

Migration – whatever the reasons for it – is as old as mankind itself. You cannot stop it, and no wall is going to change that. The only thing you can do about it is to try and manage it as much as possible. And which currently is still not happening because the de facto leader of Europe is sticking to her open border policy and no one else is in any position to challenge her. Overly simple “solutions” as presented by AfD, FN and other populists are merely polarizing opinions (“all in” v. “all out”) and aren’t bringing us a step closer to a more reality-based approach of the problem.

ab praeceptis March 17, 2017 2:47 PM

Dirk Praet

“am I correct in understanding that you would really let them drown at sea or shoot them at border fences?”

Absolutely. Btw, this measure would be the single most important life saver as it would effectively deter them from going onto the ocean in grossly inept boats. But frankly, that isn’t the reason why I would let them drown.

I consider it a grave maladie of modern society to consider laws as being only relatively important and largely interpretable (read: bendable) at will. The laws clearly state that there are nations and that those nations may defend themselves and their territories. THAT is the decisive fact, period.


This is not a case of natural migration. This is a case of designed and controlled invasion, being co-designed and financed i.a. by soros, which by itself is all but proof it’s criminal.

Please note that I was fighting years ago for real refugees and that I was very upset by european governments frequently sending real victims of despots and torture back. Very much similar to them today completely ignoring torture and despotism in countries which happen to buy weapons for billions …

So, my point is not that I would be against aliens, against natural migration, or against helping people in grave need.
I’m against the gross lawlessness, against arbitrary “interpretation” of laws, against perfidious propaganda campains completely bending the truth, against orwellesque “peace is war and war is peace”, and against a clearly hostile islamistic invasion.

Clive Robinson March 17, 2017 5:39 PM

@ Dirk Praet, ab praeceptis,

Irrespective of its legality, am I correct in understanding that you would *really* let them drown at sea or shoot them at border fences?

One of the problems with drafting legislation is to ensure that it gets used when the situation it is designed for arises. Otherwise it becomes a joke.

Allowing people to “drown at sea” may not be charitable or humain, but it does happen for resourcing issues in that rescue teams can not be in two or more places at the same time.

Thus you have the devils advocate question, do you keep your resources close to home so that those who payed for them will be assured of their availability should the need arise. Or do you rescue anybody that you can anywhere potentialy at the loss of life of your own people.

Especially knowing that the use of the dangerous boats is almost certainly a people trafficers response to you sending out rescue boats far and wide?

If you ignore the humanity aspect for a moment, logically you do not rescue imigrants for several reasons. But ensuring that it is certain death would cause the flow of imigrants, especially those who are criminals etc to stop. Thus the criminals who are almost certainly responsible for immigrant/refugee deaths by using bad boats, fake life jackets etc would cease to earn the money they do from the desperate and calculating. And importantly with such calculations you may end up with a lot less deaths by drowning etc.

On a more humain note we have to remember there are two sorts of immigrant, firstly refugees pushed out of their homes at the point of a gun / death and those who do it in a calculating way be they economic or criminal. Whilst it is easy to feel compassion for the first group, it’s as easy to feel contempt for the second group.

The reality is that for political reasons the public get their potential fears of the second group repeatedly thrown up in front of them, hence part of the voting problem we see. And will see further of in votes this year.

Because of the problems Mummy has created, Europe is likely to tear it’s self appart. Turkey is making Berlin, Paris and Brussels look not just stupid but wallked all over. Other EU countries are having that “morning after headache” that comes when you wake up and see what you have got into bed with and gnawing your arm off might be the better option. With the US via NATO driving a wedge in between the EU and Russia as hard as they can. Which means London reinherites the less than joyous title of “Ash City” once again as Brexit will make the UK nuclear outpost one again, just as Greenam Common used to do.

Speaking of Brexit perhaps the main reason it happened was that few if anybody stopped that adverse and incorrect political behaviour of the leavers. Thus without a counter message the fear of the implied floods of ISIS terrorists on brand new German passports FUD privailed.

I actualy reserve a big lump of blaim for Brexit on those in Berlin, Paris and Brussels because not one of the politicos there took the fear mongering seriously. They further assumed that there was no way the sensible British would vote that way. Thus they did nothing, in fact they did worse than nothing they turned their backs and made it clear they did not care for the UK. Thus many in Britain thought “we are not going to stay where we are not wanted” “especialy when they are bad neighbours”, which with the immigrant scare stories on television every day similar on the fronts of newspapers, the bookmakers atleast –unlike the polsters– realised where it was going…

The fall out is going to get worse, as many in Scotland will tell you London is a lot further away than the Norwegian or Swedish centers of Government. Those countries also appear to have better social / living standards. Thus some Scots are thinking quite loudly that they would rather be in their camp than the moronic little Englanders camp. And if Scotland do that, then Northan Ireland for all the political rhetoric about England are likely to vote with their wallets.

Which to add fuel to the fire, the current UK Prime Minister does not have a mandate to govern unlike the leaders in Scotland and NI and to all intents and purposes she appears to be a weak and vacuous individual trying various “play favourits” amongst her party rather than actually run the country. Her intent is to try to hang in nomater what damage she does and that means kiss-arsing the gob-shite party grandies. Who misty eyed look back to the end of the Victorian era over a century ago when their ilk had palpable status and an empire to kick around. They think the can go back to that status, but they can not, except by totally destroying not just the UK but England as well. Personaly I do not like suicide pacts which unfortunatly the EU and UK politicians by their moronic behaviour have forced on us all…

Dirk Praet March 18, 2017 10:22 AM

@ Clive

If you ignore the humanity aspect for a moment, logically you do not rescue immigrants for several reasons. But ensuring that it is certain death would cause the flow of immigrants, especially those who are criminals etc to stop.

It would indeed. In my opinion, the only approach that actually makes sense is a full navy deployment to indiscriminately return anyone picked up at sea to their point of departure for local, EU-controlled vetting and processing in designated hotspots. Short of indeed letting them drown, it is the only way to discourage both the migrants themselves and the human traffickers that are making billions off them.

It’s in essence what the EU-Turkey deal does, but on a very limited scale. Last year only about 1,500 people were sent back and about 3,000 in return flown in from Turkey for resettlement in Europe. All while +25k still crossed the Aegean illegally. With the mounting tensions between Erdogan and the EU, it is however quite doubtful that this deal will hold up in the long run, meaning a legally sound and practically feasible contingency plan is needed anyway. The same goes for the embarkation points in Libya and other North African nations.

At the risk of sounding rather cynical, it is but a matter of time before the average EU media consumer grows tired of images of drowned people and overcrowded, inhumane refugee camps like on the Greek isles and in Calais. Instead of allowing these dramas to continue and populists on both sides of the political spectrum to further divide society over the issue, it’s about time EU leadership grows a pair of balls and sends a clear message that the borders are closed and that anyone coming over illegally will be immediately sent back to where ever they came from, with or without their government’s consent, and without their refugee or asylum claim being examined.

As much as it will draw flak from bleeding hearts and other nation states that in essence don’t give a rat’s *ss about human rights either, the UN Refugee Convention was never intended to allow an entire continent to be overrun by millions of immigrants and their misery exploited by ruthless human traffickers.

In order to comply not only with obligations under international law but also with our own values, registration and claim examination hotspots can then be moved off the Greek isles and relocated to embarkation hubs in North Africa and Turkey. Countries collaborating with these schemes will be generously rewarded in economic aid, those that don’t will see the same cut on top of additional economic sanctions as well as having any illegal migrant dropped off on their own coasts again. Which should be plenty of an incentive. Convicted human traffickers will have all their assets seized on top of a life imprisonment sentence.

Annually decided refugee and migration quota will then be fairly distributed all over the EU, and equally spread over nations territories in order to avoid big cities from becoming immigration ghettos that feed populists and anti-EU, anti-immigration sentiment. Member states and local city councils refusing to do their part will see grants and subsidies cut and instead spent on improving refugee living conditions in Turkey, Lebanon, Jordan and other countries that are currently hosting the majority of Middle East refugees.

Arguably not simple to implement, but every other alternative is even worse.

@Dirk Praet March 18, 2017 12:01 PM

(1) the migrants themselves and (2) the human traffickers that are making billions off them.

+(3) The salafi jihadist ideology driving the migrants out of their homelands.

People sometimes compare Middle Eastern immigration to Europe to the immigration of Mexicans to the United States, but it’s not really the same thing. Historically,

the U.S. took over a great deal of territory from Mexico, especially in the present states of California, Arizona, New Mexico, and Texas. Spanish was historically spoken in these areas, and in fact most of the place names remain in Spanish, but English was forced over the area as the language of government. Many of the Hispanic people who live here, who were born here, and whose parents and even grandparents were born here, are openly discriminated against and to this day deliberately confused with illegal immigrants from modern-day Mexico and Central and South America.

Birth certificates, Social Security cards, passports, and other identifying documents are either robbed or stolen, or else the governments of the U.S. and the several states deliberately fail or outright refuse on fabricated or false grounds to issue the documents. (It has happened to me, even though I am not Hispanic.) Wholesale organized identity theft is regularly practiced at the highest levels of government by criminal drug-dealing and human-trafficking cartels, such as Sinaloa, New Generation, etc. After their identities have been stolen, to add insult to injury, people are mocked in the news media as “undocumented.” This is major organized crime.

In Europe, I compare the situation more to the Holocaust of the 1930s, when the people were aware of the horrible atrocities and human rights violations taking place, yet unwilling to go to war to stop it. There is a point of a nation’s neutrality and “minding its own business” in international affairs, but when migrants being forced into your nation, and more and more keep pouring in, you are past that point.

Anura March 18, 2017 6:32 PM

@Dirk Praet

It’s not that Europe or the United States is unable to handle millions of refugees, it’s that our governments are unwilling to do what’s necessary to accommodate a large wave of people. There’s this idea that we need to figure out a way to integrate immigrants into our culture and society, and that’s just bullshit. We need to help them out, and let things happen naturally. If they don’t have the skills to compete in a modern economy, you can’t throw them into a modern society with nothing and expect everyone to be okay.

You want to help? Lay out a piece of land, set up camps there, and tell them: “This is going to be your new home, it’s up to you to build it and manage it”. Bring in skilled workers, and use the refugees for manual labor – pay them to build homes, pave roads, shops, etc. Have them set up schools, have them organize to do what they need. Have them set up their own government to work with the central government to find what they need.

Make sure they build everything to that nation’s standards, and that they meet that nation’s educational requirements. Let them create their own community, relying on each other, and let them own their own businesses there. Provide the welfare assistance necessary to keep crime from becoming a problem.

You can do those things, it’s just that it costs money, and voters tend to be ignorant and respond negatively to big, scary numbers, regardless of the context.

Dirk Praet March 19, 2017 10:00 AM

@ Anura

It’s not that Europe or the United States is unable to handle millions of refugees, it’s that our governments are unwilling to do what’s necessary to accommodate a large wave of people.

The proverbial nail on the head. A massive influx of immigrants needs to be handled in a tightly controlled, not haphazard way like we are seeing today.

It is a myth that you can just let in everybody, throw a lot of money at the problem and then expect that somehow everything will just sort itself with both indigenous population and newcomers in a broader societal and socio-economic context just automagically adapting to the new situation. Decades of immigration in Europe have shown the exact opposite.

Traditionally, the political left has always and exclusively blamed poor integration and assimilation on racism, discrimination and government failures. That is unfortunately just part of the story. The other side of the medal is that some groups due to cultural and other differences are just plain unwilling or unable to adapt to the prevailing societal and cultural values in their new homes to the point that they forcibly withdraw in ghettos and parallel societies where poor education, ignorance, unemployment and poverty are rampant and entrepreneurship close to non-existing. Molenbeek and some Paris suburbs are just a few examples of this phenomenon which can be found pretty much all over Europe.

Whereas historically many governments indeed have done way too little to successfully integrate immigrants into mainstream society assuming that it would just happen by itself, one of the main shortcomings is failure to educate immigrants on certain basic rules and non-negotiable western societal values like the strict separation of church and state, equality of men and women, the rule of law and other democratic principles.

There can be no successful assimilation of and peaceful coexistence within groups with entirely different racial, cultural, linguistic and religious backgrounds without a common set of values (or Leitkultur) that immigrants have a choice to either accept or reject.

If tomorrow for whatever reason I permanently relocate to Saudi Arabia – assuming I’d be welcome there – it is probably in our best interest that my spouse, myself and my children learn decent Arabic as fast as possible. If on grounds of freedom of religion and expression I decide to open up a small shop selling nazi paraphernalia, bibles and dildos sporting a green mohawk and a Scottish kilt, there is a reasonable chance that in a best case scenario me and my family will become social outcasts and, more realistically, be beaten up, thrown in jail and put on the first plane back to Belgium. If I have no locally marketable skills, am unable or unwilling to retrain or hold on to a dead-end manual labour job, there is exactly zero chance that somehow me and my offspring will advance or be able to live off social benefits all while complaining Saudis are racists who for whatever reason owe me the exact same living as their own and which I mistakingly believe I am entitled to because I am a proud Belgian.

Like is the case with many other things, successful integration and assimilation is not an or/or but an and/and story. Europe needs immigration. But it has to be done in a controlled way. Allowing in millions of immigrants simultaneously is the exact opposite thereof, and with which you are in essence only importing ignorance, poverty and misery. The only thing that works is establishing annual quota in function of the resources governments can muster to properly receive, spread, house, school, train and employ newcomers. Which means that you cannot accommodate everyone at once, however great the needs at any given moment in time.

In a free and open society, we should all respect each other’s beliefs and identities. But those newcomers that for whatever reason are unwilling or unable to comply with core western values and put their own national, cultural and religious identities above those of their new homelands unfortunately have no future whatsoever there. Acceptance of said rules and values by immigrants is a prerequisite as much as proper government policies and the criminalisation of racism and discrimination are. And until such a time that for any class of immigrant we make it a mandatory requirement for an extended stay, any attempt at a multicultural society is doomed to fail and will eventually result in the rise of populists taking us back to the thirties of the previous century.

Ratio March 19, 2017 10:38 AM

@Dirk Praet,

If on grounds of freedom of religion and expression I decide to open up a small shop selling […] dildos sporting a green mohawk and a Scottish kilt, […]

Stimulating, if a bit ambiguous, discussion. %)

Dirk Praet March 19, 2017 12:10 PM

@ Ratio

Stimulating, if a bit ambiguous, discussion.

I really should be paying more attention to using the Oxford comma.

ab praeceptis March 19, 2017 4:17 PM

Dirk Praet

As you dignify that BS by responding and even agreeing I chime in …

It’s not that Europe or the United States is unable to handle millions of refugees,

Bullshit! OBVIOUSLY at least eu-rope was and is unable – as shows the reality.

Moreover I call it bullshit because such a poor statement deserves but “Sit down and shut up!” as it utterly suffers from fundamental flaws. One example is that the “refugees” (at least the vast majority) are not refugees at all but provably coordinated invaders. Another one is that one can’t simply lump together all people who change their location across boarders as “refugees” based merely on the criterion that they say so. And that is the only criterion actually used. The term “refugee” has a definition, also in legal terms, and that definition is not that a given person calls itself a “refugee”.

it’s that our governments are unwilling to do what’s necessary to accommodate a large wave of people.

Bullshit again! Proven fact is that many if not most eu-ropean governments were absolutely willing to welcome those “refugees” and to do the necessary as billions and billions of spent tax euros demonstrate.

Those “refugees” are not refugees but invadors – and so they behave. If a group of aliens illegaly enters your country, utterly and openly disrespects your culture and your laws, and rapes, murders and plunders then that does not match the definiton of “refugees” but that of “invadors”.

Well noted, if some want to discuss the question whether we should have many aliens in our societies, then that’s OK. A healthy democratic society must be able to have such a discussion.
But if anyone wants to have that discussion then we should be honest and not call invadors refugees. A discussion certainly does not profit from utterly ignoring definitions or from arbitrarily bending them.

ab praeceptis March 19, 2017 4:26 PM

Ratio, Dirk Praet

If on grounds of freedom of religion and expression I decide to open up a small shop selling […] dildos sporting a green mohawk and a Scottish kilt, […]

Stimulating, if a bit ambiguous, discussion. %)

Indeed. But, please, keep in mind the danger that other colours than green as well as other forms of skirts might feel discriminated against. Which might trigger question “what’s an adequate safe space for skirts?”

As a very minimum I strongly suggest to ask all customers to sign some paper to the effect that, no their purchase their purchase, they by no means intend to discriminate against other colours or kinds of shirts and also that they fully recognize and attempt the rights and needs of, uhm, devices meant for male sexual pleasure!

gordo March 19, 2017 5:31 PM

@ All,

Re: Refugees, immigrants, etc.

Yes, there have to be limits, i.e., controls (as has been made abundantly clear). Otherwise (as has also been made abundantly clear), host-nations face identity-loss, destabilization, blow-back, etc. Hospitality has its limits.

The Internet Encyclopedia of Philosophy (IEP)

Jacques Derrida (1930—2004)

  1. Possible and Impossible Aporias
    b. Hospitality

It is also worth considering the aporia that Derrida associates with hospitality. According to Derrida, genuine hospitality before any number of unknown others is not, strictly speaking, a possible scenario. If we contemplate giving up everything that we seek to possess and call our own, then most of us can empathise with just how difficult enacting any absolute hospitality would be. Despite this, however, Derrida insists that the whole idea of hospitality depends upon such an altruistic concept and is inconceivable without it. In fact, he argues that it is this internal tension that keeps the concept alive.

As Derrida makes explicit, there is a more existential example of this tension, in that the notion of hospitality requires one to be the ‘master’ of the house, country or nation (and hence controlling). His point is relatively simple here; to be hospitable, it is first necessary that one must have the power to host. Hospitality hence makes claims to property ownership and it also partakes in the desire to establish a form of self-identity. Secondly, there is the further point that in order to be hospitable, the host must also have some kind of control over the people who are being hosted. This is because if the guests take over a house through force, then the host is no longer being hospitable towards them precisely because they are no longer in control of the situation. This means, for Derrida, that any attempt to behave hospitably is also always partly betrothed to the keeping of guests under control, to the closing of boundaries, to nationalism, and even to the exclusion of particular groups or ethnicities. This is Derrida’s ‘possible’ conception of hospitality, in which our most well-intentioned conceptions of hospitality render the “other others” as strangers and refugees. Whether one invokes the current international preoccupation with border control, or simply the ubiquitous suburban fence and alarm system, it seems that hospitality always posits some kind of limit upon where the other can trespass, and hence has a tendency to be rather inhospitable. On the other hand, as well as demanding some kind of mastery of house, country or nation, there is a sense in which the notion of hospitality demands a welcoming of whomever, or whatever, may be in need of that hospitality. It follows from this that unconditional hospitality, or we might say ‘impossible’ hospitality, hence involves a relinquishing of judgement and control in regard to who will receive that hospitality. In other words, hospitality also requires non-mastery, and the abandoning of all claims to property, or ownership. If that is the case, however, the ongoing possibility of hospitality thereby becomes circumvented, as there is no longer the possibility of hosting anyone, as again, there is no ownership or control.

Dirk Praet March 20, 2017 9:36 AM

@ ab praeceptis

As you dignify that BS by responding and even agreeing I chime in …

I’ll dignify any interesting and civil comment with an answer, especially because that’s always the case with @Anura’s writings, and even more so because at one time I thought exactly like him on this particular subject matter.

Whereas arguably your demeanour by calling felgerkarb everything you don’t agree with is a bit less civil than @Anura’s, I still reply to yours too because I generally appreciate your technical knowledge and expertise. The main issue I am however having with both of your opinions is that they are overly black and white, neither of which is bringing us closer to a more balanced approach of a phenomenon that is as old as mankind itself.

In essence, the difference between a refugee and an economic migrant is an artificial distinction because the underlying migration motives are the same: you move away from your home territory because you wish to improve your quality of life somewhere else where living conditions are more favourable. In a legal context, that’s what makes the difference between being granted asylum, refugee status or subsidiary protection, and being turned away. Although statistics significantly vary everywhere, I think if we subtract everyone with false papers or having made false claims about nationality or persecution status, the ratio is probably going to be somewhere close to fifty-fifty. Calling it a coordinated invasion IMO is however a bit of a stretch.

Reiterating my main point: you cannot stop migration streams, even at gun point, and based on the ongoing demographic evolution the simple fact of the matter is that the EU needs immigrants anyway. The same goes for Russia, by the way. These immigration streams will also get worse in the decades to come as a result of ongoing wars for regional domination by the usual suspects, further destabilisation by Islamist groups, as well as drought and famine caused by man-made climate change.

The fact of the matter however remains that the EU’s outer borders are a Swiss cheese and its leaders unable to reach a consensual approach that is based not only on economic and humanitarian imperatives, but also on common sense and the inalienable rights of self-determination of the indigenous population. Which currently makes a managed solution impossible and the building of fences by individual member states inevitable. It’s not Merkel’s Turkey deal (pun intended) that is keeping migrants off the Balkan route. It’s that they know they will most likely get stuck in Greece.

To prevent massive border runs – or invasions, as you call them – the only thing that is needed is to spread a clear message to both migrants and human traffickers that anyone illegally trying to cross will either be stuck forever at the border or sent back to point of departure without having any asylum or refugee claim even being examined. The same goes for anyone whose legally made application has been turned down. This will not just require reinterpreting or changing current Refugee Convention guidelines, but also the political courage to decisively act against nations that refuse to take back whoever was either rejected or illegally crossed EU borders from their territories.

Clive Robinson March 20, 2017 3:38 PM

@ Dirk Praet,

So far in this some what heated conversation, one party has not been mentioned.

Of those you might call genuine refugees, many have not left their home country by choice. The government of their home country or some faction in the area they lived in has driven them out. It may not be “ethnic cleansing” as such, just a land or resource grab.

Such people realy do not have anywhere to go to, worse they may not be able to stay in adjoining nations as UN accredited refugees, for a whole series of reasons.

The major point though is that such governments or factions have used terrorism rather than genocide because they assume some other nation will deal with those they wish to disposes of home and nation.

Which brings up the question of why such countries want to “clear the lands”. If you look at British History many Scots were cleared from their homes and land by their own people, who under English influance persuaded the chieftens that they would not just own the land but as part of the clearence would make a significant personal income from the likes of sheep. Thus the English achived a couple of ambitions which in effect resulted in the emasculation of the problematic Scotts Clan system.

When we look at the Middle East we see the same sort of behaviour by an external nation (USA / Russia) causing regional tension and supporting such clearance. Where they do not alow the Refugees to come anywhere near their nations.

Thus Europe amongst others get to pick up the tab for not just the ME despots but the US and Russian backers as well.

ab praeceptis March 20, 2017 9:41 PM

Dirk Praet

That may all be nice and dandy but it’s meaningless because it’s based on utterly bend perceptions.

The question, for instance, about the difference between refugees and economic migrants is moot (in the given context) as it’s miles apart from the situation.

The situation is this: Millions of “refugees” ILLEGALY crossed multiple borders (and create havoc).

It is a purely politically driven interpretation or even just a label one willfully chose to call them “refugees”. They are not, simple as that.

As I said before: There is a definition for refugee, the finer details of which might be discussed, but still there is definition. And there is a definition for invaders. Looking at the relevant factors of those definitions, what we experience clearly matches the definition of invaders and not that of refugees.

Case closed.

As for the nice packaging, I don’t care. Facts are facts and if someone dares to treat us as stupid and to serve us utter bullshit I do not see a need to package my answer nicely. Nice packaging is a nice to have add on, but the decisive factor is the content and whether that is true or impertinent lies and propaganda.

Dirk Praet March 21, 2017 5:12 AM

@ Clive

Thus Europe amongst others get to pick up the tab for not just the ME despots but the US and Russian backers as well.

It’s the proverbial 500 pound turd in the room. If anyone should be doing more for Syrian, Iraqi and Yemeni refugees, it definitely is the US, Russia, Saudi Arabia and the Gulf States. But they have for all practical purposes closed their borders for the very victims they have created, or are trying their best to do so. All while, like you say, Europe and surrounding countries like Jordan and Lebanon get to pick up the tab.

@ ab praeceptis

Millions of “refugees” ILLEGALY crossed multiple borders (and create havoc).

The Refugee Convention protocols are very clear in that no one trying to escape war or persecution can be punished for illegally crossing the border of a country that is a signatory to the treaty. The determination of who is a refugee under those protocols, and who is not, however becomes highly problematic when faced with an influx of hundreds of thousands of folks all claiming to be refugees while perhaps only 50% of them are.

That’s why I previously said that the Refugee Convention was never intended to cope with massive irregular immigration streams and should either be reinterpreted or amended to adequately reflect present day realities, just like was done in 1967. What is happening today is the equivalent of trying to manage computer crime with technically outdated laws that only apply to telephone and postal services.

As for the nice packaging, I don’t care.

It generally makes for a more civil and educated debate with more participants, a broader perspective and more balanced solutions. Name calling hardly ever does.

ab praeceptis March 21, 2017 5:33 AM

Dirk Praet

a) that rule has a purpose, namely to allow refugees to escape (the point is about exiting a dangerous zone and not about arbitrarily chosing a destination country)
b) that rule does not invalidate the definition of “refugee”
c) that rule does not nullify the laws of the country a refugee flees to. He/she is still bound to act lawfully (which the “refugees”) do usually not.
d) that rule does not allow arbitrary choice but grants the necessary right to escape e.g. torture. This is actually found again in the eu-ropean rules which say that a refuge can only be found in the first safe (eu) country – which again makes 99% of the “refugees” criminal invaders.
e) Neither Syria nor Iraq nor Pakistan are members of the protocol.

f) and importantly, you simply ignored the decisive fact of the definition. Not just anyone saying so actually is a refugee and in order to claim refugee rights one must meet the definition.

Example: If an islamist, us of a sponsored terrorist, after raping and beheading people is hunted by the Syrian gov. he is not a refugee but a bloody terrorist who should be hunted down and killed.

Dirk Praet March 21, 2017 9:03 AM

@ ab praeceptis

Neither Syria nor Iraq nor Pakistan are members of the protocol.

That’s actually irrelevant as Article 7 of the Refugee Convention (RC) exempts refugees from reciprocity, which is complemented by the principle of non-refoulement.

Under the RC, refugees indeed do not get to freely choose their country of destination and are bound to the laws governing their host countries. In a European context, the Dublin protocol is also very clear in that refugees and other asylum seekers as a rule of thumb need to apply in the first EU country they enter.

That’s why – despite the inhumane living conditions there – I never had any sympathy whatsoever for the people holed up in the Calais jungle, refusing to make an asylum claim in France and for whatever reason convinced that somehow they had whatever right to enter the UK. Which – perhaps with the exception of some unaccompanied minors – they hadn’t. Full stop.

These constraints are however totally useless when the leader of the EU’s dominating nation at some point extends an open invitation that by any migrant is seized to take a chance in the mistaken belief they can now freely travel the EU to Germany, a myth human traffickers were only too keen to spread further. If any laws were broken here, it was by Angela Merkel and those who went along with her decision, not the migrants themselves.

While I fully agree with you that the RC’s definition of who is and who is not a refugee fully applies, the simple fact of the matter remains that it is extremely difficult to conclusively vet anyone’s claim if 60% and more of all applicants are traveling without any valid paperwork, many of them making up (multiple) identities and stories as they go. The only sensible approach here is to only take in for further processing those who at first interview time can irrefutably identify themselves as originating from acknowledged war zones or suffering from other kinds of persecution, and sending back for extended background checks to registration camps on the EU borders or at foreign points of embarkation those who can’t.

Despite a number of high-profile cases in Germany, Sweden and several other countries – some of which were indeed kept quiet – there are currently no reliable figures anywhere in the EU that refugees somehow would exhibit significantly more criminal behaviour than other people. The only groups that are consistently over-represented in crime statistics are Balkan and North African immigrants, none of whom generally qualify as refugees under RC guidelines.

It’s this particular group that is giving real refugees a bad name and continuously eroding popular support for them. Which we have both the governments of their countries of origin and deluded EU leftists to blame for. The former in refusing to take them back, the latter in refusing to agree to a designation as safe nations their countries of origin.

ab praeceptis March 21, 2017 9:50 AM

Dirk Praet

Front up and first let me repeat: I was disgusted for years by all the dirty tricks the eu used to keep (real) refugees away and I was also disgusted by (proven by eu doctors) tortured refugees being sent back, often even into certain death.
So, my point is not that I want no aliens here. Just as a friendly reminder.

“These constraints are however totally useless when the leader of the EU’s dominating nation at some point extends an open invitation …”

True, but that doesn’t change the law either. merkels invitation has no legal meaning whatsoever. And yes, I can understand that “refugees” had reason to believe that they were somehow welcome and legalized.
What followed, however, namely massive and almost always brutal crimes, are clear evidence that the “refugees” are not refugees but invaders. That’s why I say, you should look up the definitions of “refugee” and “invader” – you can’t but find that the people who came are invaders and not refugees.

That whole thing is not just a discussion; there will be horrible consequences in reality. It will either be the “refugees” who sooner or later will be driven out with force, even brutality or it will be the europeans who lose their culture, their country, ending up as 2nd class citizens in what was their own country.

Even assuming the best case, i.e. that the “refugees” will be driven out or killed, there is already damages in the 3 digit billions of euros. And it will be some hundreds of billions more that will be needed to repair the damages. There are whole regions in germany, for instance, where each and every house owner has lost 50% of the value of his house – and the “refugees” will certainly neither repair nor pay the damages they created.

Moreover, guess what’s going to happen with the few real refugees – and I’m talking about decades to come: Anyone not white, anyone not looking like “use” will be regarded with mistrust, even hatred, and no politician will dare to even think about taking in refugees.

Dirk Praet March 21, 2017 1:52 PM

@ ab praeceptis

What followed, however, namely massive and almost always brutal crimes, are clear evidence that the “refugees” are not refugees but invaders.

I have no idea where you get that from. As I said earlier, there are no crime statistics anywhere in Europe that confirm such an allegation. Are you somehow referring to the massive wave of sexual harassment in Cologne on New Year’s Eve 2015-2016? That was not the work of Syrian or Iraqi refugees, but primarily by existing and recently arrived North African immigrants that had zero chance at refugee status. Similar events that took place in several other German and European cities were equally perpetrated not by recognized refugees but by other groups.

Yes, there have been plenty of incidents of theft, robbery, rape and even murder by refugees, but not in an order of magnitude that is significantly different than similar figures for indigenous perpetrators or existing migrant groups. There have even been terrorist attacks by refugees, like the Christmas market lorry attack in Berlin. But that was again done by a known radicalised North African criminal whose asylum claims had been rejected everywhere and whom the Tunisian government had refused to take back. Same thing with the Paris and Brussels attackers: 2nd or 3rd generation immigrants from primarily North African descent, with only 1 or 2 refugees involved.

The main crimes that are prevalent among (candidate) refugees in fact are (multiple) identity fraud and infighting over cultural differences between different groups and over limited resources available in refugee camps.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.