Friday Squid Blogging: Bioluminescent Squid

There's a beautiful picture of a tiny squid in this New York Times article on bioluminescence -- and a dramatic one of a vampire squid.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on September 1, 2017 at 4:28 PM • 185 Comments

Comments

Ben A.September 1, 2017 4:31 PM


Disabling Intel ME 11 via undocumented mode

"...we describe how we discovered this undocumented mode and how it is connected with the U.S. government's High Assurance Platform (HAP) program.

http://blog.ptsecurity.com/2017/08/disabling-intel-me.html


restic cryptography

https://blog.filippo.io/restic-cryptography/


Deputy AG Rosenstein calls for law to require encryption backdoors

https://www.theregister.co.uk/2017/08/31/deputy_ag_rosenstein_calls_to_force_backdoors/


'Independent' gov law reviewer wants users preemptively identified before they're 'allowed' to use encryption

https://www.theregister.co.uk/2017/09/01/max_hill_qc_deny_encryption_anonymous_users/


Monitoring Windows Console Activity

http://www.fireeye.com/blog/threat-research/2017/08/monitoring-windows-console-activity-part-one.html

http://www.fireeye.com/blog/threat-research/2017/08/monitoring-windows-console-activity-part-two.html


Kaspersky - Neutralization reaction - Incident Response Guide

https://securelist.com/neutralization-reaction/81620/

https://cdn.securelist.com/files/2017/08/Incident_Response_Guide_eng.pdf


Site sells Instagram users’ phone and e-mail details, $10 a search

https://arstechnica.com/information-technology/2017/09/site-sells-instagram-users-phone-and-e-mail-details-10-a-search/


Did German U-Boats Smuggle Alcohol Into the U.S. During Prohibition?

http://www.atlasobscura.com/articles/rum-running-submarines-german-uboats-prohibition-smuggling

Mealy Mouthed MeSeptember 1, 2017 4:51 PM

The UK’s “independent reviewer of terrorism legislation” appears to have gone rogue, saying that encryption should be withheld from people who don’t verify their identities on social media.

Who would have guessed that Putin would be the harbinger of the future for the West? Not me. Is this the ultimate sign of Europe's decline or the ultimate sign of Russia's coming cultural hegemony? Both.

JG4September 1, 2017 5:51 PM

Had a spot of bad luck with the spam filter today, which is why this is 12 hours (+/-) late. Yesterday too, which my quip about the propagandists. I thought that the security apparatus might have added Goebbels to the list of forbidden topics, because he was a devout Nazi.

@Clive - one version of that quote is "In God We Trust, All Others We Monitor." Quite likely derived from "In God We Trust, All Others Pay Cash." We might add, "In God We Trust, All Others We Neutralize." We don't see the phrase full-spectrum dominance often enough, but that is the end game and we are in it.

"If you don't have endpoint security, you've got a big fat juicy SDquatburger, a sodding great steaming pile of it."

"If you don't have endgame security, you've got a big fat juicy squatburger, a sodding great steaming pile of it."

I didn't make any progress in fitting "the data are not information, information is not knowledge, ..." sequence into an OODA framework, but that is a good idea.

I owe you some comments on the visual pigments. Nice work elucidating that.

@ab praeceptis - Nicely said and Thanks for your comments on RNG and PRNG. I believe that game theory simulations show that cooperation first and continuously until rejected/defected/betrayed, followed by one-time rejection/defection/betrayal per rejection/defection/betrayal event by another entity in the game, is very nearly optimal strategy. While a slight additional edge can be obtained with more complex behaviors, it probably isn't worth the trouble unless you can apply it at imperial scale. It would be easy to color cooperation as live and let live, or go a step further and fit it into the framework of the golden rule. I think that KJV renders that as "Do unto others as you would have them do unto you." I would label that as self-evident, rather than one of the uncanny connections of ancient literature to the present course of events.

It is a short step from following the golden rule and wanting to be left alone to libertarian politics. I think that most formulations of the libertarian worldview are simplistic, neoliberal and fail to consider how to mitigate the presence of psychopaths and sociopaths on both sides of the law. The simplistic application of the right to keep and bear arms seen in Charlottesville and various other gatherings is not a very good answer, especially in the absence of rigorous brainscanning. Not that voluntary cooperation can't go a long way to mitigating psychopaths and sociopaths. You wouldn't have to look much further than the Old West (or Wild West, if you prefer) to see the how that plays out in real life. I'd choose the codeword "costly," as in blood and treasure. As Elmer Keith said after a mass shooting in NY many, many decades ago (1930's?), "In my home town, he would have done very well to get two." The Deadwood series on HBO was a brilliant look at the past. There have been some brilliant leftist spoofs of what the dystopian future looks like in a libertarian wet dream. I've managed to live a life of libertarian wet dreams, but the practical application is more difficult.

We might observe that moral and ethical theories evolved to enable people to live at larger and larger scales of cooperation and concentration (aka civilization), in parallel to the evolution of bioenergetic supply chains, otherwise known as agriculture and trade. There is a good TED talk showing that energy use per person is measurably lower in cities = more efficient. Ethical practices and bioenergetic supply chains continue to develop in parallel until trust evaporates. Then you have to go through a die-off like the Roman Empire, where the imperial city went from a massively concentrated population (at least relative to the technology of the times) to a nearly rural agrarian population density as the cascading failures wiped out both trust and the supply chains. The people were betrayed at every turn on the way down. The supply chain was driven by conquest and cashflow. As it was then, so it is now. Jared Diamond and Joseph Tainter have it that additional complexity cannot save a failing system. In time, the same spiral will happen to the US and the US imperial city, but inevitable is not necessarily imminent. If the more dire climate models are correct, there could easily be a cascading failure of the global oil paradigm, because a huge portion of infrastructure would be out of business with a 3 to 6 foot rise in sea level. Witness the devastation of the oil and petrochemical infrastructure in Houston. DC and Florida are not many feet above sea level. By definition, most global oil shipping infrastructure is at sea level.

https://www.nakedcapitalism.com/2017/09/looming-gas-shortage-imports-cant-make.html

http://www.marketwatch.com/story/arkema-warned-chemical-could-endanger-1-million-2017-08-31

A failing empire is a gain medium for distrust. A dry forest is a gain medium for fire. An overvalued currency/asset class is a gain medium for panic. I tied the fire suppression analogy to financial markets some weeks or months ago. I've picked up another of the unintended consequences sowed by Teddy Roosevelt, not that he necessarily was malicious or even incompetent. It seemed like a good idea at the time to put the most technologically advanced civilization in Asia in charge of the rest. What he could not have foreseen is that Asia was a gain medium for psychopaths and sociopaths to set up one of the larger imperial resource extraction mechanisms in the world, just as he could not have foreseen that fire suppression for 80+ years would culminate in the Yellowstone fire of 1989. And perhaps Bernanke, Greenspan and Yellen treating the global economy as if it were a single-input, single-output control system like a wall thermostat, could not foresee the consequences of their betrayal of the citizens. The banks guiding the quasi-Federal non-Reserve have the most sophisticated modeling software that money can buy, so are well aware of how this plays out. Nor can Visa, Mastercard and various other parties foresee anything but their windfall gains in both revenue (potentially) and data (definitely) from demonetisation. The seeds of the Pacific war were sowed by Teddy Roosevelt in 1905, for which he received a Nobel Peace prize. The seeds of the worst war in Europe were sowed by Bernays and Wilson in 1917. The Soviet Union was another gain medium for psychopaths and sociopaths empowered by Lenin and Stalin to purge the population of political dissidents. The futility of their exercise is a topic for another day, but perhaps the survivors were more motivated to pursue the next five-year plan to economic disaster. Human brains and society are gain media for ideas. Computing engines are gain media for highly nonlinear processes. The Beltway is a gain medium for unethical companies to grow rapidly. The LEOs are gain media for psychopaths and sociopaths to advance and turn the organizations into resource extraction engines. Combine that with the inevitable decline of trust and you've got a fairly volatile mixture.

We are close to a point in time where there are better ways than torture to get people to comply, e.g., mass propaganda is now 100 years old, but the psychopaths still cling to the old ways. If the US wanted to achieve real global supremacy, operating from Boyd's moral high ground, they should have set up fMRI and done some mind-reading in Iraq and Afghanistan, while treating the guests to a 4-star hotel experience. To borrow and twist a famous quote, "Any sufficiently advanced technology is awe-inspiring." The industrial-scale murder and torture programs like Phoenix and Abu Ghraib do not inspire the hearts and minds of the locals. They are just a another vehicle to grind more money and power out of both populations via no-bid contracts and endless escalation. The Saudis and UAE could take a page from the fMRI book. The global surveillance network is the next best thing to mind-reading, but it makes the government and their endless betrayals a silent partner in every business. Thus, carving away a large portion of the business space that is acceptable to smart money from a risk perspective. Speaking of midEast human rights:

https://theintercept.com/2017/08/30/uae-ambassador-yousef-al-otaiba-double-life-prostitutes-sex-work/

@Dirk P. and the Esteemed Chairman - we must achieve emotional detachment to optimize our thinking, even though we all have skin in this game. I am not suggesting that you are equally responsible, but the police are known for giving everyone in proximity a long and vigorous hardwood shampoo, without assessing culpability. Guilt is not their problem, which is only to maintain the monopoly on violence, irrespective of cost or who bears it. Preferably not them. The use of invective is best directed at parties outside the discussion. I posted some useful suggestions that probably dovetail to our gracious host's guidelines. There are many conspiracies in play at all times, including the regular betrayal of citizens. There are many more imagined conspiracies than there are real, because human minds (and other minds, such as they are) were optimized by a very long and repetitive fitness testing process to detect and identify patterns, resulting in a permanent cognitive bias. It is measurably better to detect a pattern that is not present than to miss one that is. The weaponized autism of 4chan is a nice example of brute force pattern detection. Rerun of last night's link:

https://medium.com/@johnrobb/global-identity-troll-armies-and-factionalized-electorates-8351b0a71214

Evolution filters threat detection models for fitness, or if you prefer, fitness for purpose. It's not just threat detection that is test, but all of the downstream process, including decision trees and response that follow threat detection that are pruned and repruned. I haven't hammered on OODA much lately, but this is a beautiful example, except for the bereaved family. What do you think the odds are that a 200 million (+/-) year old cardiotoxin delivery system would hit Steve Irwin's heart dead center by accident? The animal no doubt was triggered into a heightened security state by rough play. What is uncanny is that it apparently is able to use an array of pressure sensors to detect and localize the heartbeats of predators. Further, it has a neuromuscular system to process that information into targeting coordinates for the stinger. Not so different from the surveillance used for the drone strikes and the same blind (or not so blind) indifference to outcomes as entropy maximization itself. Putting a finer point on it, sting rays are made out of tasty meat and have evolved an impressive defense mechanism to safeguard their bioenergetic hoard. I am n years late with the discussion of "All your nitrogen are belong to us."

"War is the continuation of entropy maximization by other means" -with apologies to von Clausewitz

"War is the continuation of entropy maximization by the most effective means ever used on your planet." - with further apologies

on to the daily news

Links 9/1/17
https://www.nakedcapitalism.com/2017/09/links-9117.html
Posted on September 1, 2017 by Jerri-Lynn Scofield

[parallel computing, adaptive biological systems, the security apparatus]

The Sucker, the Sucker! London Review of Books. Ever wonder what it’s like to be an octopus?

[neurogenesis, adaptive systems, overlap to AI]

Woman Develops Bond With Over 200 Hummingbirds, Now They Complain If She’s Late To Feed Them Bored Panda. Cool video.

[bioenergetic security]

Plumbing discovery reveals the rise and fall of the Roman Empire Ars Technica

[robotic vehicles, AI]

Would you take a ride in a pilotless sky taxi? BBC

[tech company - has the platform analysis of Bezos' genius been explored here? I have a good article tucked away somewhere. it is genius in adaptation]

South Carolina couple starts class action lawsuit against Amazon over eclipse glasses MarketWatch. Yet more crapification.

...[encryption as digital money]

India

Failed objectives: RBI report has demolished the government’s many claims about demonetisation Scroll.in

Watch: ‘Demonetisation Has Been Very Bad for the Indian Economy’ The Wire

...[security apparatus. there will be mistakes, the question is "Who bears the cost of imperial mistakes in an endless sequence of betrayals?" if you've been playing poker for 30 minutes and haven't spotted the patsy, it's because you are the patsy]

Drone footage: man flees Surf City police by swimming a mile out to sea, pursued by shark Port City Daily

Police State Watch

We’re Not in Mayberry Anymore: the Militarization of Domestic Police Counterpunch

...[chemical security, which is a fascinating topic in its own right. the threat models there will make the hair on the back of your neck stand up]

Texas Republicans Helped Chemical Plant That Exploded Lobby Against Safety Rules International Business Times

Pruitt Delayed Emergency Rules for Chemical Plants Weeks Before Toxic Fires Erupted in Houston Truthout. Quelle surprise: Gutting regs has consequences.

Peter S. ShenkinSeptember 1, 2017 7:48 PM

In the closing sequence of the Bioluminescence article, Sternoptyx looks like a gargoyle on an art-deco building.

gordoSeptember 1, 2017 10:05 PM

27 April 2017: Near-Term Challenges and Predictions, keynote address for SOURCE Boston
Dan Geer

This idea of punctuated equilibrium has a hold on me. I trace the birth of the cybersecurity industry to Microsoft's introduction of a TCP/IP stack as a freebie in the Windows 95 platform thereby taking an operating system designed for a single owner/operator on a private net and connecting it to a world where every sociopath is your next door neighbor. That event was the birth of our industry, though the fact was unnoticed at the time.


[...]

Nevertheless, I will now make some predictions.

http://geer.tinho.net/geer.source.27iv17.txt

PantsSeptember 1, 2017 11:13 PM

Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies

Whitepaper: https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-sanchez-rola.pdf
article: https://www.ghacks.net/2017/08/29/browsers-leak-installed-extensions-to-sites/

^^ following on from that, focusing on the untested Web Extensions in Firefox

article: https://www.ghacks.net/2017/08/30/firefox-webextensions-may-identify-you-on-the-internet/
PoC: https://earthlng.github.io/testpages/screenshots_FP.html
buzilla ticket: https://bugzilla.mozilla.org/show_bug.cgi?id=1372288 (was access denied)

re PoC: If its not clear, in this particular case, it requires the user to initiate the Firefox System Add-on Screenshots. Not all extensions would require user initiation.

You can follow some links and discussion and WebExt checking at https://github.com/ghacksuserjs/ghacks-user.js/issues/227

Chairman MaoSeptember 1, 2017 11:14 PM

@r

RE:FACEBOOK MAPPING Fuzzy, like a poisonous caterpillar.

They're also inserting 66 (btw, 66 is prime number of the KKK -- 1 2 3 6 9 11 36 39 63 66 69) "communication" satellites into orbit.

Have you ever seen the movie, "Independence Day?"

WaelSeptember 2, 2017 12:01 AM

@tyr,

I remember you recently recommended a book on Claude Shannon that I intended to read. For some reason I can't find the reference to it. Would be appreciated if you remind me of the title.As you know, I value your book recommendations (there is an exception of one book, though - I always get sleepy when I think of it.)

rSeptember 2, 2017 5:07 AM

@Mouse Dung

I celebrate being free of microwave ovens too, I'm so glad to hear that they made a movie about America's dependence on simplicity and convenience.

Four Stars.

65535September 2, 2017 7:45 AM

@ Ben A.

Good stuff.

“Deputy AG Rosenstein calls for law to require encryption backdoors”

This will only apply to the average Jane/Joe but not to government including the FBI. That is a small point he fails to mention. This Deputy AG is all for fishing expeditions accept when it applies to LE and the government in general.

The one-way-mirror will be hardened so the government can watch you but you cannot watch them.

The UK with the snooper’s charter is almost beyond repair. They look at all your data and pass it along to probably 100 agencies.

“'Independent' gov law reviewer wants users preemptively identified before they're 'allowed' to use encryption” -Register

https://www.theregister.co.uk/2017/09/01/max_hill_qc_deny_encryption_anonymous_users/

Things are not looking good for UK citizens. I will not be visiting the UK any time soon.

The most interesting was your Disabling Intel ME 11 via undocumented mode by the PTsecurity group post.

What are the actual steps that the average Jane/Joe needs to take to Disable ME?

“…those who are aware of the risks and decide to experiment anyway, we recommend using an SPI programmer.” – Positive Technology

First I assume the Positive Technology group doesn’t recommend The me_cleaner project.

See
https://github.com/corna/me_cleaner

Next option is to change ME:

“Setting the HAP bit
“The aforementioned facts help to reveal the second method of disabling Intel ME:
“1. Set the HAP bit.
“2. In the CPD section of the FTPR, remove or damage all modules except those required by BUP for startup:
• RBE
• KERNEL
• SYSLIB
• dBUP
“3. Fix the checksum of the CPD header (for more details on the structure of ME firmware, see this paper).

http://blog.ptsecurity.com/2017/08/disabling-intel-me.html

So how can we set the HAP bit? We can use the FIT configuration files and determine the location of the bit in the image, but there is a simpler way. In the ME Kernel section of FIT, you can find a Reserved parameter. This is the particular bit that enables HAP mode.”-Positive Technologies.

I looked on ebay a found a bunch of cheap SPI programmer modules. Other that the code referenced in the article please list the actual steps using this SPI

Exactly how do the average Jane/Joe step through this system of disabling ME 11?

Anybody got the answer?

The third comment in the Ptsecurity blog is interesting:

[Poster Unknown]

“I believe it tells Boot Guard to start an alternate boot chain in a microOS alternative to ME that you don't have available (and probably never will unless someone leaks it) to test with. We know that ME allows for remote access and control of machines where it is up and running, and can automatically download and update firmware for the CPU and subsystems on the motherboard. We know it allows all sorts of remote monitoring if those options are enabled. I wouldn't be shocked that certain three-letter-acronym customers would rather that system be disabled entirely before system boot and their own "in-house" trusted boot stack and control/monitoring software run instead of ME long before the system comes up and online into the OS and then network.” –Unknown on ptsecurity blog

http://blog.ptsecurity.com/2017/08/disabling-intel-me.html

What do you say regarding this comment?

On the Kaspersky revelation of the so called WhiteBear exploit there seems to be a dependency on a booby-trapped pdf file. I do know a lot of MS and pdf files can be weaponized. But, pdf files are the de-facto standard in government and industry.

Kaspersky notes:

“3. Delivery
…The email contained a PDF document that exploited a vulnerability in Adobe Reader.”

See graphic 10 percent down page:
https://securelist.com/neutralization-reaction/81620/

Is there way to wean people and business from using Adobe pdf files? It seems to be a favorite file to booby-trap. Most people I know just hope windows and associated antivirus programs will all catch this booby-trapped pdf.

Do any of you have a solution to the booby-trapped pdf file problem?

JG4September 2, 2017 8:59 AM


@Ben A. - you are awesome. are you running a script to grab the first open comment window?

@Rachel - thanks for the comments on nuts and related topics. I've been eating garbs that are run through the process that you describe. I like the idea that it works for nuts too.

@tyr and Wael - Amazon indicates that there is no book authored by Claude Shannon, which could mean either that it is so long out of print that their radar screen missed it, or that there wasn't one. Sorry that I've been too lazy and dysfunctional to share the links to his thesis and seminal paper. The links are on another machine and my short-term memory isn't what it was in the good old days. My long-term memory appears to be intact, but I have plenty of senior moments. There are good books about Shannon and his work, but I can't offer any advice yet. Except that the feedback system on Amazon is similar to the Ebay magic, albeit with considerably more bandwidth, so we can quickly identify the good ones. Can't recall if I posted any of the high art where Amazon comments are repurposed as canvas for brilliant snark.

unfortunately, this got split between the squid and the other thread

@ab p., Clive and others - Thanks for your comments on randomness of RNGs and PRNGs. I don't believe that the points in n-space will have any correlations if certain conditions are met. Suppose that we have a radioactive decay process that is well shielded from external disturbances. The underlying rate of decay will have a slight dependence on gravity, as Tom van Beek (sp?) would be willing to demonstrate. I think that he is called the Time Nut. And Clive has correctly pointed out that the decay rate will be slowing as the material is consumed. I don't see a problem with correcting the time-axis spacing to compensate those effects, as the correction would be no more than second-order linear. We won't be shielding gravity, but we want to keep Clive's entropy-reducing beams out of the picture, for which metal and maybe some form of iron will suffice. The beams will not affect the decay rate, but very likely will disrupt the timing of the detection circuit. I claim that the time intervals between successive decays are completely uncorrelated (ignoring crazy effects like spooky action at a distance and entanglement that shouldn't be in play) or maybe it is the deviation from the averge time interval that is completely uncorrelated from event to event. For PRNGs, if the observation period is shorter than the repeat interval, I believe that the outputs will again be uncorrelated. I am open to understanding how they could be correlated in case I've missed something. The physics people that I mentioned probably were doing Monte Carlo simulations and needed a stream of truly random numbers that were completely uncorrelated. In fact, it is quite likely that they believed the documentation and ended up later troubleshooting why they got unexpected results, only to find the undocumented correlations. It would be paranoid to suggest an early instance of spook influence in the computer business. We need a long and tedious rant about the distinctions between healthy and unhealthy paranoias. "Never ascribe to malice what is adequately explained by incompetence," fits into the always cooperate on the first iteration framework, as does "Trust, but verify." "Never trust a psychopath" also might fit into a long and tedious discussion of those topics. Always trust a sociopath when it is in their best interests to help you. They won't let emotion get in the way of acting in their own best interests, and that will help you if your interests are aligned.

on to the daily news dump

Links 9/2/17
https://www.nakedcapitalism.com/2017/09/links-9217.html
Posted on September 2, 2017 by Jerri-Lynn Scofield

[AI, cognitive bias]

Intelligence of apes misunderstood because of bias and bad science Treehugger

[physical backdoor. did someone post the repurposing a WWI German submarine for hauling alcohol during Prohibition? that physical backdoor is in play now for drugs. DARPA, Navy and others are working diligently on full-spectrum dominance under the water. the pigeons will smell bad when smoked by the 100 kW lasers used to stop drones at the border]

Argentina police kill drug-carrying pigeon Agency France-Presse

...

[health security in conflict with food security]

Why are New Zealand’s waters so polluted? Al Jazeera

[there are multiple information wars in play, but very few people are aware of them]

Upgrade downturn: why are people holding on to their old phones? Guardian

[LEOs can be conceived as an immune system for the body politic that identifies outsiders and neutralizes them. It may be noted that the body's immune system is a cost-center, not a profit-center. Clive might be able to shed some light on the legal concept of Outlaws from the older country. They were people who lived outside of the legal system and did not enjoy the protections of the Magna Carta and other aspects of civilization]

Police State Watch

[can't have the serfs finding out too much about what goes on in the castles]

Is U.S. Congress Declaring War on WikiLeaks? American Conservative

[you have to follow our rules as we make them up, or else we beat the daylights out of you]

Utah nurse arrested for refusing to hand over blood BBC

[Google is the Deep State's hypervisor]

New America, a Google-Funded Think Tank, Faces Backlash for Firing a Google Critic NYT

Reporter: Google successfully pressured me to take down critical story Ars Technica

[the division of government powers is not unlike C-v-P. if the legislative branch control Gibbs free energy (aka money) via budgeting and rule-making, and the executive branch controls Gibbs free energy by spending within the rules, then the judicial branch serve as a sort of hypervisor that manages and correct errors in the other processes]

Richard Posner announces retirement Chicago Daily Law Bulletin. Although retiring from the bench, he’ll continue to teach and publish. Posner, 78, has called for mandatory retirement of judges at age 80.

Wells Fargo

["security is when you put money in the bank, and it stays there." we might add, and it still has the same spending power when you need it, as there are big surprises coming. oh, by the way, we may not be able to let you take it out when you need it]

On Wells Fargo Ian Welsh (martha r)

New Cold War

US Orders Closure of Russian Consulates and Annexes The Wire

[One-time pads for perfect forward secrecy]

Smoke seen billowing from Russian consulate in San Francisco as staff ‘burn unidentified items’ before leaving Independent

[existential security]

Former Defense Secretary William Perry on the Nuclear Threat Truthdig

["undue influence, sought or unsought"]

Russian lobbyist Rinat Akhmetshin on that notorious meeting at Trump Tower FT

...[signal integrity]

Our Famously Free Press

[part of the propaganda wars that are always and everywhere in play]

How Exxon Used the New York Times to Make You Question Climate Science DeSmogBlog

[voting also is a signal integrity issue]

No “Russian Hacking” In Durham Election – NY Times Report Belies Its Headline Moon of Alabama

NYT’S CHURLISH VOTE HACKING STORY SHOULD NAME REALITY WINNER Empty Wheel

...[surveillance]

India

Smartphones Sharing Personal Info on 40% of Indians With CIA, Says Ex-Home Secretary The Wire

...

War Drums

[we all evolve over time in response to the feedback paths we use or that use us]

McCain’s Transmutation from Cautious Realist to Super-Hawk Unz Review

[I don't think that there's a dimes worth of difference between Bush, Obama, Clinton or Trump and that's not a troll. the Mueller/IRS gridlock is the status quo preserving itself in a morally/ethically blind way]

If Hillary Had Won Counterpunch

[a dark study of multiple perverse feedback systems. Holder should be in jail for signing off on assistance to Sinaloa. apparently, the DEA are just as dirty as the FBi]

The Narco-State to the North Jacobin

...[security posture: vigilant, protecting the young]

https://www.nakedcapitalism.com/wp-content/uploads/2017/09/pexels-photo-145954-e1504297737479.jpeg

WaelSeptember 2, 2017 9:20 AM

@JG4,

Smartphones Sharing Personal Info on 40% of Indians With CIA, Says Ex-Home Secretary The Wire

That's about 538 million records of metadata and content, and counting.

Stack of computers at Data center in Utah just got smazeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroonezeroerror, erronezerooneor, errorzeroonezeroonezeroonezerothe book was onezeroonezeroonezeroonezeroabout onezeroonezeroonezeroonezeroonezerooneShannon, zeroonezeroonenot zeroonezeroonezeroby himoneshed. Little wonder the internet is becoming slower by the day!

CallMeLateForSupperSeptember 2, 2017 9:38 AM

Re: the ghacks[dot]net story, "browsers-leak-installed-extensions-to-sites/", posted above.

"Security researchers have discovered flaws in the extensions systems of all modern browsers that attackers may exploit to enumerate all installed browser extensions.

"The attack affects all modern browsers."

Is our attention duly riveted? Has this threat got our blood up?

The last line of the article effectively deflates the threat: "Since these attacks rely on scripts, any script blocker protects against it. "

Whew! Simply DISabling scripts eviscerates yet another nasty. "Make it so."

RachelSeptember 2, 2017 9:40 AM

Dirk

re: weeds and filth etc. Of course you do. I couldn't help making that highly non serious reference specific to your understanding in response to your ' i am not a nice person'. because we will agree, your presence here is a delight. you'd be my favourite to read, here. Plus you're only second to Nick P in the equinamity competition. I keep thinking how cool and interesting it would be to hang out with you ( dont worry not that i expect that to happen.
too difficult from an security perspective- is that you, are you really you are or are you rolf harris, etc)
by the way, yes that is a genuine competition, its annual here like the movie contest. But the rules and format are complex. Wael organises it he can explain all.

that reminds me. speaking of pubs. you made a really fascinating comment then left me (& us) on a cliffhanger. your bar.man taught you really valuable tips for working out who's who in the bar. love that sort of life skill, like most of us here. can you share more specifically?
i've got those skills somewhat but they are more innate, beneath the skin, harder to quantify or deconstruct

On the verifying new contcts front. I recall Captain Paul Smith of Sea Shepherd stating he only collaborates with someone after knowing them for seven years

RachelSeptember 2, 2017 9:46 AM

CallMeLateForSupper
script blocker etc.
granted, but do note the post was made by Pants who has done incredible research over years, into the hidden workings of Firefox relating to switching off a great number of hidden telemetry & other) settings. He or she regular releases updates to their work and it can be found on the ghacks page they pasted. They have shared it here before

RachelSeptember 2, 2017 10:13 AM

65535
'the pdf problem'
Nick P has responded previously a couple times suggesting a FOSS pdf reader that appears to be quite resilient , he said someone else he trusts had recommended it. I have used it, very minimal code nice and light, can't remember the name! searching this site isn't working ( a regular issue- it searchs the web. must be my device)
Nick mentioned it again only recently.
That program plus the usual caveats like an offline bsd is one answer to your query

JFSeptember 2, 2017 10:44 AM

@JG4
"Utah nurse arrested for refusing to hand over blood BBC"

It amazes me what this police officer was willing to do with multiple cameras recording, including his own! I am further amazed that his fellow officers did not step in forcefully to shut his actions down before he got the nurse out the door.

A school based Behavior Specialist I knew had a sign on his wall - "Character is what you will do in the dark". And Robert Heinlein wrote "An armed society is a polite society" in a reference to "blasters" in his SciFi worlds.

I know I will catch heat from some regulars here, but even with all the privacy concerns that it raises, I believe surveillance throws light onto some undesirable behaviors, and will ultimately weed them out. I happen to disagree with Heinlein regarding weapons - there is too much testosterone poisoning for that to be true. But knowing you may have to justify your actions with a "Fair Witness" (another of Heinlein's creations) watching, may make encourage more rational and appropriate behaviors.

The Evil Against America IdealsSeptember 2, 2017 12:13 PM

I criticized Google. It got me fired. That’s how corporate power works.

We should all be worried about big business interfering with our speech, our thinking and our expression. By design, the private  business corporation is geared to pursue its own interests. It’s our job as citizens to structure a political economy that keeps corporations small enough to ensure that their actions never threaten the people’s sovereignty over our nation. The first and most vital step to this end is to protect the media we use to communicate with one another from being captured by a few giants.

But today we are failing. Not only are we not preventing concentration of power over our economy and our media. We are not protecting the groups that are working to prevent and reverse that concentration of power.

Wherever you work, whatever you do, your livelihood and your liberties are every day more at risk as long as we allow a few giant corporations — especially in online commerce — to continue to extend their reach into and over the world of ideas.

https://www.washingtonpost.com/news/posteverything/wp/2017/08/31/i-criticized-google-it-got-me-fired-thats-how-corporate-power-works/

Nick PSeptember 2, 2017 12:26 PM

@ Rachel

It was MuPDF. Marc Espie, a key developer in OpenBSD project, recommended it when I asked which PDF reader had the highest-quality code as seen through his eyes. He's been writing and smashing low-level code a long time. So, I'm going with his recommendation when passing one on myself.

@ All

I've been writing about how the chips barely work on new process nodes since the physics keeps getting worse. RobertT originally told us of these problems. Looking into it further let me predict A2-like vulnerabilities. One other issue I worried about when reading design rules was that there could be interactions between components as software runs that aren't in the visible model for software. As in, it breaks due to the fact that what hardware is doing isn't what people think it is doing esp in odd situations orchestrated by malware. Found a nice example:

Software-based, Microarchitectural Attacks

Since nobody is going back to old nodes, might as well assume everything in modern computers will leak. They can't be trusted to keep secrets at all. Clive and I have already recommended pencil and paper but that was unknown unknowns mostly. Even the known knowns can't be trusted to work without leaks or breaks at gate level on modern nodes. Here's one of my favorite articles describing that. Here's a highlight that was really WTF for me:

" The main issue with lithography effects is that they can’t be analyzed and prevented purely by DRC rules. These effects happen based on how the surrounding metal objects are shaped. The most reliable way to detect lithography effects, therefore, is through simulation-based analysis. However, full simulation-based analysis is computationally intensive and runtimes can range from two to 10 hours per mm2 of 28-nm design area. Consequently, full-simulation-based lithography analysis should only be used as the final signoff, whereas a more efficient in-design DFM solution is best during implementation.

There are multiple in-design DFM methods. For instance, a pattern-matching-based approach can make lithography analysis more efficient (Fig. 3). Pattern matching, using a foundry-qualified or user-generated yield-detractor pattern library, is run on the post route database. Any exact matched patterns in varying orientations are identified and automatically removed via rerouting. Currently used in production at 28 nm, this method runs at a fraction of full simulation runtime."

The chips come out broken by design with them having to do the equivalent of image recognition on them to fix pieces. That just one problem.

Duty To WarnSeptember 2, 2017 1:00 PM

There is nothing as dangerous as a bad habit

Voodoo algorithms to detect outliers

Don't forget that Obama and some of his closest advisers had their heads deep inside the Voodoo of using algorithms to detect whistleblowers. You can come to your own conclusions as to what data mining and machine learning algorithms are busy working overtime to the NSA's haul from trawling everyone's data ;-) If the Voodoo points at an individual has grave implications on the whole life of the person whether or not this is a false positive or accurate detection. Any person with a half brain should be considerate what Voodoo means to their vital interests and go out of their way to prevent falsely caught in their Voodoo nets

A Nonny BunnySeptember 2, 2017 2:47 PM

@JF

And Robert Heinlein wrote "An armed society is a polite society" in a reference to "blasters" in his SciFi worlds.

[..] I happen to disagree with Heinlein regarding weapons - there is too much testosterone poisoning for that to be trueThere's some truth to it I think, in the sense that in a society were offending people has a higher risk of getting you killed, people will tend to err on the side of politeness. (Or the people that don't get weeded out early.)
Whether a polite society is a goal you should strive for at the exclusion of all else is of course an entirely different question. Personally, I'd prefer a lower risk of getting shot (whether for offending someone, or by accident, or whatever).

A Nonny BunnySeptember 2, 2017 2:51 PM

Weird. The blockquote should have ended between "true" and "There's". Guess that's what I get for neglecting to preview and assuming the blog would post the tags I wrote.

Markus OttelaSeptember 2, 2017 3:08 PM

I released TFC 1.17.08 this week.

Libraries are now updated to latest versions, and Argon2 library was changed to a better maintained and tested one. Alas, PyNaCl's Argon2 didn't complete on time so I couldn't use the libsodium implementation. This one however allows matching test vectors with official Argon2 client. Also on the plus side, it supports Argon2d so it provides most security against GPUs/ASICs.

The mypy type annotations are now much more complete, only typeshed related stuff is missing which isn't exactly a problem. Unittest coverage is 99.71% which is nice.

The OS support is very limited at the moment, Only Ubuntu 17.04 for TxM/RxM/NH, and Tails 3.0+ for NH. This is partly because e.g. Mint that was previously supported lacks up to date packets and uses outdated 1024-bit DSA keys, and supports SHA-1 based signatures. 17.04 deprecated a good bunch of old crypto.

I added a kernel version check that makes sure OS has at least version 4.8. This ensures that the ChaCha20 based CSPRNG is always used.

I reworked serial interface concurrency issues to ensure all commands works from 50 to 2M bauds.

Installer now pins SHA512 hashes of TFC files instead of SHA256.

The public keys are now exact copy of Bitcoin's WIF format, and in normal use consist of 17 three char substrings. With guiding letter A..Q, following along typing process is much easier.

There's three new commands. '/rmlogs' allows user to remove log entries for contact or group.

'/whisper' command makes an attempt with sender-based control in cases where contact is not hostile, has logging enabled, but when sender wants to send a message that isn't logged. This is particularly useful for sending decryption keys for exported files that the contact will later import to their RxM.

'/wipe' command that overwrites all user data (including $HOME/.purple on NH containing OTR keys) and powers off the three devices.

New pictures and partly rewritten Security Design, Installation and How To Use wiki articles.

Again this only scratches the surface. Rest of the updates can be found in the Update Log.

Ben A.September 2, 2017 3:31 PM


@JG4

Regards the sources: I read a number of blogs in my spare time. Using my own custom software I retrieve (from known/favourite blogs) and scrape (from unknown sites using keywords) any articles that are of interest to me.

It then creates an ad-free PDF copy, archives it along with a summary and searchable hashtags (e.g. #encryption, #cryptocurrency #math etc.) before moving it in a "Read Later" folder.

I can manually mark articles to "Read Later" or mark articles as "Blog Submission". The latter attribute assigns it with a numerical reference and visible colour which corresponds to a particular blog.

I try to keep any submissions relevant and not overly cross-technical into another field. My software discriminates between articles and categorises them accordingly. Example: interesting though the ABC conjecture is, especially the impact on ECC, it's not something that I'd include on here because it invites detailed discussion of mathematics which is beyond the general readership of this blog. However I always include relevant cryptography papers (e.g. arXiv) because of their direct relevance.

I'll include one or two quirky articles of peripheral relevance such as the story of unterseeboot smuggling.

At the week's end, for Schneier on Security, I glance through the articles and either manually "Approve" for submission or I can configure it to "Auto-Approve" and submit on a particular date (or upon detecting particular keywords or hyperlinks, e.g. squid or "blog posting guidelines"). In the former instance I can copy and paste the pre-generated HTML output onto the blog and in the latter it submits automatically (bypassing reCAPTCHA if used).

I implemented GPG signing of posts although I don't currently intend to use the feature; it was more to see how/if I could sign a post with an acceptable margin of security whilst keeping the output brief: a line or so.

JG4September 2, 2017 5:43 PM


Thanks Ben. Can't recall if I posted anything about natural language processing in the past year or two, but it is something that I'd be even more excited about if and when I can write code again. At the end of the last academic year, I attended an engineering expo at a modest state school for their senior design projects. I happened onto a natural language processing project for navigating the patent forest. I had meant to sponsor a similar project myself fifteen years ago. We're not talking about Stanford, where the half of the graduating class that aren't hired by Google go to Apple and Facebook. This is a modest state school in a modest state, and two of the three students who worked on NLP of patents were going to Google and Apple. I don't know it to be a fact, but my guess is that they are the only two of the hundred to two hundred graduating engineers to go to work for the Horsemen of the Tech Apocalypse.

I thought this humor clever enough and relevant enough to the surveillance "tradespace" to not attract censure. The quotes are to indicate that your interests figure in at zero weighting. There is an endless supply of this sort of snark on Amazon. Apologies if I posted this a few years ago. It also provides a canvas for the sort of message exchange that Clive mentioned some time ago:

https://www.schneier.com/blog/archives/2017/07/australia_consi.html#c6756685

Note that copyright is not asserted by either the author or by Amazon, as far as I can discern. It's an interesting question whether any of our posts could be tagged "Copyright 2017 JG4 All rights reserved. Published here by permission." at the end. In principle, this would prevernt someone from lifting the material for commercial use. It is possible to assert copyright in a patent application, but is very rarely seen.

Customer Review
https://www.amazon.com/gp/customer-reviews/R1SAZ24RWNZBA0

5.0 out of 5 stars
I have two words for you, 'predator drones.' You will never see it coming.
By Maurice Cobbson January 11, 2013

You've had a busy play day - You've wiretapped Mom's cell phone and e-mail without a warrant, you've indefinitely detained your little brother Timmy in the linen closet without trial, and you've confiscated all the Super-Soakers from the neighborhood children (after all, why does any kid - besides you, of course - even NEED a Super-Soaker for self-defense? A regular water pistol should be enough). What do you do for an encore?

That's where the US Air Force Medium Altitude, Long Endurance, Unmanned Aerial Vehicle (UAV) RQ-1 Predator from Maisto comes in. Let's say that Dad has been labeled a terrorist in secret through your disposition matrix. Rather than just arrest him and go through the hassle of trying and convicting him in a court of law, and having to fool with all those terrorist-loving Constitutional protections, you can just use one of these flying death robots to assassinate him! Remember, due process and oversight are for sissies. Plus, you get the added bonus of taking out potential terrorists before they've even done anything - estimates have determined that you can kill up to 49 potential future terrorists of any age for every confirmed terrorist you kill, and with the innovative 'double-tap' option, you can even kill a few terrorist first responders, preventing them from committing terrorist acts like helping the wounded and rescuing survivors trapped in the rubble. Don't let Dad get away with anti-American activities! Show him who's boss, whether he's at a wedding, a funeral, or just having his morning coffee. Sow fear and carnage in your wake! Win a Nobel Peace Prize and be declared Time Magazine's Person of the Year - Twice!

This goes well with the Maisto Extraordinary Rendition playset, by the way - which gives you all the tools you need to kidnap the family pet and take him for interrogation at a neighbor's house, where the rules of the Geneva Convention may not apply. Loads of fun!

Dirk PraetSeptember 2, 2017 7:32 PM

@ Rachel

your bar.man taught you really valuable tips for working out who's who in the bar. love that sort of life skill, like most of us here. can you share more specifically?

Not just the bartenders. There's a lot you can learn from hanging out with a LEO relative, former legionnaires, servicemen, bikers, working girls and spending 35+ years at dodgy clubs and bars all over the world.

The key to it all is recognizing patterns, oddities and inconsistencies in people's discourse, look and behaviour until eventually you develop a sixth sense for it. Just one silly example: in the early eighties, we had a copper in our then bar who walked the walk and talked the talk of a genuine punk rocker. Cool, stylishly decorated leather jacket, Sid Vicious-like hairdo, Converse All Stars. Knew all Clash and Buzzcocks lyrics by heart. His very specific type of moustache, however, gave away that not only he was a gendarme, but even his rank and station.

Undercover agents - whatever they look like ; we even have one with a tattoo sleeve - always follow certain protocols, which makes them easy to spot once you know what these are. A concealed gun over here is usually a dead giveaway. Inadvertently pouring out a perfectly good beer in a plant is another one. I could go on, but I guess you kinda get what I mean.

WaelSeptember 2, 2017 8:54 PM

@Ratio,

the Justice Department said Friday that "Both FBI and NSD confirm that they have no records related to wiretaps as described by the March 4, 2017 tweets."

Doesn't exclude 'wireless' taps, does it?

RatioSeptember 2, 2017 9:40 PM

@Wael,

From page 77 of the motion:

(15) [...] the FBI has no records responsive to Plaintiff's request inasmuch as it seeks records of alleged wiretapping1 of Trump Tower by President Obama prior to the election, as referenced in the March 4th tweet. [...]

[...]

1 I.e., warrant applications/requests for court authorization to intercept telecommunications or electronic communications; court orders granting or rejecting such authority; logs; intercepted communications; and briefing materials about such intercepted communications.

(I don't have the cycles for a closer look at the moment.)

Clive RobinsonSeptember 2, 2017 11:51 PM

@ JF, A non bunny,

And Robert Heinlein wrote "An armed society is a polite society" in a reference to "blasters" in his SciFi worlds.

The reality of what others romantically call the "wild west" was that lots of guns ment lots of people getting shot in the back or in the cross fire.

It's what psychologists would expect, neither "formal politness" or "politness by force" are actually politness. It alows one group to exert control over another, and with the control they frequently use casual cruelties and other humiliations as a sign of status. Thus you are creating a societal "preasure cooker and wiring down the societal safety valve" so the things will not just "brew up" but "cook off".

That is pent up rage will not have any safe way to be released, thus people will not get revenge, they will rid themselves of their tormentors. The way they will do this is by buying a hand gun and because they have no skill in it'S use they will have to get close enough not to miss. Realisticaly this means "sneeking up" or ambushing from behind, giving no warning and shooting their, tormentor in the back.

Clive RobinsonSeptember 3, 2017 12:22 AM

@ Wael,

Doesn't exclude 'wireless' taps, does it?

Or people lossing the paperwork, or "special jobs" or "getting contractors in" or other tricks for "plausible deniability".

The simple fact is J. Edgar Hoover ran the FBI as his own "personal fiefdom" and in the process built up quite a few "special projects" teams. Which would have had their own code and group think. The fact that Hoover died does not mean such teams died, in fact almost the opposite, because all the hidden processes for ensuring team members pay, pensions, healthcare etc would be "built in" so that those running them would have no idea they were special. Once you have that sort of thing in place it will carry on under it's own inertia and as those involved get promoted "the dead mans shoes get filled" and new candidates come in at the bottom "and so life goes on" and even flourishes spreeding like a cancer.

65535September 3, 2017 2:28 AM

@ Rachel

I think Nick P. suggested Foxit. The down side to foxit is adware and no OCR search capability [older versions of foxit don’t have adware which is good]

@ tts

The problem with pdf files is big because most business, medical and legal outfits use it as their default document format => leading booby-trapped pdf attachments. I got a law client at insists on Adobe Pdf Pro and online storage – {shutter}

Your, Krebs article looks dim. There seem to be huge holes in the product.

Will take a look a Sumatra it looks OK. Also mupdf and xpdf look interesting.

I saw the Wikipedia page on Adobe security and it is not so good.

“Security
“From Version 3.02 onwards, Acrobat Reader has included support for JavaScript. This functionality allows a PDF document creator to include code which executes when the document is read. Malicious PDF files that attempt to attack security vulnerabilities can be attached to links on web pages or distributed as email attachments. While JavaScript is designed without direct access to the file system to make it "safe", vulnerabilities have been reported for abuses such as distributing malicious code by Acrobat programs. Adobe applications had already become the most popular client-software targets for attackers during the last quarter of 2009…September 2006 warning, David Kierznowski provided sample PDF files illustrating JavaScript vulnerabilities… February 2009 warning,.. US-CERT recommended disabling JavaScript in the affected Adobe products, canceling integration with Windows shell and web browsers (while carrying out an extended version of de-integration for Internet Explorer), deactivating Adobe indexing service and avoiding all PDF files from external sources…February 2013 warning, Adobe has identified critical vulnerabilities in Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system... January 2016 warning, released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system…”-Wikipedia

https://en.wikipedia.org/wiki/Adobe_Acrobat

[The above coupled with Krebs on Security warnings do not bode well for Adobe customers]

https://krebsonsecurity.com/2016/01/adobe-microsoft-push-reader-windows-fixes/

The list of pdf software is long.

“List of PDF software”

https://en.wikipedia.org/wiki/List_of_PDF_software

For concerned clients who get a lot of pdf attachments in email, I recommend they used and locked down machine [no root access] and a browser with scripts disabled. Then, download the pdf file and put it on sacrificial machine with strong anti-virus software[s] and scan the file. If the file is clean open it. If it is not – junk the file. But, this system is almost never followed by my clients. The process is too time consuming. So, I am stuck with that.

Dirk PraetSeptember 3, 2017 2:53 AM

@ Ben A.

I implemented GPG signing of posts although I don't currently intend to use the feature; it was more to see how/if I could sign a post with an acceptable margin of security whilst keeping the output brief: a line or so.

@Thoth came up with a clever and easy post signing approach about a year ago. Ste-by-step guide here.

Ben A.September 3, 2017 3:54 AM

@Dirk Praet

I had a similar idea. I can have my software upload the message to an arbitrary yet anonymous location under my control.

A shortened link, using my own software (not bit.ly), would then be included at the end of each post. Verifying it's authenticity would be simply confirming the presence of the message at a particular location.

The security could be augmented by having the message at that location signed so that those who know how to check the message, can. Those who don't would just rely upon its presence at the confirmed location. I know you have DNS cache positioning but it's good enough to deter spammers and low-level posting under a particular username.

My software includes imported dictionary sets for privacy so I can switch between American and British English, introduce common spelling or grammatical errors, import over different IP addresses and post in differing timezones. I have a few other 'undocumented' features for additional privacy.

tyrSeptember 3, 2017 4:09 AM


@Wael

The Shannon book is a new biography done
by people who noticed that there wasn't
any done on him. I'll dig out the link
again for the review.

@Clive
In the meantime you and Wael might be
interested in this one.

http://www.tomdispatch.com/post/

McCoy apparently did some interesting
digging and wound up on the radar of the
spooks.

The view from the old west is a lot
more complex. Most moderns haven't been
in an armed society so have no referent
for the experience. If you are impolite
in that milieu someone will kill you.
However even the dimmest realizes that
and the incidence of violence is higher
in an english pub. Most of the wild west
stories were from alcohol and transients
coming together. Permanent citizens had
a much nastier habit of hanging trouble
makers as an example to the rest. The
dime novels written in the east and
the ugly habit of movies and television
have made the whole idea into a caricature.

As humans have packed themselves into
citys the whole idea of being armed for
a good reason has faded out leaving the
TV fantasies as the only referent to an
armed society. I've met grown men who
did not even carry a pocketknife or a
way to make a fire. I am tempted to
consider that a regression to prehuman
state in my more cynical thoughts.

You have to admire the hubris of the
latest embassy flap with the Russians
apparently the egotistical maniacs in
DC have decided its a good time to try
for WW3. I find it quite surprising as
most of NATO won't even pay for their
own share, the idea they will be the
frontline in a charge to Moscow boggles
the mind. There is a point where claims
of exceptionalism are sure to fail in
a spectacular fashion.

WaelSeptember 3, 2017 4:18 AM

@Dirk Praet, @Ben A,

signing of posts ...

Then you loose repudiation, hence you must be very careful what you say because you won't be able to deny it unless you delete all traces of your keymats and it's association with you, which could be a difficult thing to do, if you even have the time to do it.

Would you rather deprive others of the ability to impersonate you here or would you rather make it hard for a TLA to prove it was you?

Non-repudiation isn't necessarily an unconditionally desirable attribute. YMMV

Me? I know who composed a messsge without looking at their name, a lot of the time...

nimdajitamSeptember 3, 2017 4:31 AM

Hearing loss and other following neurological problems experienced by the personnel of the US embassy in Havana, Cuba were for sure not caused by infrasound as it is not possible to direct it nor it causes what was diagnosed (alone). On the other side ultrasound has poor penetration properties, can't go through walls and devices similar to LRAD for emitting it to long distances would be truck-sized. But we know for sure that every PC or laptop and even mobile phone already has an acoustic device (in most if not all cases: speaker) present capable to produce (ultra)sound out of hearing range. Tadaa! Researchers successfully used ultrasound generated on integrated pheriperals (BTW printers, scanners and HDDs can be used to produce ultrasound as well) to jump over so called air gaps between unconnected computers, FBI used it to identify pedophiles hiding behind Tor and for the same reason advertising companies are using it to identify/link content/audience across TV-Internet. I believe that US personnel was exposed to ultrasound produced inside the building by: A) malware intentionally harming them; B) malware jumping air gaps causing unpredictable collateral damage; C) their own system for masking possible air gap jumping malware's communication.

Dirk PraetSeptember 3, 2017 5:22 AM

@ Wael, @ Ben A.

Then you loose repudiation, hence you must be very careful what you say ...

Correct. Same thing with digitally signing emails. It only applies to folks posting under their own name, which is what I have been doing here ever since I first visited this forum. Being European and essentially having no business with the US either private or professional, I can't imagine how I would be a person of interest to any 5-Eyes TLA posting my silly musings on this blog. I'm not affiliated with any political, activist or other potentially subversive organisation, don't have access to any classified or otherwise sensitive information, and an infosec rock star only in my family and at the bars I hang out. I am, for all practical purposes, nobody, and totally fine with that.

Which is not to say that I've got nothing to hide (I'm not that boring) or am perfectly ok with voluntarily exposing my each and every move to either corporate or state level mass surveillance. And that's why I'm using and advocating however imperfect tools to thwart as much as possible such surveillance, and which, essentially, is no different than closing the bathroom door when taking a dump, or closing the curtains when entertaining a girlfriend. Everybody knows what you're doing, and they can easily bust the door or see right through the curtains if for whatever reason they wished to do so, but in essence it's none of nobody's business, and I am both morally and legally well within my rights to put up such walls. At least here in Europe, where privacy - and contrary to the US - is a godd*mned human right.

FBI Dirty & CorruptSeptember 3, 2017 6:39 AM

Above the Law
Rogue FBI refuses to testify to bipartisan Oversight Committee

True legacy of weasel leaker James Comey?
Looks like senior FBI officials plan to take the 5th to avoid self-incrimination. Yet rank and file support this renegade action. Worse than Hoover?

In the meantime American warships can't navigate, N Korea detonates true fire-fury-hell and the USA closes Russian embassies for brain damage while everyone is being data-raped.
The wonderful world of American Exceptionalism?

http://www.washingtonexaminer.com/byron-york-standoff-brews-between-senate-fbi-over-trump-dossier/article/2633288

Clive RobinsonSeptember 3, 2017 6:40 AM

@ tyr, wael, ALL,

McCoy apparently did some interesting digging and wound up on the radar of the spooks.

Prof McCoy in that article makes clear a point I make from time to time. History relflects the future, thus if you know history the knowledge of how people did things, tells you fairly well how they will do things.

Thus when it comes to investigating the curent close in past and future, history will guide your feet on the most likely path, even if you can not see it due to attempts to hide it.

His latest book has just made it onto my waiting list to read when it gets released ;)

Clive RobinsonSeptember 3, 2017 6:57 AM

@ Dirk Praet, Ben A, Wael,

Being European and essentially having no business with the US either private or professional, I can't imagine how I would be a person of interest to any 5-Eyes TLA posting my silly musings on this blog.

I'm sorry to say but sadly that makes you "The Perfect Example" for sending a message to the masses.

As history shows power degenerates and part of that is it starts using fear to control the masses, and part of that is "Spilling the blood of innocents" as a "Very Public Spectical".

Innocents are chose because they have no affiliation thus will not become martyrs for a cause.

Dirk PraetSeptember 3, 2017 7:42 AM

@ Clive, @ Ben A., @ Wael

I'm sorry to say but sadly that makes you "The Perfect Example" for sending a message to the masses.

Whilst you most certainly have a point there, I decided a long time ago that I would never live my life in fear, neither of terrorists or state actors. Governments should be afraid of people, not people of governments. And if ever my number is up before my time, I'll do the best I can to go out standing, not on my knees. And with a bang instead of a stutter.

Which is not to say that I actively seek out danger or just for fun and games would put myself in harm's way. I'm too old for that sh*t. I may be totally wrong, but with the exception of our host, yourself and perhaps @RobertT, I see no dangerous subverts or other persons of interest on this blog. And while it is always a good idea to apply caution to whatever one says and does in public, the simple fact of the matter remains that - at least for now - the concept of free speech is still firmly enshrined in law on both sides of the pond.

JG4September 3, 2017 8:02 AM


@tyr and Wael - this might be the book that we want:

A Mind at Play: How Claude Shannon Invented the Information Age
4.3 out of 5 stars | 33 customer reviews
Hardcover – July 18, 2017 by Jimmy Soni (Author), Rob Goodman
ISBN-10: 1476766681
ISBN-13: 978-1476766683

Not sure how good a job I've done of articulating that security is always and everywhere an OODA loop or composite of multiple OODA loops. Dirk's example of reading people fits quite neatly. The main questions are whether there is a human in any of the loops, whether the learning is supervised or unsupervised and how large and representative the training sets are. Those aren't mutually exclusive, you can have automated loops that have preprogrammed recognition of previous viruses, which is quite similar to how the body recognizes and fights infection. that probably is the current state of the art, other than port management. it can be combined with a learn-as-you go system, which is how Kaspersky and Microsoft use feedback (at least when they aren't lifting all of your data that is on internet-connected machines), and perhaps even compare observations between machines in a known-safe (closed) web ecosystem and observations on internet-connected machines that are trolling for trouble with e.g., TOR. and the human observer of the security hypervisor can always intervene, especially if the correct data visualizations and controls are built-in to allow levels of abstract intelligence not yet encapsulated in code to be applied manually. it's all about feedback and it is difficult to get enough feedback as an individual. most of the regulars are monotone on the need for simplicity in both hardware and software to achieve good security. if the trajectories are not a priori predictiable, then a staggering amount of data will be required to get useful statistics on threat vs. non-threat conditions.

I've been meaning to post this Heinlein quote, in response to some discussion in recent days that I can't recall. It touches several current topics:

“A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly.”

There is a fundamental tradeoff in human affairs between expanding knowledge in your field, vs. expanding knowledge outside your field. I had reached a state of burnout in my field about fourteen years ago, and decided to understand financial markets. that turned out to be a microscosm of the human conditions, where cognitive limitations are a real problem. unfortunately, I've acquired 'the understanding that surpasses all peace(TM)," which is something like the opposite of blissful ignorance.

@Clive - your comments are excellent, as always. I'm too busy this weekend to dig into the visual pigment story and corresponding signal transmission, but it too fits rather neatly into the OODA picture of intelligence. a radioactive decay random generator could be packaged in a small USB dongle. I've been using some kind of RF-keyboard-mouse-link USB widgets that stick out about 6 mm, just enough to pinch and pull out. there should be a simple expression for number of bits of entropy that you can generate per second from a small and safe radioactive source built into a heavily shielded USB stick. when I was a kid, you could go on Ebay and buy some of the creamy nougat center of the earth that boiled out of the Bancroft impact crater about 1.5 billion years ago. they are so bloody hot that I get a shrinking feeling every time I see them. a small chip of that generates a lot of entropy. I love the fact that metal atoms were forged in the heart of a supernova and that you can pick them up in a leaded glove. they're sort of like diamonds forged in the heat and pressure of a stellar explosion. they make the counter howl like a banshee, not that I've ever heard a banshee. if I understand correctly, they only can be seen on the Emerald Isle, and that only with the administration of the water of life.

@Rachel, 65535 and others - Thanks for the discussion of pdf tools. that is the tip of an iceberg regarding what software we choose to run on our machines. NLP is not only useful for navigating the news as Ben A. practices, but also for navigating our own past discussions to e.g., find book recommendations. I am amazed how difficult it can be to find some past discussions (without the right keywords, it is hopeless), but generally the DuckDuck search window gives good results. something like AI can be used, in principle, to assess code quality. it also can be the heart of a hypervisor to assess in real-time the quality of the processor processes

@Dirk P. - very much appreciate your discussion of reading people. one of my friends has similar superpowers. I have a touch of Asperger's syndrome and generally haven't made much effort to read people. so I have to stay out of rough bars, at least since I got over testosterone poisoning. your threat model might include being used as a hapless tool for getting at someone else. if your entire attack surface is catalogued by the Deep State, then you become just another tool that can be manipulated to their ends. Clive makes an excellent point that A Very Public Spectacle can be one of their ends. I am comfortable with the idea of withdrawing consent to any appropriate degree. the endgame is total power and we are just pawns.

@tyr - Thanks for the link to Tom Dispatch. that story makes the hair on the back of my neck stand up, because the genocides surrounding the US involvement in the Golden Triangle drug trade cost about 5 million lives, largely the consequences of war crimes. I've always thought that the Kennedy assassination is the Rosetta stone of post-war US policy. this is another flavor of the same story:

https://www.nakedcapitalism.com/2017/08/alfred-mccoy-stalked-cia-heroin-trail-surveillance-state.html

Not sure if I mentioned that Eisenhower was on the record that he was getting pressure to intervene in IndoChina (as they called it then) as early as 1953. I think that the US industrial giants wanted access to various resources found only in South Asia, such as Malaysian tin and rubber and wanted to be sure that the communists didn't capture that territory.

I've carried a Swiss Army knife and 4" open-end adjustable wrench for 35 years. The remarkable part is that every time I've lost them, they were returned or I found them. When I was more mentally resilient, I was able to use them for impressive repairs and exploits. I carry water, food and fire-starting materials in my car, but the fire-starters aren't much use in the concrete jungle.

@ab p. - further conditions for PRNG output to be uncorrelated. the output of a PRNG obviously is deterministic. given a complete set of output, the system can be uniquely identified and replicated. the adversary doesn't get to see any of the PRNG output itself (unless they are running an ME hypervisor on your machine), but only the statistics of the interaction of the PRNG output with the flattened statistics of the plaintext or other material to be transmitted. if the repeat length is sufficiently large and enough bits of entropy are used to pick the starting point in the PRNG length (a 1D parameter space), then my result that some feature of the output series being uncorrelated is met. I'm not sure if the uncorrelated feature is the numbers themselves or the derivative of the output with respect to iteration. I'd welcome some feedback on these topics, or a pointer to the go-to textbook. Perhaps Bruce's early book is the key reference.

Clive probably could offer some instruction on the origin of the term "gentlemen," which I read to mean a person who voluntarily has given up the use of violence within the group. I haven't hit the nail quite on the head that one definition of civilization might be using rule of law to manage a state monopoly on violence. There are more subtle forms of violence, "Gentlemen, You have undertaken to cheat me. I won't sue you, for the law is too slow. I will ruin you. Yours truly, Cornelius Vanderbilt" Outlaws have lived and died by violence outside the walls of civilization.

I'd be fine with bringing the rule of law to all monetary transactions, as long as the rules are applied equally. This is just another asymmetric system to produce asymetric information to further imbalance asymmetric power.

https://www.nakedcapitalism.com/2017/09/indias-demonetization-no-impact-black-money-despite-huge-costs-imposed.html

Links 9/3/17
https://www.nakedcapitalism.com/2017/09/links-9317.html
Posted on September 3, 2017 by Lambert Strether

[adaptive systems, intelligence, sonar, 4D system identification]

Blind children should be allowed to learn to echolocate like me New Scientist

[AI, NLP]

This Algorithm Tracks What Australia’s Central Bank Is Really Thinking Bloomberg

[file under "The Best Way to Rob a Bank Is to Own One." the reason that bank robbery historically was punished quite harshly in the US is that we actually do like it "when the money you put in the bank stays there." ironic that the greatest theft in human history in absolute terms went unpunished. I thought that the rise of the FBI was largely a response to the business model of criminal gangs using automobiles and automatic weapons to rob banks. not that prohibition didn't give them plenty of criminal gangs to monitor and suppress]

Put Them in Prison Charles Pierce, Esquire (Furzy Mouse). Wells Fargo executives.

...[file under Old West. At least several of the western US states are open-carry. typically when you enter a bar in Montana, you are required to check your gun at the door. in the 1980's, it was the same in Alaska, probably still is. I believe that Vermont has had unlicensed concealed carry since 1777, but I never picked up the nuance of how they manage guns in and around bars. it would be very easy to detect concealed metal weapons on people as they approach venues like schools and bars, by using mm wave or cm wave systems. I think that I posted the link to a $7 microwave motion detector from Amazon. in the generalized case of system identification, the return wavefront can be analyzed to extract shapes of hidden metal. there is a fundamental tradeoff between antenna size, wavelength and spatial resolution. I've been on the record for many years that the idiots, psychotics, criminals, psychopaths and sociopaths shoudl be disarmed, starting with the ones employed by governments. my libertarian quipped, "but then, who will protect us"]

Heckler & Koch quietly becomes world’s first ethical gun-maker Deutsche Welle

...[chemical security]

AP EXCLUSIVE: Toxic waste sites flooded in Houston area AP

...[did the Celtic tribes have an alternative to Roman and Arabic numerals?]

Far-right German candidate promises to get rid of Arabic numerals Politico. Not The Onion!

...[I figured the first one gets a free ride on the other three having a tech tie-in]

Monopoly Power

How to Educate Yourself on Monopoly Power Matt Stoller. “A list of books and articles on the history of monopoly power and its effects.”

Yes, Google Uses Its Power to Quash Ideas It Doesn’t Like—I Know Because It Happened to Me [Updated] Gizmodo

A Serf on Google’s Farm Josh Marshall, Talking Points Memo

President Zuckerberg Is Personally Responding to His Facebook Trolls Vanity Fair

...

When Political Scientists Legitimate Torturers Corey Robin

...[surveillance paradigm]

Big Brother Is Watching You Watch

The Spread of Mass Surveillance, 1995 to Present Center for Political Studies

Disney’s Next Movie Could Be Watching You, Too Fast Company

More than four million Time Warner Cable records exposed in leak Reuters

Police State Watch

[the Africans and their descendents in the US have been treated like animals for 400 years. the Irish experienced that only briefly here]

Philly Police Union President Calls Black Lives Matter Activists ‘A Pack Of Rabid Animals’ HuffPo

Autopsy: Charleena Lyles shot 7 times by Seattle cops; no drugs in system Seattle Post-Intelligencer. Also, Lyles was pregnant.

...[wishing everyone who observes it a happy, safe and sane Labor Day. the 1863 Draft Riot(s) had 30 times more fatalities, but the same origin of coercion in labor management]

The US celebrates Labor Day because of a bloody clash over 100 years ago that left 30 people dead and cost $80 million in damages Business Insider

Clive RobinsonSeptember 3, 2017 8:03 AM

@ All,

One of my reoccurring bug-bears is Main Stream Media directly or indirectly acting as the propaganda arm of Gov and Big Corp.

In the UK we have seen what has happened when the likes of Google effectively lobby not just Gov Ministers, Civil Servants and media proprieters and thei favourd journalists. It's not just vast tax dodges, and blind eye to privacy legislation violations, it is also that they get to be intimately involved in our childrens lives not just socialy but by being forced to use Google services by the organisations they get their education from. It is realy quite frightening. Then there's Microsoft, Amazon, Facebook, et al.

Well as most here know the interests of Big Corp go hand in hand with Gov when it comes to the ordinary persons right to privacy and any technology that might be helpful in that regard.

Well we've all seen the "Terroists all use XXX" where you can fill in any Internet Privacy application or service you like. We nly get the "demonisation rhetoric". Some are old enough to remember when "Hacker" ment something positive and to be regarded as one was a badge of honour. Then in just a few years the term was poisoned by political leaders and lazy and effectively corrupt journalists.

Likewise you ask the average citizen about the "Dark Web" and few even know let alone will tell you it's not evil / Satanic / Criminal / etc. The origin of the term was "Internet Hosts with servers not enumerated by Search Engines" which if you think about it is by far the majority of intetnet connected Hosts advertisng services.

Any way Susan Hennesey made comment on this and in effect solicited positive comments on Privacy Enhancing Technology (PET). Alex Muffett who has developed Facebook's Onion Site and has since worked on the development on the open-source “Enterprise Onion Toolkit” (EOTK) has responded

https://medium.com/@alecmuffett/onion-synopsis-for-susan-hennesey-b28a92f0e974

JG4September 3, 2017 8:06 AM


typo in my Labor Day comments - that should be more than 100 times as many fatalities. I saw the 100 and divided 3000 by it, instead of dividing 3000 by 30. the 3000 figure may be low by as much as a factor of two. the Irish were tired of being used as cannon fodder in the unCivil War. I think they also lashed out at the African descendants in the area, who had very little to do with the oppression of the Irish, other than competing for the worst jobs in the city.

anonymousSeptember 3, 2017 8:07 AM

"But I think the larger source of potential censorship in free societies isn't really from government, but from corporations".

How The Internet Defeated Censorship... And Then Didn't
www.youtube.com/watch?v=yA36x38ig2k
by Georg Rockall-Schmidt
September 02, 2017
17 minutes long

Gerard van VoorenSeptember 3, 2017 8:12 AM

@ Wael, Dirk Praet,

Then you loose repudiation, hence you must be very careful what you say

It's hypothetical. Bruce Schneier controls his blog. But speaking hypothetical, I have three things about this. First, I like it. Second, this isn't a court room. People speak up their mind. You can insult others but you do that in person as well sometimes. Thats just the way people are. Third, that's also why I like the idea of the right to be forgotten.

WaelSeptember 3, 2017 8:24 AM

@Gerard van Vooren, @Dirk Praet,

But speaking hypothetical, I have three things about this.

Agreed with the three things you listed.

ab praeceptisSeptember 3, 2017 8:36 AM

Clive Robinson

One of my reoccurring bug-bears is Main Stream Media directly or indirectly acting as the propaganda arm of Gov and Big Corp.

Maybe. But maybe both, msm and government, are arms of the same power.

WaelSeptember 3, 2017 8:40 AM

@tyr, @JG4,

The Shannon book is a new biography done...

Thank you, maybe I'll search for that.

A Mind at Play: How Claude Shannon Invented the Information Age 4.3 out of 5 stars | 33 customer reviews Hardcover – July 18, 2017 by Jimmy Soni (Author), Rob Goodman ISBN-10: 1476766681 ISBN-13: 978-1476766683

Perhaps that's the one. Thanks!

WaelSeptember 3, 2017 8:56 AM

@Dirk Praet, @Clive Robinson, @Ben A,

I decided a long time ago that I would never live my life in fear,

That's the spirit!

At first I was afraid, I was petrified
Kept thinkin' I could never live without you by my side
Then I spent so many nights Just thinking how you did me wrong
And I grew strong
And I learned how to get along
And so you're back from outer space
I just walked in to find you here, with that look upon your face
I should have changed that stupid lock
I should have made you leave your key
If I had known for just one second you'd be back to bother me
Go on now, go walk out the door
Just turn around now
'Cause you're not welcome anymore
Weren't you the one who tried to break me with goodbye?
Did you think I'd crumble?
Did you think I'd lay down and die?
Oh no not I, I will survive!

Whilst you most certainly have a point there,

@Clive "stiff upper lip" Robinson may have a point ;)

ab praeceptisSeptember 3, 2017 9:24 AM

JG4

First, please kindly address me by my full name (for purely practical reasons. I might easily fail to notice your remarks at me otherwise).

There are, of course, whole series of books that could be written about random and Xrngs. Regarding what you address (if I got it right) that's one of the reasons why I hammer again and again on the necessity of other good properties than merely unpredictablity.

And what's unpredictablity anyway? Assume I had a prng A that driven by prng B simply added some x \elem {0..25} which he got from B. Et voila there you have unpredictability ... or not? Assume that B, starting with a seed byte from some csprng simply mod 8 added 13 to its 1 unsigned byte state in each cycle.
I choose this idiotic setup because it's evident than an Eve with access to all outputs of A could run simple analytics to discover the mechanism quite soon.
What if extend both mechanisms to 64 bits and didn't mod 32 add 13 but, say, 2^12 - 3? If Eve is reasonably resourceful she'll discover the mechanism still reasonably quickly. What if I added a third background stage that is fed by B and feeds A? And so on ...

The point is: We must reasonably assume that there is no such thing as unpredictability. Unpredictability has always to be seen in relation to "for whom"? What is unpredictable to the local lea specialists might well be highly (and early!) predictable to fbi specialists; and what looks unpredictable to them might not to nsa.

Also note the tight relationship between good (other) random properties and unpredictability. The latter can't exist without the former. If, for a stupid but evident example, some excellent csprng generated only ever increasing values, except for the 64 (or whatever. that's a purely quantitative problem) bit boundary where it would fold back to close to 0, that rng would have an analysis surface the size of a football field.

Iff, however, a prng had good random properties (over the full set of relevant properties) Eve would need a full periods output. Which leads me to the problem I brought up recently: It is, to put it differently, a gross misunderstanding to think that restarting with a new seed is somehow more secure. It is *not* because a full periods cycle is a full periods cycle. reseeding simply comes down to start that circle at a different entry point.

Remember what (I think it was) Clive Robinson brought up one of these days, the story of some smart researchers bring down some oscillation based rng from 2^32 to 2^7? Which is cube_root(2^32)/2. Funnily I suggested at about the same time to never run considerable parts of a rngs period but rather something in the range of cube_root(period)/4.
However, this advice is from the OpSec field and interesting insofar as the whole issue isn't a math quiz but one of practical significance. Remember, Eve isn't our math professor but our adversary and her interest is quite clear: she wants to understand our rng mechanism so as to bring it from the realm of "sufficiently magic" ("unpredictable") down to the realm of "can be computed and in reasonably short time".

Funny sidenote/hint: If you want to make Eve's life miserable just insert a small stage that decides whether to use cycles value or not; design it so as to throw away on average every about 50 to 100 values (controlled by some extremely simple rng à la "mod 8 add 13; if not mod 4 then skip") and to generate the next one in the cycle. That's ridiculously simple, ridiculously cheap and devastating to Eve's efforts as she'll always miss some fragments and never gets to see the full periods cycle.

There are even questions where the mathematical and the opsec aspects compete. Example: We'd definitely like out state to fit in a register and to at least stay L1 local - opsec. The math side, however, would clearly prefer a considerably larger state (~space). Hint: One more reason to think in terms of ratchets.

Nick PSeptember 3, 2017 11:17 AM

@ Keybase.io User That Emailed Me

You put me in what others would find a tough spot. So, I download the Keybase app. Apparently I already had an account I forgot about. Log in. Nice design and usability but everything happens with step-by-step stuff on command line. Questionable UX but way better than GPG. So, let me just add my public key so it can authenticate it and I'll just pass GPG messages to...

"import [private key] from STDIN and send public half to Keybase"

What!? No option to import a public key for the original purpose of authenticating that public key along numerous services (eg Twitter, FB, HN)? I have to give them my private key? And is this really the app in the Github which itself says it doesn't match the descriptions due to rate of change? And how secure at handling keys is a Go app really with an unassessed runtime and compiler? I thought this was going to be a quick upload of public key and reply. Instead, I've either opened a can of worms (usability/security tradeoff) or stumbled into a den of vipers (malicious software). One can't be sure in this field if wearing the tin foil... on Ubuntu...

So, then I'm like: I bet the public key will be somewhere on the profile just to make the site have more cred with crypto-geeks. I'll just copy that into GPG to side-step the whole process. Now, just gotta get the person's email in the app... wait, the message wasn't PGP/GPG encrypted? It's just plaintext inside the app after I log in w/ some kind of per-app or device keys end-to-end encrypting? Anyway, that just spoils the fun of trying to decrypt the message siloed into Keybase with a 3rd-party tool. (sighs)

Ok, back to responding to it. I just thought some people here might find this user experience interesting. Shows you can benefit partly from Keybase without uploading your private key. Alternatively, I was going to create an extra keypair specifically for Keybase, upload that, do the "proof," sign my regular public key with it, and send that to anyone hooking up with me through Keybase. Then we switch over with full GPG if they don't trust Keybase. Also, Keybase never gets my private key cuz I can use access controls to force it to only look at the public key. What yall think about it needing a private key and my workarounds?

book_reviewSeptember 3, 2017 12:14 PM

2017 National Book Festival

Although I haven't read any of the books below their talks were interesting. There might be repeats on c-span or c-span2 tomorrow or today or on c-span radio. See TV networks, radio, or schedule at top of the link

From https://www.c-span.org/event/?432540/2017-national-book-festival

David McCullough talked about his book, The American Spirit: Who We Are and What We Stand For. He spoke at the 17th…

Margot Lee Shetterly talked about her book, Hidden Figures: The American Dream and the Untold Story of the Black Women…
note: I enjoyed the movie

J.D. Vance talked about his book Hillbilly Elegy: A Memoir of a Family and Culture in Crisis, in which he recalls his…

Thomas Friedman talked about his book, Thank You for Being Late: An Optimist’s Guide to Thriving in the Age of…

Michael Lewis talked about his book, The Undoing Project: A Friendship That Changed Our Minds.

Former Secretary of State Condoleezza Rice talked about her book Democracy: Stories from the Long Road to Freedom, in…

Ben Macintyre talked about his book, Rogue Heroes: The History of the SAS, Britain’s Secret Special Forces Unit that…
note: recently Ben Macintyre and 'John Le Carre' spoke about Le Carre's new book Spies Like Us.
"S.L. Do you see parallels with President Trump’s view of the truth?

J.L.C. Exactly that. He is the most recent model. Before that it was Robert Maxwell. The parallels are extraordinary. My sister, too, we absolutely recognize the same syndrome. There is not a grain of truth there.

S.L. Do you think the Russians really have something on Trump?

B.M. I can tell you what the veterans of the S.I.S. [the British Secret Intelligence Service, or MI6] think, which is yes, kompromat was done on him. Of course, kompromat is done on everyone. So they end up, the theory goes, with this compromising bit of material and then they begin to release parts of it. They set up an ex-MI6 guy, Chris Steele, who is a patsy, effectively, and they feed him some stuff that’s true, and some stuff that isn’t true, and some stuff that is demonstrably wrong. Which means that Trump can then stand up and deny it, while knowing that the essence of it is true. And then he has a stone in his shoe for the rest of his administration.

It’s important to remember that Putin is a K.G.B.-trained officer, and he thinks in the traditional K.G.B. way."
https://www.nytimes.com/2017/08/25/books/review/john-le-carre-ben-macintyre-british-spy-thrillers.html
@Ratio posted this link above, I think


Journalist John Farrell talked about his book Richard Nixon: The Life, in which he recalls the life of the 37th…
Program Image

RachelSeptember 3, 2017 12:39 PM

Dirk, JG4
'tipping a perfectly good beer into a potplant' ROFL!! Dirk thanks for en thralling response. Sounds like you favour dives! very few people have any real body awareness, either their own or that of others. Indeed, gym junkies and the like can be way more disassociated from their body. a phenomena I class alongside Tyr's observation of prehumans stalking the earth without an Everyday Carry Tool and magnesium flint. ( Prehumans; i instantly thought of Ken Wilburs pre/trans fallacy) in my opinion, decoding the subterfuge worn by the kinds of characters you describe Dirk is enabled by what their body is saying. I dont mean body 'language' ( although there are Milton Erikkson esque ways of prompting their unconcious to telegraph via body language. ) No, i mean literally what the body is communicating, for such disguises are really worn tissue deep. Its not The Method care of The Actors Studio

Dirk , Clive
' Choosing not to live in fear; Being made a spectacle'
it has occurred to me that being slightly famous may afford some degree of protection from the 'being made a spectacle' phenomena. Laura Poitras was repeatedly held at the US border until she finally went public with it. The syndrome ceased. (her experiences can be read about) Usually its non famous people that achieve attention only after the fact, and are forgotten by all but the most committed supporters. . This is also a response to Thoth whom was asking about dead man switch recently. Perhaps making a name for yourself in the industry and publically first is a protection of sorts.

RE not living in fear. Dirk appreciate your sharing. Indeed I had long ago surmised you had mde exactly such decisions owing to your unusual degree of transparency here. Clive also- you two are the only ones so open. I marvel at it, i consider it extremely healthy and refreshing.

One thing I've not seen anyone mention about mass sueveillance / bulk collection. Is that its very purpose is to instill a so called 'chilling effect' . And thus, it could be said Snowdens revelation was not so displeasing to some within the Apparatus
Feels like I've touched upon a few topics worthy of your thought attention JG4
Incidentally I find the search function on this blog sucks, terrible filtering. but duckduckgo even for web searching is mediocre at best.

Wael: equanimity competition
Thats not the first time you've replied by providing a old Squid post with hundreds of juicy comments for me to trawl through- fascinating reading and appreciated but i get a headache disecting every comment ' what is he referring to?!'

RachelSeptember 3, 2017 12:59 PM

JG4
the most excellent Heinlein quote you provided has the context from the author 'specialisation is for insects'

which may well be the theme that prompted you

gordoSeptember 3, 2017 1:31 PM

Seymour Hersh Honored for Integrity
September 1, 2017

An organization led by former U.S. intelligence officials has selected legendary journalist Seymour Hersh to be the recipient of an annual award for integrity and truth-telling, named for the late CIA analyst Sam Adams.

By Ray McGovern.

Journalist Seymour Hersh is to be honored with this year’s Sam Adams Award for Integrity to be presented to him at the Sam Adams Associates for Integrity in Intelligence (SAAII) award ceremony on the evening of Sept. 22 at American University.

https://consortiumnews.com/2017/09/01/seymour-hersh-honored-for-integrity/

Ben A.September 3, 2017 1:37 PM

@Nick P

"What!? No option to import a public key for the original purpose of authenticating that public key along numerous services (eg Twitter, FB, HN)? I have to give them my private key?"

I confess I'm not familiar with Keybase but your account piqued my curiosity so I signed up with a disposable email address and dummy key after reading your experience.

I first used GPG to generate offline a public-private key-pair and then I signed up to Keybase. I did this via their website and I was offered the option of hosting my private key (IMG 1).

I chose not to ("Maybe another time") and the next page (IMG 2) said "Prove you have the private key" to Keybase. Because I'd chosen not to host the private key with them I was given two options:

1. Command line with keybase
2. Command line with [bash + GPG + cURL]

If I'd hosted my private key with Keybase I'd have been allowed to prove the private key belonged to me by verifying it "in the browser".

https://i.imgur.com/ORbqdPM.png

I stopped there because it was sufficient to demonstrate, to me at least, that your experience wasn't replicated:

"Now, just gotta get the person's email in the app... wait, the message wasn't PGP/GPG encrypted? It's just plaintext inside the app after I log in w/ some kind of per-app or device keys end-to-end encrypting?

I went onto the Keybase homepage, chose a profile at random and clicked on it - you get two options: "PGP Encrypt" or "Keybase Chat". Clicking on PGP Encrypt brings up a fully working box to encrypt a message with; using OpenPGP.

Here's an profile of a random person on that site:

https://keybase.io/mlsteele
https://keybase.io/encrypt#mlsteele

There are four other options "Encrypt", "Decrypt", "Sign", "Verify". For decrypt to work you must host your private key with them (otherwise decrypt offline yourself); the same must apply to "sign". Verify can, I assume, be used without hosting your private key.

Your experience is confusing I don't understand what went wrong for you.

You also say a Keybase user emailed you (using your public key?) yet you had to sign up to Keybase to decrypt the message. Why?

Dirk PraetSeptember 3, 2017 2:24 PM

@ Nick P

What yall think about it needing a private key and my workarounds?

I toyed about with Keybase.io a bit some time ago when it was all the new hype on Twitter, attracting plenty of well-established infosec rock stars. The UX has vastly improved, especially on MacOS, and it's pretty cool they have iOS and Android apps too now. In essence, it's a bit like PGP for dummies, but with a better interface. The primary showstoppers are indeed uploading your private key and (desktop) browser crypto. But neither are mandatory and it will still partially function without them.

Keybase is a good starting point for security & privacy greenhorns who want an easy to use app for sending encrypted messages, chatting and sharing files over an encrypted file system. Once they understand the underlying basics, they can move on to using PGP in a more traditional way. Or whatever else suits their purpose.

I still have a couple of invites left, if anyone is interested. Known or suspected sock puppets needn't bother to apply.

@ Rachel

Perhaps making a name for yourself in the industry and publically first is a protection of sorts.

It's a bit of a balancing act. While being a public figure will make it harder to get at you in meatspace, the mere fact of making a name for your self as an activist or security researcher will almost by definition make you a person of interest in digital space. Whatever you're up to. Neither Snowden or Manning would have been able to pull off what they did had they been public figures. Not that I would ever have the balls to do something similar. As I said before, I'm way too old for that sh*t, and these days prefer to hang out a the gym, rant on blogs and spend quality time with women of ill repute in dodgy bars frequented by lawyers, movie directors, entrepreneurs, cage fighters, painters and other scumbags 8-)

Ben A.September 3, 2017 2:40 PM

@Dirk Praet

See my post directly above yours, you don't need to upload your private key to Keybase.

Keybase is out of beta; anybody can sign up for it now without the need for invites.

Dirk PraetSeptember 3, 2017 4:14 PM

@ JG4

I have a touch of Asperger's syndrome and generally haven't made much effort to read people.

Although it's not really a superpower but an acquired skill, the odds of you ever becoming any good at it are seriously compromised by the fact that Aspergers in general do not possess the required empathic and other soft skills to read people at all.

My sister is married to one, and although in essence he's a good guy, his total lack of even basic social skills or understanding what makes other people tick often makes him come across as a troglodite. Last year, he even forgot to wish our mom happy birthday at the family dinner in her honour because the thought of doing so hadn't occurred to him.

You don't sound anything like him, though.

Clive RobinsonSeptember 3, 2017 4:46 PM

@ Ben W., Dirk Praet, Nick P,

[Y]ou don't need to upload your private key to Keybase.

But there may be an advantage in so doing.

Earlier we were talking about the problem of "deniability" because your private key was in effect a unique pointer / identifier to you as an individual...

Having a Private-Key that has in effect been "leaked" does give a degree of deniability to it being unique to you.

Thus think of it not as sending a strong box with unpickable lock, but an ordinary Snail Mail envelope that can be "steamed open" in transit...

Thus use it to arrange "face2face meets" or for "commercial confidential" type information, or just social stuff but not anything that could cause loss of liberty or worse.

One use might be to use it as the transport mechanism for Diffie-Hellman protocol to agree a secret key for other independent synchronous P2P comms. Not actually necessary but it helps blend what might be interesting to some in with the dull which would not.

That is you are not using it for "content security" but "general purpose obfuscation" or blending in as people are now finally doing with HTTPS. Thus bringing email into line with web browsing.

Ben A.September 3, 2017 5:14 PM

@Clive Robinson

Yours is a good point (about deniability) although one which I think would be overlooked even in a deprivation of liberty scenario. Most legal systems would have little problem convicting somebody on the basis that a document was produced by the key owner.

It's unlikely they'd accept the submission that the key was potentially leaked just because it was uploaded to an online service. Once the initial evidence is heard [that the key belonged to its owner] the onus is normally reversed and it becomes incumbent upon the defendant, not the prosecution, to prove the document was signed by an unknown party.

I can't envisage the average judge/jury understanding the principles of key signing and even if they did, once explained to them, any highly complex technical arguments would be lost on them.

It wouldn't do any harm to generate a specific key for Keybase for routine communications and then transmit an offline public key (with private key held on a smartcard) for highly confidential communications.

The target audience of Keybase is unlikely to need this type of setup and are alright relying upon a Keybase generated and stored key. I don't have a problem with this; it may not be perfect security but it doesn't have to be.

Now that HTTPS is ubiquitous it adds an extra layer of security and obfuscation on top of Keybase. I think the primary selling point of Keybase is securely identifying which profiles and contact methods belong to an individual. It has a user friendly interface which gets people using PGP, and, without it most people would never touch it.

RatioSeptember 3, 2017 5:29 PM

'Narco-pigeon' shot by Argentina police:

Police in Argentina have shot a carrier pigeon that was delivering drugs to a jail, prison authorities say.

The bird was spotted flying into the grounds of the jail in the central city of Santa Rosa.

Officers discovered it was carrying a backpack containing sedative pills, marijuana and a USB drive, reports said.

The smuggling method had already been detected and was under investigation, Clarín newspaper reported.

(Resultó que no era ninguna palomita blanca.)


@book_review,

@Ratio posted this link [to the New York Times interview with John le Carré and Ben Macintyre], I think

Yeah, I think it's probably in last week's Squid somewhere. Thanks for mentioning the National Book Festival.

Slightly related to that interview: you may want to watch Icarus on Netflix, if you haven't already.

book_reviewSeptember 3, 2017 5:35 PM

Oops, John Le Carre's A Legacy of Spies, not Spies like Us, available at your local bookstore, opening time, at least in this country, 5 September 2017. Hang around the adjacent coffee shop, or water-cooler, if you have time or interest or the nearest suitable bar or coffee shop if you can't arrive until after work or later in the day. I think that I learned once that water-coolers are a good place for communications outside of formal organizational channels. Rain check date 11 September 2017.

"It blends past and present as Guillam is called back to London from his retirement in Brittany.

Explaining the plot - and the involvement of Smiley - Viking Books said: "Intelligence operations that were once the toast of secret London, and involved such characters as Alec Leamas, Jim Prideaux, George Smiley and Peter Guillam himself, are to be scrutinised under disturbing criteria by a generation with no memory of the Cold War and no patience with its justifications.""
http://www.bbc.co.uk/news/entertainment-arts-39194013

Dirk PraetSeptember 3, 2017 5:41 PM

@ Wael

At first I was afraid, I was petrified ...

In the next post immediately followed by Destiny's Child's "Say my name". It's gay day at Schneier's !

@ Clive, @ Ben A., @ Nick P

The target audience of Keybase is unlikely to need this type of setup and are alright relying upon a Keybase generated and stored key.

As long as at some point somebody explains to them that any type of (private) key escrow is a total no when dealing with somewhat more resourceful (state actor) opponents and content security is of the essence.

book_reviewSeptember 3, 2017 6:26 PM

"THE VIETNAM WAR is a ten-part, 18-hour documentary film series directed by Ken Burns and Lynn Novick that will air on PBS in September 2017."
http://kenburns.com/films/vietnam/

@gordo wrote:
"Journalist Seymour Hersh is to be honored with this year’s Sam Adams Award for Integrity to be presented to him at the Sam Adams Associates for Integrity in Intelligence (SAAII) award ceremony on the evening of Sept. 22 at American University."
From your link
"Sy told Die Welt that he still gets upset with government lying and at the reluctance of the media to hold governments accountable. Summing up lessons from Trump’s reaction to the April 4 chemical event in Syria, Sy said this: “We have a President in America today who lies repeatedly … but he must learn that he cannot lie about intelligence relied upon before authorizing an act of war. There are some in the Trump administration who understand this, which is why I learned the information I did.”"

Some articles by Seymour Hersh include:

https://www.lrb.co.uk/v37/n10/seymour-m-hersh/the-killing-of-osama-bin-laden
http://www.aljazeera.com/news/2016/05/seymour-hersh-bin-laden-killing-story-fantasy-160502181248703.html

https://theintercept.com/2017/01/25/seymour-hersh-blasts-media-for-uncritically-promoting-russian-hacking-story/

a whole bunch at the New Yorker, including

https://www.newyorker.com/magazine/2015/03/30/the-scene-of-the-crime about the My Lai massacre

https://www.newyorker.com/magazine/2009/11/16/defending-the-arsenal about Pakistan's nuclear arsenal

https://www.newyorker.com/news/daily-comment/iran-and-the-i-a-e-a
http://swampland.time.com/2013/10/15/four-good-reasons-why-iran-doesnt-trust-america/

or simply search
"Seymour Hersh" with DuckDuckGo for numerous hits or limit search to controversial topics of interest

WaelSeptember 3, 2017 6:44 PM

@Rachel,

Thats not the first time you've replied by providing a old Squid post

You're the second person to bring that up in as many years. Link omitted so it doesn't exacerbate your headache.

but i get a headache disecting every comment ' what is he referring to?!'

I meant I don't know the rules of the competition and might resort to an explanation used by other's in the linked squid post. Whatever the rules are, you scored high on the equanimity scale.

@herman,

For the google impaired who cannot find the classics:

Thank you. Your Google Fu is impressive, unlike mine: Link is optional

Clive RobinsonSeptember 3, 2017 7:07 PM

@ 42,

Thought you might enjoy the following article

It's an interesting read and one regular readers on this blog should read.

There is however a bit of a political placment problem. What people in the US regard as "left thinking" is to many Europeans center to "right thinking". That is The US political spectrum is skewed quite a ways to the right compared to many other western nations.

As for American Exceptionalism, it's in part caused by the fact the last time the US was invaded by foreign fighting forces in it's political heart land was two hundred years ago when the British chased the then president out of the presidential palace[1] and after ensuring that the people were out of it burnt it. After the British had made their point and left, the palace got a significant paint job to cover things up, hence it is now called the White House. I'm told it's rude to ask to see some of the few remaining scars if on a tour because it's not something American children get taught.

America had most of the resources it needed except for manpower untill fairly recently. Thus they have primarily lived in "Splendid Isolation" and became inwards focussed untill the two world wars came knocking. The Cold War and the distant Proxie wars fought around the Russian boarders again lulled most Americans into "we are safe, we can not be touched" mentality.

9/11 came along and destroyed the issolation. Not meaning to be unkind but the 3000 deaths in the twin towers did not make much of a percentage change to the US untimely deaths for that year. However the change to the mental outlook of Americans has almost certainly killed ten times that number since then.

If Americans had a better understanding of history the fact that deaths had occured by hostile action on their home soil within a short distance of the political center would not have caused such a mental upset. And it would not be unreasonable to assume that the subsequent deaths would have been far less.

But lest people think I'm being unfair, the poor teaching of history is not just an American problem the same is happening to a lessor or greater degree in most western nations. But having had terrorist attacks long prior to 9/11 have a mentally different outlook.

All in all it does not bode well. The current issues to do with North Korea for example can be traced back to the US-v-Russia issues in the late 1940s. Stalin having invaded Korea in the closing days of WWII as a land grab, got the stage set for the later war. Both the north and south claimed to be the legitimate government. The UN supprorted the south for legal reasons set in a 1928 treaty and the US got involved for political reasons.

Whilst it has been documented that Stalin did not think it a good time for the north to invade the south, he did start supplying them with the arms to do so. Likewise for political reasons China did not want the US on their borders, thus they started supplying the north with arms and manpower. Thus in 1950 the war started, and shortly there after Stalin then dumped it into Mao's lap and effectively walked away leaving it in Chinese hands. Eventually the north gained an upper hand and it is no secret that the US military commander wanted to use nuclear weapons. Saner heads back home prevailed and an uneasy truce started with contested areas causing continuing problems. Ever since US War Hawks have quite provocatively fired into contested areas and have tried various techniques to provoke the north. In short the US War Hawks have made it clear they regard the north as "unfinished business". Most US Presidents have tried to keep the leash short on the War Hawks and have tried political dialog. Unfortunatly whilst the US has been long on promises it's failed to stick with agreaments due to home politics. President Trump does not appear to have a grip on the history, thus he has in effect backed the War Hawks. Which means as far as the north is concerned they believe that the US President will alow the War Hawks "free regin" thus they have a very real fear they are going to get attacked with US nuclear weapons especially after what US President GW Bush said about using them against Iraq. With the President Trump rhetoric in full gear the north clearly think they will be on the receiving end of US nukes any time soon. That vire has been made worse because the US attacks against the centrifuges they see as being directed at them through Iran. A point that was later confirmed.

Further the north has seen what happens when countries like India and Pakistan get nuclear capabilities and delivery systems. Effectively the US pulls out a chair at the top table. And the north can also clearly see that the MAD principle puts a check on US behaviour. Thus it is a simple matter of logic for the north, they need nuclear weapons and delivery systems to keep the US war hawks away from the door.

What the north can also see is that it is highly likely there is going to be a new stand off between China and America. Put simply China wants the US military forces out of the South China seas. It's also been quite clear for atleast a decade this was happening, thus North Korea would see a high probability it was going to yet again be the ground for a super power proxie war. The result of the past few days events is that US alies in and around the South China seas are now quite scared about an attack from North Korea, thus they will now be applying significant political influence on the US Gov to not agrivate North Korea.

I get the feeling that President Trump may not be good at chess as well as history so we may well see a Cuban Missile Crisis stand off as we did with JFK. The difference is that the Russian's almost always acted in a rational manner, thus JFK could call them out. I'm not at all certain that although North Korea has behaved in a quite rational way so far, they will continue to do so.

Thus the lynch pin may well be China in this as they want the US out of what they see as Chinese waters and they certainly do not want them close to any of their land borders. Which means they may well play real hard ball...

If I was living in Australia or other US friendly countries in that area I would be feeling quite nervous about the near term future...

[1] Aparantly the President had fled at high speed out the back through the swamp land long before the British troops got close, and he left behind his wife and staff to ensure he got away...

WaelSeptember 3, 2017 7:51 PM

@Clive Robinson, @42

It's an interesting read and one regular readers on this blog should read.

In case this is for me, which I doubt because politics ain't my cup of tea...

I'm told it's rude to ask to see some of the few remaining scars if on a tour because it's not something American children get taught.

No, I believe this is taught. They don't get taught a lot, though! How many children know beyond "The Statue of Liberty was a gift from France to the US?". Do they know the metamorphosis story of the statue?

However, officials in Egypt rejected his proposals for a robed woman holding a torch aloft, so he took his plans to America.

What the north can also see is that it is highly likely there is going to be a new stand off between China and America.

Hard to predict how this will end. NK is definitely supported by Russia and China. China said they will not allow an invading army to overthrow the NK government. Russia is probably working behind the scenes for escalation. A proxy war is brewing. And it can very easily start WWIII - all it'll take is a mosquito that flaps its wing at the wrong time and place. Interesting times ahead... time to stock up on iodine pills yet?

65535September 3, 2017 9:45 PM

@ Nick P.

“It was MuPDF. Marc Espie, a key developer in OpenBSD project, recommended it when I asked which PDF reader had the highest-quality code”

Got it. You recommend MuPDF.

@ JG4

“Thanks for the discussion of pdf tools. that is the tip of an iceberg regarding what software we choose to run on our machines.”

You are welcome. Pdf files are a large vector of infection. Most business, lawyers, and doctors use them. The problem is when they are booby-trap to deliver a payload the victim usually just clicks to open or downloads pdf’s and the infection process starts.

Slow Train Gaining MomentumSeptember 3, 2017 10:18 PM

Clive elegantly wrote:
“In the UK we have seen what has happened when the likes of Google effectively lobby not just Gov Ministers, Civil Servants and media proprieters and thei favourd journalists. It's not just vast tax dodges, and blind eye to privacy legislation violations, it is also that they get to be intimately involved in our childrens lives not just socially but by being forced to use Google services by the organisations they get their education from.”

Well spoken! More urgent than diodes and flux capacitors?

Citizens Against Monopoly, a newly launched nonprofit organization. "What Google did is a reflection of their intellectual beliefs and their strength. You don't suppress information if you're winning the debate."
http://mashable.com/2017/09/02/google-think-tank-fired/

I'm Winning My Battle With Smartphone Addiction
We touch our smartphones -- tap, click, swipe -- more than 2,500 times a day. That's probably 100 times more often than we touch our partner. The reason we do it is that the phone constantly demands attention by sending us notifications. It does so every time someone wants to connect with us, every time something changes in an app, every time an artificially intelligent entity decides we need information. Notifications have a barely veiled commercial purpose: Once we start playing with the phone, we're likely to open more apps, see more ads, buy more stuff.

I felt healthier, able to breathe easier, almost capable of relearning how to lose myself in the company of my beloved wife and children, who are, of course, fighting their own battles with gadget addiction.
https://www.bloomberg.com/view/articles/2017-08-29/i-m-winning-my-battle-with-smartphone-addiction

Can we win against dumbed-down, drug, alcohol and smartphone addicts? Can the minions win against Google AI robots using personalized dossiers?

Its also daily fight against sponsored social media fake-news feeds. Today is was cat6 hurricanes. Sheet for brains?
Against these horrible odds, I’m still going to fight the good fight until my last breath.

AndrewSeptember 3, 2017 10:46 PM

@clive
"If I was living in Australia or other US friendly countries in that area I would be feeling quite nervous about the near term future..."
We all need to be quite nervous. Two bombs, over Seoul and Tokyo, mean 20 millions instant death and the whole world in deep crisis over the next 10 years. And I am only thinking at electronics and cars manufacturers in those areas.
I am not convinced either that missle defence technology is any good, at those speeds and with decoys and others only a very low hit rate may be possible.

tyrSeptember 3, 2017 11:56 PM


@Clive

There's tiny bit missing from your
Korean summation. When the Japanese
Kwandung Army was pulled from the area
at the end of WW2 it left a power vacuum
which all the usual opportunists moved
on. The Marxists got a leg up on Maoists
in the north and USA wanted to try out
the 'new world order' UN scheme so it
seemed a golden opportunity to have a
splendid little police action. It might
have been settled without Chinese but
USA still had an enormous logistics
base leftover from WW2. The north had
almost cleared opposition in the south
when that kicked in. A defeated north
was driven out and then Chinese tested
the theory that manpower can overcome
firepower. The ensuing mess has been
unsolved since 1953 as both sides have
sniped each other in a low key fashion.
All safely out of public view except
for some of the uglier episodes. The
lack of historical perspective is a
wonderful match for the level of an
ignorance of the world which is truely
appalling (exceptional is a good way
to put it).

Popcorn eaters may note that the SF Rus
Embassy is being searched for explosives.
Apparently we have come full circle to
the cartoons of Rus plotters fondling
bombs in the basements of their diplomatic
missions. Apparently governance these days
is knee jerk reactions to epistemological
cartoonery as a substitute for thought.

RatioSeptember 4, 2017 12:00 AM

@Wael,

I don't live in Germany. Surely not in Aachen!

Hence the "nah", أخي. I multitask, remember?

(Your bold makes a real mess: أخي. Source: <b>أخ</b>ي. Yup, makes perfect sense.)

Clive RobinsonSeptember 4, 2017 2:44 AM

@ tyr,

When the Japanese Kwandung Army was pulled from the area at the end of WW2 it left a power vacuum which all the usual opportunists moved on.

My post was getting too long as it was. But as I know from the Korean community in the UK there is still quite a bit of serious dislike by the Koreans for the Japanese. Speciffically what happend during the later years of the occupancy.

The Japanese are well aware of this in many ways on a daily basis. Hence the sending of the missile over Japan was quite deliberate and had the desired effect. Because it puts the US in an awkward position. The US disarmed Japan compleatly after WWII and removed any abilty for them to defend themselves. Which is just one of the reasons the US has obligations in the area.

What has not helped is that President Trump anounced in te last few hours that North Korea will receive a military response even for making threats...

This is of course whilst both the US and South Korea are actively carrying out war games in disputed areas which most people know the North Koreans treat as a very significant threat...

So it sounds like the War Hawks are using the Donald as a glove puppet.

I would be supprised if this ends well due to the personalities involved. It's like watching a couple of drunks in a bar talking themselves up prior to starting to throw glasses and bottles at each other...

WaelSeptember 4, 2017 3:01 AM

@tyr,

Chinese tested the theory that manpower can overcome firepower.

Manifested in Chairman Mao Tsi Tong's:

"Let us imagine how many people would die if war breaks out. There are 2.7 billion people in the world, and a third could be lost. If it is a little higher, it could be half ... I say that if the worst came to the worst and one-half dies, there will still be one-half left, but imperialism would be razed to the ground and the whole world would become socialist. After a few years there would be 2.7 billion people again".

I heard it differently.

Popcorn eaters

I'm into cancha these days. Got hooked on it after a visit to a Peruvian restaurant a few years ago. It'll do the job.

note that the SF Rus Embassy is being searched for explosives.

Someone burnt a few marshmallows in the fireplace before they evacuated. Things are moving at an escalated rate, backwards, towards the Cold War era. I wonder how the world would change if China dropped Communism and adopted a democratic, capitalist system. Not far fetched, it's already heading there, imho, just like Russia did a few years ago. It took a war to catalyse Russia's change. Perhaps a war would have a similar effect on the factory of the world?

@Rational ,

Your bold makes a real mess

Just highlighting that "Ach, du" happens to be a substring of "Aachen". You're right about the rest. The pronunciation of the German[1] city's name sounds close to the pronunciation of "brother" in Arabic, with two kasra's underneath the "kha".

[1] Germany, sausage (or links) ;)

Clive RobinsonSeptember 4, 2017 4:49 AM

Is UK AA's Car Geni a disaster in waiting?

The UK's Automobile Association (AA) has released a little box of electronics called the "Car Geni" which they are currently promoting quite hard.

The little box plugs into the cars diagnistoc port and communicates with the drivers mobile phone that runs an application to talk to the cars sensors and other "connected" electronics...

http://www.independent.co.uk/life-style/gadgets-and-tech/news/car-genie-aa-device-app-predict-car-breakdown-service-save-people-fuel-customer-drivers-a7648736.html

What could possibly go wrong?

Anyone care to set up a security breach sweepstakes / pool to guess when it will first get anounced it's been hacked?

furloinSeptember 4, 2017 6:54 AM

@Clive Robinson
I would take a guess at it already being so considering how trustworthy the AA would be. Why not set up a pool for when someone first discovers it is backdoored instead?

Ergo SumSeptember 4, 2017 10:01 AM

@Clive...

I get the feeling that President Trump may not be good at chess as well as history so we may well see a Cuban Missile Crisis stand off as we did with JFK.

While I agree, there might be other forces in the US that wants to escalate the issue with North Korea to a war, be that conventional and/or nuclear. Both the military and its supply industry pushing for the escalation. This certainly is not going to be like the Cuban Missile Crisis, neither sides seem capable to comprise.

What's lost in this crisis that the Koreans, Both North and South, had been suffering the results of countries, including China, Japan, Russia and the USA, involvements in their countries throughout their history. And it had not been kind to them. Like the 36 month long carpet bombing of North Korea by the US military that killed an estimated 8-9 million people:

https://consortiumnews.com/2017/08/28/how-history-explains-the-korean-crisis/

And people in the US wonder why North Korea don't like them....

JG4September 4, 2017 10:28 AM


@all acting in good faith - Thanks for the continued excellent discussion. if it hasn't become clear, I am a seeker of the truth and this forum has been a growth experience. I enjoy the occasional foreign language comments. Have I mentioned fingerspitzengefühl? Rommel had it for adapting the order of battle as the situation evolved. I hope to have it for ideas and systems. we are in the midst of a giant psyops war for the mind involving the media, the government, including the security apparatus, and open sources like this one. perhaps 3 percent of the population are aware of the conflict of ideas and what the stakes may be. Woody Allen's crossroads give a good idea of the stakes. the rest are wrapped around various axles of TV sports, Republican vs. Democrat propaganda, fake news, rumors of war, ad nausem, ad infinitum.

@Dirk P. - I'm not too far along the autism spectrum, but I like peace and quiet to work on ideas. I had an uncanny experience in an airport with a friendly DHS agent who was reading people. I was dressed in what I would call business casual, button-down shirt, khaki cargoes, including a leather jacket (non-military) flight-style, non-gloss. I almost always have a dark fleece sweater with the outfit, but not necessarily on. I usually carry a knapsack (packed with goodies like pocket calculator, GPS, compass, lithium flashlight and multi-plier) and a laptop in a bag. I wear some weak glasses from the dollar store to counter far-sightedness, with thin metal rims. and a goatee.

I used to be well-muscled, but I run lean now from the low-carb diet and frequent fasting. an inch or two over average height. the extent of physical exertion in my day-to-day work is mostly pushing electrons with a keyboard. she walked up and said "You're a scientist going to a conference." it didn't make the hair on the back of my neck stand up, but I was impressed by the powers of observation, assuming that I'm yet not high enough on the list to be looked up before each flight and watched by name. I am on a lot of other lists, which is how I got sensitized to these topics. given how much I know from open sources, I wouldn't object to being on a watch list. my security clearance lapsed 35 years ago and I had no part in any spookwerk. my consent to being watched includes the correct safeguards being observed (I'd bet my last fiat paper they're not), in particular that it doesn't stray into harassment or sale of my attack surface to commercial entities, including Blackwater and their globe-straddling collection of psychopaths. the murder of their whistleblowers hasn't attracted as much attention as it should. just another cog in the adaptive system called Murder, Inc. it's an interlocking arrangment of adaptive resource-extraction asset-stripping engines. Google and the other Four Horsemen of the Tech Apocalypse are the data-stripping engines. strip-mining engines if you prefer. the financial psychopaths have strip-mined your future and your children's futures.

@ab praeceptis - Thanks for your helpful comments. I think you are correct in terms of best practices, but the terrain you illuminate probably has been ploughed by the academics and put into formal proofs. Snowden probably was correct that we can trust the math, at least when the academics have agreed on the formal proofs and they have been checked by programs that do formal proofs. I take your point to be that you have to follow certain design rules to get to good results and I agree completely, "trust the math." the real problem, as many of the brain trust here have articulated, is the compromised hardware. we could include the side channels in the compromised hardware category. I would call the hardware problem a market inefficiency, where the barriers to entry are essentially complete. even if you could build your own fab, it would be such a large-scale endeavor that you couldn't keep their hidden hypervisors out of it. we might speculate that small-scale slow fabs could someday be a reality.

I had some crazy dreams during my libertarian wet dream in the 1990's. in one of them, I was talking to some VLSI/FPGA guys I know in an R&D group and lamented that I couldn't afford a custom chip for my work. they said, no problem, we have a fab upstairs and we can get it done this afternoon, gratis. in real-life, there was no upstairs in their modest office building, but in the dream there was, and the fab in the dream was along a countertop in a kitchen area upstairs. the fab would have fit on a modest-sized conference table, perhaps 24" wide, 24" to 36" tall (it varied along the length) and maybe 6 to 8 feet long. that's not as far-fetched as it sounds, because there are e-beam etch-resists that allow much smaller geometries than deep-UV that could be exposed in a small benchtop electron microscope at a painstakingly slow speed. plasma etching, ion implantation, diffusion, annealing, and aluminum PVD all are mature technologies and can be done at single-wafer scale or smaller. the e-beam processes are notoriously slow. we might guess that is how the spooks make some of their high-assurance hardware. in the good old days, photolithography was done with rubylith and wet-etching, plus shake and bake, all of which are within reach of hobbyists and small state actors.

commercial software and open-source software probably are equally compromised. it is going to take a combination of best practices in algorithms, as you suggest, and in formal software methods, as others suggest, and in secure hardware, as yet others including Clive suggest. given that we can't get to a fab in the short term, the only path to secure hardware is some combination of filtering and segregation. I believe that it is possible to build simple filters, including variations on the data diode concept, that will provide a hardware platform (composite CPU) for algorithms and software that have been subjected to rigorous proofs. Nick P.'s, Wael's and others' diligent efforts to formalize the software step from algorithm to hardware is a necessary step along the path to system security. another hardware approach, which is complementary, or can be used in lieu of simple filters, might be to use a hardware hypervisor to keep a number of CPUs in what might be called known-good states. but really, that hypervisor is just a collection of data diodes, surveillance and controls. given that the parameter space of interest for e.g., an Intel CPU, is intractable to verify, a much smaller and verifiable parameter space is the next best thing. and that is the substance of the simplicity arguments. I don't want to get wrapped around the axle of whether success in the open-source security endeavor will empower private sector criminals, while diluting the power of the public sector criminals, but you can be sure that they lie awake at night worrying about that. trying to work out the ethical implications is one of the many paths to madness. I just want to be able to get some peace of mind out of bottles to counter the understanding that surpasses all peace(TM). and be able to maintain a few business models to keep enough food on the table, without having them stolen before I even have them finished.

the banks are complicit in the illegal drug trades and want to preserve the monopoly profits. the Deep State also is involved in the drug trade and in the banks. in the case of the Sinaloa cartel, they were willing to look the other way on murder, ddrug-trafficking and money-laundering in return for intelligence. I probably said that Holder should be in prison, after a fair and speedy trial. I'd be fine if Hillary Clinton also were in the same supermax, after due process is observed. again, it is an interlocking system of resource-extraction asset-stripping cartels too numerous to catalog.

https://www.nakedcapitalism.com/2017/09/global-banks-sabotage-uruguays-efforts-legalize-marijuana.html

on to the daily news

Links 9/4/17 | naked capitalism - Tor Browser
https://www.nakedcapitalism.com/2017/09/links-9417.html
Posted on September 4, 2017 by Lambert Strether

...[this may be tangential to security questions, except for your impaired financial security after paying the extra rent to the rent-seekers. and having your data strip-mined]

98.5 Percent Of Original Comments To The FCC Oppose Killing Net Neutrality Above The Law

...[the presence of fissionable materials on the planet may require a permanent security apparatus to manage the destructive potential. we might hope that they do a better job in the next 75 years than they've done in the past 75 years. Hanford, the fallout in Utah, Nuclear Disaster in the Urals, Rocky Flats, Santa Susanna, Savannah River, Windscale, Chernobyl, Fukushima, > 10 US broken arrow incidents, at least two almost-launches by the Soviets, stopped by heroes, the ocean floor littered with spent reactors and countless other accidents and unintended consequences too numerous to catalog.

I still think that the most serious threat from North Korea is electromagnetic pulse damage to the electric grid, but thermonuclear fusion does raise the stakes as a threat to populations. the real danger is to South Korea, which is a US client state. Clive may have pointed out that EMP can also be caused by solar flares. the keyword search for Starfish Prime probably will find some mention of the impressive Carrington Event. the Northern lights in very early November after 9/11 were spectacular and the plane was all but empty as it passed over North Dakota]

North Korea

The Peanut – North Korea Tests A New Nuke – Continues To Press For Negotiations Moon of Alabama

What Motivations Lie Behind North Korea’s Nuclear Arsenal NYT. The front page headline: “Nuclear Arsenal Is No Longer Thought to Be Only Defensive.” Hoo boy. (The URL, “north-korea-kim-jong-un,” matches neither, suggesting some internal editorial struggle.)

The Quite Rational Basis for North Korea’s Japan Overfly Defense One

Mattis Warns U.S. Could Bring ‘Total Annihilation’ to North Korea Roll Call

Why Kim Jong Un Isn’t Afraid of Donald Trump Politico

Three Dangerous Delusions about Korea Strategic Culture

China and Russia unite against North Korean nuclear test South China Morning Post

...[malice or incompetence? it's a trick question, they are both malicious and incompetent]

Imperial Collapse Watch

Navy destroyer collides with building in downtown Houston Duffel Blog

Make no mistake, the latest US thuggery is a sign of weakness, not strength The Saker (MT). An important bill of particulars.

New Cold War

Russia: U.S. closure of diplomatic sites a ‘blatantly hostile act’ Reuters

On the Lawfare over the Steele Dossier emptywheel

Trump Transition

[some people call it naked capitalism. maximization of ROI without regard to ethics will put the psychopaths at the top of money management system with destabilizing effects on the system. oh, wait, that already happened, and then they looted the casino]

The Relevance of Franz L. Neumann’s Critical Theory in 2017: Anxiety and Politics in the New Age of Authoritarian Capitalism Journal for a Global Sustainable Information Society

...[the Deep State]

Monopoly Power

It’s Google’s birthday — here’s how it looked 19 years ago The Next Web. Deflects attention to the Google search box, as opposed to Google’s gaming and manipulation of the results page.

[I think that adaptive systems are the most important topic on your planet, so that will be a good post-midlife-crisis career. some people call them Resilient Systems, but the adaptive resource-extraction asset-stripping engines are destroying the planet and civilization. that leads to the opposite of resilient, at least until the robbed have been murdered]

Deep Learning Research Directions: Computational Efficiency Tim Dettmers

[food security]

To save rural Iowa, we must oppose Monsanto-Bayer merger Des Moines Register

[one of the off-topics that I want to explore is how chemicals intentionally and unintentionally added to foods cause health problems, via signal disruption, besides the sugar and starch cartels efforts]

How fair is our food? Big companies take reins on sourcing schemes Reuters (DK).

ab praeceptisSeptember 4, 2017 10:29 AM

65535, Nick P, et al

"MuPDF"

I'm using it happily since some years now and at least one of the reasons mupdf is among the safer (and btw quick) pdf readers is its being minimalist and frugal. It doesn't do many things or many formats but one thing and well, it shows pdf files, period.

Sidenote: I might be wrong but from what I remember from occasional looks at diverse pdf readers, at least on unix most of them are poppler based.

ab praeceptisSeptember 4, 2017 11:03 AM

JG4

"the real problem, as many of the brain trust here have articulated, is the compromised hardware."

I disagree or, more correctly, I agree only conditionally.

Leaving aside issues that are more problems of idiocy and/or obvious evil intent (e.g. most smartphones) hardware is *not* the problem. It is one problem and a particularly complex and nasty one but not "the" problem.
For one, usually compromised hw needs sw vulnerabilities at some point to be remotely exploitable. Another even more important factor (imo) is that with a more or less completely rotten software stack (from the bios up the applications) one is even more defenseless and can do very little in terms of even just verifying, say, bios images.

And there is, of course, the rather high level entry barrier in terms of costs. Looking at the situation from a military perspective - and that makes sense as e.g. nsa actually runs a quasi military operation against the world and even their own citizens - one can't but be reminded of the old rule "war is very much about cost vs gain ratio".
Nice illustration: USSRs decision to invest heavily in missiles rather than playing the us-american game that could be somewhat rudely subsumed as "throw billions of $ at it". The result was that Russians could sink a multibillion $ carrier group with missiles costing some 100 times less. 20 Mio vs 10 billion would have been a lost war for the us of a, even more so as producing 20 new missiles required much much less time than building a new crarrier group.

Similarly, sending tao teams around the world would, besides operational problems, be so expensive that it could be done only in a very limited number of cases. Not needing do that, not needing to EM eavesdrop, to install dongles, or to get into fiber wires, but being able to simply make use of plenty vulnerabilities throughout the whole sw stack and to comfortably - and massively - hack into, eavesdrop onto and taking control of complete networks and millions and millions of machines is what makes the whole operation possible.

That is by no means to say that we need not care about hw vulnerabilities, backdoors, etc. but they are not the major reason why 99+% of the global population is living more or less in a panopticon.
Or, to put it rudely: At nsa they must laugh their a**es off seeing that we ourselves (-> millions and millions in the (f)oss crowd) create the attack surfaces that all but invite nsa into our systems.

JG4September 4, 2017 12:08 PM


@ab praeceptis - We probably are dancing around semantics. To the extent that almost any hardware backdoor allows injection of arbitary code sequences or reflashing of firmware, there is little distinction between an algorithmic error, a firmware error, a software error or a hardware "error." The end result is the same, which is that the computing engine is pwned. In the case of messages, the content is observed. In many cases bad people are empowered and good people are murdered. And the psychopaths and their clients are enriched. To the extent that it all is entropy maximization, it may be unavoidable on the old blue marble. I don't expect to solve these problems, given that they have been with us for 100,000 to 1,000,000 years or more. I'm happy to be making progress in framing the problems.

@Rachel - I knew that I missed something yesterday. Feel free to remind me if I drop a good thread, or if an off-topic tangent doesn't get the attention that it deserves. When you get up to 45,000 to 50,000 feet in the cockpit of a KC-135, you can begin to see the curvature of the old blue marble. The horizon drops away faster than it should, by a meaningful fraction of the height of the higher mountains in the western US. Even if the Apollo program was one of the giant scams, which I don't believe to be the case, there are plenty of people who have gone well above 50,000 feet. I think that their photographs are at odds with the flat earth theories.

One of my regrets is that when I could run a 5- to 6-minute mile, I didn't fully explore hypoxia during altitude training at Langley AFB. The demonstration of color vision was stunning. They turned down the lights while the masks were off at some significant pressure altitude (in the range of 20,000 to 30,00 feet equivalent) and and had us pull a color card out of the seat pocket in front of us. My recollection is that it was the NBC peacock, but it could have been a facsimile. We put on the oxygen masks and took a deep breath. The card immediately, on the one- to two-second timescale, went from dim grayscale to bright full color. A nice illustration of nervous system impairment from bioenergetics. I believe that the same effect occurs during fasting from low blood glucose levels. Starving peasant are much easier to manage than various other groups. I may have done myself a favor by not going too deep in hypoxia. Every mountain climber who has been above 8000 meters without oxygen has measurable cognitive deficits, as do many soccer players (head-butting), football players, boxers... A hearing demonstration during altitude training might have showed similar effects. Irreversible altitude sickness may result from the pancreas not being able to control gluconeogensis because of energy starvation from hypoxia, setting off a fatal spiral. That is purely speculation on my part.

Jumping topics, we live in a paradigm of moral ambiguity that has been empowering to the psychopaths. That is what the information wars are about. Human rights, one viral video at a time.

In recounting the US genocides in Southeast Asia, I didn't mention the US-sponsored genocides in Indonesia and other countries. Speaking of genocide, it didn't start in Japan with Hiroshima and Nagasaki. The incineration of Tokyo on the night of March 9, 1945, proved the most lethal single day in the history of human conflict. Operation Meetinghouse is regarded as the single most destructive bombing raid in human history. 16 square miles (41 km2) of central Tokyo was annihilated, over 1 million were made homeless with an estimated 100,000 civilian deaths. The Japanese later called this event Night of the Black Snow. The Americans calculated that the decentralization of Japanese industry throughout its urban centres, the dropping of leaflets to give civilians advance warning of the infernos to come, the huge investments in B-29, and the desperate effort to avoid a costly invasion of Japan, all made the decision to abandon precision – but largely ineffective – bombing and to turn to the firing of cities morally acceptable. LeMay himself acknowledged that had America lost the war, he would have been tried for war crimes.

There is a lot more to say on many topics, but not as much time as there used to be. At least from our limited perspective.

ab praeceptisSeptember 4, 2017 12:21 PM

JG4

I suggest a simple thought experiment:

a) assume hardware were solid and trustworthy. How would that change the current sad situation for the masses?

b) assume the whole software stack were solid and trustworthy. How would that change the current sad situation for the masses?

I think it's quite obvious that b) points to the major problem field - again, for the masses (as opposed to tao worthy single targets).

RachelSeptember 4, 2017 1:44 PM

JG4
thanks for fascinating words. yes it's called the death zone for a reason. i can't reconcile my attraction to altitude with the fact the body is literally dying, even with oxygen.
not saying i believe the earth is other than round its just been fun to read the arguments. If you could be bothered, search ' david wolfe flat earth ' on youtube for a 10min powerpoint, he frames it in an i interesting way and challenges nasa images. he recokons not flat but not perfect sphere. cant link from here sorry.
RE aspergers spectrum. there are some good books about radically improving symptoms with things like amino acids and other non conventional medicines
& Temple Grandin is very inspiring

Altitude and hypoxia - check out mutant Wim Hof. summited Everest in a pair of shorts. Runs marathons in the Arctic and Sahara without clothes or water. has scientists monitor him and thus forces the rewriting of physiology medical textbooks. best yet teaches others to replicate his results in weeks. he has an online course

People reading: Japanese have a phrase Sanpaku. refers to whites of eyes visible below the pupil. indicates extreme imbalance, disasterous health. Whites above the eyes quite uncommon but indicates extremely dangerous, psycho violent disposition, to be avoided at all costs.
off topic as usual thanks for patience everyone

Clive Robinson
enjoyed your piece on Single Sideband. and yes VOCODA! Yes I recall when certain first responders used such a form of encryption as you describe when heard through a scanner. hard to believe now. I can still hear the sound of the Sideband garble when listened to at 27meg and how it nonetheless seemed accessible as if only one could turn the wave inside out and upside down LOL these days we have Audacity audio software. how did you fare in the competition, it must be hard to get rural 'enough' , the Breacon Beacons would be good value ;-) i always had the idea 'skip' was fairly random even with a directional antennae which i suppose features in the competition. sun spot cycles run in ten year periods i recall,

Freezing_in_BrazilSeptember 4, 2017 2:52 PM

It is a blessing* to be in this forum. It makes me feel like there is hope for mankind, after all, since I can see so many beautiful minds here.

This: Innocents are chose because they have no affiliation thus will not become martyrs for a cause (Clive Robinson) is impressively insightful and accurate. Very few people can think with such a clarity. I am impressed, sir.

Just a minor nitpick: I think the White House was restored some time between the late 19th/early 20th century, so I don`t think there is any scars left from the burning.

(*) I`m not a religious person. It is just a figure of speech.

Clive RobinsonSeptember 4, 2017 3:09 PM

@ furloin,

Why not set up a pool for when someone first discovers it is backdoored instead?

We'll have to be quick ;-)

I suspect it already has atleast three or four already. Some software designers think they are clever as do some engineers and UI designers for phone applications.

So that's three straight off 0:)

Dirk PraetSeptember 4, 2017 4:36 PM

@ JG4

... she walked up and said "You're a scientist going to a conference."

In the US, I usually got mistaken for an East-German terrorist for looking too much like some characters in Die Hard I. In the UK, I try to speak English as badly as possible when going through customs because I picked up a rather distinctive Brummie accent somewhere in the eighties, and nobody believes I'm Belgian ever since. In India, everyone confuses me with famous Bollywood movie star Sanjay Dutt. Who was arrested under the Terrorist and Disruptive Activities (Prevention) Act in April 1993 and eventually served a stiff sentence for illegal possession of weapons. I totally hate airports.

Clive RobinsonSeptember 4, 2017 5:41 PM

@ ab praeceptis, JG4,

I suggest a simple thought experiment:

There is a problem with the model, in that currently software is the "low hanging fruit". I fully expect this to change as the Moores Law wall forces increasing numbers of cores in one or more parallel confogurations

mostly harmfulSeptember 4, 2017 7:57 PM

Below is a less temporary pointer to the interesting TomDispatch article that @tyr called @Clive and @Wael's attention to:

RatioSeptember 4, 2017 8:08 PM

@Wael,

Just highlighting that "Ach, du" happens to be a substring of "Aachen".

By an amazing coincidence آخن and أخي also share a substring: اخ. (No, your fancy squiggles don't change that.)

But trying to highlight that substring in bold, as you do, really makes a real mess of things. If you put <b>…</b> around the shared prefix, writing <b>أخ</b>ي for example, you end up with أخي. So you get the isolated forms of خ and ي instead of the خي you'd like to have; and the ي has to be put on the wrong side of أخ if you want the result to read right.

[...] two kasra's underneath the "kha".

That would be خٍ if I understand correctly. I thought that indicated nunation? Can you explain? شكرًا

AlanSSeptember 4, 2017 9:09 PM

@Clive

The current issues to do with North Korea for example can be traced back to the US-v-Russia issues in the late 1940s.

Or even earlier, to the Japanese invasion of Korea and, later, various parts of China. There's remarkably little commentary on the history of the region and the American role, say, compared to Vietnam. And much of the history has undergone substantial revision as new documents and materials have come to light. But much of what goes for popular accepted wisdom on the history of the region in the US, what little there is, is very dated (and might be considered little more than warmed over 1950s propaganda) and is probably a really awful basis for conducting effective diplomacy. A writer commenting on American diplomatic failures in the region in the Guardian recently, observed:

...the [post-WWII] US presence in east Asia has papered over serial diplomatic failures. All of the frozen-in-the-1950s conflicts buried during the decades of high-speed economic growth are starting to resurface....Despite their shared roots, Japan and China have remained as psychically remote as they are geographically close. In Europe, an acknowledgment of the second world war’s calamities helped bring the continent’s nations together in the aftermath of the conflict. In east Asia, by contrast, the war and its history have never been settled, politically, diplomatically or emotionally. There has been little of the introspection and statesmanship that helped Europe to heal its wounds.

The North Koreans firing a missile while Trump meets with the Japanese PM is obviously a provocation. But do the President and the British PM understand it? One might have doubts as apparently they think it is good diplomacy to criticize China on what they see as China's lack of action towards North Korea while in the company of the Japanese PM. The Japanese PM has been criticized by the Chinese for honoring war criminals, and is himself, the grandson of Nobusuke Kishi, considered to have been a Class A War Criminal by the Chinese for his activities during the Japanese occupation of Manchuria. Nobusuke Kishi escaped paying for his crimes, and went on to become a post WW-II Japanese PM, thanks to American intervention. It is also probably not irrelevant that Kim Il-sung, the grandfather of the current North Korean dictator, was a member of the Chinese Communist Party and lead some of the strongest resistance to the Japanese when they occupied Manchurian.

There are unacknowledged and unresolved issues that are much larger than "the Korean conflict" as it is understood in America.

AlanSSeptember 4, 2017 9:31 PM

@Ergo Sum

Quite so. MacArthur is supposed to have told Congress that the destruction brought about by the bombing of Korea made him want to vomit.

What the War in Korea Looked Like in the 1950s and Why It Matters Now:

During the course of the three-year war, which both sides accuse one another of provoking, the U.S. dropped 635,000 tons of explosives on North Korea, including 32,557 tons of napalm, an incendiary liquid that can clear forested areas and cause devastating burns to human skin. (In contrast, the U.S. used 503,000 tons of bombs during the entire Pacific Theater of World War Two, according to a 2009 study by the Asia-Pacific Journal.) In a 1984 interview, Air Force Gen. Curtis LeMay, head of the Strategic Air Command during the Korean War, claimed U.S. bombs "killed off 20 percent of the population" and "targeted everything that moved in North Korea." These acts, largely ignored by the U.S.' collective memory, have deeply contributed to Pyongyang's contempt for the U.S. and especially its ongoing military presence on the Korean Peninsula. "Most Americans are completely unaware that we destroyed more cities in the North then we did in Japan or Germany during World War II... Every North Korean knows about this, it's drilled into their minds. We never hear about it," historian and author Bruce Cummings told Newsweek by email Monday.

gordoSeptember 4, 2017 10:00 PM

@ book_review,

I find the award timely as it highlights the power of the State versus the power of truth telling and how it's handled, for the most part, in the West.

It also goes to the misuse of power touched on here and in response by @ 65535 and by @ Dirk Praet.

I see these issues, each and all, as the result of social problems, i.e, how poorly we treat each other.

Borrowing from a 1970's punk rock lexicon, Anarchy in the U.K., and flipping it: "Know what we want, but don't know how to get it", that's my read of the American electorate. As so, I agree with Mr. Hersh that President Trump may well be a "circuit breaker".

In that regard, the outcome of the 2017 Special Counsel Investigation will be interesting to the degree of veracity by which it lays bare the authorities.

JG4September 4, 2017 10:16 PM


@AlanS - it probably is worse than LeMay estimated, like 33% of the population that was wiped out. they glossed over the US genocides in my history classes. I only picked up in the past couple of months that it was Teddy Roosevelt who set the Japanese in charge of all of Asia in 1905, where they promptly set up a resource-extraction asset-stripping engine that enslaved much of Asia, and eventually came into conflict withe US empire. The passage just before this one is substantially the same as your Newsweek link:

https://consortiumnews.com/2017/08/28/how-history-explains-the-korean-crisis/
...
Carpet-Bombing the North
LeMay’s figure, horrifying as it is, needs to be borne in mind today. Start with the probability that it is understated. Canadian economist Michel Chossudovsky has written that LeMay’s estimate of 20 percent should be revised to nearly 33 percent or roughly one Korean in three killed. He goes on to point to a remarkable comparison: in the Second World War, the British had lost less than 1 percent of their population, France lost 1.35 percent, China lost 1.89 percent and the U.S. only a third of 1 percent. Put another way, Korea proportionally suffered roughly 30 times as many people killed in 37 months of American carpet-bombing as these other countries lost in all the years of the Second World War.

This will make the hair on the back of your neck stand up. Teddy Roosevelt got a Nobel Peace Prize for sowing the seeds of the Pacific war.

Diplomacy That Will Live in Infamy
http://www.nytimes.com/2009/12/06/opinion/06bradley.html

The only guy convicted in the My Lai massacre was Calley, who got a slap on the wrist. That wasn't an isolated instance either, as Nick Turse showed in Kill Anything That Moves. Calley and his men were just following orders, but no one else was hauled in front of a court martial.

WaelSeptember 4, 2017 11:41 PM

@mostly harmful, @tyr,

Below is a less temporary pointer to the interesting TomDispatch article

There is so much to read there - haven't had the chance to read a lot of it, but I purchased the book (9.99 - kindle edition.) Have so many books in my queue. I will stop buying more until I finish what I have; can't comment on the content until I go through it :)

I passed through one of the embedded links there by an article that mentioned China and Russia. Reminded me of what's going on with North Korea. If you ask little Katherine, she'll tell you that Russia and China are singing the same tune; both literally[1] and figuratively.

@Ratio,

By an amazing coincidence آخن and أخي also share a substring: اخ. (No, your fancy squiggles don't change that.)

That's because آخن, imho, has no meaning in the 12.5 million Arabic words. That small squigly you put on the first letter made all the difference. Without it, the word would have several meanings.

That would be خٍ if I understand correctly. I thought that indicated nunation?

Correct, correct. You should know a lot more than that! Besides, your choice of letters changes the numbers according to Abjad numerals (some really strange things there, but this isn't the place to discuss it.) Speaking of numbers, the so-called Arabic numerals {1,2,3,4,5,6,7,8,9} are really not Arabic (Arabs represented numbers by using letters.) They are Indian, just like {١،٢،٣،٤،٥،٦،٧،٨،٩} are. There were like five different scripts in total to represent numbers including the previous two, all Indian (or Hindi.)The Arabic numerals are called Arabic becuase they were adopted by Arabs, then transfered by Arabs to the Europeans as Arabic was the Lingua Franka of science, once upon a time. The "Zero", however, is Arabic -- not Indian. The internet will tell you the opposite of what I said. Who are gonna believe: the internet or me? Lol!

But trying to highlight that substring in bold, as you do, really makes a real mess of things.l.

You are right. Now that I noted how you interpret bold characters, I'll adapt accordingly.

[1] English version here.

Dirk PraetSeptember 5, 2017 3:27 AM

@ Clive, @ AlanS

The current issues to do with North Korea for example can be traced back to the US-v-Russia issues in the late 1940s.

It would also seem that nothing is ever learned from history. Both carpet bombing the general population (Bomber Harris & co.) and imposing crippling sanctions (Versailles Treaty) play in the hand of a mad authoritarian leadership that eventually will adopt a zero sum strategy, the support for which only increases by such actions.

In essence, what the DPRK is doing today is a shadow copy of the MAD-policy adopted by the original nuclear powers during the Cold War and a number of others that followed suit later. Which leaves only few options: full thermonuclear war, or recognition on the international stage of the new nuclear power.

The current escalation unfortunately is the result of yet another tragic failure of US expansionist foreign policy that had bet the house on the Kim dynasty collapsing before they would acquire nuclear and ICBM capabilities. As well as the unwillingness of both the US and China to settle a regional power balance issue, a solution for which is now already 50+ years overdue.

In the long term, the only viable and permanent solution is a reunification of the Korean peninsula under a democratic regime with a free market economy, without nuclear ambitions and US troops, and on friendly terms with both China, Japan and its US ally.

Clive RobinsonSeptember 5, 2017 4:22 AM

@ Rachel,

how did you fare in the competition, it must be hard to get rural 'enough' , the Breacon Beacons would be good value ;-)

As you will here in various places,"Not to shabby" better than expected as the conditions were not what they could have been. However I've not heared the "Official score" yet. As for getting "rural" London has something called "The green belt" around it so yes you can find places to "work portable".

It's been a while since I was flogging my guts out around the Breacon Beacons. The last time was when I was with a friend from the time I used to wear the green... Now I seem condemed to use crutches all the time I guess I won't be going back up there :( That said I hope to be going up Llandudno's[1] mini-mountain The Great Orme again as it's navigable on sticks, or I can be lazy and take the tram or cable car. At the top you can still see the remaind of the WWII artillery school above which was the oh so secret X3 radar development my mum worked at for a while during WWII. Then hopefully get around to the Ffestiniog Railway and down to Portmeirion where they filmed the 1960's TV series The Prisoner, which they even took a rise out of in the Simpson's.

[1] yes you've probably heard most of the jokes about Llandudno so I won't repeat them. However it has a micro-climate that encorages interesting plants to grow.

Clive RobinsonSeptember 5, 2017 5:04 AM

@ AlanS, Dirk Praet, Ergo Sum, JG4, Tyr,

What is not mentioned as far as I can see is that both China and Russia have had input into the development of the North Korean weapons.

If you get a map of the world out and shade in China, India, Korea, Pakistan and Russia, who are all now nuclear weapons states it is some what thought provoking. Then when you add up their population totals it does not improve the mood when you consider what could go wrong.

Especially if you consider them as a market place that is less and less interested in dealing with the US or it's closer alies. China has recently made it ubundently clear that their marketplace requires the likes of the US and West to give up all the secrets as the price of entry....

The simple view is that certain interests in the US regard Korea as a wedge to drive in to try to cause issues between China and Russia, then India etc. On the theory that if they are busy with infighting it will delay their rise on the world stage, thus keeping the US prominent position for a while longer.

However President Trump's "Make America Great" appears to be based on "inward looking" policies that will encorage isolationism and a Castle building mentality at possibly the worst time for the US. Especially as the US is now critically dependent on raw resources that it currently has to import to keep it's industry sector alive.

A lesson from acient history is a Castle is a defensive point that whilst strong as a physical defence is easy to defeat given time. You simply suround it and effectively turn it into a prison, then wait for the inmates to run out of resources...

Thus the question arises as to what the West can do to address the change of fortunes.

A few days ago somebody mentioned Issac Asimov's "Foundation" series. Part of the plot was that the "new foundation" would defend it's self not militarily but by "trade dependence". If your potential enemy is dependent on trading with you then they are much less likely to attack. It does not take much reading to see who has the upper hand in trade.

JG4September 5, 2017 6:22 AM


@Clive - Thanks for your helpful comments on North Korea/China/Russia. There is a bigger game in play and I still think that NZ is a good place to ride out the unfolding crises. The Chinese are noted for taking the long view and the Silk Road is genius. That is one of the things that made the middle East a crossroads and melting pot of commerce, ideas and genetics. I'm pretty sure that I posted Hans Rosling on "Asia's Rise." He was a genius of data visualization and I'm sorry to see him gone so young.

what if Trump and his team are the smartest guys in the room and they've studied Boyd's reading list for 40 years as if it were a religion?

"Never underestimate the power of a question"
Plot Holes, by Robert Gore
Posted on February 26, 2017 | 47 Comments
https://straightlinelogic.com/2017/02/26/plot-holes-by-robert-gore/
...
It’s telling that Flynn’s replacement, H.R. McMaster, authored Dereliction of Duty: Lyndon Johnson, Robert McNamara, The Joint Chiefs of Staff, and the Lies that Led to Vietnam. This looks like a classic Trump double down, replacing a maverick the Deep State didn’t like with a bigger one they’ll like even less.

"we don't have to follow the rules, but you have to follow our rules as we make them up"

http://www.zerohedge.com/news/2017-09-04/it-wasnt-comeys-decision-exonerate-hillary-it-was-obamas

Links 9/5/17
https://www.nakedcapitalism.com/2017/09/links-9517.html
Posted on September 5, 2017 by Jerri-Lynn Scofield

...

Alibaba launches ‘smile to pay’ facial recognition system at KFC in China CNBC. Creepy.

...

Experiment reveals evidence for a previously unseen behaviour of light Clipboard (David L)

...[information theory made a big splash in biology and quantum mechanics. it is implicit in von Mises and Hayeks work in economics, but they were so early the term "information theory" wasn't available for them to use. the information sphere includes advertising signals and the response of money signals with end up in profit signals]

Demonetisation is a Clear Case of How Public Policy Should Not be Made The Wire

...

China

Man jailed for selling VPNs to evade China’s ‘Great Firewall’ SCMP

...[angry people make mistakes. the Deep State is upset]


New Cold War

US crassness in Russia spat goes back to Snowden humiliation Asia Times

...[there's a term of art in communications about "shaping," is "spectral shaping" or "load shaping?" - gerrymandering is a form of signal shaping]

Schwarzenegger’s bipartisan next political act: Terminating gerrymandering San Fran Chronicle. Hmm. Headline includes two standard tells for bullshit: “bipartisan”, and a celebrity endorsement. I don’t share the article’s optimism that the last action hero will sort the situation.

...[suppression of negative feedback signals locks a circuit into saturation at the rail]

Internet Censorship Bill Would Spell Disaster for Speech and Innovation Electronic Frontier Foundation (Chuck L)

...[squillionaires have an extraordinary ability to shape policy, yet another feedback path]

Forget Wall Street – Silicon Valley is the new political power in Washington Guardian. Not exactly news to regular readers, but worth your time anyway.

...[you might hope to see one of the financial psychopaths swing for this. that would be a useful feedback signal]

Grenfell Tower Inferno Aftermath

Architects must take back power after Grenfell, says new Riba chief Guardian

...[physical security]

Guillotine Watch

Build-a-Bunker: the bespoke nuclear burrows on offer for the wealthy New Statesman

JG4September 5, 2017 6:30 AM


spot on Clive's comment that there is a bigger game in play than North Korea

http://www.zerohedge.com/news/2017-09-04/pepe-escobar-why-jihadism-wont-be-allowed-die
...
Charlie gets stronger

Dr. Zbig “Grand Chessboard” Brzezinski may be dead, but geopolitics is still encumbered with his corpse. Brzezinski’s life obsession is that no peer competitor to the US should be allowed to emerge. Imagine as he lay dying contemplating the ongoing, ultimate nightmare; a Russia-China pan-Eurasian alliance.

The less disastrous scenario in this case would be to seduce either Moscow or Beijing into becoming a US partner, based on which one would pose a lesser “threat” in the future. Brzezinski focused on Russia as the immediate threat and China as the long game threat.

Thus the obsession of the US deep state and the Clinton machine in demonizing all things Russia – like an infantile neo-McCarthyism on steroids. Inevitably, what this geopolitical back hole has precipitated is China’s even more rapid advance on all fronts.

Not to mention that the Russia-China strategic partnership kept getting stronger every day – an eerie echo of Capt. Willard’s line in Coppola’s Apocalypse Now; “Every minute I stay in this room I get weaker, every minute Charlie squats in the bush, he gets stronger”.

And yet Charlie is not squatting; he’s conquering via trade and investment. And he’s not in the bush; he’s all over the Eurasian plains.
A basket of Hobbesian flare-ups

The other American dalang, Henry Kissinger, is still alive, at 94. Advising President Trump before the January inauguration, and posing as the supreme gray eminence on China matters, he suggested Russia should be courted.

But then came the clincher. Clearly identifying that the Russia-China-Iran alliance holds the key to Eurasia integration, Kissinger revealed his true colors; it’s the weakest link – Iran – that should be neutralized.

Thus his recent proclamation/warning about an “Iranian radical empire” developing/stretching from Tehran to Beirut as the “vacuum” left by Daesh is filled by the Persians.

And here we have Kissinger once again as the unreconstructed Cold Warrior that he is; exit Communism, enter Khomeinism as the supreme “evil.” And may the Lord bask in praise of the Wahhabi matrix of jihadism enablers; the House of Saud.

The Kissingerian recipe sounds like music to the US deep state; Daesh should not be routed, it should be “realigned” as a tool against Iran.

Who cares that the notion of an “Iranian radical empire” per se does not even qualify as a joke? Lebanon is multicultural. Syria will continue to be ruled by the secular Baath Party. Iraq rejects Khomeinism – with tremendously influential Ayatollah Sistani privileging the parliamentary system.

Clive RobinsonSeptember 5, 2017 7:41 AM

@ gordo,

In that regard, the outcome of the 2017 Special Counsel Investigation will be interesting to the degree of veracity by which it lays bare the authorities.

Don't hold your breath, the least unlikely explanation for the SCI is "kick it into the long grass", thus I expect it will get delayed in one way or another untill after President Trump is impeached, or the mid term election cycle is over.

Further whilst it will be very long on words, I very much doubt there will be meaning or testable facts included that will in any way be at odds to the story that has already been decided behind closed doors.

There is one thing I suspect that the Republicans and Democrats have on common, not just a desire but a real need to not just get rid of Trump but to do ot in a way that will disencorage any others from "rocking the boat" on their nice little cosy arangemrnt that gives the "Power with Perks".

The only real loser in the process will be democracy, which was detested by the Founding Fathers amongst many others. Basically a few believe that they and only thay are "the right stuff" to lead the USA from behind the curtain. The entrenched two party system alowes them the best opportunity to obtain their "divine right" to rule whilst having front men to take the fall for things they do wrong. A two party system knows that they will not just get their turn, but also that the other party will mainly keep it's mouth shut about the dirty dealings because both parties are just as guilty. A third or more parties destroys not just the cosy arangment but will also lift the curtain on those behind...

Something those who consider themselves "first amongst equals" of those with "Devine Right" do not under any circumstances want happening.

ab praeceptisSeptember 5, 2017 8:48 AM

Clive Robinson

"thought experiment" - well, yes and no. I don't think that ever more cores will be the major problem. many-of-something is usually *much* less complex than diversity (many-different-things). And indeed, not only matches that nicely with the indirect proportionality of complexity and safety/security but it can also be observed empirically.

The by far most important reason (I think) for hardware, particularly semiconductors, being the lesser problem is simply money. Unlike with software, where management might think that to build it is (incl. human) resource expensive but fixing "the occasional bug" is cheap (just a few developers), in hardware the equation doesn't work (or only in a very limited version). If your chip, say an ASIC, is f*cked up the customer doesn't pay and you'll have to go once more through a very expensive cycle - so they work far more carefully than in sw. And btw (you'll understand that, I bet *g) in hw there is a by far higher part of enigeers (real ones, ticking like engineers and not like hipsters and groupies).

"North-Korea" - I'm laughing a lot there. The us of a wants to start yet another war - while there is a serious potential of a civil war looming at home? Seriously? Good luck with that.

Plus: North-Korea is perfectly sane and correct. Having nuclear weapons, preferably ones that can reach the us of a mainland, is *the only* insurance against a wanton attack by the us of a. Kim, his forefathers, and his generals have understood that since decades and they have also seen how the us of a terrorized and robbed Iran for decades and were quite close to attacking more than once.

Finally a hint for those with some basic military understanding: Guess which region on this planet is the perfect spot (e.g. simple logistics, ... vs difficult, expensive, and vulnerable logistics,...) for a war somehow in one way or another involving Russia, China, and the us of a.
Iff Russia and/or China ever wished to bleed the us of a out, North-Korea would be about the ideal place.

My prognosis: the us of a will continue to make lots of noise and threats and flex its (increasingly questionable) "muscles" ... and nothing will happen while NK will smartly ever increase their provocations.
Why? Because showing the us of a as an aggressively barking but impotent wanna be *ex* superpower/hegemon is (particularly in term of human lives) the cheapest way to dethrone the us of a and to kick them to where they belong (regional power and that only iff the $ doesn't break down). At the same time, as elaborated above, should that not work, the us of a would have to fight a war at the worst imaginable place for it.

Clive RobinsonSeptember 5, 2017 9:41 AM

@ The usual suspects,

The conversation about PDF viewers above has brought another issue to light --again-- which is something the tech industry should be discusing (over and above the chats that @Nick P and myself have had over it).

If you read down this artical on a six year old DoS attack,

https://blog.fuzzing-project.org/59-Six-year-old-PDF-loop-bug-affects-most-major-implementations.html

You will see that it effects nearly all PDF viewers. You will also find the nub of the problem,

    It is remarkable that a bug that was discovered six years ago affected the majority of widely used PDF implementations. But it falls into a pattern of IT security: Very often discovering security issues means rediscovering old issues. In general this is a difficult problem to solve, as it touches complex questions about knowledge transfer.

Put more simply old mistakes are being reprated because new people are not learning from the "History" of ICTsec.

The classic one that @Nick P and I discussed was the reemergence of "MBR based Malware" Master Boot Record attacks were originally around back in the early 1980's and came out with DOS-2 [1]. Back when "sneeker net" was the way data and programs moved from PC to PC. That is via 5 1/4 inch floppy disks carried by hand. The Master Boor Record (MBR) was a prime target for malware writers back then as the code would get run at every hard or soft boot. The advent of computer networks kind of put MBR attacks into the "old school" catagory and rapidly became "ancient knowledge" and shortly there after effectively "lost knowledge" to most CS students and those comming into ICTsec.

But not all people have forgotton, and it would appear some are malware writers. As the recent petya attack shows the MBR attack is realy good for ransomware writers...

Thus the issue, we are in the main forgetting things in considerably less than one working life time. With the result it keeps comming back to bite us over and over again. As was once noted "Those who do not learn from history are condemed to relive it".

[1] The idea was that all bootable disks both floppy and hard had a "boot sector" at offset 0 that if it was "Volume Boot Record" (VBR) was read into memory then executed. As part of the DOS-2 was the ability to use 10Mbyte hard drives that could have upto four partitions thus it had a "Master Boot Record"(MBR) at the drive offset 0 that identifies the "Volume Boot Record "(VBR) for each partition --located at the partition offset 0-- and which one to use to boot from.

AlanS September 5, 2017 9:51 AM

@JG4

Thanks. Your Teddy Roosevelt link takes it back further. Very little of this history is discussed. It's as if the supposedly crazed Kim family were born out of the very hills of North Korea, a true virgin birth of pure evil, to inflict themselves on the population of North Korea, their innocent neighbors and the freedom-for-all-promoting US.

book_reviewSeptember 5, 2017 11:33 AM

More on North Korea

" ... NOAM CHOMSKY: I mean, this administration is extremely unpredictable. Trump probably has no idea what he’s going to do five minutes from now, so you can’t—literally—so you can’t really make predictions with much confidence. But I doubt it very much. The reason is very simple: An attack on North Korea would unleash—no matter what attack it is, even a nuclear attack, would unleash massive artillery bombardment of Seoul, which is the biggest city in South Korea, right near the border, which would wipe it out, including plenty of American troops. That doesn’t—I mean, I’m no technical expert, but as far as I can—as I read and can see, there’s no defense against that. Furthermore, North Korea could retaliate against American bases in the region, where there’s plenty of American soldiers and so on, also in Japan. They’d be devastated. North Korea would be finished. You know, so would much of the region. But if attacked, presumably, they would respond, very likely. In fact, the responses might be automatic. McMaster, at least, and Mattis understand this. How much influence they have, we don’t know. So I think an attack is unlikely.

But the real question is: Is there a way of dealing with the problem? ..."
https://www.democracynow.org/2017/4/26/chomsky_on_north_korea_iran_historical

Interview with Suki Kim, author of Without You, There is no Us
https://theintercept.com/2017/09/04/undercover-in-north-korea-all-paths-lead-to-catastrophe/

Clive RobinsonSeptember 5, 2017 12:25 PM

@ ab praeceptis,

"North-Korea" - I'm laughing a lot there. The us of a wants to start yet another war - while there is a serious potential of a civil war looming at home? Seriously?

I'm not sure the US is close to civil war again. If you look back to the 1960s and 70s they were closer to civil war then. And the likes of Allen Dulles's "Single Bullet Theory"[1] got put to the test a number of times and very nearly caused civil war.

It's worrying that the like of Donald Rumsfeld got serious advice from Allen Dulles, which could explain much that happed during the "G 'W' years". A similar idea heard from Allen's older brother John, was that nations need wars both economically and politically. The pair of them both saw to that, which is where we come back to the "War on Terrorism" and fairly likely a breaching of the ceasefire agreement beyween the North and South of Korea.

As for the use of nuclear weapons I do not think the north yet has more than the fingers on one hands worth of the rockets, let alone warheads.

Thus as a game of brinkmanship it's in North Koreas interests to keep it going. Where as for the US Administration the clock is most defiantly running against them...

[1] The Dulles brothers were a nasty pair at the best of times, but Allen in charge ofvthe nastier aspects of the CIA had a real psychopath theory. It was prior to the Kennedy assassination called "The single bullet theory" after the assassination the term was used to describe the supposed behaviour of the bullet that killed JFK. The idea Allen had was that modern history was predicated on single incidents of assasination, that is like a butterfly's wings starting a tornado a single bullet at the right target would change the world. It has a certain child like logic that fails the reality test. That is you can claim a single snow flake starts an avalanche, but the reality is the avalanche has reached a point where any action will cause it to start. So if for argument's sake the Beer Hall bullet that hit Hitler had killed him, the events that followed might not have jappened the way they did. Bit it is an odds on certainty that the social deprevation and resentment in German post WWI would have boiled over in one way or another. It might have been less harmfull it might have been more harmfull, different in details certainly but odds on something of similar effect would have happened.

Dirk PraetSeptember 5, 2017 12:54 PM

@ AlanS, @ Clive, @ Ergo Sum, @ JG4, @ Tyr

What is not mentioned as far as I can see is that both China and Russia have had input into the development of the North Korean weapons.

It goes without saying that both the Chinese and the Russians have either actively or passively helped the DPRK with their weapons programs. The Chinese don't want no US troops at their borders (or a massive and destabilizing influx of North-Korean refugees), and neither have the Russians ever been eager for the US to gain control over the entire Korean peninsula. The DPRK's endgame is simple: being recognized as a regional nuclear power, the end of all sanctions, the US out of South Korea and the reunification of the peninsula under the Kim dynasty. And however little leverage or friends they have, they are winning.

The present stand-off for all practical purposes is check and mate for the PNAC vision on US foreign policy in the region, unless the sore loser in anger not only tosses the board off the table but also smashes up the entire venue in the process. A scenario a guy like Steve Bannon actually foresaw and was actively pushing for.

Essentially, we can only hope that the generals surrounding current TWICOTUS (Tweeter in Chief of the United States) have more brains and less of a volatile temper than he does.

Gerard van VoorenSeptember 5, 2017 2:18 PM

@ Clive Robinson,

As for the use of nuclear weapons I do not think the north yet has more than the fingers on one hands worth of the rockets, let alone warheads.

I don't know. I don't. What I can guess however is that in NK a couple of bottles champaign have been popped after they felt the quake and in The White House a couple of vases got smashed, combined with some heavy cursing.

It's pretty clear that the NK now has the doomsday machine. They probably build the tension up to this on purpose and made use of the bigmouth in The White House. I agree with ab praeceptis here.

The thing is that the US is never too afraid to get involved in a war far, far away but a nuclear thread at their own town, in their own backyard, that's unthinkable.

So I think that this verbal war has been lost without firing a shot. I could be wrong however. So people on the west coast, please move. Your lives are in danger. (/s)

ab praeceptisSeptember 5, 2017 2:46 PM

Clive Robinson, Gerard van Vooren

I think that unlike, say, Russia or China, in the case of NK "nuclear weapon" is largely a psychological thing, and so is btw. the "nuclear".

Factually, to somehow bring into the us of a (which I consider easy) a sufficient amount of radioactive material for a dirty bomb would be all that's needed. And that needn't even be plutonium; pretty much every strong radiator would do.

The *real* barrier isn't ICMBs but the capability to get at, or even better produce, desirable kinds (for that purpose) of radioactive material in sufficient quantities. The real and probably most dangerous threat wrt ICMBs would be the capability to create a [n]emp (which btw. also means that targeting precision ("cep") is not a major concern.

As for what most people associate with nuclear missiles, namely immense destruction over a considerable area, I agree with those who think that NK is still quite some steps away from that capability, particularly when considering that 1 (or very few) nuclear ICBMs are a rather limited threat.

But again, NKs intention is almost certainly not to destroy, let alone to conquer the us of a but merely to have a credible and destructive enough response to any us-american attacks available to very considerably shift the cost/risk vs gain ratio (of the us of a) to deter the us of a from attacking NK.

Finally, I don't think that NK would target the us of a. I think, if push came to shove they'd rather attack japan and/or threaten SK enough to stand by idly when NK terminated the us of a troups in SK.

One thing seems crystal clear to me: the idiot is not kim but some us-americans who utterly fail to recognize that the us of a is an *ex* hegemon.
The question, seen from not only Russian and Chinese eyes is not whether the us of a can stay in power (No, it can't. Period) but rather how hard a beating the us of a will need to understand and to adapt itself to the new multipolar world order.
The new epicenters of power are Moscow and Peking. washington was invited to be a third and equal one (beginning with Putins speech in munich 2007) and has since again and again condemned itself to become but a regional power and possibly a broken one with a worthless us$ and a rather broken economy (I assume that to avoid the worst was trumps reason to feverishly try to rebuild the economy).
Looking at the news (or even just the presentation (in the us of a typically with some nicely dressed, clueless blabbering dolls)) I find again and again that the self-obsessed us of a is quickly becoming all but irrelevant. The really relevant news come from Moscow and Peking.

JG4September 5, 2017 3:00 PM


Elusive Majorana Particle Takes Major Step Towards Quantum Computing
https://spectrum.ieee.org/nanoclast/semiconductors/nanotechnology/elusive-majorana-particle-takes-major-step-towards-quantum-computing

2:00PM Water Cooler 9/5/2017
https://www.nakedcapitalism.com/2017/09/200pm-water-cooler-952017.html
Posted on September 5, 2017 by Lambert Strether
...

News of the Wired

...[these might be handy in deciding where to shelter]

The spectrum of probabilities (data):
https://github.com/zonination/perceptions

Perceptions of Propabilities
https://twitter.com/NinjaEconomics/status/903950634298204160/photo/1

Where’s “highly confident”?
http://www.nasdaq.com/investing/glossary/h/highly-confident-letter

“How to Be Passive Aggressive When Collaborating in Google Docs” [The Cooper Review]. I’m not sure all of these suggestions are passive…
http://thecooperreview.com/passive-aggressive-collaborating-in-google-docs/amp/


vas pupSeptember 5, 2017 4:14 PM

@The Evil Against America Ideals • September 2, 2017 12:13 PM

Dear Blogger, you did not get the rules of the game. Google expected your absolute loyalty (maybe in their twisted sense) for benefits they provided you which are exceptional in comparison with any other US business (small, medium, big).
Mark Twain used to say that you have many rights and wisdom not to use them.
You do have 1st amendment right for free speech, i.e. you could not be put in jail (hopefully as in former USSR)for using it, but affected by new developed tool called 'political correctness' your employer could fire you. As in old bitter joke: guy came to KGB and asked: Do I have a right? KGB: Yes, you do. Guy: Can I? KGB: You cannot.
I am really sorry for you being fired. But, good judgment come out experience. Experience come out of bad judgment.

tyrSeptember 5, 2017 5:17 PM


Sometimes re-framing makes things make
more sense.

http://www.locusmag.com/Perspectives/2017/09/cory-doctorow-demon-haunted-world/

Alchemists were isolated by the circumstance
of the society they lived in. They were
forced to use crypto for any communications
which doesn't lend itself to the free and
open dialog needed for peer review.

Weirdly enough the trigger for modern science
was when a catholic army was sent to subdue
an alchemical revolt and trigger the Thirty
Years War. One of the troops was a young bravo
named desCarte who had a dream in Ulm. An angel
told him the key to understanding was number
and measure. This as embarassing as Newtons
work in alchemy.

@Clive

There is nothing more frustrating than losing
the abilities of mobility we took for granted
over the years. I tossed the walker and cane
the medics assured me were necessary at the
first opportunity. It's too easy to accept the
well meaning advice from people with no skin
in the game.

I have seen the folks who followed their advice
slavishly and decided I want no part of that
pathway. Your mileage may vary but that's what
life is all about.

@Wael

You're gonna have to tell me in person if you
want belief not use the interNet to pretend
you're not on it. Zero as placeholder is the
best idea ever conceived in math.

Sancho_PSeptember 5, 2017 5:52 PM

@Clive Robinson, re two party system

”A third or more parties destroys not just the cosy arangment but will also lift the curtain on those behind...”
Um, I beg to differ here.
More parties do not make any difference, the kind of our parliamentary democracy is the flaw.
To rule those in power will always have to form a corruption, only that corruption with more than two parties is called a coalition. With, say, 38% a party can’t rule so they simply buy the rest of the seats. We are ruled by money, not by renowned experts.
Theoretically the less parties the better, because less people SHOULD be draining money - only it isn’t.
So we have despotism, corruption and coalition, but it’s all the same stuff,
they do as they like,
- because they can.

Clive RobinsonSeptember 5, 2017 6:14 PM

Greedy Ghosts in the Machines

Cory Doctrow has a piece on how corporations cheat and treat their customers as the enemy.

He raises a series of valid points against the corporate life-blood suckers, as well as making a few reasonable suggestions to deal with it,

http://www.locusmag.com/Perspectives/2017/09/cory-doctorow-demon-haunted-world/

I think I prefer the idea of death sentences for corporations, rather than the corporates prefered no-fault fines. Yup the death sentance would definitely be better than "regulation" that stops nothing. I would especially like it if it also involved making the officers of the companies unfit to hold any kind of office corporate or otherwise for geometrically increasing non reducable periods for each offence. Say 1,3,5,10,30,50 years all to run consecutively none of this concurrent nonsense. Further also for those who have suffered at corporate hands to be able to go after executive pension pots and the shareholders as well as company assets.

Only with such draconian behaviour will corporates clean up their act.

WaelSeptember 5, 2017 6:32 PM

@tyr,

locusmag

Fascinating article, as usual! Your article recommendations match your book recommendations, Sir! The linked article gives an interesting view on cheating and the various forms it takes. The piece about WanaCry was illuminating, too! So is the piece about software. And the rest of it.

Sometimes re-framing makes things make more sense.

What are you trying to say? :)

There is nothing more frustrating than losing the abilities of mobility

There are! How about losing eyesight? But since you used the plural form, you then included losing the ability to see.

You're gonna have to tell me in person if you...

Sometimes I get the feeling we already have! Have we met in Ulm in the past? If we haven't, then I would be honored. Who knows... it's a small world.

Regarding the 'Zero', yes, agreed! It's futile to debate who invented what. Everyone claims their ancestors invented every important thing.

Alchemists were...

Alchemists, who invented Zero... hmmm! Ask this guy (watch out - he's got a filthy mouth and some religious miss-information, too. No I won't elaborate, you have been cautioned!)

https://m.youtube.com/watch?v=0khcISM2FyM#

Clive RobinsonSeptember 5, 2017 6:54 PM

@ tyr,

You beat me to the Cory Doctrow article, so you get the claim to fame on it :-)

As for,

I tossed the walker and cane the medics assured me were necessary at the first opportunity.

My problem is damage to the spine and major weight bearing joints in the legs, due to various activities whilst wearing the green.

At one point I was poping pain killers faster than the fat kid next door eats smarties. Which not just gave me visual and auditory halucinations they also gave me real issues with my blood. And all I was getting was less mobile as I lost control of my legs due to problems with trapped/crushed nerves. Whilst physio helped a little the doctors had passed me onto the surgeons who were talking operations (that we now know do not work). What saved me was tearing the ACLs in a knee and I ended up on crutches. The back pain decreesed dramatically, the loss of sensation and control as well as the numbness also receded. Thus I weaned myself off the pain killers, sleep meds and anti depressents. Yes there have been down sides like rotor cuff injuries and bursitis but atleast I am getting around well enough not to be dependent on other people. I still have trouble standing / sitting / laying down and thus sleep, but it's managable without medication. So I get to keep my sanity for a while longer yet, which is good as far as I am concerned. So whilst I miss cycling 100miles a day or walking/running 20miles a day and a good nights sleep a lot I'm still independent which I was rapidly loosing before the crutches.

Mind you there is a funny side, my upper body strength has got to the point where I can lift myself to standing up without using my legs. It sure gets supprised look from people on public transport, when an old fart like me appears to be able to swing from the ceiling straps like a young orangutan. Oh and nurses and doctors on my all to frequent visits to hospital, apparently patients are not supposed to move across beds like they are vaulting horses.

Huey PilotSeptember 5, 2017 7:08 PM


@JG4 - I agree with most of your assertions and line of reasoning, But instead of focusing upon the negative in humanity, can we focus upon the positive occasionally?

Despite all the crossed purposes, wars, psychopathy and corruption throughout history ..., much of humanity has managed to climb out of the jungle/desert/mountains, and into modernity. I am reading a book about the collapse of ~1177 BC, but the book is filled with examinations of various ancient cultures of Minoans, Mycenaeans, Hittite, Phoenicians... They existed somewhat in isolation for thousands of years, in an ideal laboratory examination on the good and bad in humanity. They contributed everything from our 60 second time base to the notion of mythical flood/fire and rebirth. And much of their history and timeline is now reconstructed from discovery and translation of their buried remnants over the last ~ 100 years. Theses detailed experiments (archival records) in human culture, and the extensive documentation now available for what worked and didn't work, were entirely unknown and unavailable to the framers of our Constitution. As far as they knew, human history started with the Greeks and the Hebrew books. Let that sink in - we now have multiple examples of large human populations with stable cultures, which existed for several thousand years, through famine and flood, war and climate change, good and evil rulers etc. No culture today exists in anywhere near such isolation, so I suggest this is a vital record to aid our understanding of human civilization.

We need to identify the dominant shaping factors in society, because there are too many things going on for us to consider them all. And those dominant trends are not all negative. This nation had a federal Constitution, that was shaped by normal men, and developed under traumatic conditions. The circumstances were somewhat unique. But a lot of good came out of it. It is too bad we no longer adhere to much of it, for those men of long ago knew much of what is ailing us today and tried to prevent it. They did well to delay it greatly with their documents design. I am sure the enticement of a vast array of natural resources, somewhat free for the taking, lured many of the would be psychopaths normally drawn to political domination, away from that field and into Indian/land/railroad/coal/steel/oil/... domination/power/control methods.

So instead of dwelling upon the negative as much of the doom porn is prone to, I suggest we hold both the negative and positive up for examination, and thereby better direct our own affairs, and the affairs of our fellow man. Perhaps in doing so, we might just favorably effect our own outlook on life, and in so doing make for a more pleasant and productive time while we are here.

RatioSeptember 5, 2017 9:28 PM

@Wael,

That's because آخن, imho, has no meaning in the 12.5 million Arabic words.

Like الإسكندرية or بغداد or ليبيا or any of the ستان or …?

آخن means the place we were talking about.

[The ٍ  in خٍ causes nunation.] You should know a lot more than that!

Why, yes. Hence the question.

[...] Abjad numerals [...]

One @pup socket thought about using one of those, but wondered which one. I said I have a hunch regarding original ك, but I ain't telling. He couldn't handle that, so I finally pupped that socker.

The "Zero", however, is Arabic -- not Indian. The internet will tell you the opposite of what I said. Who are gonna believe: the internet or me?

The evidence.

IIRC, Mayans be like: "what took you so long?"

(Tribalism is silly, IMHO.)

WaelSeptember 6, 2017 12:21 AM

@vas pup,

good judgment come out experience. Experience come out of bad judgment.

I like that! Only for people who learn from (their own or other's) mistakes.

Bad judgement -> Experience -> good judgement

AndrewSeptember 6, 2017 1:21 AM

@ab praeceptis
"The *real* barrier isn't ICMBs but the capability to get at, or even better produce, desirable kinds (for that purpose) of radioactive material in sufficient quantities. "
Yes, this seems to be the problem, or even worse the ability to do "dirty" things that could affect everybody. Maybe if Russia and China guarantee that US won't invade him, he will stop. But nobody seems interested in negotiations, everybody enjoy the show while US are using the old wrong pressure way. Military drills on his doors and the perspective to have a stick in his ass like Ghadafi are the last things to make him stop. These are obviously tactical mistakes and the worst approach, these practically buy him time. More family members make him more responsible and even more scared. I just wonder what would be next...

RachelSeptember 6, 2017 1:21 AM

Everyone discussing NK
JG4's naked capitalism link has a bunch of great articles on the subject.One is 'What the media isn't telling you about NK missle launch' at Counterpunch.
It states that huge numbers of US andregional allied forces have been conducting aggressive simulations and tactics right on the NK border over the last few weeks. Extremely threatening behaviour. Culminating in planes dropping dummy loads actually in NK. The missle launch came at the end of the war games & was an extremely rational 'back off! what do you think you're doing ' The article is amazed there is no mention of this in the media and demonstrates a radical shift on the popular narrative. My apologies for being unable to link from here.

Clive RobinsonSeptember 6, 2017 2:43 AM

@ Rachel,

It states that huge numbers of US and regional allied forces have been conducting aggressive simulations and tactics right on the NK border over the last few weeks.

Are you saying that the US MSM has not reported this?

There has been film shown in the UK of US planes dropping practice bombs in contested areas. Likewise RT has mentioned it and the various "South Asia" MSM have been giving it coverage as well.

I kind of assumed it was to well reported to be kept a secret in the US...

RachelSeptember 6, 2017 3:25 AM

Clive
It would be good if you can read the article I referred to. I think you'll find it doesn't insult your intelligence. It is text only. I revisited now to try and offer further description for you but its too much for a third party. It seems to state yes there was passing reference to the war games but the president and MSM are all responding to the missile launch with comments and claims that would pretend the (quite threatening) simulated attacks never occurred. The narrative is being heavily shamelessly manipulated
The naked capitalism link has an article right below with instructions to 'read this together with the couterpunch article'. Its a NY Times headlined ' Why we're all baffled by the missle launch and the motives of NK' !

ab praeceptisSeptember 6, 2017 4:28 AM

Andrew

Indeed. In fact, the current clearly aggressive and flatly demanding obedience approach *confirms and enhances* the North-Koreans stance.

Let us for a moment return to ICBMs. In the case of Russia and China they are basically the assertion (towards the us of) "If you attack us in any way we are capable, in a way that is unstoppable for you, to utterly destroy a major part of your country and infrastructure. After such a war maybe us but certainly you will be thrown back into the dark ages".
The next (lower) level is countries like uk, fr, israel. Their nuclear capabilities come down to saying "If you attack us, we won't (be capable to completely to) annihilate your country but the price you will pay will be high enough and the pain big enough that nothing you hope to gain by attacking us is worth it"
Only then come countries like NK whose deterrent basically comes down to a much weaker version of the above. They can inflict pain on an attacker, considerable pain but, that's important to understand, those countries play on a completely different level as, unlike those above, they have no global oder super-regional interests. Unlike, say france, which still is playing, albeit a small role, on the global stage and which still has de-facto colonies, all NK wants is to be left alone; insofar as its interests go beyond their own borders they are regional. If the us of weren't the global terrorist, having killed millions and millions i.a. in Korea, NK would have never even have thought about nuclear deterrents.

But there is more. Just look at how the western media in a coordinated fashion it seems smear Kim as evil dictator and as weird idiot while at the same time terrorizing NK since decades in pretty every conceivable way.

Finally, there is the question whether Kim, even if he could, would attack the us of a. I don't think so. The risk/cost vs gain ration would be utterly poor. But he doesn't need to; attacking us of a bases in SK and japan would do *immense* dammage to the us of a (e.g. tens and tens of thousands of us-american troups), at the same time it would free japan of what the us troups really do, namely of occupation and humiliation and most importantly it would all but destroy the us of a's basis in and hence control over and blackmailing potential against the whole region.

Anyway, that whole issue is rather moot as the premise has changed. The us of a isn't the hegemon anymore and if they don't come to reason and rather soon they might not even stay a regional power or even a country (in its current form) any more. Well noted, I do not wish anything bad to the us-american *people* but if they don't get their act together, which i.a. and importantly means to clear deep state and swamp they won't have a nice future.

JG4September 6, 2017 6:49 AM


No rant today. I may be able to get the Air Force perspective on the North Korea genocide. It wasn't discussed in training in 1952 and 1953, but the air war in Europe and Japan were hot topics then. As were planning exercises for bombing raids.

Links 9/6/17
https://www.nakedcapitalism.com/2017/09/links-9617.html
Posted on September 6, 2017 by Jerri-Lynn Scofield

[with the right safeguards, it would be a good idea. we are light-years from acceptable safeguards]

Your face may become your iPhone password WaPo

[I am rabid about the sale of "data" which is secret code for "attack surface"]

Why laptops don’t belong in the classroom Treehugger

[I try not to be the one who goes off-topic, but I am happy to follow]

HALLELUJAH! A BRIEF HISTORY OF BOMBING PEOPLE Granta

[factually incorrect, because two people also died at Los Alamos from tickling the dragon's tail. rumor has it that the Idaho "accident" was a payback for adultery and that the two decedents were the perpetrator and the victim. the explosion was a steam pressure transient, from a reactor transient, that speared the alleged perpetrator through with a control rod, pinning him to the ceiling. the burst of radiation took care of the other decedent, but the steam may have escaped containment, which would qualify as an explosion. this past weekend, I hammered out a brief history of the nuclear timeline with emphasis on the little-known Japanese program, how much sitting on thumbs was practiced between 1935 and 1941, and the little-known assistance to the Soviet nuclear program during the war.]

Atomic City Longreads. The deck: “On January 3, 1961, a nuclear reactor the size of a small grain silo exploded in the Idaho desert, causing the only recorded nuclear fatalities on U.S. soil.”

...[I like the vision topic, but I didn't start the tangent]

Superhuman ‘night’ vision during the total eclipse? Research offers a biological explanation Phis.org (Chuck L)

...[communications security]

Big Brother IS Watching You Watch

Europe rights court restricts employer ability to monitor employee communication Jurist

...[geopolitics]

Imperial Collapse Watch

The real BRICS bombshell Asia Times. Pepe Escobar. The deck: “Putin reveals ‘fair multipolar world’ concept in which oil contracts could bypass the US dollar and be traded with oil, yuan and gold.”

India, China dump old ideologies: With a weak US, Asian neighbours focus on new geopolitical concerns Firstpost

...

India

...[I include these because of the link between cryptography and various forms of digital payment. tip: if their lips are moving, they are lying]

Seven Little Lies the Government is Still Peddling About Demonetisation The Wire

book_reviewSeptember 6, 2017 10:24 AM

Offers to surrender or negotiate that may not have gotten much press attention or time in the mainstream media (MSM)

"Did you know that shortly after the U.S. invaded Afghanistan, the Taliban tried to surrender?"
https://theintercept.co/2017/08/22/afghanistan-donald-trump-taliban-surrender-here-we-are/

https://theintercept.com/2017/09/05/north-korea-says-it-might-negotiate-on-nuclear-weapons-but-the-washington-post-isnt-reporting-that/

What's (logic perhaps?) or who is skeptical or fighting back against the U.S.'s proclivity to escalate perpetual wars or to start new wars? Trump? Military? Industry, Congress, Intelligence? Press? Back Channels? ...
Alternatively, what actors in and outside the U.S. are fighting hardest for new or escalated wars? Perhaps on a case-by-case basis ...

Nick PSeptember 6, 2017 10:46 AM

@ Clive Robinson

Eventually, they'll learn to do Attacks in Depth where they modify main firmware, peripheral firmware, bootloader, and main OS. The system keeps getting reinfected. If it's polymorphic, then just trying to fix the system will cost more than buying a new one. While valuable data might justify the expense, the default advice to anyone that had it backed up would be to just buy a new machine. That's without bricking the machine itself: just making it not worth fixing.

Far as ransomware, I'd look into using the trusted boot tech of the PC's to lock the boot process to malware. The idea being they couldn't reinstall the OS. I'm not sure if it's feasible but always worth seeing if a DRM tool (Lock-in) can be used to Lock Out.

@ All

This submission, Dhall, is for people that like better configuration languages and/or people interested in non-Turing-Complete languages. It uses the latter to do the former robustly with safety and termination.

MarkHSeptember 6, 2017 12:25 PM

.

Press Reports Dangerous Attacks Against Electric Power Systems

I haven't yet seen anything about this on schneier.com ...

Articles on ZDNet and Wired describe concerted attacks on energy-firm computer systems starting with the usual email phishing, tricking people in loading sham software updates, and the like.

The accounts of the two articles are similar, but the Wired article makes the stronger claim that the attackers established sufficient access to control power system plant equipment.
________________________________________

Before the term cyberwarfare was coined, there was already much discussion and anxiety about the severe magnitude of disruption that could be achieved by sabotage of civilian electricity systems.

If this reporting is correct, one or more organizations may have already achieved the capability to mount such sabotage at will, though it was not (yet) carried out in these newly reported attacks.
________________________________________

Those who follow security matters will be well aware that in recent years, cyber sabotage against power systems in Ukraine resulted in large-scale temporary outages.

MarkHSeptember 6, 2017 12:38 PM

@Clive:

I'm sad to learn of your difficulties getting about, and hope that things may get better for you ... or at the very least, hold steady.

As I've mentioned before, I've worked out over the years that you and I are probably very nearly contemporaries. Whilst I'm not yet officially a geezer, I acutely feel every one of my years.

It's said that Time is a great teacher ... who unfortunately kills all of his pupils.

MarkHSeptember 6, 2017 1:08 PM

As a follow-up on attacks against electric power systems:

Computer security is only tangential to my work, and I claim no broad knowledge of the general state of real-world security practices.

But I do have some anecdotes from my work life.
__________________________________________

1. Telephone Operating Companies

I've dealt with at least two major telephone system firms, which operate their own WANs for the systems that keep things running.

Although the separation is not absolute, they have exceedingly strict rules to keep these operational networks isolated from public networks. Where the operational networks must connect to the "outside world," they do so via tightly controlled bridge systems.

It seems to me that in these companies, taking over a Windows PC on somebody's desk would not give sufficient access to remotely take over their operational systems. In essence, there's an air gap.

I hope that electric utilities not already following such practices are getting their wake-up call!
__________________________________________

2. US Military Base

Not long ago, I wanted to get a document to a liaison officer by the quickest available method.

When I tried sending as an email attachment, the officer told me his email did not permit him to open any attachments.

So I ftp'd the document onto an internet server, and sent him a link. He told me could only access a very restricted set of domains.

It seems to me that these kinds of precautions would frustrate the attack vectors used against electric utilities.

By the way, the military base in question has no operational capability. The activities there are purely administrative.
__________________________________________

3. Sensitive US Military Facility

My company proposed using USB "thumb" drives as a way of collecting records of equipment testing as a way to document that the testing had been successfully conducted.

This was accepted, inasmuch as the test equipment in question was portable and the USB transfer could take place off-premises.

We were informed, however, that use of such USB drives was absolutely forbidden inside the operational facility.

Note: A compromise to the test equipment itself would have no impact on the sensitive operational systems.
__________________________________________

As regular visitors to Schneier well know, closing every possible "hole" is a hopeless task.

Even so, there are stupid-simple precautions like those I have described above, which can greatly increase the cost of attacks, and reduce their feasibility.

In the case of electric utilities, this is a completely sensible area for government regulation, to establish some minimum standards for operational security practices.

Clive RobinsonSeptember 6, 2017 1:37 PM

@ MarkH,

Thanks for the thoughts, technically Im not an old codgger/geezer yet but my son things I'm close enough to call me one. Which probably also means @Bruce is probably old enough to be an honorary "old geezer" ;-)

With regards,

I haven't yet seen anything about this on schneier.com ...

It will probably show up in a few days once @Bruce has had the chance to dig into it a bit.

This blog by the way was the first to give warnings about the problems with acountant driven technical decisions that gave rise to the lunacy of connecting SCADA systems to the Internet...

That was a decade or so ago, our host at first did not believe that people would be that daft. But we are still seeing it happen even now. It might not be a direct connection but that makes naff all differrnce with modern malware.

Curious9September 6, 2017 4:00 PM

Where are Curious and Skeptical?

Is one main reason that Amazon bought Whole Foods to obtain photos/video related to customer purchases?

RatioSeptember 6, 2017 6:12 PM

Syrian regime dropped sarin on rebel-held town in April, UN confirms:

In the most conclusive findings to date from investigations into chemical weapons attacks during the [Syria's civil war], the UN commission of inquiry on Syria said a government warplane dropped sarin on Khan Sheikhun in April, killing more than 80 civilians.

[...]

In all, UN investigators said they had documented 33 chemical weapons attacks to date. Twenty-seven were by forces of the government of the Syrian president, Bashar al-Assad, including seven between 1 March and 7 July. Perpetrators had not been identified yet in six early attacks, they said.

RatioSeptember 6, 2017 7:45 PM

More on the use of chemical weapons in Syria from the Report of the Independent International Commission of Inquiry on the Syrian Arab Republic (A/HRC/36/55), based on investigations conducted from 1 March 2017 to 7 July 2017:

72.​ The gravest allegation of the use of chemical weapons by Syrian forces during the reporting period was in Khan Shaykhun. In the early morning of 4 April, public reports emerged that air strikes had released sarin in the town. Dozens of civilians were reported killed and hundreds more injured. Russian and Syrian officials denied that Syrian forces had used chemical weapons, explaining that air strikes conducted by Syrian forces at 11.30 a.m. that day had struck a terrorist chemical weapons depot.

73.​ To establish the facts surrounding these allegations, the Commission sent a note verbale on 7 April to the Permanent Representative of the Syrian Arab Republic to the United Nations Office at Geneva and specialized institutions in Switzerland requesting information from the Government. At the time of writing, no response has been received. The Commission conducted 43 interviews with eyewitnesses, victims, first responders and medical workers. It also collected satellite imagery, photographs of bomb remnants, early warning reports and videos of the area allegedly affected by the air strikes. The Commission also took into account the findings of the Organisation for the Prohibition of Chemical Weapons report on the results of its fact-finding mission. Below is a summary of the Commission’s findings, elaborated in full in annex II.

74.​ Interviewees and early warning reports indicate that a Sukhoi 22 (Su-22) aircraft conducted four air strikes in Khan Shaykhun at around 6.45 a.m. Only Syrian forces operate such aircraft. The Commission identified three conventional bombs, likely OFAB-100-120, and one chemical bomb. Eyewitnesses recalled that the latter bomb made less noise and produced less smoke than the others. Photographs of weapon remnants depict a chemical aerial bomb of a type manufactured in the former Soviet Union.

75.​ The chemical bomb killed at least 83 persons, including 28 children and 23 women, and injured another 293 persons, including 103 children. On the basis of samples obtained during autopsies and from individuals undergoing treatment in a neighbouring country, those who undertook the fact-finding mission of the Organisation for the Prohibition of Chemical Weapons concluded that the victims had been exposed to sarin or a sarin-like substance. The extensive information independently collected by the Commission on symptoms suffered by victims is consistent with sarin exposure.

76.​ Interviewees denied the presence of a weapons depot near the impact point of the chemical bomb. The Commission notes that it is extremely unlikely that an air strike would release sarin potentially stored inside such a structure in amounts sufficient to explain the number of casualties recorded. First, if such a depot had been destroyed by an air strike, the explosion would have burnt off most of the agent inside the building or forced it into the rubble where it would have been absorbed, rather than released in significant amounts into the atmosphere. Second, the facility would still be heavily contaminated today, for which there is no evidence. Third, the scenario suggested by Russian and Syrian officials does not explain the timing of the appearance of victims — hours before the time Russian and Syrian officials gave for the strike.

(Full details on Khan Shaykhun are in Annex II of the report.)

Clive RobinsonSeptember 7, 2017 3:20 AM

More Linux "systemd" woes

As some here are aware *nix systems had two slightly conflicting ways to boot/shutdown. They both had not just worked well but MOST importantly RELIABLY, and with relatively easy ways of diagnosing problems caused by specific scripts.

However both processes did not have a bells and whistles interface in kindergarten colours and point and click simplicity. Thus a bunch of idiots put around the rumour that this was hindering user uptake of Linux (it was not). So another group of idiots jumped on this with the "One true way" myth to come up with an entirely new way of doing what the RELIABLE systems did.

Now as some know there is an old saying about "Don't throw the baby out with the bathwater" which translates in real engineering terms to "proceed incrementally from one state to another testing thoroughly as you go".

Now I'm kind of known for the fact I like neither needless complexity which "bells whistles and point and click" give nor do I like "code cutters" that shun the idea that engineering practices are a sensible way to build systems, especially those that demand RELIABILITY.

So a committee of UI code cutters got together and flopped around like a beached whale trying to please every idiot in the name of "collaboration" and came up with what the midden we now call systemd.

Unsprisingly there has been a price to pay for that oh so superficial "ease of use". And that "Elephant in the room" has left steaming great piles of it everywhere.

This is but one of many,

https://utcc.utoronto.ca/~cks/space/blog/linux/SystemdUbuntuRebootFailure

Oh and there is another old saying that unlike the code cutters has stood the test of time "If it aint broke, don't fix it". Especially if what you replace it with is broken way worse than what was working well.

Clive RobinsonSeptember 7, 2017 4:19 AM

Would you believe it?

News from Southend on sea UK, a woman survived with minor injuries when the ford focus car she was in blew up. The exolosion caused by a build up of fumes from an "air freshener" and cigarette blew off the doors and roof of the car.

There is a picture and further details,

http://www.echo-news.co.uk/news/15518313.Person_in_hospital_after__explosion__in_car_park/

We have a newish saying in the UK of "Only in Essex" or "Only in TOWIE" derived from a "reality TV show" called "The Only Way Is Essex". Southend just happens to be the nearest "holiday Sea-side town" to London and it's in Essex...

Clive RobinsonSeptember 7, 2017 5:09 AM

FTC tickles Lenovo's wrist

Just over two and a half years ago the hot security news was Lenovo putting ad MITMware on their consumer laptops etc.

The software from "" caused a lot of anger at the time and Lenovo "Did a reverse ferret" for a short time.

Well it got taken to court by the FTC and to be honest Lenovo did not even get a slap on the wrist, infact barely a tickle all things considered.

From the FTC anouncment,

    As part of the settlement with the FTC, Lenovo is prohibited from misrepresenting any features of software preloaded on laptops that will inject advertising into consumers' Internet browsing sessions or transmit sensitive consumer information to third parties. The company must also get consumers’ affirmative consent before pre-installing this type of software

Anyone else spot the "barn door" left open in that (ie diff between preloaded and pre-installing and how the industry hides things in "click through" or overly complex EULA's with "hidden clauses").

Anyway you can read more at,

https://arstechnica.com/tech-policy/2017/09/ftc-slaps-lenovo-on-the-wrist-for-selling-computers-with-secret-adware/

Clive RobinsonSeptember 7, 2017 5:58 AM

Whilst much interest is given to "Post-Quantum Cryptography" these days, it's far from certain it will have any "real world" value any time soon.

What will however have "real world" value right here and now is a way to use encrypted data on cloud servers without having to give up the secret key, thus the data to the "Cloud Provider" or any SigInt Agencies or Cyber-crooks for them to profit by. It's been known for about a third of a century that it should be possible to do computations on encrypted data without decrypting it[1]. Called "Homomorphic Encryption" (HE) it proved elusive to find a Turing Compleate system.

In 2009 Craig Gentry published the first "Fully Homomorphic Encryption" (FHE) scheme. That allows any computable function to be performed on encrypted data. Whist Gentry's system works it's not realy "real-world" ready for various reasons, so the search is still on.

A PDF of the first draft "for comments" survey of the field paper, from Abbas Acar, Hidayet Aksu, A. Selcuk Uluagac, Mauro Cont can be downloaded from

https://arxiv.org/pdf/1704.03578

It's 33 pages,explains Homomorphic Encryption and gives a survey of the current state of the art. Importantly a little over six pages of it are refrences that you can chase down for further details etc.

[1] Perhaps the simplest and oldest example of this is "(X+E+K)mod N" function when used with a stream cipher. It allows limited addition or subtraction of signed ints (X) to an encrypted value (E) without having to reveal the value of the key (K) int.

JG4September 7, 2017 6:59 AM


I saw this in the news a few days ago, but it took me a while to connect the dots:

Confederate submarine crew killed by their own weapon:
A powerful shockwave from the H.L. Hunley's own weapon killed the crew of the Confederate combat submarine as it sunk a Union ship.
https://www.sciencedaily.com/releases/2017/08/170823140703.htm

It is a larger scale example of Clive's link with the automobile fuel-vapor pressure-pulse cascading failure. Submarines are a beautiful microcosm of the human security picture, besides being one leg of the triad. The article addresses an early failure in securing weapon systems, which have been a regularly recurring source of catastrophic accidents. Fitting for the US where a lot of mostly poor people die from bullet poisoning. What escaped me during my "cold dead hands" phase was the cultural and epigenetic factors. The predisposition to violence in groups of people who live at the edge of survival is very different from the formerly sheltered middle class, and for good reason. At some point, we should examine the Forrestal catastrophe. As in most accidents, it is a thinning of several margins that leads to a sequence of cascading failures. It takes time and accidents to work out the best practices that lead to reliable success. I was able to put together a short list from memory. I'm sure that I missed some critical systems that apply to submarines, but this is a good start:

air/water/food/sewage management
energy/battery/fuel management
nuclear/biological/chemical management
location/acoustic/magnetic side-channel management
communication/computer/navigation management
weapons/propellants/trigger management
entertainment/political/satisfaction management

I probably missed a few, but you could write books on these topics and most or all of them are managed by computer, probably with manual over-ride and a crew well seasoned. No doubt a lot of that fits into intersecting OODA loops. You'd like the infrastructure on land at even better quality levels, seeing how most of us have skin in that game. On a submarine it is a whole different level of skin in the game. When the hull fails at depth, the implosion of the air heats it to incandescence, but that is the least of your problems.

One of my friends was in the early days of the Cold War when submarines were much cruder. You had to pressurize the sewage tank to blow it overboard. It would be exceedingly bad luck to open the valve from the crapper to the tank, which normally would be under vacuum, while it was at pressure. The crew had a robust signaling mechanism to avoid the potential accident, but it was less obvious to visitors. The rest they say, is history. I'm not sure what the appropriate pun is, but 5h1tty mess springs to mind.

Speaking of history, the Run Silent, Run Deep series was my first exposure to what I call the generalized case of system identification. The US had an appalling rate of quality defects in torpedoes in WWII. The submarine captain had to put the crew directly in harms way to get a shot at a destroyer escort, only to see three duds from a broadside volley. The sharper knives in the drawer would find a deserted cliff and do a quality assessment on a half dozen torpedoes from every new batch when they came out of port. A lesson learned the hard way. Using the derived figure of merit, often around 50%, they could decide how many fish needed to swim per target. The Naval Academy produced some brilliant authors, none more so than Heinlein and Beach III. In The Wreck of the Memphis, we can see a series of cascading failures that are instructive. A lot of sailors lost all of their skin in that game.

Thanks to the folks who posted Cory Doctorow's article/post/rant. In topology and weaving, every time that the shuttle crosses the loom, there is one deeper level in the knot structure of your whole cloth. So it is every time you bring a tainted device into your sphere. Every new consumer device brings an unknown and potentially large set of attack surfaces into your space. Other countries don't like to see blobs with flattened statistics crossing their borders, because those also contain unknowns.

@Dirk and Rachel - a "good" story of reading people. either they found the one clean FBI agent in the world, or this puff piece is disinformation aimed at polishing a turd. still an interesting story worth a few minutes.

http://www.bbc.com/travel/story/20160210-the-man-who-could-stop-planes
...
“No, no,” he answered earnestly, smiling. “I just thought you looked like a fellow American in need of assistance. But you’re not American after all, are you. You must’ve lived there quite a while now, although you weren’t born there. New Zealand, right? You fooled me, I had you pegged for American.”
I was shocked. He had not seen my passport, nor was I wearing running shoes, a baseball cap, a collegiate sweatshirt or any other dead giveaways of Americanism. He was correct – and he had gleaned all this from the few words I had spoken. I suddenly felt exposed and defensive.

another asset-stripping of the poor

http://timesofindia.indiatimes.com/business/india-business/i-left-because-there-was-no-offer-on-the-table-from-the-govt-raghuram-rajan/articleshow/60341824.cms
...
In the book you've clarified your stand on demonetisation which you conveyed to the government orally. Your stand was that the economic costs would outweigh the benefits. Now that this week's RBI report has revealed that 99% of banned notes are back in the system, what is your reaction?

@book_review - Another under-reported fact was that some government offered Bin Laden to the US as a prisoner. Can't recall if it was Pakistan or Afghanistan, but those are the two most obvious. It could have been Indonesia or Malaysia. If I were looking at a 20% rake on $3.7T, I probably would have passed too.

@Clive - Sorry to hear about your mobility/health problems. In time, it will be possible to repair that kind of damage, if you can hang on that long. Lest anyone think that I bear the past hate of the Irish, it is clear to me that the human rights abuses would have been no different if it had been the Irish with the money and power. The Troubles were just another tragic microscosm of the human condition at what might be called medium scale, and a blank canvas for psychopaths on both sides of the conflict. BTW, Michael Collins is a good movie, where the final betrayal against the man who navigated a best-case outcome was a bullet in the head from his own countrymen. It doesn't get any more realistic than that, because it has happened again and again, the world over. Small scale is families and tribes. Medium scale is city-states and small countries. Large scale is the US, Europe, China, India, Russia and Brazil. We could coin the term fuel gas security for your car link. Unfortunately, there is no such thing as idiot security. I think that I posted a link to a house that was blown to splinters with the suggestion that every house have an automatic gas shutoff valve tied to a leak detection system. Not surprisingly, the gas company quickly went silent on the topic just as in 2006. There is another meaning of System D, which is the informal economy or so-called gray market.

@Ratio - Thanks for the link about chemical weapons in Syria. I was pretty convinced that it wasn't the Syrian government, just on the basis of conflict of interest analysis. Could the UN have folded to US pressure? We might guess that No Such Agency have all of the goods on all of them. Also thanks for the link to John le Carré’s work. I spotted two errors, amongst a lot of interesting history and good tradecraft.

https://www.nytimes.com/2017/09/06/books/review/john-le-carre-a-legacy-of-spies-an-excerpt.html
...[mistake 1 - many of them are more emotionally detached and perhaps many others are more emotionally involved than average]
A professional intelligence officer is no more immune to human feelings than the rest of mankind
...[mistake 2 - he forgot his Israeli interrogation pills]
caused his share of mayhem and died a gruesome death in Rennes prison at the hands of the Gestapo

In case anyone wanted to see two more nuclear security stories, these are the ones that I referenced yesterday:

https://en.wikipedia.org/wiki/Louis_Slotin
https://en.wikipedia.org/wiki/Harry_Daghlian

They were doing system identification of the critical parameters, no pun intended. Nothing has done more on the planet to engender the need for careful thinking about security than the nuclear enterprise, such as it is.

on to the daily news

Links 9/7/17
https://www.nakedcapitalism.com/2017/09/links-9717.html
Posted on September 7, 2017 by Jerri-Lynn Scofield

[you could think of this as visual systems analysis. we assess fitness for purpose using our own frame of reference rather than their frame of reference. similar mistakes often are made by males and females interacting on your planet. reading people is a subset of this that uses much more subtle clues]

Meet the fleshy-nosed swimming monkeys of Borneo Look at that schnozz! What an ugly monkey.

[system identification via chemical sensor system]

What I Learned from Competitive Blind Wine Tasting at Oxford Vice

[chemical security]

Plastic particles found in most tap water samples across the globe Treehugger

[tech company tie-in]

Facebook accused of fake audience numbers MarketWatch

...

Health Care

[large data, false signals]

IBM pitched its Watson supercomputer as a revolution in cancer care. It’s nowhere close Stat

[geopolitics, scaling laws for systemic security, intrinsic food security risk the further population is beyond local carry capacity. we could define local as how far you can walk to forage, in the event of a fossil fuel failure. they're made out of tasty meat]

Return of the city-state Aeon

Class Warfare

[chemical signaling to alter system behavior]

Want to understand how big pharma created the opioid epidemic? Read this report. Vox

...[the main reason that I left the imperial forces, other than being a chronic discpline problem, was the smoke and unhealthy food]

Imperial Collapse Watch

[health security]

The Slow Poisoning of Our Soldiers, Families on U.S. Bases American Conservative

[national security]

Navy Ships Suffered From Shoddy Maintenance, Overworked Sailors Bloomberg

[surveillance]

Big Brother IS Watching You Watch

Leaked document: EU Presidency calls for massive internet filtering EDRi

...

India

[digital money isn't ready yet]

Did Raghuram Rajan know that monetisation was coming? Here’s his answer Scroll.in

[they don't like it when the signals are correct. easy to eliminate the origin of the disliked signals. physical security]

Indian editor’s assassination sparks nationwide protests Asia Times

...[one of the bigger existential security questions is how to manage nuclear weapons and nuclear power. trust scales at a different rate than money, power and destructive capacity. with apologies to Jefferson, Madison, Mason or whoever came closest to "bind down your psychopaths with the chains of the Constitution"]

North Korea

Why North Korea’s nuclear test may not be all bad SCMP

North Korea crisis: US seeks Kim Jong-un asset freeze BBC

How To Win A Nuclear Standoff FiveThirtyEight

WaelSeptember 7, 2017 7:16 AM

@Clive Robinson,

Systemd spawns erotica

You know, $2.99 is a damn seductive price, but the computer is already turned on. It doesn't need no Erotic Science Fiction! Still, at 44 pages, one can have it licked in no time.

Gonna pass on it. The book collection I have is too large.

WaelSeptember 7, 2017 7:44 AM

@JG4, @book_review,

some government offered Bin Laden to the US as a prisoner. Can't recall if it was Pakistan or Afghanistan, but those are the two most obvious. It could have been Indonesia or Malaysia

It was Sudan. That's shortly before he died in 2001.

RachelSeptember 7, 2017 7:45 AM

JG4 & Tyr
Das Boot is the definitive submarine film. Refreshingly, it is told from the perspective of a german crew whom are nonetheless at odds with their masters.
There are three versions. The most well known is the heavily edited theatrical release american english overdubbed version running about 90minutes. The version to watch is 'The Directors Cut' which is in German wth subs if you need them. Running at three hours it takes time to establish an emotional awareness and proximity to the characters, their lonely and challenging journey and the many perils they face. The action scenes are all the more enthralling for it. Its an outstanding piece of cinema. ( the third version is the original as a german tv serial running at about 5hrs)

ab praeceptisSeptember 7, 2017 9:45 AM

Clive Robinson

"Homomorphic Encryption" - I'm with you in thinking that quantum computing quite probably is not the worst or the nearest to be worried about. I'm, however, only mildly worried about HE, particularly in the cloud context.
Mainly for two reasons: a) More often than not HE allows only for certain operations and or the crypto side isn't exactly attractive or even weak. Moreover, at least with current crypto algos and/or currently acceptable algos, it's still in an early stage. b) The "holy grail" is PK crypto (e.g. lattice based) which itself isn't mature yet and moreover carries the hefty price tag of PK (dimensionally slower than sym. crypto).
What I *would* be worried about, though, and what I'm expecting is the typical clueless and/or careless errors by Jane and Joe, which might be more frequent and of a graver nature considering both what we will be done then and that the math behind those algos is quite a bit more sophisticated than behind, say, rsa (which *can* be explained to a normal human being).

Somewhat related, I'm worried seeing what the result is so far when we looked for other strongly asymetric algorithms, preferably with trapdoors. Pretty much all of them have considerable practical disadvantages (e.g. key length) and are not really mature and widely well understood and studied (mainly for the absence of nasty surprises). From what I see we are still stuck for quite a while with rsa and ecc.

My personal view is that we should have a good long look at the good old sym. algos which, as some of my preliminary (and quite modest, to avoid saying "poor") research shows, might be a good basis for new devices that could help us over the time needed to reach solid ground with new PK algos. There is, for instance, a lot of air between "one preshared secret" (today for sym. crypto) and OTP. I'm expecting a lot from well designed ratchets and I expect to see much more help from our friend random.


"systemd" - Frankly, I'm less and less accepting to believe in "unlucky happenstance" wrt systemd. Sidenote: nowadays I expressly make it unattractive and difficult to (re)direct my programs logging to syslog, i.e. I intentionally target non systemd systems (yes, *of course* I expect them to assimilate all logging, to).I feel that I must protect my clients from that abomination (and, of course, I generally strongly advise them to stay away from linux).
Btw, I do *not* think that de facto killing solaris and systemd just so happened to go hand in hand (same time frame).

Clive RobinsonSeptember 7, 2017 9:51 AM

Not for those of a delicate constitution

@ JG4

One of my friends was in the early days of the Cold War when submarines were much cruder. You had to pressurize the sewage tank to blow it overboard.

What do you think might happen to a tank full of sewage at around 150meters of water preasure on a dockside, if the cess man who is tasked with emptying it into his container lorry is not paying attention?

I must stress again if those reading along have a delicate constitution or are eating to stop reading now as keyboards are sensitive to stomach acids...

I used to work for a company that did a lot of work in the Off Shore Petro Chem industry. As they are still in business I will "protect the guilty" by not mentioning the company name. There were two parts to the company one that was,"systems" that designed electronics and "services" that supplied divers their support vessels and special services.

Well they got a contract from what was the UK Gove department for trade and industry, to do research into long term deep saturation. Because the time it can take to "decompress" a diver safely realy serverly limits how long they can work at depth. Thus the simple idea you keep them compressed for a month or so at a time. That is you take them down and bring them back up in a special diving bell that couples to a special living accommodation all at the water preasure for the depth they will be working at.

Now at 3 liters of fluid and half a liter of solid waste being expelled from four adults a day, the sewage kind of stacks up quickly. Then you add grey water from washing etc it does not take long to fill a 400lt high preasure container. Why high preasure, well to keep the mechanics simple safe and important usable it's best to keep the preasure either side of a ball or butterfly valve at nearly the same preasure.

So there we are at the most easterly docks in England, a Diving Support Vessel is tied up being redied to go back out the the North Sea Gas Fields by Services. Part of that is installing some new electronics from Systems thus the engineers were on hand looking like "yard slobs" in safety boots, helmets and coveralls with company logos. On the same dock is a series of large tubular vessels that were where the "live research" was being carried out. The techies were standing there with cups in hand the electronics guys swaping stories about past jobs that made them puke or worse[1] whilst the mechanical guys mostly smoking foul smelling dog ends were listening in attentively.

As the conversation was progressing a tanker pulls up and a disreputable looking type jumps out and asks where the cess tank is. Well we did not have a clue but after a couple of questions sent him over to the dock master. As things were draging on onboard and the techies could not get back on to do their jobs as the crew were pulling cable attention naturaly strayed to what the tanker driver was doing.

Well he reversed up to one of the smaller vessels on the dock side and connected a hose up and he moved a couple of valves and as he was walking back to the tanker the hose rips free. Now you've probably seen film of a high preasure fire hose when it gets away from the firemen that was nothing compared to this. Imagine if you can a fifty foot python having drubk it's weight in beer and also on highly illegal substances leaping around at some rave, it was flying through the air like a cattle ranchers whip spewing the brown stuff every which way. The tanker driver foolishly trying to hang on was getting bashed around like a Barbie doll when Patience is having one of her moments, that has gone beyond stamping her foot and screeming till she's sick. We are talking serious punishment thst even MMA cage fighting hardly ever hands out.

Almost as suddenly as it's started it stops, and there is an erie silence, almost as though the world is holding it's breath. Which is not suprising as the brownish green miasma starts to drop out of the air with an oder so repugnant that even rotten eggs would be "as sweet as roses" in comparison. It was beyond gagging as the speed of light is above a snails pace, breathing was not just difficult it was painfull like havibg been kicked by a donky in the gentlemans department.

As the tears cleared from our eyes, we were up wind thankfully, we saw a lake of slime and coruption like a slick of oil in which a figure was vainly strugling and calling out for help in a plaintive way. It quickly became clear it was the tanker driver just as a series of gas alarms went off. Apart from the driver nobody moved, and he looked like he was going down for the third time. Then training took over fags hit the deck and got stamped upon, people appeared in fire gear and breathing apparatus and started to high preasure hose their way to the prostrate driver. Who by this time had stopped trying to get uo, and was at this point barely twitching. An ambulance crew arived and I'll give them their due they certainly paled but they did not puke. And they loaded the now hardly moving driver onto a stretcher and got him into the ambulance and disappeared at speed with the blues and twos at full tilt.

As one of the mechy techs wryly observed after looking greenly at the now cold cup of tea he poured onto the ground, "I guess he won't be eating lunch today", as another observed "even if he's got an teeth left".

We later found out after a mountain of paper work was compleated, the driver was alive with broken leg, arm and ribs and the hospital had him in an issolation ward...

As for the dock it never quite smelled right after that.

[1] I've mentioned one here before about taking most of the day to solder a couple of wires onto a strain cell whilst puking, dehydrating, roasting and getting thrown up and down like a rag doll whilst being swung left and right and banging head and other extremities in an Ex D cabinate on a small bouy with a turn table that was used for "off shore" filling of oil tankers. It's the sort of experience you just can not get on a fairground ride for any price even if it was the illegitimate child of the dodgems and roller coaster.

JG4September 7, 2017 11:44 AM


@Clive - Thanks. The squeamish warning and diving led me to suspect that you were going relate a story about divers being buried in their helmets, which happened all too often in the good old days. It would be pretty easy for a diver to get squirted through a hose like that.

Can't recall who posted the gekk article, but I managed to get enough peace of mind out of two bottles last night to connect the dots to the discussion and send the note below. Thanks for teeing that up.

Thanks to everyone for the positive feedback. I haven't seen Das Boot since about '77, but I have a copy on DVD. I may have read the book.

This is a nice discussion which looks for parallels in biological systems like the ones that I've mentioned in the past:

Biomimicry, the practice of looking deeply into nature for solutions to engineering, design and other challenges, has inspired a film about it's ground ...
https://youtube.com/watch?v=sf4oW8OtaPY


From: Cory Doctorow
Date: Thu, Sep 7, 2017 at 11:00 AM
Subject: Re: some more solid work only further below your own
To: JG4

Hey, JG4! Yes, Bunnie and I are old pals: he wrote the afterword to
Little Brother and we're (EFF) representing him in the DMCA lawsuit I
mentioned in my column.

Thanks for the link!

Cory

On 09/07/2017 07:30 AM, JG4 wrote:

Hi Cory,

Thanks for your note and speedy reply. I am one of the others, in case
you haven't heard the quote, "Find the others." Are you on good terms
with Bunny Huang?

I'd be happy to send him the gekk article, but if he's more likely to
read it if you send it, so much the better. I think that my brother
was at MIT at the same time as him. If you do decide to send it,
please include this note and a brief introduction.

I love your bit this week about embedded devices. You might enjoy my
writing.

https://www.schneier.com/blog/archives/2017/09/bioluminescent_.html#c6759881

I am an adaptive systems guy and I have achieved the understanding
that surpasses all peace. We are dealing with self-optimizing systems
managed by psychopaths. Adaptive resource-extraction asset-stripping
engines that are destroying the planet. Trust doesn't scale at the
same rate as money and power. That's what killed Aaron Schwarz.

There was a nice discussion of your article at Schneier's site and I
may have managed to capture some of the meaning.

All the Best...JG4

From: Cory Doctorow
Date: Thu, Sep 7, 2017 at 9:30 AM
Subject: Re: a brilliant work only slightly below your own
To: JG4

Thanks, JG4

On 09/06/2017 06:15 PM, JG4 wrote:
> https://gekk.info/articles/iot.html
>

--

FOR PUBLIC SAFETY REASONS, THIS EMAIL HAS BEEN INTERCEPTED BY YOUR
GOVERNMENT AND WILL BE RETAINED FOR FUTURE ANALYSIS

--

Cory Doctorow
Wickr: doctorow

For avoidance of doubt: This email does not constitute permission to add
me to your mailing list.

blog: boingboing.net
upcoming appearances: craphound.com/?page_id=4667
books (novels, collections graphic novels, essay collections): craphound.com
latest novel: Walkaway
latest nonfiction: Information Doesn't Want to Be Free
latest graphic novel: In Real Life
podcast: feeds.feedburner.com/doctorow_podcast
latest YA novel: Homeland craphound.com/homeland
latest short story collection: Expanded Overclocked

Join my mailing list and find out about upcoming books, stories,
articles and appearances:
http://www.ctyme.com/mailman/listinfo/doctorow

READ CAREFULLY. By reading this email, you agree, on behalf of your
employer, to release me from all obligations and waivers arising from
any and all NON-NEGOTIATED agreements, licenses, terms-of-service,
shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure,
non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have
entered into with your employer, its partners, licensors, agents and
assigns, in perpetuity, without prejudice to my ongoing rights and
privileges. You further represent that you have the authority to release
me from any BOGUS AGREEMENTS on behalf of your employer.

As is the case with every email you've ever received, this email has not
been scanned for all known viruses.

Duh.


If you can't beat them: curry some suckersSeptember 7, 2017 6:12 PM

https://news.slashdot.org/story/17/09/07/2056203/credit-reporting-firm-equifax-announces-cybersecurity-incident-impacting-approximately-143-million-us-consumers

From

https://www.cnbc.com/2017/09/07/credit-reporting-firm-equifax-says-cybersecurity-incident-could-potentially-affect-143-million-us-consumers.html

And

https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack

Where... ""

UPDATE (9/7/17): According to Bloomberg, "three Equifax senior executives sold shares worth almost $1.8 million" in the days after the company discovered the security breach. Regulatory filings show that three days after the breach was discovered on July 29th, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099." Meanwhile, "Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2."

Clive RobinsonSeptember 8, 2017 3:48 AM

Another bad DIY crypto algorithm

It's often said "don't roll your own crypto" and this includes hash functions.

The IOTA crypto currancy contained a DIY hash function, that unfortunatly produced collisions relatively easily. Thus it was possible to have to entirely different messages hash to the same value, which in general is considered a bad thing. Even worse in a financial system.

https://medium.com/@neha/cryptographic-vulnerabilities-in-iota-9a6a9ddc4367

JG4September 8, 2017 7:26 AM


rather timely considering yesterday's email exchange with the esteemed visitor. we could hope that his friends would visit too

https://civic.mit.edu/blog/willowbl00/forbidden-research-liveblog-against-the-law-countering-lawful-abuses-of-digital

@all - I have been pretty strident about psychopaths and I think they are important cogs in many systems. With that said, psychopaths are not the explanation for everything on your planet. Clive did a good job explaining why the psychopaths and sociopaths do well with climbing the pyramids.

@Clive - I'd like to see the level of detail you provide for "groom of the stool" and related topics to the term "gentlemen" and "outlaw." Assuming for the moment that you might take topic requests.

I'm not sure how clear I've been that genocides aimed at e.g., creating a New Soviet Man or a True Aryan are hopeless. The US had plenty of eugenecists, perhaps quite a few in the White House. In general, the US corporate leaders and eugenecists openly admired the Nazis, at least until the extent of their crimes became clear. To the extent that there is any substance at all to eugenics, the flaws in people come from unfavorable combinations of otherwise favorable genes. To first order, the only genes in play are favorable genes. Even the sickle cell gene is favorable in the malaria swamps, where having a single copy confers some protection. A single copy of the gene for hyperchromatism also is favorable in low-iron environments. It is a disaster in high-iron environments, especially two copies. Getting two of either of those genes is unfavorable. The odds of getting two are in the low-single-digit percent range, so order of 10% of the population can be protected by sacrificing order of 1% of the population. As Clive said in so many words, "Viewed in the correct light, it makes perfect sense."

Killing off the people who have unfavorable combinations of genes [Nazi approach], or sterilizing them [US approach], will have almost no impact on the overall gene pool. Their offspring would have the same proportions of favorable combinations and unfavorable combinations as the offspring of people who start with favorable combinations of otherwise favorable genes. The eugenic dream can only be realized by altering combinations of genes and it would be a wellspring or fountain of unintended consequences, again.

Ted Kaczynski was onto this when he said, "If you think that the government is intrusive now, wait until they are dictating the genetic composition of your children." Unfortunately, Ted gave up the moral high ground from which his views originate. The government will regulate genetic combinations before they regulate individual genes. I suspect that the government will regulate epigenetics before they address genetics again. It substantially is the combinations of genes that produce the differences within groups. The differences between groups are quite small, even comparing between pre-genocide and post-genocide populations. All that is accomplished is thinning the herd, not altering the genetic composition of the herd. The exception would be when the population is thinned down to 200 to 2000 breeding pairs, as the humans were some time in the past 200,000 years. That significantly reduces overall genetic variability. In spite of that genetic bottleneck, there is more genetic variability among Africans than amongst all of the other races.

@Andre Amorim - Thanks for the IBM link. It led to here:

IBM Watson: How it Works
https://www.youtube.com/watch?v=_Xcmh1LQB9I

IBM Watson | Full Q&A | Oxford Union
https://www.youtube.com/watch?v=rXVoRyIGGhU

Intelligence is an adaptive transfer function. The number of CPU cycles spent adapting it will affect the precision and accuracy. It holds the seeds of utopia and the darkest dystopian nightmares, the seeds of survival and extinction. Proceed cautiously.

I've used IBM machines at least a few times. I was pretty rabid when I found out that they were in bed with the Nazis, which seems to have escaped a lot of mainstream notice. As always, the history is more nuanced than I might have guessed. BTW, I lifted the description of Operation Meetinghouse from a couple of sources that I failed to document. One was wiki. What I missed was that Operation Meetinghouse was about 1/5 of the firebombing fatalities and homelessness from the extended bombing campaign. 500,000 civilian casualties and 5 million homeless.

https://en.wikipedia.org/wiki/Thomas_J._Watson
...[this appears to be unwitting, but the attack surfaces today are mapped to a much finer resolution than the Nazis ever dreamed]
Watson's merger of diplomacy and business was not always lauded. During the 1930s, IBM's German subsidiary was its most profitable foreign operation, and a 2001 book by Edwin Black, IBM and the Holocaust, argues that Watson's pursuit of profit led him to personally approve and spearhead IBM's strategic technological relationship with Nazi Germany.[14]
...
But during World War II, IBM subsidiaries in occupied Europe never stopped delivery of punch cards to Dehomag, and documents uncovered show that senior executives at IBM world headquarters in New York took great pains to maintain legal authority over Dehomag's operations and assets through the personal intervention of IBM managers in neutral Switzerland, directed via personal communications and private letters.[14]
...[if we had ethics like this today, things would be different]
During this same period, IBM became more deeply involved in the war effort for the U.S., focusing on producing large quantities of data processing equipment for the military and experimenting with analog computers. Watson, Sr. also developed the "1% doctrine" for war profits which mandated that IBM receive no more than 1% profit from the sales of military equipment to U.S. Government.[16] Watson was one of the few CEOs to develop such a policy.

@Wayne - I would have pinned those war crimes on Dick Cheney, et al. but Bush Jr. clearly is guilty as an accessory or co-conspirator. Due process must be observed in all war crimes proceedings. Apparently, Comey also has some blood or brains on his hands:

https://shadowproof.com/2007/08/16/reflections-on-padilla/
...[he forgot his Israeli interrogation pills]
JUAN GONZALEZ: And what was the reason for wanting to have him sign his name John Doe?
DR. ANGELA HEGARTY: He’s no longer a person. He’s no longer an individual. There will be no record that he was ever there, that the interrogators — this is from my knowledge of torture around the world — that the interrogators essentially will be absolutely immune to any accountability.

@Dan H - I concur on the V-1, but the US did experiment with some kind of flying bomb or torpedo as early as WWI or the 1920's. It's in the wiki entry that I don't have handy. The thermal efficiency of the V-1 engine is in the range of 4%, where a pulse detonation flavor could approach 50%. As they say in the trade, that would have a significant impact on range and payload. Simple cheap weapons are within the reach of even small state actors and could be used to swarm larger states assets.

This might be a useful lens for viewing The Potato Genocide and The Troubles:

https://www.nakedcapitalism.com/2017/09/violence-state-prelude.html

...[this quote is written by Yves]

"Every national instance of Rule by the Rich is accompanied by a great deal of violence, inflicted on the many by the few. —Yours truly (paraphrased)"


Links 9/8/17
https://www.nakedcapitalism.com/2017/09/links-9718.html
Posted on September 8, 2017 by Lambert Strether

...[nothing new here except scale]

Equifax shares plunge after data breach potentially impacting 143 million Americans MarketWatch. @zerobeta: “Equifax: you missed a cc payment 3 yrs ago. How irresponsible. Good luck buying a home. Also, Equifax: Your SSN’s were hacked. Sh*t happens.”

Cybersecurity Incident & Important Consumer Information Equifax but I called Equifax to find out if I’d been affected but it just hung up on me, three times TechCrunch. Shocker.

Equifax says 3 top execs ‘had no knowledge’ of a massive security breach when they sold nearly $2 million in shares after the hack was discovered Business Insider

[this also has been done by individual doctors - link available on request. I'd call false administration of chemotherapy a clear case of psychopathy]

Report: Drug company faked cancer patients to sell drug CNN

[chemical security in conflict with food security in conflict with health security]

Monsanto fights to sell Arkansas farmers herbicide linked to crop damage Reuters

[not quite Fukushima]

Texas Chemical Plant Sued For Millions, First Responders Charge Gross Negligence International Business Times

...

North Korea

Pyongyang parties in celebration of nuclear scientists Asian Correspondent

Trump says hopes to avoid use of military action on North Korea Reuters

A Sneak Peak at America’s War Plans for North Korea Foreign Policy

A Murderous History of Korea LRB (SS).

...[it's always a question of who bears the costs of security]

Imperial Collapse Watch

Pay Up, Europe Foreign Affairs

[national security in conflict with health security. fluorochemicals, PTFE in particular, played a key role in the Manhattan project]

The Slow Poisoning of Our Soldiers, Families on U.S. Bases The American Conservative

New Cold War

Google says it hasn’t found any evidence of Russian ads about US election Reuters

Fake Russian Facebook Accounts Bought $100,000 in Political Ads NYT. $100K.

Facebook Blames Russia To Deflect From Fraudulent Ad-Sales Moon of Alabama

Facebook’s Global Data: A Parallel Intelligence Source Rivaling NSA emptywheel

...[adaptive systems; another opportunity to withdraw consent]

Big Brother Is Watching You Watch

Against the Law: Countering Lawful Abuses of Digital Surveillance Bunnie Huang, Edward Snowden, Journal of Open Engineering

[covert signaling]

Guerilla signage:
https://twitter.com/nevona/status/905606361647640577/photo/1

...[adaptive systems]

Massive genetic study shows how humans are evolving Nature

JG4September 8, 2017 3:45 PM


Sorry to hear about the consternation and hope that I didn't inadvertently contribute to it. The long overdue Shannon dump is below the security headlines. I think that someone else already posted links to the two key publications, his thesis and 1948 paper. Overkill is a whole lot cheaper than underkill, as they say at the Pentagon. Szilard may have made some early discoveries in information theory, but may not have published, or didn't stick with it, or both.

good coverage of the Equifax disaster here:

https://www.nakedcapitalism.com/2017/09/200pm-water-cooler-982017.html

...[energy security, power security, transportation security]

Commodities: “We’re Going to Need More Lithium” [Bloomberg]. “Demand for the metal won’t slacken anytime soon—on the contrary, electric car production is expected to increase more than thirtyfold by 2030.”

The Bezzle: Equifax is run by horrible human beings [Hat Tip, DK]:
...
If you enroll in Equifax's TrustedID bc your data was leaked, you waive your rights to sue Equifax in court or be part of any class action

The Bezzle: “Why the Equifax breach is very possibly the worst leak of personal info ever” [Ars Technica].

The Bezzle: “Equifax Faces Multibillion-Dollar Lawsuit Over Hack” [Bloomberg]. First out of the box…

The Bezzle: “Uber Faces FBI Probe Over Program Targeting Rival Lyft” [Wall Street Journal].

The Bezzle: “IBM pitched its Watson supercomputer as a revolution in cancer care. It’s nowhere close” [STAT].

The Bezzle: “Coding Boot Camps Get the Boot: Why the Industry Is Shutting Down” [Tech Ladder].

The Bezzle: “Trader allegedly paid Amazon employee and frat bro $10,000 to steal earnings results in $1.7 million insider trading scam” [Business Insider]. Insider trading. Yawn.

Today’s Fear & Greed Index: 42 Fear (previous close: 38, Fear) [CNN]. One week ago: 49 (Neutral). (0 is Extreme Fear; 100 is Extreme Greed). Last updated Sep 8 at 11:58am.

...

News of the Wired

“A Few Bad Scientists Are Threatening to Topple Taxonomy” [Smithsonian].

---

A Mathematical Theory of Communication
http://worrydream.com/refs/Shannon%20-%20A%20Mathematical%20Theory%20of%20Communication.pdf
Reprinted with corrections from The Bell System Technical Journal, Vol. 27, pp. 379–423, 623–656, July, October, 1948.

Shannon's "Symbolic Analysis of Relay and Switching Circuits," "The Most Significant Master's Thesis of the 20th Century"
http://www.historyofinformation.com/expanded.php?id=745

http://www.newyorker.com/tech/elements/claude-shannon-the-father-of-the-information-age-turns-1100100

Claude Shannon, the Father of the Information Age, Turns 1100100
http://www.newyorker.com/tech/elements/claude-shannon-the-father-of-the-information-age-turns-1100100

Claude Shannon - Father of the Information Age
https://www.youtube.com/watch?v=z2Whj_nL-x8

The Shannon Limit - Bell Labs
https://www.youtube.com/watch?v=Wq1-Iq9Vm28

Mathematical Theory of Claude Shannon
http://users.ece.utexas.edu/~adnan/syn-07/Shannon1.pdf

Mathematical Theory of Claude Shannon
http://web.mit.edu/6.933/www/Fall2001/Shannon1.pdf


Anon`/mousSeptember 8, 2017 4:03 PM

@Clive Robinson

Another bad DIY crypto algorithm
It's often said "don't roll your own crypto" and this includes hash functions.
The IOTA crypto currancy contained a DIY hash function,

I'd rather encourage do-it-yourself roll-your-own crypto of all kinds. Just don't sneak it into some international eurotrash banking standard or otherwise depend on it for anything critical until it has been duly subjected to bona fide uncensored peer review.

ab praeceptisSeptember 8, 2017 4:24 PM

Anon`/mous

No. Solid crypto is way too complex for nearly all developers who lack adequate education and plenty experience in the field. It's just too easy to get something wrong.

There is a second, somewhat less strict school of thought advising to not roll ones one crypto *algos* but to limit oneself to designing and implementing ones own protocols (using available professionally designed and implemented algos). My advice, however, is to stay away from that, too. It might seem to be simpler but it's still very easy to get something wrong.

Keep in mind that ssl/tls did have at least some professionals working on it and still got it wrong.

RatioSeptember 8, 2017 10:46 PM

@JG4,

Thanks for the link about chemical weapons in Syria. I was pretty convinced that it wasn't the Syrian government, just on the basis of conflict of interest analysis.

Could you give me a brief outline?

Related: Seymour Hersh wins award for discredited article about Syria. (A few months ago he was quoted as saying "what did not happen is Syria did not drop a sarin bomb that morning" in Naked Capitalism. You might have seen that.)

RachelSeptember 8, 2017 11:05 PM

Wesley Parish

i don't believe I thanked you for your response about cholesterolunder buses and dogs with artherosclerosis or whatsy. very entertaining. you quoted Red Gum , a band I happen to have history with and wished for a contemporary musical reference on the stasi state. well i can say that the music world is way bigger than the mainstream and the DIY scene would have something. But I wanted to tell you Jean Michael Jarre of Oxygene fame invited Snowden to participate in the audio of a song. And in the video. The 'track' as they're known these days is highly forgettable but you can find the story about it in the guardian. from hmm maybe 12 months ago. Apologies for being incapable of quoting link from here (i dont even have a computer)

All, Yesterdays Guardian main site page has a fairly long piece on Lauri Live including a bit of an interview. No real news but all aspects of the situation are discussed

RachelSeptember 8, 2017 11:14 PM

All
Apology thats Lauri Love and an Alta Vista search for 'guardian uk lauri love' will locate the piece dated Friday morn GMT entitled ' Keyboard warrior..'
He is fighting extradition to the US for computer related crimes

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.