Friday Squid Blogging: Make-Your-Own Squid Candy
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Ben A. • September 8, 2017 4:15 PM
Why the Equifax breach is very possibly the worst leak of personal info ever
https://regmedia.co.uk/2017/09/08/equifaxoregoncomplaint.pdf [Complaint for $70bn]
iOS 11 May Complicate Border Searches
Judge won’t release man jailed 2 years for refusing to decrypt drives
“A man jailed for two years for refusing to decrypt his hard drives must remain confined while he appeals his contempt-of-court order to the US Supreme Court, a federal judge ruled Wednesday.”
EU court must rule on legality of UK’s mass surveillance – tribunal
“The UK’s Investigatory Powers Tribunal, which oversees the country’s spy agencies, has said the European Court of Justice should rule on the legality of the government’s mass-surveillance legislation.”
Secrets put on internet in Whitehall blunders
“Secret information from at least three separate government departments is available on the internet because of incompetent handling of sensitive material by Whitehall officials, The Daily Telegraph can disclose.”
Who Is Marcus Hutchins?
“He has pleaded not guilty to all four counts against him, including conspiracy to distribute malicious software with the intent to cause damage to 10 or more affected computers without authorization, and conspiracy to distribute malware designed to intercept protected electronic communications.”
.UK domains left at risk of theft in Enom blunder
“Thousands of UK companies were at risk of having their .uk domain names stolen for more than four months by a critical security failure at domain registrar Enom.”
SIDH in Go for quantum-resistant TLS 1.3
“The computational cost of SIDH may keep it from being practical for short-lived client connections (at least in the near term).”
Google promised not to scan Gmail for targeted ads—but for how long?
“Google tells judge it might resume targeted advertising “to meet changing demands.””
A Practical and Secure Password and Passphrase Generator
The mysterious Voynich manuscript has finally been decoded
“History researcher says that it’s a mostly plagiarized guide to women’s health.”
albert • September 8, 2017 4:36 PM
But what does this stuff -taste- like??
I sampled some Japanese candy while in Japan. It was hard candy that looked exactly like sections of kiwi fruit and tasted like fish.
If you can find a Japanese bakery, you can find pastries that are quite tasty, without the sugar overload so common elsewhere. We have a high-fructose corn syrup epidemic here in the US.
. .. . .. — ….
Rhys • September 8, 2017 4:48 PM
In a system of systems, its little things that expose how vulnerable we really are.
Medical histories leaked, security clearances leaked, financial data leaked, banking data leaked, performance rights (movies, scripts, episodes, etc)…not just infiltrated. They exfiltrated w/o detection.
I think we are closing the barn doors and the cows have already gone to pasture.
Maybe we should consider “reboot”- not continuing to muddle our way through the chaos of shortcuts we have left ourselves?
Say that we can fix all our app & operating system software. All our routers. All our hosts…then I read this (below) on Android custom ROMS.
Shut down the internet. Partition (like a ship has watertight compartments) which establish some control before letting it be collapse by the delusion that it just too big to correct before proceeding any further.
Rhys • September 8, 2017 4:56 PM
Oh, but there’s so much more discover. Just pay shipping and handling.
I wouldn’t don’t trust the security of an airbag to contain the projectile vomiting that follows. Large metal waste basket, maybe. (Personally- I am still looking for a Fugu flavored one.)
Rex Rollman • September 8, 2017 4:57 PM
I want to encrypt some files on a Linux box prior to backing them up online. Some will have sensitive information in them, so I want the encryption to be as strong as possible; even if it results in a slower encryption process. No one time pads or key management are needed.
Given my goals, what is the best software and/or settings to use? GPG seems to be a popular suggestion on the Internet but its size and complexity is off-putting to me. I have also seen SSL suggested but browsing its manpage leaves me wondering how it ever became popular.
I would love any suggests/recommendation from the gallery.
ab praeceptis • September 8, 2017 5:23 PM
I’m not surprised. SIDH looks very promising from a practical standpoint (e.g. key sizes). But …
our biggest use of cryptography is TLS, which we use … for internal inter-datacenter communication on our backend. (from the CF blog)
First hint. Frankly, in my minds eye anyone using tls to secure internal pipes is disqualifying himself, simple as that. If one uses tls towards the public, OK, that’s the standard and running any “secure” service means one has to bite the bullet. But internally? Come on…
(SIDH). In contrast to lattice-based systems, they rely on more exotic computational problems and are much more computationally expensive. However, they have much smaller key sizes
Second hint. Also note the wording. de valence “forgets”(?) to mention a very important detail, namely the fact that there is no security reduction known to be NP hard for SIDH.
At least he mentions the fact that SIDH isn’t well researched and proven yet, but then he does what? He goes double and implements (TLS) with SIDH and 22519 – yet talks about having small key sizes fitting into a single (1.5KB supposedly) tcp packet. Uhum…
Now, to be fair, he’s not the only one with an interest in SIDH because of its key size properties; microsoft et al. are attracted by that, too, but keep the context in mind: de valence expressly talks about the doomsday PQ context – would we want to bet on a problem there that isn’t known to be NP-hard? I don’t think so.
And btw, there are other algorithm candidates with roughly similar public key sizes (we don’t care too much about private key sizes unless they are huge) which do have NP-hard security reductions.
And btw, for rsa having 4 Kb keys advised today and all but certainly soon 8 kb keys, there is other pq alternatives which are in the same ballpark.
Third hint: D. J. Bernsteins statements re. his former PhD student, henry de valence, who is the author/developer of the cited CF blog post/the Go SIDH implementation. That statement (http://eindhoven.cr.yp.to/false-statements-by-henry-de-valence.txt) is an interesting read also because J. Appelbaum plays a role, namely he gets attacked and smeared by de valence in a rather questionable way (to put it very diplomatically).
And yes, tor and their new female boss, plays a role, too – of course not a nice one.
Using Fear to Audit Financial Transactions of Every American • September 8, 2017 5:49 PM
The evening news urgently warned “the action you urgently need to take RIGHT NOW! from the Equifax data-mining theft.
What an incredible scam. Everyone profits except for the 150+ million Americans who lose their privacy under the guise of ‘protecting them’.
The first phase is criminals supposedly hacking ALL your financial account numbers
The second phase is being forced to submit to Google acting as Internet police/gatekeeper for Equifax. Consumers are compelled to give their browsers fingerprint and IP address, current location name and Social Security Number. After Google verifies, you to authorize them examining every aspect of your finances on a continuous basis. All this to ‘protect’ you!
Both Equifax and Google are compelling consumers to establish an authorize them to probe, record, profile, share every financial transaction you make looking for ‘fraud’. Its legal because the consumer is voluntarily surrendering their privacy. 150 million new accounts. Whew!
How many billions in increased stock valuation is this worth?
Its apparent sneaky stuff is occurring as three senior Equifax vice presidents coordinated selling millions in company stock right before revealing the breach to the public.
Fear is a great motivator inducing people to temporarily drop their defenses. The end result is Equifax and Google get detailed personal signatures from people who they (or their competitors) normally cannot track. What a frikkin gold mine! Brilliant ploy guys!
The real preventive consumer solution is to place security freezes at the three major credit data-miners. Under the law it should be free. Those affected (virtually all USA adults) should automatically be safeguarded and compensated by the incompetent (or criminal?) Equifax WITHOUT providing or authorizing Equifax/Google access to all your precious data for years. And then use it for other purposes!
The bottom line is this scam defrauds both investors and especially innocent consumers. It’s truly a sad day to be an American.
Another Example: Collecting Data for Lawful Use Then Selling it to Big-Data
American Banks developed a ‘Know Your Customer’ program to collect data to superficially fight money laundering. But what really occurs 99.999% of-the-time is the banks collect your income and sources then sell it to their business partners – namely Big-data advertisers (for products that may be of interest to you). If account holders refuse to be exploited, the bank will not make ANY changes to your account. It becomes frozen.
Nick P • September 8, 2017 5:53 PM
The Seven Deadly Sins of Predicting the Future of AI
Rodney Brooks is a pioneer in AI from the old days. He did work such as subsumption architecture and built robots. He called out the big promises of purveyors of expert systems. AI Winter came to demolish most of them. Now, with deep learning, people are telling us the risks of how super-smart machines are about to rid us of our jobs, societies, and even our lives. In this essay, Brooks writes up common mistakes that seem to underly these probably-false claims. His writing shows both depth and breadth on the subject with a bit of humor.
Ben A. • September 8, 2017 6:05 PM
To back stuff up on a Linux system you’ve got a number of options but steer clear of OpenSSL for backup purposes.
My recommendation for individual files would be GPG2 with a script (or well-configured ‘gpg.conf’) to avoid human error; the defaults aren’t great – they’re weaker than they should be so as to retain backwards compatibility. There’s also EncFS, eCryptfs and Tomb but it really depends on what your backup strategy is: are you storing your data in the cloud or locally, and, do you want to encrypt files or volumes?
If you’re backing up to a NAS drive then LUKS is a great choice; the same applies if you’re backing up to an external drive such as a USB stick or hard disk. LUKS has the benefit that you’ll be prompted for a password each time the drive is inserted unless you choose to “Remember forever”. It’s also the simplest and most robust option.
If you want something really simple then go for VeraCrypt. It’s forked from TrueCrypt, has been audited, is reliable and is in current development
I have no problem with TLS for internal communication providing they are using self-signed certificates with manual thumbprint checking. As soon as they need external data transfer they need to switch to Extended SSL; it’s a recognisable standard and the extended certificates aren’t as easy to as obtain as standard certificates (e.g. Let’s Encrypt). The actual underpinning security is the same, as of course you know.
TLS is integrated into virtually everything and makes building on top much easier for developers. It’s foolish for anybody to rely solely upon TLS in high-assurance environments but it solves the problem of encrypted traffic transfer between two endpoints. You can then implement end-to-end encryption through the already encrypted tunnel.
SIDH does look very promising and my eye was drawn to the same paragraph as you “In contrast to lattice-based systems”.
I dislike “exotic computational problems” or anything that isn’t well studied but the big players, Google included, are researching this area and it’s a matter of time before we have more expert and academic scrutiny. There are some other mathematical problems in the current model but nothing that can’t be resolved in the long term.
The smaller key sizes may be problematic presently but I’d have to see their specific implementation before commenting. We all remember the deprecated ECC cipher suite; not that they key size per se was a problem but the deliberate lack of entropy.
Any quantum resistant solution that succeeds needs to have smaller key sizes if they’re to be implemented into current embedded systems. However if/when powerful quantum computers come along I’m hoping embedded systems will have caught up to be powerful enough to handle larger key sizes where required.
Andrew • September 8, 2017 6:11 PM
Archive your files in a single file, give it a suggestive name, maybe dates included, then spend a bit of time to learn how to use GPG. You will need a password and a key file, these will encrypt your archive. Remember/save these then upload your encrypted archive on cloud. Not that difficult.
Other than this, bitcoins / blockchain anyone? I am surprised that a cryptographic generated system has never been discussed here.
gordo • September 8, 2017 6:30 PM
As Hacking Team is to offensive security, Cambridge Analytica is to electioneering psyops.
Ben A. • September 8, 2017 6:33 PM
Archive your files in a single file … then upload your encrypted archive on cloud
This is only a good backup strategy for very small files. As soon as you have multiple files, or large files, you prevent any delta/differential synchronisation.
Changing just one file necessitates a new, full upload to the cloud. On a slow connection it’s impracticable.
Your strategy is more akin to synchronisation, not backup.
There are dedicated services out there like Tahoe-LAFS and Tarsnap which were designed for Linux, are really secure and can be automated. They’re not cheap but are worth it for ‘cannot lose’ files.
Jim • September 8, 2017 6:47 PM
gpg has a MEGO of options but for simple encryption and decryption with a private key, say stored in the file pp.txt, something like
gpg –symmetric –passphrase-file pp.txt –output ms-amt.txt.gpg –quiet –cipher-algo AES256 ms-amt.txt
would encrypt a file called ms-amt.txt with the AES-256 cipher and
gpg –decrypt –passphrase-file pp.txt –output ms-amt.txt.decryptd –quiet ms-amt.txt.gpg
would decrypt it. Running gpg –version will show the cipher options you have.
With a little shell scripting (or the –multifile option, or both) you could handle a lot of files at once.
Andrew • September 8, 2017 7:32 PM
I think it’s pretty much about family pictures or something like this, I very much doubt it’s some kind of enterprise logistics with databases, Words and Excel files changing every day and requiring synchronized backup.
The peace of mind of knowing that yours files are safe somewhere encrypted with a password only you know overcome “benefits” of automated online backup systems that notifies you time to time that they had a breach and you need to change your password because your files may be leaked.
Ratio • September 8, 2017 9:01 PM
Stop SESTA: Section 230 is Not Broken:
EFF opposes the Senate’s Stop Enabling Sex Trafficking Act (S. 1693) (“SESTA”), and its House counterpart the Allow States and Victims to Fight Online Sex Trafficking Act (H.R. 1865), because they would open up liability for Internet intermediaries—the ISPs, web hosting companies, websites, and social media platforms that enable users to share and access content online—by amending Section 230’s immunity for user-generated content (47 U.S.C. § 230). While both bills have the laudable goal of curbing sex trafficking, including of minor children, they would greatly weaken Section 230’s protections for online free speech and innovation.
Ratio • September 8, 2017 11:30 PM
Son of Russian lawmaker pleads guilty in cyber crime cases:
Roman Seleznev, 33, the son of Russian parliament member Valery Seleznev, pleaded guilty to one count of participating in a racketeering scheme, and another count of conspiracy to commit bank fraud. The charges were filed in federal courts in Nevada and Georgia, and the plea deal for both cases was finalized on Thursday.
In April, Seleznev was sentenced to 27 years in prison by a federal court in Washington for his role in a cyber assault involving hacking into point of sale computers to steal credit card numbers.
He was arrested in the Maldives and brought to the United States to face charges.
tyr • September 9, 2017 3:27 AM
Rod Brooks is my go to guy for his
robotics work. He is as big an innovator
as Godel for similar reasons. He noticed
that bio systems don’t have enough nervous
system to run all of their functionality
through a central hub. By building legs
that only do leg things from a limited
menu option he was able to get amazing
functionality. He didn’t set out to
call everything humans believe about the
way they function into doubt but its
exactly where the results of his robot
experiments lead. you can achieve an
amazing level of insight by following
his lead. Be aware that the path puts
you into conflict with all of humans
treasured opinions about themselves.
It is not going to be easy to toss all
of the erroneous (BS) belief systems but
that’s the trend in real science. I mean
the do the experiments kind of science.
When Brooks questioned how the limited
nervous system actually works he opened
up a brand new can of worms in all kinds
of areas. Ramachandran has been doing the
same with his experimentations using the
patients with location specific brain
damage to map where these limited function
modules reside. To say it another way
Searles Chinese Room is the way the modules
work in your brain so his contention that
it is impossible to build a thinking AI
is actually wrong because that is the
way to do it. The only hurdle is coordination
which your brain does by inhibiting the
output of the module. The module churns
away in the dark hoping to be useful at
some point. Unused biologicals atrophy
so there’s a vested interest in being
able to perform the task it was made for.
You don’t have to go any further to see
why people are always being puzzled by
their own behaviors and responses to
external stimuli and other people.
I always appreciated the conceptual idea
that as the balloon of what we know gets
bigger the surface in contact with the area
unknown grows as well. The standard BS is
that we only have a little bit more to
discover and we’ll have it all mapped out.
That might be a nice security blanket to
hold but it never was true and all of wishing
won’t make it so.
Clive Robinson • September 9, 2017 4:07 AM
I think we are closing the barn doors and the cows have already gone to pasture.
Even the geriatric snails on mogadon have long since escaped and dissapeared over the hills and far away…
It’s not as though various people –our host @Bruce included– have been saying that big data bases are pots of ambrosia to various computer crooks both corporate and freelance back last century…
When you also throw the “reduce costs at all cost” mantra in from political and corporate “thought leaders” into the mix it is assured that the stuff is going to not just hit the fan but all places way past where you can see.
And despite all the warnings and well publicized occurrences there is still the “It’ll never happen to me” thinking bozo’s in charge with their solid gold parachute employment contract clauses…
They can not lose but we “the product” sure as heck can…
Rachel • September 9, 2017 4:25 AM
Clive! You enquired after my welfare! I’m extraordinarily chuffed, how thoughtful. I intended to honestly answer with my present experience of 35days and counting in a foreign city with the same clothes, almost no gear, no money no accommodation food or assistance, and no home to return to. But Dirks complaint this morning serves as an admonishment to me and I appreciate it as an endeavour to preserve the integrity of this precious resource. I have not been around as long as Dirk and co. so I dont feel the twinge as keenly, nonetheless a visit to the hallowed annals of Schneier o n Security tells a very different tale to the present day. The density and colloboration back then is breathtaking. While its clear there are active concerted attempts to destabalise the community , individuals need to take responsibility also. And thus I feel to pull my head in
I feel safer already • September 9, 2017 5:06 AM
“Best Buy will give Kaspersky software purchasers 45 days to exchange it for free for another product if they want. Additionally, customers can also uninstall it themselves or have a Geek Squad agent do it for free within that time window.”
Clive Robinson • September 9, 2017 5:32 AM
He noticed that bio systems don’t have enough nervous system to run all of their functionality through a central hub.
He’s not the first and certainly will not be last to notice the “communication” issue.
The first people that noticed the communication issue and tried to solve it are long lost in the mists of time back over 6000years. You can still see it in the works of the Acient Egyptions, Inca’s and many other earlier civilisations in trying to build paths, roads and similar.
The idea of distributing “inteligence” likewise went back possibly even further with what we would now call “envoys and governors” empowered by a “higher authority” to “act localy”. It was not just Kings and Emperors that did this but the predecessors to politics “religion”.
Thus mankind’s behaviour has apparently implicitly followed the way the brain functions. Or has it? could it be in part the other way around where they have in turn developed each other?
But to bring it upto date, we have kind of hit the “Practical laws of nature” with microelectronics development and Moores law is now pushed into a corner by the likes of “heat death”. But also we just can not shift information in or out at the speeds the CPU cores can achive.
So as I’vr mentioned before the future is not just parallel but distributed parallel. Which brings the communications issue into play.
If people look back Seymore Cray and his engineers hit the communications issue with super computers and developed inyeresting switching trchnology that Sun purchased and was still using untill fairly recently. The question is thus what will Oracle do with the knowledge Sun built up in this area? Their history suggests they will do nothing productive with it, instead they will try to use it as a legal bludgeon to go “rent seeking” any which way they can, just like any other low life patent troll.
Clive Robinson • September 9, 2017 5:37 AM
You enquired after my welfare! I’m extraordinarily chuffed
It’s nice of you to say so. With regards the other things you mention I hope they all get resolved productively fairly quickly.
Bloated Cow • September 9, 2017 6:18 AM
Regarding encrypting data going to the cloud, can anyone comment on the relative safety of cryptomator? For me, this would be for documents like correspondence where if the cloud were breached, the time it would take for someone to unencrypt the files would not be worth the return in content.
“Free client-side encryption for your cloud files.
Open source software: No backdoors, no registration.”
Equifax Data Scam: NYT in Pursuit • September 9, 2017 6:51 AM
On Thursday night, I entered my last name and the last six digits of my Social Security number on the appropriate Equifax web page. (They had the gall to ask for this? Really? But I digress.) I received no “message indicating whether your personal information may have been impacted by this incident,” as the site promised. Instead, I was bounced to an offer for free credit monitoring, without a “yes,” “no” or “maybe” on the central question at hand.
By Friday morning, this had changed, and I got a “your personal information may have been impacted by this incident” notification. Progress. Except as my friend Justin Soffer pointed out on Twitter, you can enter a random name and number into the site and it will tell you the same thing. Indeed, I typed “Trump” and arbitrary numbers and got the same message.
Equifax should have made the monitoring last forever. Since it didn’t, it will now be able to solicit everyone who signs up for its year of free service. And what do you want to bet that the company will offer an extension bright and early on day 366 for, say, $16.95 per month?
So, yes, your worst suspicions are now confirmed. Equifax may actually make money on this breach.
Do No Evil
Google promised not to scan Gmail for targeted ads—but for how long?
“Google tells judge it might resume targeted advertising “to meet changing demands.”
Knowing their reputation this is the expected behavior
mesrik • September 9, 2017 6:57 AM
I would suggest you check if Borg Backup suits your needs. I’ve used it and before fork it’s predecessor Attic since 2015 to backup some Linux systems.
BorgBackup (FOSS) code can be found from GitHub.
It supports backups to mounted disks or remotely via ssh, client side 256-bit AES encryption with HMAC-SHA256 integrity checking etc. Nice features like deduplication, ro-mountable backups and even standalone 12MB binary version is available, which could be fitted easily on rescue image. Deduplication is a killer feature backing up frequently with several largish virtual machines filesystems images. I’ve recovered several times few hundred gigabytes images with no problems at all. Recovery speed is better with extract than trough Fuse-mounted fs and mostly limited by the speed of the network or mounted external backup repository disk.
And it’s just not for Linux, it’s available for many BSD’s and OS-X/macOS too.
I’m not affiliated to it by any ways, just been using it for some time. After writing a simple wrapper shell script to take care most use cases it’s been really nice. Much better that anything free backup system I had before.
Clive Robinson • September 9, 2017 8:11 AM
@ Bloated Cow,
For me, this would be for documents like correspondence where if the cloud were breached, the time it would take for someone to unencrypt the files would not be worth the return in content.
That is a bad metric to use.
As a rough aproximation computing power is doubling every year, likewise algorthmic speed is increasing each year as the use of “custom hardware” becomes even cheaper. Thus the actual adjusted cost to power means that it’s getting about a two bit reduction each year (ie quater the cost year on year). We are also about to enter the “ASIC/FPGA on CPU” commodity point that will knock another 3-10bits off.
Thus you should have a time period for the documents to devalue to zero and then calculate the security margin appropriatly. For instance common documents such as mortgages last 25years and leases 99-9999years with 999 being quite common. Emoloyment contracts can last a life time of work so 60years and growing. So just 50years is around 210bits worth of “cost multiplier” on the technology side.
I know 210bits sounds almost “fantastical” but we have actually seen a rise on RSA key length from 256 to 8112 bits in around 30years. You can also look up the increase in password cracking ability since the mid 1990’s for other suprising rises in numbers of passwords cracked at a given price (don’t forget to inflation adjust 😉
But there is also the “chain algorithms” aspect to consider as well. If we look at crypto algorithms they actually don’t have a very good life expectancy the most obvious being DES NIST approved just about made it to twenty years of real world use (77-97 google “EFF DES cracker”). Also the likes of hashes have fallen over at fairly regular intervals. In both cases this was due to improvments in attack methods made in the open/academic community and hardware improvments as well for DES.
Thus you have to consider that what ever algorithm you use there is a very real chance it will “End Of Life” much earlier than predicted at the time of it’s design. One way to reduce this risk is by “chain encryption” where the data gets encrypted two or more times by different encryption algorithms.
You then have other problems to do with how you structure and index your archive to make it not just secure but usable. That is you want to be able to pull out single files with out giving access to other or all files by password/key leakage. You will find it hard to get information on this as the open/academic community has mainly ignored it along with much else to do with Key Managment (KeyMan).
Contrary to what you hear from commercial solutions providers it’s actually a very hard problem that few if any have addressed let alone solved.
ab praeceptis • September 9, 2017 9:10 AM
For the sake of fairness: pleading guilty in a us of a court means little. From what I know it’s quite common over there to plead guilty simply because it’s the precondition for a deal.
Neil • September 9, 2017 9:14 AM
German hackers find security hole in software used for vote counts
JG4 • September 9, 2017 9:16 AM
@all – Thanks for the generally excellent discussion. my first comment really belongs in the group loyalty thread, but I don’t want to parcel it out. I haven’t done a good job of connecting neurogenesis and learning to group behavior, but neurochemical feedback is the substance of many, many learned group behaviors that we see, e.g., group-think. the formation and joining of groups is innate in humans. the goals can be very different, but if we hold the right of self-determination sacred, it’s not surprising that some of those groups would be dedicated to driving out infidels, in much the same way that the FBI is dedicated to preserving the status quo at any cost. nothing will bond you to your tribesmen like joining them in battle. the human brain is the size that it is for a handful of reasons. one is binocular color vision, which is why the visual cortex is substantial. chimps have that and some of the next. the biggest driver of human brain size, and the origin of pain in childbirth, is the functions that enable and require membership in a tribe of a particular size range. among those are mirror-neuron functionality and the ability to grasp the motives, quirks, and dangers of 140 people, many of them friends and some small number of them dangerous, all of them capable of sociopathy if the survival switches are toggled. I take the pain in childbirth connection to knowledge of good and evil as one of the very uncanny connections that were made a long time ago. the driver of rapid change in brain size that some scriptures render as the curse for acquiring knowledge of good and evil on the serpent’s advice, is managing intra-group interactions and to a lesser extent extra-group interactions. a third driver of brain size is being able to master the complex technologies (including medicinal plants) required for survival in a range of habitats from jungle to savanna to coastal to mountainous to tundra.
it is a survival-essential-behavior for a person to adopt a group’s goals if the group is feeding them, clothing them, teaching them and eventually breeding them. if they would go out on their own, it would be short time until they were boiled and eaten by another tribe, for example, the FBI. it’s called a tribe for a reason and only the most dysfunctional human nervous systems are unable to interact at that level and the family level. that is the substance of many groups that have been in the news, from Jonestown to the Branch Davidians, from La Cosa Nostra to the blue gangs, and from the Irish mafia in the US to the so-called intelligence-community, from MS-13 to your average Sunday school class. ISIS is not different from the FBI, they have the same goal of full-spectrum dominance, but work to achieve it as a group by slightly different methods. there is a huge disparity in access to resources. people have an intrinsic need to belong to a tribe and if it takes some cognitive dissonance to get what they need in the way of belonging feelings (codeword oxytocin), it’s just another day on the blue marble.
the police learn to bully, because it makes their jobs easier. unfortunately, it also makes them happier and healthier. codeword serotonin
Social Darwinism at play: Now go punch a nerd if you wanna be healthy.
the core of tribal leadership will use bullying as needed to achieve group conformity, codewords endorphin, dopamine. I generally understand that the police are not going to give me a hardwood shampoo because I am a mild-mannered scientist driving a recent-vintage sports car of the upper middle class. at least if I don’t mouth off. but they treat the underclass very differently, perhaps for the good reason that they or their tribesmen have had unfortunate incidents with weapons or physical conflict with people of extraordinary strength and extraordinary predisposition to violence. by starting with intimidation or bullets, the blue gang (tribe) reliably achieve full-spectrum dominance. so it is with the empire that learns to firebomb civilians first and forgets to ask questions later. some members of the underclass who have lived in poverty and violence for generations have a much different predisposition to violence than the mild-mannered still-middle-class. for the underclass, demanding respect and a predisposition to violence are required survival skills in their sphere. the epigenetic research is just coming out. guess where the North Koreans fit into this epigenetic picture after having 1/3 of their population wiped out by carpet-bombing? and a series of leaders operating under martial law for 85 years? with frequent and “colorful” Very Public Spectacles? it would be difficult to imagine how their brains might be wired. not like ours, I can guarantee. intrinsic tribal conformity at a level that would embarrass an FBI tribesman. except for the occasional dissidents whose brains are wired for truth and ethics.
@Rachel – Thanks for the tip to read again the dog-bus-cholesterol comments. I stumbled into Bob Paddock’s exchange with you on EM radiation, which I somehow missed. did I explicitly say that Lee Atwater, John McCain and Ted Kennedy got brain cancer from being heavy cell phone users in the 1980’s? they weren’t the only ones. one of my friends has connections in Sweden, which was an early adopter. one of his friends there had brain cancer maybe in his late 60’s to mid-70’s and found that everyone in his brain cancer survivor support group also was a heavy cell phone user in the 1980’s. I keep paper in the battery contacts on both of my cell phones and both backup cell phones. for a few reasons. just another day on the blue marble of unintended consequences. please accept my apologies if I keep retelling the same stories over and over. my cognitive deficits are real.
@Ratio – Thanks for the link to EFF’s take. The broad strokes of a conflict of interest analysis for Syria to not deploy chemical weapons goes like this: with Russian backing, Syria generally had been winning engagements against their internal enemies. the last thing that they would want to do is use chemical weapons and bring the US or the UN into the conflict. if they were going to use chemical weapons, it would have to be either so clandestine as to escape notice or openly used to achieve a major strategic goal that would prevent outside intervention. it shouldn’t be a smallish number in a place where the strategic goal is weak. almost every technological society has dangerous chemicals in warehouses that will cause fatalities when bombed. even when not bombed if you follow the news from China. btw, the Chinese got religion on chemical safety from those incidents. it took the US and Europe a lot of ugly accidents to get to where we only have burning trainwrecks of Bakken crude every half year. I don’t know if Trump was lying, but it would be pretty easy for someone with an axe to grind, say Israel, the US, or one of the internal enemy groups to put some sarin into the picture as a false flag. then present that evidence to Trump, so that he effectively could have been deceived with a false flag attack. I was impressed with the restraint of Trump’s response, which only killed a few people. I thought that he forewarned the Russians and that it would serve to appease the press and the intelligence community without provoking serious escalation.
I saw somewhere the claim that Seymour Hersh is yet another of the mouthpieces purchased with money and insider access. there is a lot that we can figure out from open sources and a lot that we can’t figure out. but, we all can benefit from some constructive criticism. there is a fundamental tradeoff between speed and accuracy in being the first to call 8u115h1t on emanations from the fever swamp and the money power. in the days of the My Lai massacre Hersh clearly was an ambitious young reporter looking to change the world and he got out a very important story. My Lai was the tip of an iceberg that only later became clear, but only to people who want to understand. the rest of the herd is distracted with professional sports, the false democrat/republican dichotomy, the Kardashians, wardrobe slips and rumors of wars.
my exposure to Vietnam veterans corroborates Turse’s point that the ROK forces in Korea wiped out villages too. they too would have some epigenetic effects from the 1953 conflict. I really like having access to the detailed history from Hersh and others to compare with first- and second-hand accounts from the veterans. I did see the traffic on nakedcapitalism. one of my veteran friends told me of visiting a high-ranking US official in Saigon (sometime between ’67 and ’73) who was running a weapons bazaar in his basement, packed from wall to wall with everything from flintlocks to M-16s. the Sargent had told him to get rid of his M-14, get an M-16 and directed him to the address where the swap could be made. I’ve forgotten the price tag, but $300 springs to mind, back when $300 wasn’t how much you paid for a single grocery cart. I’m not going to take the springboard today, but the veterans in the US who can see through the lies are many, having survived the lies at great risk and having lost their friends for the lies.
@Rex – depending on what your threat model is, you may want to figure endpoint security into your encryption/decryption plans. my threat model generally is attempting to formulate business intellectual property and having it stolen before I can get any cashflow out of it. there’s no point in encrypting data or creating intellectual property if the key will be stolen as you type it. I don’t want family pictures or information to be in possession of the Five Horsemen or their spook paymasters, but that puts me in a tiny minority shunned by the rest of the family. if we had endpoint security and we eventually will get some, the pictures could sit on the cloud in robustly-encrypted state to be pulled by anyone in the family to their own secure endpoints. that’s a good springboard to “security as a system” having a lot of overlap with the “wetware space.” you can use the term of art, “human in the loop.” the word hopeless springs to mind. maybe the latest Equifax breach will help them stop laughing at me. I hope that someone smart seriously examines the possibility that the Equifax breach is a false flag by the corporate powers to force a much more intrusive identity paradigm, vaguely similar to the way that the Snowden disclosures could be a brilliant scheme aimed at identifying dissidents via their use of TOR.
@tyr – Thanks for your very helpful comments on robotics. I have a serious interest. squid have remarkably decentralized nervous systems in much the way that you suggest. that leads to a good story that makes the hair on the back of my neck stand up. I’m not a biologist, but I have good exposure to their ideas. one of my friends was walking in one of the areas of the blue marble inhabited by giant earthworms, 18″ to 48″ in length. this one was big, but I can’t recall how close to 36″ in length. it was crossing the path as he walked with his dog. I don’t know what sensor systems an earthworm could have to be startled, but it coiled up like a snake and reared its head or tail, and flared its neck like a cobra. how many hundreds of millions of years would it take for cobras to “learn” from earthworms to do that, or vice versa? a nice springboard to a trick used by children in either Rabbit-Proof Fence or The Gods Must Be Crazy. the children were stalked by a coyote, dingo or similar animal whose food/threat model distinction was based on height. all that they had to do to avoid being eaten was hold an object on top of their head and the animal would not attack them, because of the added height. sort of like the wet towel trick in Johnny Long’s Defcon talk on Low-Tech or No-Tech Hacking. you just have to look like tasty meat or not. to a capacitive sensor, a wet towel is just as good as a piece of tasty meat. someone told me of rubbing a piece of plastic on their clothess to heat it up, then tossing it through the slot in the door to trip the thermal sensor on the other side.
this is a bit spooky, in light of reading people
I’ve seen men who could walk into a bar, look around, read all of the women, then start talking to one who was in the mood. their skillset and personality reliably got women more in the mood. so it’s not at all far-fetched that such things can be read by machine vision. Dirk may be able to comment on his observations of those skillsets.
the rocks under the earth likely are piezoelectric. when they break or slide, charge redistributes very quickly in response to stress relaxation, radiating powerful electromagnetic fields that will ionize gas at low pressures. or produce large currents in already-ionized upper atmosphere. not unlike the red button on the gas grill, which smacks a quartz crystal making a nice blue ionization that snaps. did I say that I was sandblasting with run-of-the-mill quartz sand one evening at twilight? I was stunned when the quartz began to glow yellow like an LED from some combination of triboluminescence and piezoelectric effects. all of my sandblasting prior to that had been in daylight, so I never noticed. that was before we knew about silicosis
on to the daily news
Posted on September 9, 2017 by Lambert Strether
[Starfish Prime, Carrington Event and energy security. that bit about stars potentially hosting intelligent electromagnetic lifeforms still makes the hair on the back of my neck stand up]
Massive Sunspots and Solar Flares: The Sun Has Gone Wrong and Scientists Don’t Know Why Newsweek
[gain medium for panic, in the same sense that a poorly-designed network of poorly-designed computers is a gain medium for worms and viruses, or a gain medium for money and power]
Issuing new loans against unrealised capital gains has created an Australian ‘house of cards’ News.com
[encrypted money transfer – just for the record, “Money is whatever the free market says it is” – Mike Shedlock, “Consent is whatever you say it is.” – JG4, and “The money belongs to whoever finds it.” – The Police]
The virtual currency boom echoes dotcom fever Izabella Kaminska, FT
[as long as due process is observed, including the right of the accused to be fully heard, I’d be in favor of a hemp solution to the Equifax malignant incompetence and insider trading]
Equifax faces legal storm over its handling of data breach FT
Equifax Screwed Up Its Data Breach From Nearly Every Angle New York Magazine
Equifax Data Breach is a 10 out of 10 Scandal TRNN
Equifax finally responds to swirling concerns over consumers’ legal rights WaPo
Equifax Lobbied To Kill Rule Protecting Victims Of Data Breaches David Sirota, International Business Times
[there’s a bunch on North Korea that I’ll skip – it’s there if anyone wants to see it, it’s easy to find. plenty of misinformation and disinformation blended in]
…[torture is a learned group behavior, including all of the tricks of the trade and how to not be prosecuted. it’s part of the police, FBI, and CIA tradecraft, from the inner city training centers to Abu Ghraib and Hellmand Province.]
Imperial Collapse Watch
The road to torture: How the CIA’s “enhanced interrogation techniques” became legal after 9/11 Salon
[the transfer function known as the self-licking ice cream cone or the fountain of money that never stops, at least until the End of Empire]
F-35 firmware patches to be rolled out ‘like iPhone updates’ The Register. What could go wrong?
[addiction is a result of neurogenesis and brain rewiring from exposure to “environmental” chemicals. the quotes indicate that it was the fourth leg of the slave trade, or fifth if you count tobacco, after sugar, alcohol and shackles. there are reasons that plants evolved these chemicals and they are “intended” for interaction with systems in animals and other plants]
Powerful painkiller use ‘doubled in 15 years’ BBC
Big Brother Is Watching You Watch
The Crypto- Keepers Yasha Levine, The Baffler #97 What Kind of Idiot Gets Phished? Gimlet (DK). DolphinAttack: Researchers warn of supersonic voice command hacking SkyNews
Our Famously Free Press
Trust me, I’m lying Eurozine (MT).
[when the brain-drain reverses, things are going to get ugly. note that Shanghai has the sharpest math students in the world. if the Chinese manage to put sustainability to work for them, they are going to be very wealthy indeed, and able to brain-drain the rest of the world]
U.S. Public Universities Are Falling Behind Bloomberg
ab praeceptis • September 9, 2017 9:17 AM
Equifax Data Scam: NYT in Pursuit
My first thought, too -> “you idiots completely f*cked up with your ‘holy of the holies database’, with the very core of your business – and now you want people to basically trust you again and enter their data to check whether they are OK or not” – seriously?
Btw: I assume that there’s lots and lots of stale data in equifax’ database. It might be valuable for the hackers, too, to see who checks his data so as to flag them as “alive”…
Oh, and: wasn’t protecting its citizens, i.a. through good regulation, standards, and stringent checks on vital systems one of the very raisons d’etre of a state?
ab praeceptis • September 9, 2017 9:43 AM
“lifetime” – Well put. But a) how is Jane and Joe supposed to judge and b) profit vs. security.
Ad a) Perelman proved the Poincaré conjecture and tomorrow another “Perelman” might come up with a game changer for primes (prob. Fermat based, but whatever). Then there is quantum computing (which I use meaning “major and earth shattering computational game changer” rather than qc only) plus we already have 512 bit “math turbo” engines in everyday processors and many other corners from where at least quite significant changes might come.
Frankly, if asked how to credibly crypto protect anything for even “just” 50 years, let alone 500, I’d see major difficulties, because, yes, based on what we know today just throwing bitsize at the problem plus maybe an algo chain should do fine – but the problem is that even a modest (today + 10 != today).
How on earth would Jane and Joe have the slightest chance to judge what is to be considered reasonable for, 10, 25, or 99 years security and whether some product (let alone crypto mechanism) will be adequate?
Ad b) crypto is expensive, no matter the “advertisements” of e.g. aes + hw support. It is and always will be considerably more expensive than plain computation and storage. Which is bound to have “smart managers” appear looking for ways to cut costs.
(c) crazy sounding proposition: Make a law that allows companies to register and, once registered, to hack the living sh*t out of their competitors trying to get access to their crown jewels (incl. customer data). Make it legal to then use data gained in such way for their business.
I’m convinced that that would considerably enhance the situation. Reason: customers are but stupid melking cows for most (large) companies. So, let’s make it their interest to protect our data.
vs pup • September 9, 2017 10:58 AM
Russia claims ‘Islamic State’ group leaders killed in Syria airstrike
The Russian military named Gulmurod Khalimov and Abu Muhammad al-Shimali as two of the four IS leaders. The other two were not named. Khalimov, who had been described as the group’s minister of war, suffered a “fatal injury,” the ministry said. Khalimov defected to the militants in 2015 after serving as the head of the riot police force in Tajikistan
WOW! As a senior police commander, Khalimov travelled to the United States on several occasions for counter-terrorism training. Last year, the US placed a $3 million (2.49 million euro) bounty on his head.
Clive Robinson • September 9, 2017 11:29 AM
I’ve seen men who could walk into a bar, look around, read all of the women, then start talking to one who was in the mood.
It’s actually not as hard as some people think it is.
First you check what kind of group norm they are in. Then judge by the norm if they are showing more or less flesh, and where the exposed flesh is (body-v-limbs). More body flesh visable is often a primary indicator.
Then look at the clothing, is it primary or strong colours that is more noticable than the norm? If it is then you’ve got the second basic signal. Makeup can also be a clue in this respect. That is red lips and making the eyes look more child like (larger compared to rest of face).
The next set of indicators is body language. But here you have to know if the person is single or not and if they are in a group or not, and importantly if they have seen you seeing them.
Your approach is also based on the body language grouping. A single person is going to look for a different approach than one who is not. The old line about making a married woman smile or laugh but a single woman not has a degree of truth in it. Single women tend to like listeners not talkers where as attached women are more likely to want you to do a little more talking to entertain them. They are more likely to be looking for an alpha male at “showing flesh” times than a beta male when they are looking more for keepers than itch scratchers.
The basic mistake many make is “dress code” not just in who they are looking at but in themselves. It’s an easy way to get spotted as a phoney.
Dress code, hair style and footware are quite a good give away not just to the real group somebody belongs in but the way they are likely to behave.
Which brings us to the “gaydar” sense there are “tells” that you can spot not just to orientation but their prefered role.
The simple fact is we give out “tells” or signals to our grouping and status long before we say a word.
Speaking of why we group into tribes the simple answer is “we trade”. Take herbivores, they spend a lot of time eating which basically means head down or up, either way they are not observing the area predators are likely to approach from. Thus unless they are large and thick skined if not actually armored, they can “time share” with others to take turns in looking for predators. That is most of the group can be head up/down whilst those chewing can look in various directions for signs of predators.
However there is an exchange involved, that is what they gain in the way of warning is offset by what they lose. That is the grazing is shared and there are winners and losers in that the first/seniors in the herd get thr best of the grazing whilst those of lower status get the left overs. Whilst this makes little difference in times of plenty it makes a heck of a difference in lean times. Which is why some herbivores break into smaller groups or might even become solitary in lean times, prefering to take their chances with predators in return for atleast getting sustinance unshared.
You can go from this to other herd dynamics and find parallels in human groupings and tribes.
JG4 • September 9, 2017 11:45 AM
@Clive – Than. Excellent points all. Carnivores can read the herd at a glance and the healthier spring boks (and other herbivores) will signal that they have a large surplus of energy to burn.
There should be some type of hypervisor that would allow viewing comments in arbitrary and augmented ways, which could be shared. The blog posts and comments essentially are an array of characters, by default presented as a sequence of word in chronological order. Reverse chronological order if you use the newcomments feature. To pull out all of the book titles ever discussed, the character array could be parsed and all combinations of strings compared to the Amazon database of titles. Or the Google database of titles. Then the books could be listed in alphabetical, chronological by copyright, chronological by comment, ad infinitum. btw, Larry Ellison and his spook paymasters were 40 years ahead of me in realizing the power of databases. There are a lot of other possibilities implicit in a selective comment viewer, for example, simply stringing all of Clive’s comments in sequence chronologically. NLP already is a big deal. I’d still like to download the complete set of comments as a backup to my work and as a step to crunching the comments for the highest quality material.
This may have been the most important topic in the morning news dump, further highlighting the environment we are in. Further evidence that Snowden is the most amazing mind-f^@k ever conceived, and further evidence that very few have endpoint security.
…[nothing is what it seems]
At least that’s how they saw themselves. My reporting revealed a different reality. As I found out by digging through financial records and FOIA requests, many of these self-styled online radicals were actually military contractors, drawing salaries with benefits from the very same U.S. national security state they claimed to be fighting. Their spunky crypto-tech also turned out, on closer inspection, to be a jury-rigged and porous Potemkin Village version of secure digital communications. What’s more, the relevant software here was itself financed by the U.S. government: millions of dollars a year flowing to crypto radicals from the Pentagon, the State Department, and organizations spun off from the CIA.
…[the FBI then have the knuckle-draggers and subject matter experts]
Still, Durov says he was a bit shaken by the experience. “In Russia, the FSB guys I’ve interacted with were not impressive. They were of middling ability; not really qualified. In the United States, the FBI is different. The ones who questioned me were competent. They spoke multiple languages. They had done their research, and knew exactly what questions to ask. They were of a high caliber. And I understood that America has so many resources dedicated to security that it is downright scary. Law enforcement in America is so much more efficient.”
The FBI agents went away, but they weren’t done. As Durov tells it, they also had set their sights on a Telegram developer who had flown in for the Google conference, and was also staying at the same Mountain View Airbnb with Durov. (An FBI spokesman declined to discuss any details of Durov’s account with The Baffler.)
This developer had already been stopped and questioned at the airport by agents from the FBI’s cyber division, but the FBI scheduled a follow-up meeting at a San Francisco café. The agents who met the developer there started by peppering him with general questions about Telegram’s architecture and how its encryption algorithm worked, all while lavishing him with praise for his expert knowledge. It didn’t take them long to get to what they really wanted: access, for which they were willing to pay.
…[they’ve breached endpoint security long and hard and deep]
And anyway, Signal or no Signal, if your enemy was the United States government, it didn’t really matter what crypto app you used. A recent dump of CIA hacking-tool documents published by WikiLeaks revealed that the agency’s Mobile Devices Branch has developed all sorts of goodies to grab phone data, even when it’s quarantined by the firewalls of apps like Signal and WhatsApp or even Telegram. “These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide, and Cloackman by hacking the ‘smart’ phones that they run on and collecting audio and message traffic before encryption is applied,” wrote WikiLeaks.
…[as Clive would remind us, it’s not enough to be squeaky clean. and I would say always ready to withdraw consent]
In our post-Snowden world, we have outsourced our privacy politics to crypto apps. By doing so, we’ve entered a paranoid game theory nightmare world—a place where regular people have no true power and must put their faith in the people and organizations stoking the algorithms that make this crypto tech. In the end, it all comes down to trust. But can any of these people and organizations be really trusted? The young Russian mogul on the skids with the Kremlin? The former American spy-for-hire on the run and hiding out in Russia? Boutique crypto apps funded by the regime change wing of the State Department? Google and Facebook, who partner with the NSA?
Confused? Don’t know who to trust? Well, that’s the state of our privacy movement today.
Yasha Levine is an investigative journalist and a former editor of Moscow-based newspaper The eXile. He is the author of the forthcoming book Surveillance Valley: The Secret Military History of the Internet.
I posted some Shannon links yesterday:
I’ll try to remember to order the Shannon book this week.
Rachel • September 9, 2017 1:32 PM
Mobile phones in the 80’s also had a different emission spectrum not least owing to antennae. Figureitout’s field. And those old car phones, you could cook your lunch inside the chassis.
It was my first thought with Steve Jobs cancer.
Your take on China as world brain leaders. A china expert told me a nation wouldn’t want to face a chinese nation of conscripted students- for example standard graduation exam apparently includes, student dropped in rural area with nothing but the (tracking beacon fitted) underpants they are wearing. 24hrs to return safely to urban hq. being
arrested by the gendarmes is a fail. has anyone here done SERE – urban escape&evasion courses?
you referred to lithium re: manufacturing which Clive has discussed tangentially per rare earth minerals. theres a ‘fairphone’ brand aspiring to safer manufacturing. Autism spectrum symptoms can be said to benefit from the common lithium orotate, (not the toxic drug), many people take no more or less than 5mg a day for variety mental health issues. supported by lots of research. see iherb.com. any such comments from me are with the disclaimer i am not a physician 🙂
Have you considered hosting your own blog or composing essays for publication. You could easily be writing books to rival Nassam Taleb (Black Swan) we’d miss you but many more would be exposed to the phenome that is Juliet Golf Foxtrot
Rachel • September 9, 2017 1:49 PM
your line in your great robotics post about the balloon growing with learning vs the ‘BS idea we’ve only got a bit more to go until its all mapped out’
very occasionally I read something here that is simply so satiating. both components of your sentiment qualify. it should form part of a duel ‘ precepts of security/ insanity destroying security’ ten commandments.
There is a Japanese proverb or reference translated
‘ The bigger a front, the bigger its back’
David Henderson • September 9, 2017 5:44 PM
I have used a product named “spideroak” that encrypts before backing to the cloud.
It has a pretty good multi-system interface.
A competitor for it, based in Swizerland is tresorit:
Much more cryptic is a product known as “tarsnap” that is designed to backup using amazon aws servers. I’ve never used it but it looks promising.
Personally, I now keep everything in a configuration managed zfs mirrored file system (git at the moment). I use this because the data is under my control at all times. zfs performance is not an issue, so I use Debian zfs-fuse to implement the mirror.
Fpr backup, I make tarballs that are written to dvd+r media periodically. I don’t have a large volume of data, perhaps 100 gb of source and personal files.
The git repository is under continual use. zfs is supposed to recover from drive failures because I use a 3-way mirror. dvd+r is pretty indestructible. I was nervous about using the cloud because Ididn’t know about individual company longevity.
Ben A. • September 9, 2017 6:32 PM
SpiderOak and Tresorit are both excellent services but even though they both perform local encryption you have no control over it, and they’re proprietary.
As I said earlier Tarsnap and Tahoe-LAFS are extremely good but require a modicum of technical knowledge. Tarsnap is a one-man job so you always have the ‘under the bus’ scenario to consider.
Your current version control is adequate providing you encrypt client-side although backing up to DVD for 100GB would take many disks. You can get high capacity DVD (nearly 10GB) but they require special hardware.
For your usage I’d think cloud and USB would be good enough, plus the local copy on your system. Ideally keep your USB thumb drive off-site in. Secure location.
David Henderson • September 9, 2017 7:13 PM
I made a mistake in stating the size of a backup snapshot.
The zfs mirror has capacity 200GB.
Its now approx 50% full of snapshot tarballs taken over the past 2 years or so.
Each snapshot is 1.1 GB, fitting nicely on a dvd+r with lots of room to spare.
git keeps track of file changes, so backup history is more a matter of extreme conservatism.
zfs has checkpoint capabilities but I rely solely on git tags as these are more meaningful to me.
What I fear most is cockpit errors with git when I actually need to recover old configurations and/or perform a branch merge. Finger slips have happened and having a couple of weeks history is invaluable. I firmly believe that Murphy is alive and well and out to get me,
I don’t think any online backup service can match the functionality I’ve got now. tarsnap with its deduplication might come close. git knows what it is doing for configuration management; its probably doing a far better job than tarsnap’s deduplication.
tyr • September 9, 2017 10:24 PM
What you say is true. You had an interesting
insight about internal states modelling the
external something worth thinking about.
Brooks major contribution was his proof of
theory by doing the experiments (Ghenghis
robots). He seems to think Moores law has
hit bottom but I’ve seen some recent nano
tech work with single molecule memory and
transistors being done in the laboratory.
That stuff doesn’t map well into divide
area by two progression into the future.
I do understand your problems better as
those hard structures succumb to gravity
and once the cushion has eroded it can
only rebuild by ceasing the friction.
I ran into a Statin that attacks synovial
fluids as a side effect something older
folk do not need.
Tribal and group activities have amazing
mappings from primates to humans. So much
social activity attributed to thinking is
mirrored by baboon groups that something
is wrong. Either baboons do a lot more
thinking or humans do a lot less of it.
That Equifax breach is a heads up call for
those who have been advocating Deweys
Dangan for everyone program. Building one
paints a target on everybody that they can’t
avoid and no amount of mealy mouthing about
it being for your own good will cover that
I’m surprised no one has mentioned nation
state actor malware buried in various power
grids just waiting for a chance to shine.
SERE is just another snake-eater school
one among many, wasted on most country
milkshaken • September 9, 2017 10:48 PM
I think you will be pleased to know that your book Data and Goliath has been just cited as the most comprehensive analysis of the metadata problem, in the first research paper by Ed Snowden and bunnie Huang
Andrew • September 9, 2017 11:12 PM
@nick p, @tyr
Stating that jobs like weiter or nurses will disappear in the close future is stupid indeed. On the other hand the autonomous cars are a reality and we may see less drivers in the next five years. We cannot generalize.
AGI (https://en.m.wikipedia.org/wiki/Artificial_general_intelligence) or Superintelligence with consciousness is work in progress. Google, Microsoft and recently IBM have created big scientists teams for it. There are probably teams working on it on China, Russia and Japan too.
It is possible that we may see a first form of HAL9000 in 15-20 years. This will really be a game changing. Either autonomous or on cloud, some kind of intelligent Echo, Home or Cortana on wheels or metal legs may be able to communicate and perform simple home tasks without being (too) stupid. Just like the motto in the ’80s it will probably be “a robot in every home”.
We are still far from Westworld humanoids from physical point of view but we may see, much sooner, devices with their intelligence.
The chatbots we have now are everything but intelligent, as a company you cannot do more to annoy your customers.
There is an AMA on reddit with Google Brain team soon, you may have a better picture there.
Clive Robinson • September 10, 2017 3:31 AM
There is a Japanese proverb or reference translated
‘The bigger a front, the bigger its back’
I first heard that in the early 1980’s when working with a Japanese engineer. She pointed out that the expression had a number of “silent riders” one of which was “the smaller the head”, another “the slower it moves” and importantly “the easier for a knife”. It was then becoming part of the business mantra. They realised that a large corporation whilst having a strong front was actually prone to behaving “slow and stupid” thus easy to take down. They realised that the old Bethlehem Steel idea of “no teams bigger than a hundred” made sense. As well as alowing the teams to be competitive in a strong set of rules so like a baseball league they were competitive and could in effect trade players.
Thus they started structuring as “leagues” of teams not armies. That is they had realised that the worst enemy was from within and it was complacency. They joined this with Toyota’s JIT and later Kanban as signaling improved and developed with the BSI QA to give what we now call “lean techniques”. The key essence of which is rapid response by signalling in a competative environment where trasparancy is paramount.
The point is that the ideas apply equally well to security, where complacency, especially at the end points is most definitely “The enemy within” and not a politicaly inspired cover up “scare mantra” like “Reds under the bed” or “See and Say”.
But I guess the last word about the price of freedom is eternal vigilance goes to some American bloke 😉 who had a real fear of democracy, thus had his own “enemy within” deamons.
 Who unfortunatly got a taste for a pint or two of British “Dark Beer” after work. But had no tolerance for alcohol (something around half the japanese population has). And sadly had to get shipped back home by her employers.
Clive Robinson • September 10, 2017 4:34 AM
I ran into a Statin that attacks synovial fluids as a side effect something older folk do not need.
After getting blood clots in the lungs, head, legs and possibly other places. I colapsed and got the blues and twos trip to hospital. They stuck me on all sorts of medications including “rat poison” but also on the “just in case, cover all bases” idea, a normally harmless statin. Thus nobody did the follow up tests. The result was in less than a year I lost half my muscle mass no matter what I did excercise wise and developed other complications I still suffer from to this day. Which means I can not drive and am considered a serious “Health and safety risk in the workplace” by both legislation and insurance companies. I do however get to meet lots of doctors and nurses who send me to see consultants who then introduce me to student doctors etc to be poked and prodded. So I’ve gone from being one kind of “lab rat” to another…
Statins may well turn out to be a new medical scandal because few if any doctors do the “follow up testing” to check you are not one of the very small percentage that suffer from side effects. I’ve been told that I should avoid certain fortified fat products (ie the supposed “healthier” butter replacments, that have had certain cholesterol lowering plant extracts).
At the end of the day “food security” has been used as an excuse by industry to do some quite unnatural things. That we are only just starting to deal with. High corn syrup, salt and fortification by things you would never eat yourself such as feathers and human hair even animal hides considered unfit for leather making. And they do worse to animals such as using antibiotics to encorage animals to “fatten up”. Oh and feeding excrement back to them to likewise “fatten up” or lay more eggs etc.
Most of this was either encoraged by or done by Western Governments, and has lead to the likes of genetic modification that is used as a method of enslavement of basic food producers around the world.
It sometimes amazes me that people who know about what has been driven by western governments in the name of “Food Security”, still think that the Governments and Big Corps are not spying on us every which way possible in our everyday lives under “National Security”.
 I was one of those awkward cusses that had a quite high BMI but a lower than normal fat mass. It might have had something to do with either walking/running 20miles/day or cycling 50-150miles /day with a bit of swiming thrown in for variety. None of which I’m now alowed to do even if I could.
 Yes it’s true look up the “Chorley Wood process” for bread making. It’s why “home made bread” rarely has that spongyness that those “sliced white” sandwich loaves have in abundance.
 Basically the hides are “chemically boiled” to a slurry, then have the DNA broken down so you can not tell what animal (such as horse, pig, cow) it came from. The resulting product is then injected into meat which is then immersed in water, which can add between 25 and 50% weight to the raw meat… Obviously aside from being cheated into paying for water at several Dollars a litter, some people have strong reasons not to eat horse, pig or cow products and thus might be horified to find out they are, hence the otherwise unnecessary steps to break down the DNA.
Clive Robinson • September 10, 2017 5:09 AM
He seems to think Moores law has hit bottom but I’ve seen some recent nano tech work with single molecule memory and transistors being done in the laboratory. That stuff doesn’t map well into divide area by two progression into the future.
Theoretically we still have quite a way to go on Moores law. However Moores observation does not have a technology cost component. Thus practically with our current technology it realy is to expensive to go much further on reducing transistor size. In fact some would argue we’ve already gone to far due to the “heat death” issue. It is a “dynamic” issue due to transistor switching through a resistive mode generating I^2R heating and thermal impedence of the substrate stopping the heat energy being removed quickly. Thus in the likes of the Arithmetic Logic Unit (ALU) and parts of the Instruction Decode Unit and Register File Unit transistors are being continuously switched very very rapidly. Yet in other areas such as cache memory cells hardly at all in comparison thus with care things can be aranged on the chip. However 64bit CISC systems are at a much greater heat death disadvantage than 32bit RISC systems. Which is one reason ARM chips are cheaper to use in most cases.
Thus we can make a jump forward on Moores observation by switching to a different technology. We’ve seen it before with memory cells being switched from multiple logic gates using many transistors in SRAM to just a single transistor and capacitor for DRAM. Also because RAM does not suffer any where near as baddly from the dynamic heat death issues they can be vertically stacked so achiving greater packing density.
We are kind of on the verge of FeRAM which alowes even more vertical stacking, pluss it realy is static including having the power removed and still holding the data.
So yes new processes will keep us on Moore’s observed line but we’ve reached a cost barrier on silicon in CISC style CPUs.
Looking at viability of new methods, you would expect to see a nine to ten bit advantage at start of process development dropping to a five to six bit advantage when hitting the market place assuming that they both offer a bit a year gain for atleast five years. With the new product continuing down the bit a year path whilst the older technology slows to a bit every couple or three years at which point it just becomes “legacy”.
Clive Robinson • September 10, 2017 6:35 AM
@ Andrew, Nick P, tyr,
On the other hand the autonomous cars are a reality and we may see less drivers in the next five years. We cannot generalize.
This is where I fell like I am being mean.
Autonomous cars are a reality but still in a restricted environment. There are still problems with them in less or unrestricted environments where humans still have advantages when fully alert etc. But as we know from the accident rate either not all humans are up to the task or many are by nomeans as alert as they should be.
One solution which would work today is to enforce the restricted environment, by excluding human drivers. We could have done this a decade ago in city centers and the like and significantly reduced the accident rate.
Which leaves the question of if AI devices can ever compeate with average humans that are both skilled and alert to what they are doing.
The question is made more complex when you consider that most humans are not just capable of learning but inovating as well. Much of what is called AI is actually “rule following” which has neither the capability to learn or inovate.
To get AI to learn you need an infrance engine. Further to give it a chance of innovation it has ti forward chain (pull it’s self up by it’s boot straps). As part of this is the acceptance that it will have to make mistakes as part of the process.
Currently we tend to go for infrance engines that backward chain, that are in effect “goal driven” which has a side effect of reducing mistakes if the goal is defined correctly. However such systems are in effect improvers/refiners not innovators.
Thus there is a trade off to be made. But there is the human issue to consider we accept that “To err is human” but we don’t accept that with machines. In fact our entite legal system is predicated on a “directing mind”, that is, it is not the machine at fault but the operator or the manufacturer/designer.
With an AI with a forward chaining infrence engine there is no directing mind, thus who is liable for it’s mistakes?
But it also gives a clue as to what jobs will be replaced by AI systems. Much as force multipliers such as motors/engines replace muscle and have gone well beyond what human bone muscle and gristle can do.
Jobs that are heavily rule based with no need for learning or inovation are prime candidates. Thr human does it simply as an –unteliable– rule follower. Replacing the human with a rule following AI will in most cases improve the quality of work and improve the quality of life of the person who would have formerly “done the job”.
This raises a philosophical question about humans. Some people like “drudge jobs” because it frees up their mind to do other things like think or chat, learn / socialise etc. Further the expectations of the employer are lower thus the risk is lower in some employees minds. Likewise they are not asked to be responsible for others or even to themselves. Thus they don’t have to get involved with “continuous education” and “up skilling”, “training” or even being “competitive”.
That’s not to say the people involved are not capable of doing all those things, some are simply doing such work so they can use their abilities in other non work areas of their lives. It is often seen in people who are “earning to subsist” whilst studying for a future career or following other goals such as doing other activities such sport or hobbies etc.
Hence the conundrum, do we get rid of the drudge jobs to AI rule followers and in the process destroy the “work to subsist” model that many are reliant on to make better of themselves. Because if we do we in effect kill their career abilities and thus significantly harm society. Bean counters and other short term thinking managment types –with psychopath traits– would say yes the moment AIs became cheaper / more productive or to be more precise put more money in their pockets. It is a strong part of the “Free market” mantra, and can only end in a downward societal spiral unless other aspects of society change. One such that I would favour is a “guaranteed basic income” system. It gives you subsistance pluss a little, it’s then upto you what you do.
But before people make up their minds, they need to realise that around two thirds of people working in the West are currently actually doing “make work”. That is invented jobs to keep them occupied. I’ll let others work out why this is done, then they will perhaps see their existance in an entirely different way.
 I worked in a hospital as a night porter then in the mortuary as a porter/asistant whilst a full time student. I also worked my way up from dish washer to chef in a restaurant also whilst being a full time student. Thus was able to find a job in my then chosen career path that alowed “day release” to continue studying. I eventually did post graduate study to change my career whilst working full time as a proffesional engineer by using my holiday to attend week long course blocks. And yes I still study in other career streams than I would be “pigeon holed” in by an employer. Thus even as a “proffessional” I still have the “work to subsist” ethos because my interests continually move on.
Rachel • September 10, 2017 10:03 AM
thanks for the ‘Baffler’ article by Levine you also quoted from. Some fascinating issues raised. ‘Not the law! Technology!’ But it was also really strange. It had an overwhelming feeling of agenda, manipulation and propaganda towards the end. As well as outright lies. For example the Telegram guy claiming the whole crypto community ganged up on him but none of them were willing to discuss technical details, they just wanted to attack him. Moxie actually kept offerring to help them improve their implementation and the telegram founders ignored him.
on the subjective side ‘telegram is the bad guys app of choice’ i think is a load of BS
Well, there it is in print for the world to see. Signal is a us government project
CallMeLateForSupper • September 10, 2017 10:44 AM
“[…] ‘home made bread’ rarely has that spongyness that those ‘sliced white’ sandwich loaves have in abundance.”
I would say “in excess” rather than “in abundance”.
I appreciate the pointer to Chorleywood bread process. Since decades, I wondered why the typical U.S. industry-made “sandwich loaf” was so effing soft, neigh gooey. (The universal derogatory term for this weak stuff is “Wonderbread”.)
Six months of savoring the sandwiches I made from terrific vietnamese bread while at Da Nang put me off “standard white” for good when I got home. IMHO, the only commercial bread that could stand up to meat and vegetable fixin’s and withstand handling was rye/pumpernickel or whole wheat (unless good bagels could be found). In ’72 I asked the wife of a friend to teach me to make her delicious, firm white, and I still make my bread using her recipe.
Ya buy ’em books, buy ’em a mule, send ’em to school, and what do they do? Stand on the books and f___ the mule!
Let’s discharge firearms into a hurricane. (sigh)
MarkH • September 10, 2017 4:10 PM
Press Reports Dangerous Attacks Against Electric Power Systems
I’m taking the liberty of re-posting comments, in the hope of seeing some discussion here. It seems to me that these attacks had more potential for damage (economically, materially, and in terms of danger to human life) than any yet seen “in the wild.”
Articles on ZDNet and Wired describe concerted attacks on energy-firm computer systems starting with the usual email phishing, tricking people in loading sham software updates, and the like.
The accounts of the two articles are similar, but the Wired article makes the stronger claim that the attackers established sufficient access to control power system plant equipment.
Before the term cyberwarfare was coined, there was already much discussion and anxiety about the severe magnitude of disruption that could be achieved by sabotage of civilian electricity systems.
If this reporting is correct, one or more organizations may have already achieved the capability to mount such sabotage at will, though it was not (yet) carried out in these newly reported attacks.
Those who follow security matters will be well aware that in recent years, cyber sabotage against power systems in Ukraine resulted in large-scale temporary outages.
Personal Observations Concerning Simple Safeguards
Computer security is only tangential to my work, and I claim no broad knowledge of the general state of real-world security practices.
But I do have some anecdotes from my work life.
I’ve dealt with at least two major telephone system firms, which operate their own WANs for the systems that keep things running.
Although the separation is not absolute, they have exceedingly strict rules to keep these operational networks isolated from public networks. Where the operational networks must connect to the “outside world,” they do so via tightly controlled bridge systems.
It seems to me that in these companies, taking over a Windows PC on somebody’s desk would not give sufficient access to remotely take over their operational systems. In essence, there’s an air gap.
I hope that electric utilities not already following such practices are getting their wake-up call!
Not long ago, I wanted to get a document to a liaison officer by the quickest available method.
When I tried sending as an email attachment, the officer told me his email did not permit him to open any attachments.
So I ftp’d the document onto an internet server, and sent him a link. He told me could only access a very restricted set of domains.
It seems to me that these kinds of precautions would frustrate the attack vectors reportedly used against electric utilities.
By the way, the military base in question has no operational capability. The activities there are purely administrative.
My company proposed using USB “thumb” drives as a means of collecting records of equipment testing in order to document that the testing had been successfully conducted.
This was accepted, inasmuch as the test equipment in question was portable and the USB transfer could take place off-premises.
We were informed, however, that use of such USB drives was absolutely forbidden inside the operational facility.
Note: A compromise to the test equipment itself would have no impact on the sensitive operational systems.
As regular visitors to Schneier well know, closing every possible “hole” is a hopeless task.
Even so, there are stupid-simple precautions like those I have described above, which can greatly increase the cost of attacks, and reduce their feasibility.
In the case of electric utilities, this is a completely sensible area for government regulation, to establish some minimum standards for operational security practices.
JG4 • September 10, 2017 4:45 PM
ancient background on the human security problem, which is so endemic that it affects breeding
the simplistic solution to the pain in childbirth problem is wider hips, but that branch gets pruned by running speed. elite female athletes who run the fastest have the most difficulty in childbirth. hip width is constrained on one side by the running speed required for tribal warfare and on the other by head size required for tribal warfare. the parabolic tradespace balances a high death rate in childbirth against a high death rate from not running fast enough. John Boyd observed that the deaths in jet fighter training saved a greater number of lives in combat. anyone would do well to get within 10% of the global minimum. head size was/is an arms race in the cognitive wars inside and outside of tribes. the reason that we are continually in need of computer security is, roughly speaking, because murder and warcraft have been a successful survival strategy more or less forever. you can include lies/fraud/deceit and theft/stealing/burglary in the same entropy maximization tradespace. politics is inextricably linked to security, because the collective right to self-defense, and all that entails, has to be balanced against the individual right to self defense, and all that entails. the anvils to the hammers is that our continuous warfare for the past 100,000 years (+/-) has pitted collective security against individual security and head size against running speed. the liars, thieves and murderers arbitrage every tradespace. there should be some nonlethal solutions that are far less costly than the current framework. that would constitute a paradigm shift. it may take the prickly desert religions, the fever swamp and the money power a few hundred years to catch up. or they may kill us all instead.
@Rachel – Thanks for the tip to look at lithium. about six years ago, I stumbled into literature about happy water (links below), so I vaguely knew that people in areas with higher lithium report greater life satisfaction. your tip helped me learn that naturally occurring lithium also is associated with significantly decreased dementia (links on request and easy to find), as well as some fascinating history. btw, lithium was forged in the nuclear fires of the Big Bang, unlike the heavy elements that were forged in supernovae. I’d be comfortable drinking water from one of the higher lithium areas, as that is orders of magnitude lower than the levels associated with kidney damage from the pharma business. sometime I will tell you how deep it cuts to carry the casket of a 26-year old woman who had bipolar disorder and chose to withdraw consent. the wind in the Northwoods doesn’t even rank on that scale. I’m not manic enough to have ever needed meds, but you probably know that creativity is linked. given that I’ve had a chronic magnesium deficit, it’s quite likely that I’ve been short of calcium, potassium, lithium and zinc. it is difficult to get healthy food in the corporate paradigm, as Clive alludes. those are problems that I work on frequently and I have made some progress in understanding. the trick is to find persistently profitable business models within the ethical constraints of actually helping the customers. and not have the business models stolen before you can make a dime. and outrunning the pharma-industrial cartel that are trying to stamp out any and all small competitors.
either of these links could be stale. there is a lot of good information out there, particulary on the Danish study. mineral deficiency underlies a meaningful fraction of lifestyle diseases and mental illness, including alcoholism
@Clive – very sorry to hear about your injury at the hands of the pharma crime cartel. Karl of the Rabid Stripe frequently foams at the mouth about statins. I haven’t posted much of that (especially lately, because he inadvertently blocks TOR users), but if health security is in bounds here, I’m happy to show that the total mortality data are weak, or worse. not to flog a dying horse, but I have an expansive view of security. the runningest guy that I know has a genetic quirk that keeps his cholesterol wildly elevated. he had immediate muscular symptoms from statins, thought not as serious as yours, so took them only for a very short time. Karl is very enthusiastic about low-carb living. hopefully you could enjoy swimming that would take pressure off your back and get some aerobic activity. they made me diabetic with beta blockers, which are another injurious medication. I suspect that magnesium deficiency made me hypertensive, but that is so good now that probably could get off meds altogether. the statins also have a high probability of inducing diabetes. there are two medications actually associated with longevity. one is metformin, which I probably will need, and the other is a fungal product that has produced dramatic results in some cancer cases. as always, links on request. I don’t always get the details right, but I am happy if I get the broad strokes right.
there is hope for the heat death problem at the end of Moore’s law. I’ve been excited about wide bandwidth semiconductors for a long time and I managed two or three years ago to connect GaN and GaAlN back to DARPA and the Secret History of Silicon Valley. though not mentioned in the talk, it is easy to look at the projects DARPA funded and see their presence. GaN, SiC, diamond and similar materials have figures of merit that were science fiction when I was a kid. continuous junction ratings of 250 C, putting kilowatt microwave sources into backpacks. you probably don’t need a satellite other than the moon to reach around the earth with that kind of power. the diamond substrates provide thermal conductivity roughly five times greater than copper, at 2000 W/m-K. GaN, GaAlN and C don’t have the magic oxide that propelled silicon to fame and fortune, but they already are a big deal. in Microcosm, George Gilder indicates that making the transistors smaller also makes them faster, as it reduces heat per element. I think that your point is correct that heat per unit area goes up as they get smaller. it is practical to take 300 watts per cm^2 off of silicon chips with spraycooling, which was bankrolled by Spookwerks East and various other national security cogs. it would not shock me if 3 kW per cm^2 were in reach for GaN on diamond.
interesting that silicon, which made Microcosm possible, is the same element that made Telecosm possible. the microcircuit revolution was enabled by the oxide properties (diffusion barrier, MOSFET insulator, etc.), and the fiber optic revolution is the same oxide in a different and ultra-pure guise that can be drawn out to single-mode as fast as a man runs. erbium-fiber amplifiers are a key part of the magic in the telecom wavelength range. there are plenty of rare earths in the US, including enough thorium to power middle class living for everyone on the planet in a non-proliferating fuel cycle for thousands of years. I’m not convinced that humans are ready for nuclear power, but cautiously optimistic. I missed the fact that solar PV and solar thermal are just as good as nuclear in many cases, at least if we can get a hydrogen storage mechanism in place timely. I’m from the defense-in-depth school of engineering, which is co-located with the overkill school of engineering. the most colorful guy still living in our industry says “Overkill is a whole lot cheaper than underkill.” the more colorful guys died young from living to great excess.
I see people mention the amazing collaborations of yesteryear, which I somehow missed when I came in for what turn out to be political reasons of demanding that the corporate powers respect my data. obviously that was futile, but the understanding of the problem space is something that has stand-alone value, at least from my limited perspective. I have a lot ideas, of which some must be good, that I’d like to turn into actual projects, but the cognitive limitations make it harder. not like the good old days, but good enough. if it isn’t clear, I am very impressed with the Titans of this blog space. if I offer anything, it is a wider view of the problem space, and some hard logic on what constitutes a secure solution. the hardest problem in this space is how you defeat the psychopaths who have cloaked themselves in the law, without empowering the private-sector psychopaths. and stay out of the way of both.
@tyr – the tip to look at Rod Brooks led to quaternions and an Irish prodigy. Rod Brooks’ TED talk made a nice parallel between spreadsheet empowerment and robot empowerment. I actually used spreadsheets for several key pieces of math in my thesis. I occasionally work on what I call the actuator problem. it is really difficult to get an actuator with the gain-bandwidth product of muscle and comparable power density at any reasonable price. there are other important figures of merit like stiffness. the closest I’ve seen is Big Dog from Cyberdyne Systems. I tried to get a reading from the MIT brain trust on how they meter the hydraulics that fast. I was surprised to see Skynet considering a sale of Cyberdyne Systems. I think that I’m on the record that you won’t want to see a pack of Big Dogs with M249 squad automatic weapons on “pacification” patrol in your neighborhood. or maybe it would be the best thing that ever happened, if they could get the unsupervised learningsoftware to work reliably and the programmers weren’t psychopaths.
Posted on September 10, 2017 by Jerri-Lynn Scofield
[I suspect this math at least touches cryptography, AI and robotics]
When Birds Flock Around a Sphere, Beautiful Things Happen The Wire
Massive sunspots and huge solar flares mean unexpected space weather for Earth The Conversation
[cryptography, already well covered here]
Voynich manuscript: the solution Times Literary Supplement
Cambridge University set to scrap written exams because students’ handwriting is so bad Independent
[I’ll eventually get into endocrine disruption from industrial chemicals, if that isn’t too far off topic. as noted, I have an expansive view of security, but I’m happy to tailor it by audience.]
Sea salt around the world is contaminated by plastic, studies show Guardian
[North Korea omitted, but easy to find]
[digital money is an encryption/security problem]
Going cash-free: why China is light years ahead in the online-payment revolution SCMP
…[genocide as a security strategy. the North Koreans fought the ruthless Japanese empire for 13 years before they fought the US for 72 years. it’s not clear which of the three is more ruthless]
Kill All, Burn All: The Japanese War Tactic Used On the Rohingy By Myanmar’s Military SCMP
…[happy to see that they’ve cut down on the reckless drone strikes]
Pakistan, Polio and the CIA LRB
[neurogenesis as a an adaptive system, with profit as the feedback term. money is the most powerful neurotransmitter yet discovered]
“We started it”: Atul Gawande on doctors’ role in the opioid epidemic Vox
Turn On, Tune In, Drop By The Office 1843 Magazine
…[personal data security is why I came to this forum]
Equifax’s apparent effort to strip consumers of their right to sue was brazen even for corporate America Quartz How Equifax hackers could file taxes in your name and get a refund from the IRS MarketWatch Either Equifax’s Execs Have Some Explaining To Do Or Equifax’s Other Execs Have Some Explaining To Do Dealbreaker
…[the first casualty of war is the truth]
Police State Watch
Journalists bristle at a new police policy in Vermont Columbia Journalism Review
Big Brother IS Watching You Watch
A Former DACA Recipient Explains All the Data ICE Can Use to Go After Dreamers Motherboard
…[chemical security always in conflict with their financial security]
Flooding Threatens Toxic Sites as Irma Nears CBS Miami
[nuclear security always in conflict with their financial security]
As Irma approaches nuclear plants in Florida, lessons from Andrew resonate Ars Technica
ab praeceptis • September 10, 2017 4:45 PM
While creating lots of noise and attention now (thanks to a symantec report, it seems) the problem is actually not at all new.
You should find plenty when searching for SCADA problems. Some areas where SCADA problems have created trouble and/or worries are i.a. electricity infrastructure, chemical plants, and railways.
TLDR While safety often has been a major concern security often is all but nonexistant in SCADA systems.
tyr • September 10, 2017 5:33 PM
@CallMeLateForSupper. et al
I heard from a famous western cook who
had made her own bread from childhood
that it is called wonder bread because
you wonder why they call it bread.
Laurence Olivier explained to some one
who asked him why he was such a great
actor, I have a strange recurring
desire to eat.
One of the great debates is basic level
income. In a world of scarcity it did
not make sense. That world has long ago
disappeared with the Dodo. If the useless
were allowed to go home and do something
else instead of being forced to participate
in activities that do themselves and folk
around them harm we all would be better
off for it. The ridiculous idea that it
would make them lazy can not stand up to
any rational examination. There’s a myth
that anyone can do anything. Only if you
allow them to do it horribly badly and
putting all around them at risk. Some jobs
require special talents most of which
are not created by training but by a mix
of personal characteristics that grew in
that person. I’ve been with highly trained
engineers in situations that were pushing
them towards the funny farm as they paniced.
This led me to believe that they weren’t
going to do that job for years under any
I just finished re-reading Waves by M A
Foster so the idea of shooting at a storm
strikes me as doubly hilarious. In it the
technologists are tracking ocean waves
for an arcane purpose but discover what
appears to be speech in the received signal.
It turns out to be storms talking to each
other. That is the only way what happens
can be anthromorphized. Maybe you don’t
want to shoot at something you barely can
perceive let alone understand.
Graduate students make better lab test
animals than old fartes do.
Kim the Super Fat Pig • September 10, 2017 7:27 PM
Using AI to Break Detection Models
Godel • September 10, 2017 7:54 PM
@JG4 More on low dose lithium.
Ratio • September 10, 2017 11:42 PM
A Second Look at the Steele Dossier—Knowing What We Know Now:
[Editor’s Note: In this special Just Security article, highly respected former member of the CIA’s Senior Intelligence Service, John Sipher examines the Steele dossier using methods that an intelligence officer would to try to validate such information. Sipher concludes that the dossier’s information on campaign collusion is generally credible when measured against standard Russian intelligence practices, events subsequent to Steele’s reporting, and information that has become available in the nine months since Steele’s final report. The dossier, in Sipher’s view, is not without fault, including factual inaccuracies. Those errors, however, do not detract from an overarching framework that has proven to be ever more reliable as new revelations about potential Trump campaign collusion with the Kremlin and its affiliates has come to light in the nine months since Steele submitted his final report.]
mickey mouse • September 11, 2017 1:54 AM
Someone seems to have found a way to hijack MEs local firmware update by doing a hibernate between intel-firmware verification and customized-firmware flashing.
HowNotTo • September 11, 2017 2:14 AM
DLink 850L firmware, DNS, cloud service
Andrew • September 11, 2017 5:41 AM
@nick p, @tyr, @clive
One more thing about Singularity, its funny that I have met the same reluctance as of honorable MIT professor in Nick’s link at some others people related to AI industry. My opinion is that it’s kind of Bruce law, just because you don’t see a way to do it doesn’t mean that someone else won’t be able to design it. So for the moment I’d say let’s keep all options open.
Most subsystems (voice recognition, face and objects recognition, machine learning algorithms etc) reached some maturity in the last couple of years and nobody tried to put everything together until now. There are huge hardware resources out there and quantum computing is at the doors. It’s a hard work, it requires interconnected disciplines, from neurology to psychology, biology and computer science. It will take years of training, of trial and errors, of design changes… but until few months ago we didn’t even started. How can you say it’s not possible? What do we miss for it?
Most of us already lived the most prolific era in human history, we saw birth of computers, smartphones, moon-landing (well, not me), GPS, Internet etc. If we live the Superintelligence we will be quite lucky.
Microsoft teaming for AGI:
IBM doing the same weeks after:
We are in the very early stages of it, for the moment the teams are struggling for better algorithms. like using the same neural network to train different tasks, just like the brain.
Superintelligence is not a threat, it may be the only hope of humanity. Somehow, we are meant to create it, just as we are to reach the stars. The fact that AI will be used first in the military (because it will be used, nobody will stop N Korea or others to make autonomous killing machines), gives me hopes that one day the civilian benefits will be much larger, just like in all other cases.
furloin • September 11, 2017 6:22 AM
Because each of those technologies you listed have individual problems that run deep into their implementations. For example face recognition doesn’t work well on those wearing dark makeups and eyeliners. Machine learning can start learning things it ought not by simply taking in all inputs. Voice recognition can be innaccurate between each session because of the recording device. Not to even mention the (in)security of each.
JG4 • September 11, 2017 6:33 AM
@Andrew – your quote is spot on “Superintelligence is not a threat, it may be the only hope of humanity.” you may have seen my comment that AI holds the seeds of utopia and the most dystopian nightmares. as always, it depends on how we manage the conflicts of interest. thus far, genocide, which is the stuff of nightmares, has been the usual approach. the US seems to be getting along fairly well with Japan and Germany, which is what John Boyd recommended, converting enemies to friends.
I am trying to work out from first principles the historical origins of why security is needed, and why there is so much fraud in the business of government and corporate-provided “goods” and “services.” I applaud the efforts here to understand the requirements for and produce secure software, secure communications and secure hardware, which almost certainly is the hardest part. I’ve thought that AI could play a role in exhaustive analysis of hardware behavior. I am the scientist that Fred describes here:
I was born with an intrinsic need to understand, which has been nurtured for a long time. I was so depressed about my comments last night on tribal warfare that I remembered a more benign companion explanation based on cooperation and the bioenergetics of walking and running. I should have labeled the tribal warfare comments as conjecture based on a variety of sources. I can’t recall ever seeing the dots connected that way, but bits and pieces have been discussed in biology for a long time, including sources like E. O. Wilson’s Consilience. the information about elite female athletes was in science news articles in the 1980’s and/or 1990’s. within the past few years, Bruce posted an article on murder amongst the human species, which I followed up with three disturbing news links about political violence being very old and quite organized:
clearly brain size and bipedal motion both are involved in tribal security, both in warfare and in foraging for food. bipedal locomotion also played a key role in migration, which is why humans have been able to populate almost all of the continents. that, and the flexibility of strategy provided by a large brain.
the superposition of cooperation and conflict always is in play, the very substance of the human condition. in the distant past, cooperation would break down when group size exceeded 150, and the group would split into two or more new groups. new technologies such as the printing press, telegraph, radio, television, computers (microcosm) and fiber optic communications (telecosm/internet) have enabled new scales of cooperation, but the new scales are become unstable under certain conditions. the Roman Empire needed a new religious belief system, which helped foster cooperation on a larger scale, until trust failed. the knowledge of good can be viewed as enabling cooperation and the knowledge of evil can be viewed as enabling murder and warcraft. so, the substance of my comments on tribal warfare stands, but it is incomplete without considering cooperation and the tradeoff between brain size and locomotion in more cooperative endeavors. it will not escape notice that tribal warfare is itself a critical cooperative behavior that bonds a tribe together, particularly the blue and green tribes. and that the blue and green tribes require some level of cognitive dissonance to accept the lies from the politicians.
it is clear that cooperation has been very good for our species, except for the part where it enabled us to outstrip food sources and have die-offs, and where we failed to see the cascading future consequences of new technologies like fossil fuels on climate and radio for propaganda on the scale of warefare. bipedal walking is a very efficient transportation mode constrained by the same tradespace of headsize and hip width. in the case of cooperation, the need for a large head size is driven by the game theory requirement to remember enough past behavior of other tribe members, as well as the need to remember other critical information such as the locations and techniques for food foraging. one of the reasons for remembering past behavior of tribe members is to mitigate the free rider problem. we now call the free riders politicians, but somehow fail to hold them accountable. computers are used to pursue all of the old hominid activities, including cooperation and warfare. so, no surprise that computer security is entwined with group security and individual security.
one of the TED talks revisited the classic question of why humans are The Naked Ape, a question that was made famous by Desmond Morris in the 1970’s. I can’t recall if the cooperative behavior proposed by Morris was running down animals for food in Africa. because animals have hair, they will overheat on a long run. humans can run 60 and 70 miles at one go, even people in their 70’s in tribal societies are able to keep up on these ultramarathons. sweating enables extended exertion, as does burning fat. very few animals can sustain that level of exertion without overheating and collapsing. because they are made of tasty meat, the next the step is eating them:
@tyr – Thanks for the tip about rogue DNA and for fleshing out the hominid behaviors. the elites in the US do not have skin in the game, because they are not held to account. to the extent that there is skin in the game, it is our skin being peeled to support their wildly profitable (to them) security schemes, like the F-35 disaster, the Afghanistan disaster and the Iraq disaster. btw, Hoover wrote in private correspondence after the attack on Pearl Harbor, “if you stick enough pins in a rattlesnake, you shouldn’t be surprised when it bites you.” I’ve seen the claim made that there were 11 separate Congressional investigations into whether FDR knew that the attack was coming. they never found the smoking gun and the base commanders were court-martialed for having been surprised.
you probably know that a variety of pathogens have been more or less permanently incorporated into our DNA and the DNA of other mammals, in some cases providing endemic sources of infection. meatpackers have a suspiciously high rate of otherwise very rare cancers, thought to be caused by viruses that are endemic in animals. about a dozen years ago, I saw a newsclip about a blood transfusion safety drug that would destroy all of the DNA and RNA in whole blood, to guarantee that no disease vectors could be introduced by transfusion. as none of the functionality desired in a blood transfusion depends on DNA or RNA, the drug improves fitness for purpose. I thought it a really clever idea, but I haven’t seen a mention of it since. the same trick could be used on the collegen scaffolds provided by stripping all of the live cells from an animal heart prior to seeding it with stem cells. many or all women who have born sons have traces of Y-chromosomes in their blood decades later. it is thought that the surviving foetal cells cause some of the higher incidence of autoimmune problems in females. of course, having to manage immunity for the female reproductive system is much more difficult than the male reproductive system, which is another reason for the differences in autoimmune problems.
Lynn Margulis, the famous female biologist who worked out the Gaia hypothesis with James Lovelock, was married to Carl Sagan. she may be famous for work on menstruation as a defense against pathogens and the implications of year-round human fertility on pair-bonding too. the Gaia hypothesis assets that maintenance of the biosphere in the habitable range is a cooperative behavior of otherwise selfish genes. I think she also showed that mitochondria are symbiots from an ancient cooperation. I’ve said before that nature is a fascinating blend of cooperation and competition. perhaps the same could be said of human history. I was a free marketeer until I realized that there is no such thing as a free market. we live in a world of asymmetric information, asymmetric resources, and asymmetric capabilities. a lot of what we are discussing here is how to manage that asymmetry.
@Rachel – Fred Reed had a great writeup on how tough the locals are in Afghanistan. I think that you pointed out that the Chinese special forces are made of the toughness to land in their underpants and navigate back to the team. Kyle Reese was too. I know for a second-hand fact from a guy that I trust from a guy that he trusts even more that at least some US special forces are made of that level of toughness and a lot more. but, there is a fundamental deception in play, and a variety of deceptions have been in play with the warriors more or less forever
But you can’t tell fresh young troops, “You’re maybe a bit above average, but the Afghans are much tougher people, having been raised fighting and living on dried goat-meat, and they know the terrain, whereas you will have no idea where you are and your equipment and tactics are badly unsuited for the region, so it’s going to be hard slogging.” Not optimal for recruiting. More profoundly, men in combat arms want to feel inexorable, deadly, the best. Whether they actually are doesn’t occur to them until the war starts. A satisfying state of mind is what is wanted.
The relentless affirmation of their lethality leads to underestimation of the enemy. Before you stick your hand into a hornets’ nest, it is well to examine the hornets. We don’t. The Taliban are primitive mountain-crawlers with AKs. “No problem, sir! We can take them. We’re the best equipped etc.” In an ancient war of classical antiquity, the Vietnamese were held in contempt as rice-propelled paddy maggots. No problem, sir. We’ve got fighter planes and tanks and endless zip-wowees. Everything but understanding and curiosity.
from what I’ve read, Bin Laden was offended that the Saudi government chose infidels to defend them in the first gulf war and he was offended that they were quartered later on holy soil. Bin Laden wanted to use veterans of the anti-Soviet campaign in the first gulf war against Iraq, but was over-ruled. the part that makes the hair on the back of my neck stand up is that Bin Laden knew that the US response to Al Quaeda and the 9/11 attacks would bankrupt the US. that was the substance of his strategy, and we have followed it to the tee. we’re not quite there yet, but the hurricanes may cost the insurance companies enough to start a serious run on stocks and bonds.
They had trained at al Qaeda camps in Afghanistan at the same time some of the hijackers were there. And while living in Arizona, they had regular contacts with a Saudi hijacker pilot and a senior al Qaeda leader from Saudi now incarcerated at Gitmo. At least one tried to re-enter the US a month before the attacks as a possible muscle hijacker but was denied admission because he appeared on a terrorist watch list.
on to the daily news
Posted on September 11, 2017 by Jerri-Lynn Scofield
Why UN Sanctions Against North Korea’s Missile Programme Failed The Wire Chinese bank ban ‘threatens to tighten chokehold’ on trade with North Korea SCMP Apple and 7-Eleven Are Why Trump’s Threats to Sever Trade With China Are Empty The Wire
What Were China’s Objectives in the Doklam Dispute? Rand China’s Electric Car Push Lures Global Auto Giants, Despite Risks NYT
Equifax’s Hacking Nightmare Gets Even Worse For Victims Bloomberg. The deck: First one of the biggest hacks ever. Then a delay in revealing who was affected. Now consumers are infuriated about fine print that may bar lawsuits. Equifax’s Instructions Are Confusing. Here’s What to Do Now. NYT Incomplete and misleading– misses the key fact that by signing up for one year of Equifax’s Free credit monitoring, you “consent” to being bound by mandatory arbitration to settle future disputes and give up your right to join a class action lawsuit. Don’t do that! Equifax Hack Exposes Regulatory Gaps, Leaving Consumers Vulnerable NYT. Although the article fails to connect the dots, yet another argument for a strong CFPB.
Skin lightening: India’s obsession that is becoming a medical problem Scroll.in Homicidal Railwaymen Outlook
Big Brother IS Watching You Watch
CIA has 137 projects going in artificial intelligence Asia Times Facebook’s self-policing needs an update FT
…[the availability of symbolic math on what amount to supercomputers will put feats like Feynamn’s derivation of quantum electrodynamics within reach of high school students, particularly high school students in Shanghai. I’ve been watching Run Silent, Run Deep, which may have made the top 100 movies of all time list 20 years ago. they used a Feynman training technique that I will elaborate later]
Why the world’s toughest maths problems are much harder than a chess puzzle, and well worth US$1m The Conversation
…[did I tell the story of my friend who was walking his snack-dog? it was snatched by an owl in a wide-open western state populated by libertarian-minded people. the owl flew away with the dog until the end of the leash. he was able to recover the dog in repairable condition by pulling on the leash. many snack-cats are not so lucky]
security posture = energy-maneuverability diagram: binocular vision in the range of 20-1, throat adapted for air pressure of 200 mile per hour dive, beak for tearing tasty meat, talons for carrying away tasty meat]
Clive Robinson • September 11, 2017 7:15 AM
My opinion is that it’s kind of Bruce law, just because you don’t see a way to do it doesn’t mean that someone else won’t be able to design it.
There are things we know that can not be done, not just at our current level of technology, but at our current level of knowledge.
Whilst knowledge breakthroughs are apparently random individually, like fires on a larger scale we can make predictions as to their effects (hence our insurance industry). It’s why we talk of discoveries “being ahead of their time” and “An idea that has come of age”. Which indicates we can make general predictions about near and longterm improvments in knowledge and the technology that arises from it.
When it comes to learning or even intuition we mostly do not have a clue. Most education systems appear to work on the “sponge model” where you immerse an individual in information and squeeze them via tests in an effort to make them take the information up. We get lucky in that around 10% of the population take the information and turn it into knowledge that then gives intuition. There are better models out there such as sibling competition where enthusiasm and rivalry appear to be infectious and drive the individual forwards without the need for squeezing via tests. We also know that humans have what have been called mind types. That is some think in words, some think graphically or spatially and a very few think almost directly in mathmatical equations. The important point to notice is that these mirror the ways we communicate. Which brings up the evoloution question of the afaption to environment, and are these forms of communications inate or have they evolved in from breeding advantage. Thus the question arises are there other methods the mind is capable of which we have not yet developed because we have not yet learnt to communicate that way.
Whilst the question is more philosophical than tangible the point is that our natural ability to communicate is well ahead of any current technology we have or even ideas on how it might be made. Of our five senses the only two we have got technology to support are those based around the transmission of energy waves, be they sound or light/heat. Smell taste and touch are kind of way off past the out field. However we are researching stimulation of the brain by magnetic and electrical fields which is producing some interesting effects thus ideas.
But we are still stuck on learning and intuition and appear not much further ahead than the “cave man” method of learning to swim…
Untill we know more about human learning I suspect that any machine learning will be like the “Mechanical Turks” of old a clever trick that entertains rather than functions as we do.
But as I mentioned in a previous post there is the question of the “Directing mind”. At a more visceral level is the question of slavery benign or otherwise. Would we actually alow the development of technology that “out thinks us” is “more creative than us” or even “more human than us”. When you cut through the mumbo jumbo you find that even the deities we create are underneath human. The implicit one being “And God made man in his likeness”. History shows that as man progresses his gods progress with him always being just that little more enigmatic than us. Which realy supports the notion of “We made God in our likeness” and gave it the abilities we currently strive towards. Could we actually accept a machine that we made which is in most ways our God? I suspect not.
Rachel • September 11, 2017 7:50 AM
i didn’t say it was chinese special forces finding their way home in their unerpants, I said it was an exam for students. meaning, young adult civilians. My colleague mentioned it in the context of, thats the calibre of resistance any nation going toe to toe with china is up against. it immediately made me think of the skillset of patience, attention and memory acquired by japanese collectively from a young age by default virtue of learning the writing system. although less so now that a simplified version is standard.
I didnt know of 11 Congressional hearings for Pearl Harbour! I always considered it a false flag. Jim Marrs whom you quoted discusses it as such. Dusko Popov was a brilliant, brilliant agent working for Britain during WWII, whom twice delivered personally to the FBI his scoop of advance warning of Pearl Harbour. The first was 3 months in advance. Do read the new biography about him, fantastic reading. He is widely acknowledged ( including by Fleming) as the model for James Bond
Andrew • September 11, 2017 10:13 AM
This is one of reasons that DeepMind won’t go to far in promoting their goals – almost the religious feedback they may expect: “is not possible” or “AI will destroy the world”
As long as there are teams working on it I won’t go in contradictions wether or not it is possible. Nobody knows the future, we’re all just trying to guess.
One single observation, you don’t have to copy nature exactly to expect similar behavior – basically the wheel and the legs serve the same purpose.
Gerard van Vooren • September 11, 2017 1:12 PM
An interesting link: Putin Tells Russian Tech Sector To Get Rid Of Foreign Software
ab praeceptis • September 11, 2017 1:37 PM
Gerard van Vooren
Russia doing that might gain more attraction than other countries doing it but I strongly assume that other countries act similarly. The Chinese, for instance, are known to build their own processors.
And it makes sense after all we know from Snowden and Wikileaks.
But imo there is another, possibly even more important issue involved: nowadays software has become an important and rich industry. From what I see that plays a major role in Russias policy, too. They want and need a larger and strong software industry.
Decoding Last Three Digits of SSN • September 11, 2017 3:51 PM
“Equifax’s Hacking Nightmare Gets Even Worse For Victims Bloomberg. The deck: First one of the biggest hacks ever. Then a delay in revealing who was affected. Now consumers are infuriated about fine print that may bar lawsuits.
Equifax’s Instructions Are Confusing. Here’s What to Do Now. NYT Incomplete and misleading– misses the key fact that by signing up for one year of Equifax’s Free credit monitoring, you “consent” to being bound by mandatory arbitration to settle future disputes and give up your right to join a class action lawsuit. Don’t do that!
Equifax Hack Exposes Regulatory Gaps, Leaving Consumers Vulnerable NYT. Although the article fails to connect the dots, yet another argument for a strong CFPB.”
In all sincerity you (like the press) took several iterations to get it right. So let me help fast-forward.
When going to click the worthless “were your personal info hacked” URL only succeeded in doing one thing: giving the world’s largest advertiser your precious Social Security Number. Yes Google was lurking there in the background!
In the past its always been just the last four SSN digits. NOW its six. Why?
Its trivial for Google to determine the last three based upon the rules from the Social Security Administration. It’s mainly based upon location. I could write a package to query big-data and easily derive based upon the rules:
On a personal note how smart is it to enter 6 of the nine SSN digits? (the only valid argument is Google already has it…)
To work effectively with any of the three for profit credit miners you need to be more ruthless than they are. And smarter.
Since Google lavishly pays the brightest minds in the world you simply have to cut-off the tentacles when they start probing. Trust them to always deceive/trick and monetize you the product.
So the solution are like some already (Credit Freeze) stated but here’s the direct link:
Corporations, Experian and advertisers HATE Credit Freezes because it slows or stops instant/impulse credit approvals. That is why the optimal solution is seldom discussed.
What is a Credit Freeze?
Also known as a security freeze, this tool lets you restrict access to your credit report, which in turn makes it more difficult for identity thieves to open new accounts in your name. That’s because most creditors need to see your credit report before they approve a new account. If they can’t see your file, they may not extend the credit.
We tested Equifax’s data breach checker — and it’s basically useless. Several people have confirmed they have mixed or inaccurate results from the Equifax checker
Clive Robinson • September 11, 2017 5:38 PM
@ Gerard van Voorn,
Putin Tells Russian Tech Sector To Get Rid Of Foreign Software
It’s a very sensible thing to do, for a whole load of reasons.
Importantly for the rest of us it will force competition in the market.
Another thing to consider is that for years Russian Programers had what we would consider very underpowered technology. The result they had to be more inventive and squeeze way more out of a lot less.
That has a knock on effect is that tighter code although more complex per line of code has considerably less lines of code. Which means more testing per line and on average less vulnerabilities.
Even more interesting will be if they push their own FOSS in a structured way. Which is likely to give rise to their own OS as other countries have started to do.
But we’ve had several warnings that the likes of MS were going to get the steal toe cap from several jurisdictions over their telemetry etc. Even the European Court has set a shot or two across the SS Microsoft’s bow and stern. Thus having been bracketed by several sovereign nations etc a full on shot would be almost inevitable, the only question being who fires first.
But it’s not just Russia sending out a signal, China has made it absolutly clear “No Secrets” in code or hardware by law, they also don’t realy recognise IP either so the world’s largest market has basicaly said STFU to the self promoters in the US houses and to the US President…
After the recent “Reds under the bed” rewarming of the past year I’m just realy surpried at how mild the Russian response is, so far. I’m guessing it’s going to get worse such as the EU seeing it’s strategically benificial to join the game as well.
Don’t be supprised if the balkanisation of the Internet fairly quickly becomes common due to protectionism and not just a few states for ideological reasons.
It’s kind of a throw back to the old home market protectionism that used to cause trade so much harm back in the post war era. The thing is that the US tried to force the issue under Obama with TTP etc with it’s secret clauses pushed by the likes of Silicon Valley mega Corps. That failed and now we have the Republicans trying the “National Security” card nonsense to try and gain an upper hand in their and other markets… Now the chickens are starting to sense the US Sunset, so are returning to roost as darkness falls on the US of A.
EvilKiru • September 11, 2017 5:38 PM
Autonomous Cars: The Level 5 Fallacy by Jean-Louis Gassée
tl;dr summary: The transition to fully autonomous cars is at least 30 years away
JG4 • September 11, 2017 5:47 PM
@Rachel and Clive – I don’t have a link handy, but what can be done with a sound card (even the native ones) in displaying and generating sounds on a PC is stunning. SciLab is an excellent tool for generating sounds and the price is right. it’s a short step from there to broadcasting sound with LEDs and receiving with photodiodes. my early exposure to electronics started with Lissajous figures while listening to the same signals. sorry that I garbled your point about graduation training. would love to see a story on that.
can’t recall who the exchange about the V-1 was with, but this is on point. stumbled into it by accident today:
I failed to connect tribal security back to submarine security, which is a similar scale and has many of the same elements. I realized that the Apollo 13 example is quite similar to submarines and makes for a good security story line as well. Run Silent, Run Deep has a beautiful example of side-channel leakage through the garbage, and accidental deception. I’ll try to dig up Das Boot, which I remember as being scarier. my cousin dived on one of the U-boats sunk in New England, maybe at 90 feet. I thought that the losses of bomber crews were comparable to the losses of U-boat crews, around 80%. one of my friends, now departed, was in the mining business. management wanted to parade him in front of their Japanese customers. at dinner, they asked if he had ever been to Japan before. he said, “no, but I flew over 25 times.”
this has some global security implications. I didn’t realize how quickly and how much atmospheric drag can change. I want to respond to the question about power grid security and publish some good information on the topic.
The drag force on satellites increases during times when the Sun is active.
During the March 1989 storm event, for example, the NASA’s Solar Maximum Mission (SMM) spacecraft was reported to have “dropped as if it hit a brick wall” due to the increased atmospheric drag.
2:00PM Water Cooler 9/11/2017
Posted on September 11, 2017 by Lambert Strether
“Conducting virtual experiments on Blue Brain’s digital reconstruction of a microcircuit in the rat brain, a computer model consisting of 31 000 neurons – and a whopping 8 million connections – all based on physiological data, the scientists discovered and described quantitatively the astonishingly rich geometric organization of neurons, providing a new and powerful tool for understanding the brain. The way neurons network together can actually be described using multi-dimensional mathematical objects. Moreover, these objects respond to external stimuli with a characteristic pattern through time, never before observed” [Ecole Polytechnique Federale de Lausanne]. Well, this should help solve a lot of marketing problems.
…[can’t be too careful]
“California bans drones from delivering marijuana” [The Verge].
News of the Wired
“Gamergate is never going away” [The Outline].
“Due to common misconceptions about the Church-Turing thesis, it has been widely assumed that the Turing machine provides an upper bound on what is computable. This is not so. The new field of hypercomputation studies models of computation that can compute more than the Turing machine and addresses their implications” [Arxive.org]. Chips with that salsa?
“Iceland riveted as notorious 1828 murder case is retried” [MPR News].
Living in Quarantine • September 11, 2017 6:20 PM
Clive Robinson wrote
“I’m just really surprised at how mild the Russian response is, so far.“
As long as you aren’t one of the dozens whose brain has been fizzed.
As for China the clueless American navy has had ‘accident after accident’ in the Pacific.
Cause and Effect
About a year ago, Putin and Xi had a meeting to determine ways to counter the fragmented USA.
The future is easy to predict here:
North Korea has learned and is now preventing the USA from sabotage.
No serious terrorist uses a smart-phone.
Europe is seriously cracking-down on taxes and data-mining.
China is locking-down all spying avenues with severe punishments.
India is just as smart a Google/Facebook and passed strict privacy laws with consumers in charge of personal data.
American Basket Case
American high-tech is being quarantined and forced (by Wall St) to turn inward. Hence the push to data-mine our children in grade school or through media. Two-thirds of Americans now receive personalized news through social media.
The World can clearly see the negative effects of this American blindness. Its so bad that even a curse seems plausible.
Ratio • September 11, 2017 6:33 PM
From emptywheel, responding to John Sipher’s article about the Steele dossier (that I mentioned above):
Mount Baldy • September 11, 2017 6:38 PM
anyone who takes vigilantcitizen seriously is …
Clive Robinson • September 11, 2017 8:44 PM
The drag force on satellites increases during times when the Sun is active.
Having just had –last friday– one of the most active solar bursts for several years causing “the northan lights” to be visable half way down England. It caused a conversation about the drag on satellites and the unfortunate effects it can have.
As you may know there is a rule in place now about “natural decay” of LEO satellites. That is they should naturaly deorbit and burn up within 25years. Well the unpredictable nature of solar winds etc is playing havoc with the calculations. With mission life paybacks being over 10years in some cases the last thing you want is an early crash and burn.
Also the effect is odd in that it is not uniform in effect thus effects different orbits in different ways.
Of course there is an attendant problem, that nobody likes to talk about. You can look on an orbit as beying stored energy and if it is changed the energy has to go somewhere and eventually become heat. The problem is satellites are generally not designed to give up heat to readily because you want things like batteries to work reliably and most have a very limited temprature range. So you design your satellite where possible to be heated by the sun in the lighted part of the orbit and retain that heat for the dark part of the orbit.
Thus suddenly getting tens of kilowatts of heat can cause real problems and systems need to get shut down etc, which is a major loss of income for the operator. It can also screw up things like time standards which need to be accurate for navigation systems such as GPS and it’s equivalents and phones and other telecommunications.
Oh and this solar activity is not just bad for satellites, it’s bad for over head power ttansmission and even radio communications. Because not only are there Gigawatts of power in the solar wind but ionised low preasure gasses can make quite efficient radio reflectors right up into the upper UHF GHz range as opposed to the usual HF range.
Hollywood, Menwith Hill • September 11, 2017 8:57 PM
Har har hardly,
Eff Bee Eye • September 11, 2017 10:15 PM
I’ve seen men who could walk into a bar, look around, read all of the women, then start talking to one who was in the mood.
About “reading” people: City folks tend to know each other a lot better than they let on. In this case, either the guy is some high-ranking pimp, or the woman has enough rank to know she can talk to any guy in the bar without having sex with him.
Putin Tells Russian Tech Sector To Get Rid Of Foreign Software
It’s a very sensible thing to do, for a whole load of reasons.
Nice if we could do that in the United States, as well. But our white nationalist Congress chained our entire high-tech sector to the H1-B slavery system. It sucks looking for work in that sector, because private sector jobs are available only to Indian H1-B mafia slaves, and the few public sector jobs which are available to U.S. citizens require onerous and officious government clearance paperwork, which is impossible to obtain after one has been adjudicated as a mental defective in a court of law, or if one is not a white or Asian male.
Oh, and Equifax has important information for “consumers” …
Rachel • September 12, 2017 5:47 AM
Clive Robinson JG4 Tyr
Clive I felt very depressed hearing of your sufferring. You’re a national treasure.
Statins are one of the Equifax of Big Pharma. Asbestos or tobacco come to mind. They don’t provide side effects to a few-rather, their default action is doing the opposite of whats intended to be cured. Co enzyme Q10 is one thing they destroy which ironically is exactly what is required in such situations. You may wish to read about supplementing.
Natural News is a blog with easy to find articles on statins, and Co enzyme Q10.
I am sure there will be statin related class actions
JG4 • September 12, 2017 7:37 AM
@Rachel – Thanks. Seconding you on Clive as a treasure (a global treasure) and hope that he can find some relief from the witch doctors. I’m interested in untangling the diet problem, but it makes the computer security and communications security problems look easy.
appalling, a system worthy only of abandoning
Posted on September 12, 2017 by Yves Smith
[power security, but lacks the instrinsic energy storage mechanism of nuclear fuels, forged in the cores of supernovae]
Offshore wind power cheaper than new nuclear BBC (micael)
[encryption, digital currencies]
China to Shut Bitcoin Exchanges Wall Street Journal
[health monitoring, not unlike a hypervisor for the meatspace]
This Tattoo Can Monitor Your Heart Rate and Brain Waves Motherboard (resilc)
[almost any robot has potential as an assassin. the right to program is clearly enshrined in the first amendment, but it is in conflict with some right to safety, especially safety from government assassin robots manufactured by Skynet and Cyberdyne Systems]
Hackers could program sex robots to kill New York Post
[AI has a long way to go to be a High Assurance Platform]
NTSB Staff to Say Tesla Autopilot Should Share Blame for 2016 Crash Bloomberg
[Bernays and Madison Avenue will team up to better exploit your cognitive limitations. Low Assurance Platform]
Two sciences tie the knot MIT News (resilc)
…[it would be ironic if Bin Laden defeated the entire empire, by triggering the collapse via internal forces of greed]
Imperial Collapse Watch
9/11: The Beginning of the End of the US Empire Project TruthOut Anti-war banner sparks outrage Boston Herald
[your attack surface has been mapped more finely than any previous humans. time to move beyond fear]
Big Brother is Watching You Watch
Forget Equifax. Facebook and Google Have the Data That Should Worry You Bloomberg
…[security theater is for wetware]
How airports became temples of our national, fear-fueled psychosis. Slate (resilc)
Equifax Hack Could Slow Down Fast Loans Wall Street Journal Equifax Lobbied for Easier Regulation Before Data Breach Wall Street Journal (Li)
…[locking people up for profits reduces all aspects of security, except for the financial security of the old money]
How Many Americans Are Unnecessarily Incarcerated? Brennan Center for Justice (Adrien)
…[AI, automation. it is improbable that financial profits could be 40% of the corporate system, when they were only 4% a few generations ago]
Deutsche Bank CEO: A ‘big number’ of our staff will be replaced by technology Business Insider (Li). Clive could not contain himself:
Complete and utter rubbish. Every business process automation project I’ve ever been involved with has failed and ended up a graveyard for multiples of millions of investment. Even my dumb, inept and hopelessly gullible TBTF looked at (actually, is still looking at) robotics but can’t see how to integrate it anywhere meaningfully.
security posture: binocular vision, teeth and claws for catching and eating tasty meat, engaged in tuning neuromuscular parameters. it isn’t possible for animals to be born with large muscles, because the level of cooperation required between muscle cells requires tuning at the cell-by-cell level to get acceptable load-sharing performance without wasting protein resources on scaffolding and on unneeded muscle bulk. a long-standing rivalry with the hyenas.
security posture: binocular vision, aroused, ancient poison with ancient injection mechanism, some with eye spray capability, large muscles for leaping at prey and threats, size spoofing muscles with eye-dots. the longstanding mongoose-cobra rivalry is a springboard to the destroyer-submarine rivalry, but not today
He Haw See Saw • September 12, 2017 8:45 AM
How much ass could a bias buy if a bias could buy ass?
JG4 • September 12, 2017 11:43 AM
some rabid to brighten your day. I’d be posting more of it, but usually I am on a TOR connection. btw, I couldn’t access the Doctorow/Huang/Snowden material, as someone else noted.
your problems are not their problems. so why should their problems be your problems?
That Much-Vaunted ‘Two Factor’ Auth? Uh, Yeah.
It was a nice idea; unfortunately it’s crippled in its effectiveness by the lax polices and zero accountability of the cell carriers.
…[I would include the banks and credit agencies on the list to be sent to the bottom of the sea]
Verizon should be put out of business for this, and so should the rest of the cellular carriers.
…[plenty more rabid follows]
WHERE ARE THE DAMNED HANDCUFFS?
It’s time to start locking people up and destroying businesses with federal criminal indictments.
The Internet has made many things very easy — and fast. But it has also made many things quite-insecure, especially when corners are cut.
I can design and implement extremely secure internet-connected data facilities and services. I not only have done so they’re in active use right now. Some are more-important than others, but all are important to me. Among other things my home is connected via same, never mind the work product I’ve developed for the last, oh, 30ish years when working on various pieces of computer-technology.
It has never been penetrated.
Do you know why? Because to get in you need cryptographic keys that you don’t have, and as technology has advanced so has my willingness to regenerate said keys to keep step with same, along with taking proper security precautions with the necessary components to issue said credentials.
In other words I do my ****ing job.
Equifax did not. Nor did all of the other places that have had ridiculous data breaches over the last few years. Nor did the people who called me a couple of years ago in a panic because one of their “senior” IT people stripped the protection from their master key and stuck it on a network volume that was backed up to the cloud for convenience purposes. For the record, that person was not fired and the firm in question did not immediately re-generate all the keys issued by same.
…[plenty more rabid follows]
name.withheld.for.reasons • September 12, 2017 1:17 PM
Little late for a Friday squid, but here goes. A relative with whom my visit invited me to write this up makes irony of customer relations in the context of network alchemy (this includes the more than lessor silvery and goldie). But before digressing further let me suggest that some ISP’s do more than churn packet butter.
At one point during the extended visit my hosts (kin folk) network providered “suspensed” the service. But “suspended” must be a term of art as the logs (syslog) entries showed a flurry of activity consisting of a moderated level port scan. It suprises me that a service provider leaves vulnerable a custom in a manner akin to the following:
Mary has a home security system that ADT services, she forgot to pay her ADT monthly charge and ADT no longer responds to alarms. But, in this case ADT advetises this fact, would be burgelors now prowl her street. In addition there is a order asking the police not to respond to her calls.
mostly harmful • September 12, 2017 2:36 PM
[…]but usually I am on a TOR connection. btw, I couldn’t access the Doctorow/Huang/Snowden material, as someone else noted.
Assuming you are talking about bunnie and Snowden’s prototype Introspection Engine for iPhones, featured in this post, maybe this link will work for you: https://www.documentcloud.org/documents/2996800-AgainstTheLaw.html
Andrew • September 12, 2017 2:51 PM
I’ve reviewed some comments here (including mine) as last time I was somehow in a hurry…I’ve got to some very interesting conclusions – as English is not my native language, my messages may sound cold and arrogant…far from the richness and elegance of most of yours and not really my nature.
I just want too assure you of my respect for commenters of this board and to thank you all for you contributions.
@clive – as I said, could find the link last time, but intuition may be an educated and evaluated product of imagination and information. This is work in progress toi, the article below worth reading:
Huey Pilot • September 12, 2017 7:14 PM
if you don’t have any expectation of privacy, you won’t be dissappointed.
I only care because if they are not already doing so, they soon will be:
1 – aggregating information on every citizen into a secret dossier available to anyone in govt, and likely for sale to high bidders elsewhere. I don’t mind so much that they compile my web surfing habits, but it bothers me they can and will sell my business metrics to competitors. Imagine the value of IRS tax returns on various business types. Do you think some in govt are free to peruse these files now to monitor the pulse of any and all promising business operations for investment purposes? And sooner or later this information will no doubt be used against individual citizens for political purposes.
2 – intercepting/monitoring/tracking development of any and all political activities in the world. The logical follow on is their ability to influence any undesired activity as required so it never becomes a threat. That may mean infiltrating the movement, or taking out leadership by one method or another. The end result is that we citizens (ie humanity) is no longer free to evolve on merits, but is restricted to evolve only as, where, and how the system masters permit.
3 – supporting controlled “opposition” activities so as to promote further funding of their organization and its goals. If a few people killed in a small terrorist action won’t motivate Congress to slather them with more power/authority/funding, how about flying a few commercial planes into some skyscrapers? Oops, sorry, that is a nearly two decades old method and they are far more sophisticated today.
It doesn’t take a genius to see that such a system will inevitably consolidate into a totalitarian state. And as it consolidates ever further, all opposition will be countered and curtailed ever more completely. The honest and honorable citizen will be very much in the same difficult circumstance as a lowly German foot soldier on the Russian front in 1943. The series of actions and circumstances that placed him were arranged long ago – and he had no awareness or ability to influence them. But now, having witnessed the murders, crimes against humanity, senseless brutality, and feeling himself being turned into a killing machine – he has no option to exit except death. Imagine our state sponsored heroes, being inducted from an early age into such a machine. Many of them will, no doubt, be converted into willing psychopaths. They will be promoted and placed into positions of power as the needs rise. If it is not happening now, it will happen sooner or later when time and circumstance cause difficulties which pressure the system. We can only now hope that enough citizenry will implement passive resistance so that the state funding system (fiat) is shut down, before some idiot on our side or another side, goes nuclear. Imagine how unlikely and bitter a pill it would be for the German people, in 1939, to collectively in sufficient numbers reject the fiat Deutschmark and shut the system down. The Russian people did so in a far better time (1990s), and still were made to pay a very heavy price.
The pieces are falling into place for our nation to become a totalitarian state. What is an honest, honorable and righteous man to do?
Zay arrhh killing zhee girl tonight uld man, you can save her.
vould you like a zigarette uld man?
3.14 pii • September 12, 2017 7:39 PM
Winston Smith • September 12, 2017 8:23 PM
@Zero Delay– good call. I had come to announce what most have already read about the IoTs’ proverbial “chickens” that just came home to roost:
dv survivor • September 13, 2017 12:25 AM
Oh, yeah, check this out, guys!
Consumer tracking device and app.
Slap it on your ex-gf’s car and you’ll always be able to find her.
Clive Robinson • September 13, 2017 6:11 AM
Is the only safe eMail text only?
It’s what the author of this article contends,
However personally whilst I do think “text only” is in some respects “safer” than other forms, I realy don’t think even “text only” is safe with some users. That is if you send them a link in the right –social engineering– way, whilst they can not click on it a number will cut-n-past into a web browser.
One advantage to bouncing anything that is not “seven bit ASCII” email is it kills a lot of marketing and spam… But it also upsets those who don’t know how to send “clean 7bit ASCII” emails and get a bounce back from your MTA.
 Seven bit ASCII was for many years,the only “officially approved” format for email. However as is almost always the case, “this was not enough” so we got eight bit and now all forms of unicode and scripting languages. Each one opening up security vulnerabilities.
JG4 • September 13, 2017 7:28 AM
I appreciate the indulgence for my exploration of the ancient roots of human security and the use of submarines as a microcosm. As much as anything, that was seeded by the post styled “Murder is a Recent Evolutionary Strategy.” It is a short step from the ancient roots of tribal security to the modern security problem of managing a transition to sustainability that must include scaling trust. We’ve seen nothing from US leadership to indicate anything but ongoing betrayal of trust. Not that many countries are doinng a good job in that area.
Larger human systems have a bias to behave sociopathically and psychopathically. At least in part because systems are amplifiers of human nature, including the good, the bad and the ugly. Clive has explained that the sociopaths and psychopaths tend to be rewarded with positions of power, which by itself will produce bias. I have illuminated some of the hidden feedback paths, both financially and neurochemically. There probably are other biases in the amplification process that tilts the results toward resource-extraction/asset-stripping without regard for externalities. One other effect of ignoring externalities is that the future and the sustainability that is needed are not addressed with current policy. I hope that my writing didn’t inadvertantly troll some nonscientific and crass participants into the picture. Speaking of short-sightedness:
Posted on September 13, 2017 by Lambert Strether
…[cryptographically secure voting]
Wild dog packs count sneezes to vote democratically Quartz
[hang ’em high]
Equifax CEO Richard Smith Apologizes for the ‘Most Humbling Moment in Our 118-Year History’ Fortune
Equifax, Before Breach, Lobbied to Limit Class-Action Damages National Law Journal
…[genocide as security policy]
The State of Security in Africa CFR
Myanmar: Whole villages destroyed as satellite spots devastation from above News.com and Aung San Suu Kyi: The myth turns to dust Lowy Interpreter
Big Brother Is Watching You Watch
Billions of devices imperiled by new clickless Bluetooth attack Ars Technica Senate Intel slips sentence into bill that could lead to spying on US citizens McClatchy ‘There Is Still Hope – Even for Me’ Der Spiegel. Interview with Edward Snowden.
Nick P • September 13, 2017 8:11 AM
re safe email
The only safe email is GPG messages received on a hardened endpoint with memory-safe code whose email system and renderers are sandboxed by a tiny kernel. Preferably on a machine dedicated to online stuff running a LiveCD or ROM-based boot. The choice to use text means the users still have to trust an insecure email client to properly parse, analyze, and reject non-text emails. On top of not beeaking from protocol-level attacks.
Then, people will say the demand side won’t use that. So, we have to make super-usable things like they want. This is true. The problem is that the demand side’s positive response to HTML messaging, esp for marketing purposes, is why the supply side will continue sending them. Likewise, them staying on untrustworthy native apps or web apps will keep the malware domination going on. There is still potential for highly-usable, email and other apps in memory-safe code with heightened security. People might buy it if you mainly sell them on non-security benefits. That’s what I advise to do for about everything these days.
Clive Robinson • September 13, 2017 11:28 AM
@ Nick P,
There is still potential for highly-usable, email and other apps in memory-safe code with heightened security.
There should be that option, but few develop anything that “Joe/Jane Average” can readily get their hands on, hence the crud we have “main stream” these days.
There is of course another option that is to “opt out entirely” which is what I did. I had accounts for both proffessional and social activities. But it was rapidly becoming clear the signal to noise ratio was dropping dramatically and as you say “people will say the demand side won’t use that” and got unhappy when I rejected all but “plain text” even though atleast eight contacts got infected by email in the short time before I decided “opt out” was the best way. Socialy most had switched to other communications methods, so it was no loss giving up email on that front.
It’s interesting to note that socially and proffessionaly the SMS/tweet 140 character limit is no barrier to communications and such short messaging / chat systems has kind of replaced email for many people. Except of course the “Marketing/sales/managment/dip-stick droids”.
There is a statistic floating around about the average HTML page being 3MBytes in size. On the assumption that is true, I suspect HTML enabled email messages are likewise inflated way way beyond need.
Who? • September 13, 2017 12:26 PM
Wireless ‘BlueBorne’ Attacks
Another vulnerability on a ‘cool protocol’; this one affecting more than five billion devices:
Extravert • September 13, 2017 12:53 PM
Behind the curve, just a little.
Gerard van Vooren • September 13, 2017 2:54 PM
@ Clive Robinson,
Is the only safe eMail text only?
I hear you, but…
JWZ’s Law of Software Envelopment: “Every program attempts to expand until it can read mail. Those programs which cannot so expand are replaced by ones which can.”
That quote is outdated. Today, replace email with a browser, but it still stands. The world has been won by the software industry and thanks to that we also live in a world where computers can’t be trusted (looking at all the CVE’s), well, in Russia maybe 😉
And when we talk about Russia, how serious is that article that I posted? Does Putin really mean to get rid of all non-Russia made software? With what OS do they start with?
Microsoft Privacy ‘Improvements’ • September 13, 2017 3:06 PM
Home: Expanding Data Collection
Another update—the ability to choose information Windows Store apps have access to—should be familiar to anyone who owns a smartphone. Android and iOS both offer granular controls regarding an app’s ability to access your contacts, photos, and other information. Windows 10 previously restricted those controls to your location, but the Fall Creators Update WILL EXPAND those capabilities to more and other types of data. Your life is an open book…share with Facebook
Enterprise: The Bad Joke
Finally, the company said “our Enterprise customers asked us to provide them with greater control over which data is shared with us to enable new services,” so it’s introducing a new setting that “limits diagnostic data to the minimum required for Windows Analytics.” That should be welcome news to privacy-conscious businesses, although the inability to stop all data collection will still put some sensitive information at risk.
File Under: Am I an idiot?
The fact is MS is simply coming clean and ending the deception under the upcoming European Union data protection laws. Tom’s Hardware should have stated this rather obvious motivation.
Sadly this omission is par for the course in journalism today.
JG4 • September 13, 2017 7:25 PM
@vas pup, Wael, Sancho_P and others – Thanks for the helpful links and comments yesterday and before.
@Extravert – Thanks. That is interesting. I started to wonder how credible it is, then I found that CNN is the source. I thought that they got caught in the 1990’s for making fake news, long before it was fashionable. There also was a consumer news show that set cars on fire by putting flares under them in staged collisions. The term of art is “positive source of ignition” in the technical literature.
The Fake News Machine: Inside a Town Gearing Up for 2020 (cnn.com)
Posted by msmash on Wednesday September 13, 2017 @12:50PM from the inside-story dept
But now, as an investigation by the news outlet has found, it makes fake news. Veles has become home to dozens of website operators who churn out bogus stories designed to attract the attention of Americans. Each click adds cash to their bank accounts.
The scale is industrial: Over 100 websites were tracked here during the final weeks of the 2016 U.S. election campaign, producing fake news that mostly favored Republican candidate for President Donald Trump.
this happened when the Chinese tried to buy a US oil company 10 or 12 years ago on Bush’s watch.
Trump Bars Chinese-Backed Firm From Buying U.S. Chipmaker Lattice
2:00PM Water Cooler 9/13/2017
Posted on September 13, 2017 by Lambert Strether
…[great quote on theory and practice]
Academia Obscura @AcademiaObscura
Theory vs. Practice
Theory is when you know everything but nothing works.
Practice is when everything works but no one knows why.
In our lab, theory and practice are combined:
nothing works and nobody knows why.
1:01 PM – Sep 9, 2017
14 Replies | 1,510 Retweets | 3,175 likes
…[omitted several interesting headlines on cell phones and tech companies]
News of the Wired
[I think that Johnny Long’s DEFCON talk showed this well over 5 years ago]
“Why Hotel Wifi connections are a hacker’s dream come true” [International Business Times].
UPDATE Winter is coming:
Here are snowblowers with Mig-15 jets attached. They use those to melt ice on runways and train tracks in #Russia. @simonstalenhag deja vu.
4:52 PM – Aug 31, 2017
5 Replies | 145 Retweets | 495 likes
Clive Robinson • September 14, 2017 12:38 AM
Here are snowblowers with Mig-15 jets attached
Ahh “the peace dividend” in action. Not quite “swords into plough shears” but a lot more usefull in this day and age.
Actually jet wash can be fairly devastating, it’s been known that certain heavy body aircraft like military transporters can actually blow the tarmac off the runway during take off, causing massive projectile FOD to other aircraft and even buildings some distance away.
You might have seen the BBC Top Gear motoring program where they obtained a Virgin 747 and blew cars down the run way with the thrust from it’s engines. The most spectacular of which was the French answer to Germany’s Beatle car, the 2CV, it actually flew some distance befor folding up like a wet paper bag.
Sonny's side up • September 14, 2017 5:04 AM
…and has bail revoked.
“Bounty on Hillary hair”, this guy was a pharma king?
JG4 • September 14, 2017 6:27 AM
@Tim Spellman – very clever
@TM – I was very pleased to stumble into your energy slide deck here:
I’ve been meaning to address various energy topics, in part raised by Mark H. I still would very much like better navigation tools for managing my real-time access to the history of the blog, so that I could very efficiently view in chronological order all of an individual contributor’s comments, e.g., Mark H, or all of a pair of contributors, e.g., tyr and Wael. I reiterate the value of being able to isolate book suggestions in alphabetical, chronological and other sequences, including a hypervisor that shows them with current pricing information.
@Rachel – if your future electrical/signal/security engineer is a reader, he needs a copy of Horowitz and Hill, which is not mentioned often enough here. Passphrase “The Art of Electronics.” it was my first exposure to pseudorandom sequences. If it has been mentioned, I would bet that it was Clive. Gilder’s Microcosm and Telecosm are well worth the $1 each for used copies.
@ab praeceptis – I like your derivation of the card security situation. It is a nice blend of fact and conjecture that we all could aspire to reproduce. in the ideal case, the facts are tied to links or literature citations, and the conjectures are clearly labeled as such. I frequently fall down on both of those. you did a good job. Thanks.
air is a weakly non-linear transmission medium, which will, in essence, rectify any overlapping waves to produce sum and difference frequencies. a structured surface could be formed with what amounts to air diodes on it, but to first order, surfaces are simply reflectors, because of the large impedance mismatch between air and solids. a linear effect. Woody Norris formulated a beautiful concept for exploiting the nonlinearity of air, which was described in one of his TED talks. I’m pretty sure that I posted the link for that recently and mentioned it in “threat models few have considered.” there is a fundamental three-way tradespace between wavelength, numerical aperture (appearing in various guises that include focal length and aperture ratios) and diffraction-limited spot size. shifting to ultrasonic frequencies allows much narrower beams than audible frequencies. the tools for checking helicopter location beacons is a beatiful little circuit. you want your helicopters to have water-activated ultrasonic beacons for finding them under 11,000 feet of water. one tradeoff is that attenuation is faster at higher frequencies, potentially requiring more power to deliver a particular power level at the target. crossing those beams allows audible frequencies to be generated in extremely localized spots, like at the ears of a trouble-maker in a crowd. I will not belabor the indistinguishability of trouble-makers, patriots, terrorists, freedom-fighters, criminals, etc. many of them have a healthy dose of narcissism, delusions of grandeur and others of the big six personality disorders found in the psychopathic leaders that humans crave in times of trouble. it would take very high levels of sound to produce immediate TBI, and it is unlikely that the person being exposed would not be aware that something strange was happening. when we were kids, no one had bike helmets. it took me a while to realize that various visual effects produced by head impact are false signals produced by the nervous system in response to what amounts to compression waves in nerves. thus, the average TBI in Iraq involved serious visual side effects. the converse of side-channel leakage must be side-channel energy injection. perhaps TBI could be induced by much lower amplitude waves over an extended period of time, perhaps delivered at key resonance frequencies of the brain or skull. one of my friends reported that he shook the head of another friend vigorously enough to hear sloshing, when we all were much younger and busy surviving the side effects of high-T. that sound would be cerebrospinal fluid. another reports that cerebrospinal fluid tastes very bad during cpr. the overall springboard here is labeled My Troubled Youth: The First Forty Years.
[snipped by moderator]
Nick P • September 14, 2017 10:04 AM
@ Clive Robinson
Opting out can have significant social and economic consequences for people. That’s why many are stuck in the system in some way. The credit score is another such system of lock-in that many people are getting reminded of thanks to the recent hack. Good for you that you can opt out, though.
This is one of the craziest and most amazing developments I’ve seen in either gaming or homebrew computing:
Build a Working Game of Tetris in Conway’s Game of Life
Significant since people have been talking about building systems with CA’s for their resiliency and parallelism for a while. It’s just hard to map predictable logic to CA’s with their emergent behavior. Maybe some stuff has happened since long time ago when I looked and it’s well-established now. Idk. The link above is just a quantum leap from the simulations of addition and such I saw before. The gate visualizations are especially nice.
Moderator • September 14, 2017 10:13 AM
@JG4, @All: We’d like to return the focus of the comments section to discussion of technical security, and minimize noise and clutter. To that end, we’re now discouraging posts featuring lengthy lists of links and headlines, including on squid posts. Rather than opening a firehose — no matter how interesting the contents of the barrage might be — consider choosing one security story and start a conversation about it.
We’d also like to discourage linking to conspiracist sites. Zero Hedge — as you wrote, “a noted purveyor of doom-porn” — is one of these. Anyone who wants to keep up with Zero Hedge can subscribe to their RSS feed. Anyone who wants to discuss a technical security story found on Zero Hedge can probably find reliable coverage of the same story elsewhere.
Finally, speculation about the Benghazi “backstory” is off-topic here.
Rachel • September 14, 2017 11:21 AM
thank you for Art of Electronics suggestion. You sent me squid link a few weeks ago, inadvertently I found Nick P promoting also this title as essential and Wael insisting it was quite inferior to Principles of Electronics by Simpson which was required reading and THE respected bible for starting at zero and working through projects covering the range of essential fields and classes within electronics to competency. It’s also priced at dirt. I’m looking at it but whilst adults are diligent I appreciate Clives advice to provide projects for kids rather than frisbee-ing them a text book and hoping they consume it.
Is there a way to contact you for non sensitive chat, pancake recipe level. Not sure how folks over the years exchange contacts here, no PGP required, my suggestion is you use a temporary email address obfuscated by code based on a reference familiar to our experience of the other. Which makes it fun.Unless theres some more known route
Respect, and too to Mr Schneier, Dirk and others working to tighten up the ship.
I like the advice to choose a story and build a conversation around it. Cohesion.By its very nature it will deter interlopers. Commentators may also be encouraged to take up comms with select others privately as a self moderation.
ab praeceptis • September 14, 2017 11:21 AM
@Moderator, Bruce Schneier
(not meaning JG4 whose “daily news” I personally had no problem with)
We’d like to return the focus of the comments section to discussion of technical security, and minimize noise and clutter.
Thank you! I’m enchanted and very much welcome that re-focus.
It might be helpful, though, if you provided some orientation wrt to politics in general, i.e. without concrete relation to a given security related topic.
Clive Robinson • September 14, 2017 2:25 PM
It’s not just books, there are magazines.
One that has been going for a very long time is “Elektor Electronics”.
Most years they do a “summer special” with ideas from the very simple that any teenager should be able to do with only minor help through to quite complex ideas.
If you hunt around on the Internet you can usually find PDFs. One such is the 2007 July-August summer special,
I don’t know what bandwidth you have but the above PDF is 18Mbyte.
If you do download it have a flick through it and you will see simple projects like the little robot insect through to sensors for Robots like the Lego Mindstorms NXT and lots of other interesting stuff.
Rachel • September 14, 2017 3:10 PM
Fantastic! Magazines over text books, totally great idea. I will definitely pursue. You’re the best. It is very satisying providing someone a leg up when possible. Well I have already found them a not for profit Ham radio group, looked quickly at the ARRL.site as you suggested although books seemed quite expensive-plus shipping from the US. Rasp.Pi on the boil, that requires lot more research it seems. Schools in their country (Australia) are a bit backward i did hope they were more freely available as in UK schools
I would like to know how the great minds here focus their working attention to achieve big things. And how they organise their time. Technical work requires serious lack of interruption and if the outside world isnt bad enough, we are our own worst enemy. Kitten videos can be more attractive than solving problems apparently. I recall someone asked Mr Schneier on a Reddit how he managed to achieve so much and what his daily practice /planwas- unfortunately he didn’t really have an answer. Which reminds me his book was due for completion by now non? It becomes another phenomena with teens when their interest levels are so short. In the good old days there was nothing to do so kids would form the next Beatles with their friends, or invent something that changed something. Out of spite to boredom, virtually.
Julia Clement • September 14, 2017 8:58 PM
Interesting example of supply chain hijacking.
The basic story is that the authors of a WordPress plug-in used on over 200,000 sites are approached by some people with money and a plausible story who are interested in buying the plug-in. It’s sold to them and they release new versions loaded with adware that is hidden from logged in users so the site owner may take a while to notice.
It’s a lot easier than cracking as a way of getting malware onto large numbers of sites & represents a new danger that curators of plug-in libraries now need to watch for.
Investigation into the alleged purchaser: https://www.wordfence.com/blog/2017/09/man-behind-plugin-spam-mason-soiza/
This is the same plug-in as mentioned in the Slashdot article mentioned by “And the winner is?” above
tyr • September 14, 2017 10:01 PM
My favourite meta narrative on Conway
is ‘Gameplayers of Zan’ by M A Foster.
Humans have created a new primate race
who use Conways Life as a beginning to
develop a starship based on a supergame.
It does teach you a lot if you play.
I don’t think anyone has plumbed the
depths of CA.
JG4 • September 14, 2017 10:58 PM
@Moderator – I appreciate the feedback and will continue to color within the lines. That firehose has been hard work for me to manage, so I like turning it off. I am one of the bigger fans of feedback in systems for maintaining orderly operation, so no convincing required. My comment on the robot post should have been within bounds, but got blocked and apparently deleted. Perhaps I should have quoted some of the key text from the links to previous comments.
@tyr – I thought that Wolfram had given CA a good run
@Mike A – I knew that Steve Wozniak had fallen in with the phone phreakers back in the day. I didn’t realize a) that many of them were deaf, right out of the Matthew Weigman story, b) that Ron Rosenbaum wrote about them, and c) that the origins of Apple were phone phreaking. I think that Wozniak was there when they rang up Nixon to report the toilet paper crisis, or was there when they rang up the Pope, or both.
I’ve been meaning to post some more Wozniak lore, because I want to follow in his footsteps to Australia. The best one I’ve seen is when he was detained for interrogation by the Secret Service for using $2 bills in a casino. I like the part where he said, “When I was a kid, it was our enemies who spied on their people and put them in prisons without trial.”
@Rachel and Clive – there is a lot more to say about electronics education, but you are doing a good job. I’m generally interested in being in touch with the Titans, at least the ones who don’t think that I’m too crazy. I’d like to see more about how to discreetly get in touch.
is “hang ’em high” too political now?
Equifax had ‘admin’ as login and password in Argentina
Clive Robinson • September 15, 2017 2:21 AM
@ Rachel, JG4,
I would like to know how the great minds here focus their working attention to achieve big things. And how they organise their time.
To achive big things you have to be curious and almost child like in the way you look at the world.
As an engineer artist or other “creative” of physical objects “To make things you have to break things”. That is not only do you need to know the strengths and weaknesses of your component parts you need to be able to work out not just that something has failed but why. Back in times past what we would now call “artisans” used to have to learn not just how to use the tools of their trade, but how to maintain them and make them.
It’s why I tell people that want to get involved with engineering especially electronics to learn “testing techniques” because as a designer you will spend a big part of your time getting your designs to not just work but be reliable. As part of that you work out how to build by “keeping things small” and stressing them to find their limits. Then as they say about acorns “From little acorns mighty oaks grow” the same is true for “systems” they are made from sub assemblies which are made from other smaller sub assemblies which brings you down in manageable pieces to individual components.
You’ve probably heard of the “KISS principle”, well it’s insulting because it’s only half the story. The real principle is “KIS-KIS” which is “Keep It small, Keep It Simple”.
Part of this is “elegance” or the “truth is beauty” idea. It’s one of those “you know it when you see it” principles. Put simply if when you draw out a representation of what you want to do it comes out “gnarly” either you are not thinking straight, or you are being too clever for your own good, and coincidently for everyone else as well. It’s a failing many people writing code fall into. You learn with time just as authors do you are “engaging the reader” with proper flow and narative studying the specifications, designs and other documentation should be “a pleasure not a pain” the story should be told in an enjoyable and engaging way.
Good reads have plots that form the skeleton on which you build the body of the story. But even plots like bones are made of other things, “Boy meets Girl wins her heart, they live happily ever after” is a cliche, because it is almost the skeleton of the skeleton of so many stories, from childhood through adulthood and beyond. It’s how you build up the sub plots and weave them in in a consistant and believable way that counts. It’s the same with engineering in all it’s forms, the brain craves “elegance” in many layers and dimensions if it’s not there then the brain distrusts what it views. One of the things they used to tell kids in school is “Presentation counts” but then fail to explain what it means, it is infact the basis of communication and it has to engage, and to do that it has to look good and have a natural flow or narative. Most admire the simple brush strokes of a good artist, the few simple flowing lines that build the essence of something. As has been said “Don’t draw a horse, draw the spirit of the horse as it runs, flowing across the landscape”. That is how you should do design, “keep it simple, small, elegant, dynamic” or “KISSED”.
The thing is, it is not a mechanical process it’s a creative process supported by mechanisms, whilst you can speed up the mechanisms, you can not “crank the handle faster” on the design process. Studies of the working habits of some of the most creative and ground breaking people show that they work between two and four hours in a day split over an hour or hour and a half periods, in between these periods they do mundane things. Possibly it alows their brains to mull things over and move small ideas from working memory to longterm memory. The point is they spend their whole day doing things but the core essence of what they do creatively is spread out in small simple steps, the more elegant and dynamic those steps are the faster the process moves forwards.
Many people hate documenting things, which is a shame. I can understand “going with the rush” but doing only that is a mistake. Documenting things is inpart a reflective process in part a clarifying process and also it helps fix the ideas in your head. Back when I was trained we were told there was two books we should carry at all times, a laboratory type note book to make a record and a diary for time managment. These days we have computers which are nowhere near as good. The simple fact of life is successfull people document as they go. Importantly it does not stop them being creative, but it does stop them making mistakes they can not fix simply and quickly and it alows them to go back and examine why things worked and more importantly what went wrong and why.
I’ve known a couple of famous authors and they have many different styles but they always make notes, they always plan and they were also insatiably curious about everything, usually in what you would call a child like way. The world moves forwards through child like eyes, and the simple child like questions, that 99% of adults can not see, ask or answer. It’s those 1% of adults who retain the child like quest for information that move things along. To see this in action ask yourself seriously “Why the sky is blue and clouds white” the full answers were worth several PhDs along the way, likewise “what makes a rainbow”, remember it’s not just the colours, but the shape and why you only see them when the sun is behind you. Even Sir Issac Newton only wrote part of the story, whilst doing something much more mundane but usefull to everyday people by inventing the “cat flap” oh and helping the king with his gold by putting milled edges on coins.
The important take away apart from a little and often, is be “widely curious” develop the skill of looking at the world and asking why of everything, because knowledge is transferable. You hear about “Renaissance Man” or “polymaths” they have a very wide bredth of interests and many are amazed by their abilities, hence the idea of great people doing great things.
The point is people are missing the point and misjudging what they see. Getting a single PhD is hardwork and it starts around about when you become a teenager. Thus people mistakenly believe that you need the same amount of effort over and over for each PhD… You don’t. You pick up both skills and knowledge as you go, thus you have two thirds of what you need for a second PhD from the first and each subsiquent PhD gets easier as you master the skills or mechanics of doing a PhD. The hard part that is always there is “finding a worthy question to answer” another hard part is the “originality of thought within the domain or field of endevor”. But that second part can have a short cut in it. That is, if you have learnt to solve a problem in one unrelated field of endevor or knowledge domain it might by fully or partially transferable into a new field or domain. Thus the trick to multiple PhDs is to learn the mechanics of getting a PhD, then learn what makes the difference between one field of endevor and another, then transfering knowledge from one domain to another. Occasionaly you get to see this in main stream reporting, one such was the use of DNA techniques to crypto analysis of cipher systems like DES .
It gets harder to do original work as a field of endevor matures but is fairly easy in a new field, hence when a new field of endevor is realised you get a flurry of published ideas, that are the result of knowledge transfer, then it slows and settles down to the point where each new paper of significance is based on ten to twenty years of solid work and an original probably “off the wall” idea. Sadly such original thought is rarely rewarded these days, the crassness of business politics has intruded, and with it the notion of “Publish or die” where a researchers worth is based on quantative not qualitative measures be it in papers written or how many people quote it in other papers. Such quantative measurment systems like “lines of code a day” are easy to game and we see it happening with the games such as “log rolling” moving in from the book publishing world to the research world and with it the politics of reward by cartel.
So the other thing to remember is what most consider “wasted knowledge” is realy “latent knowledge” waiting for a cross domain linking in someones subconcious. Thus “being widely read” is important to scientists and engineers as well as most other creative endevores. Especially if you want to do “the new” not “repeate the done”.
I hope that gives you some insight into the process of what the more original thinkers and practitioners do.
 Dan Boneh did this back in the mid 1990’s and reports on it made it from the likes of Scientific American into the more general media. Dan has a summary and link to the paper at, http://crypto.stanford.edu/~dabo/abstracts/bioDES.html It also payed back the other way twenty years latter, https://www.scientificamerican.com/article/cryptographers-and-geneticists-unite-to-analyze-genomes-they-can-rsquo-t-see/
 log rolling has a number of diverse meanings, but in this case it’s the “you scratch my back…” political meaning not how you get people from bed to bed in a hospital etc. https://en.m.wikipedia.org/wiki/Logrolling
JG4 • September 15, 2017 8:19 AM
@Bruce, moderator, and Titans – it should be straightforward for practitioners of NLP to transfer what was proposed yesterday for figures of merit derived using Clive’s posts as a gold standard to related areas. in fact, it should be possible to use such a flavor of natural language processing (NLP) to spot fake news, as well as ‘Mockingbird’ activities, and identify when a given newswriter is using their own words, and words cribbed from propaganda releases. it would highlight the spot where I lifted and rewrote wiki text without attribution. it won’t be difficult to trap for inspection long and tedious rants that go off topic or overlength, not that any one in present company has such tendencies.
@Clive – a very elegant essay indeed. as you might guess, I have a lot of that natural curiosity and lived much of the progression that you describe. my Dad took us to the dump to find “toys” which was a great way of learning to break things. he also taught us to scan the instrument panel as a health monitoring activity. every section of your essay is a springboard to examples, including key steps in electronics, computer and systems education.
this is the link that goes with the TBI comments from yesterday, from the Deep State’s newspaper of record
some time ago, I posted Yves’ work with color-coding political speeches by the type of content in each sentence or fragment. it falls neatly under the visualization topic, which is central to humans-in-the-loop security systems. a brilliant example being the Soviet nuclear alert system that lit up one night in the Cold War. almost all here are familiar with context-sensitive highlighting for C and assembly. it is a short step from these concepts to color-coding quality analysis of a news articles and news outlets. a quality analysis of any written document and color-coding to show authorship, plagiarism, lies, omissions, distortions and other fingerprints. there are deep analogues in how a hypervisor would color code trajectories in the n-spaces of data and addressing. or trajectories extracted from side-channel leakage.
attribution is one of the places that AI is going and I’ve said before it offers hope of unraveling various crimes and putting individuals on a more even footing against government and corporations. in the short term, the tide went the other way, but pushback is coming. we already have seen the EULAyzer as a beginning example. you could color code green all of the standard elements of an NDA, while highlighting in yellow and red any unusual or onerous provisions. the substance of attribution is seeing the fingerprints on the code. such tools will make it straightforward to unmask anyone here who has published in the scientific literature, as has been reported about the bitcoin inventor.
btw, the green, yellow, red highlighting comes from two places in biology/evolution. fruit ripening usually uses a pH indicator to advertise the transition from sour to sweet. often, things that are made of tasty meat without poison, like lizards and grasshoppers, will be green to blend into a foliage/flora background, whereas predator warnings often are yellow and red to advertise poison and position. the signal says, I want you to know that I am here and avoid me, whereas the green lizard is more nearly saying, I am made of tasty meat and I don’t want you to know that I am here. taking some liberties with the concept of intent in evolution. the citation might be The Selfish Gene by Dawkins. the same fundamental conflicts of interest, as well as the balance between cooperation and competition can be traced from biology to information systems and governments. which are just tools for enhancing our cognitive abilities in managing larger datasets. and tools for managing violence and cooperation at larger scales than for which we were prepared by evolution.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Leave a comment