Friday Squid Blogging: Peru and Chile Address Squid Overfishing

Peru and Chile have a new plan.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on November 17, 2017 at 5:04 PM • 163 Comments

Comments

tiredNovember 17, 2017 5:18 PM

Now if everyone could comment with a lots of optimistic vibes so the security/privacy world seems not as depressing as the last few years made it to be..

AllIsLostNovember 17, 2017 6:03 PM

Does anyone have info or links about any arrangements Facebook has with intelligence agencies to provide live help to its moderators (censors). Somewhere I read that agents are assigned to partner with Facebook content monitors to help them resolve edge cases of prohibited speech & imagery, but the citation eludes me. Any info you have will be appreciated. TIA.

Alarming New Public TV Broadcast Standard (ATSC3)November 17, 2017 7:24 PM

“We’ll know where you are, who you are, and what you’re doing -- just like you do now, just like everybody does now, the internet does, or Google, or a Facebook,” Sinclair Executive Chairman David Smith told investors at the Wells Fargo Technology, Media & Telecom Conference Nov. 8. “We will have perfect data all the time.”
https://www.bloomberg.com/news/articles/2017-11-14/ads-may-soon-stalk-you-on-tv-like-they-do-on-your-facebook-feed

Sinclair Broadcasting Bartered with Jared Kushner
https://www.cnet.com/news/how-a-massive-broadcast-merger-could-affect-your-local-tv-news/

Winston SmithNovember 17, 2017 7:51 PM

"Log off and spend the weekend outdoor without any connectivity."

Indeed. Headed there now. Cheers!

Another reason to disconnect, the coming panopticon. Consider just how many people will fall completely for the following once the promise of "freedom from work, freedom from the daily grind," is on the horizon:

httpsw.dezeen.com/2017/10/11/anthony-levandowski-engineer-religion-artificial-intelligence-ai-god-way-of-the-future/

tyrNovember 17, 2017 10:00 PM


@Winston Smith, et al

https://www.upguard.com/breaches/cloud-leak-centcom

Here's a bit more on the DOD leak.

With Fat Leonard scandal taking down 440 navy
including 60 admirals, apparently the military
leaks like a sieve these days.

I can't wait to see the explanation for spying
on American citizens.

The best RT underliner on the news today has NATO
apologizing for putting Erdogans name on their enemies
listing. I hadn't heard that Turkey was kicked out
of NATO. I'm gonna need a bigger popcorn machine if
this keeps on.

neillNovember 18, 2017 3:02 AM

@Iggy

after accumulating 7 "friends" i just got too busy to keep up, and un-friended my wife ... then my sister ... then everyone ... BAD mistake!!!

(learned from it, should have done it the other way around, wife last (next time, or next wife))

anyways, now "i have ZERO friends, and i feel fine"

RIP john glenn

IF they love data, give them lots of it! tag people in pictures! upload pix! feed the snake!

hmmNovember 18, 2017 3:56 AM

"I can't wait to see the explanation for spying on American citizens."

If they're doing an investigation into a known crime it's not spying, it's an investigation. Trump was similarly confused and will be similarly enlightened soon.

They didn't find out about Leonard because of some widespread illegal dragnet operation.

The people they ensnared in a subsequent investigation are not "american citizens" either,
if they've enlisted they are the property (cattle) of the US government under the UCMJ.

Explanation enough?

Who?November 18, 2017 4:47 AM

@ Clive Robinson

Thanks a lot for the information you shared with us on last friday squid blogging!

I am carefully reading your posts yet. There is a lot of valuable information on it.

Clueless in SeattleNovember 18, 2017 9:37 AM

+1 for getting outside more

@tired
not exactly "optimistic vibes", but from the, to me, humorous far side:

... “This eighteen-year-old punk kid shows up,” Dariani told me, describing a typical meeting with potential sponsors, “and he’s talking about how things are ‘retarded’ and making fart jokes and not listening to your team with a hundred years of experience. And you’re sitting there going, ‘This is the guy who makes the decision about whether my company succeeds or fails?’ ” Dariani smiled. “First you’re angry. But then you’re terrified.”

https://www.newyorker.com/magazine/2017/11/20/how-to-get-rich-playing-video-games-online

On a more dysthymic note, however, this reminds me of Trump's leadership of a country.

IggyNovember 18, 2017 10:19 AM

@neill, lol.

Precisely out of fear over how unfriending might create an international incident, I unfriended no one, I simply removed all pix, convos and left the news feeds on. I have 2 whole FB friends who are actual friends who happen to be on FB. I, too, don't believe in friending people I haven't met. Silly me.

RIP Sen and Astronaut John Glenn? Indeed.

Clive RobinsonNovember 18, 2017 11:35 AM

@ tired,

Now if everyone could comment with a lots of optimistic vibes

Err, not everything is backdoored Yet.

Oh, rumour has it a model T ford car can not be hacked by an ten year old with a harmonica from fifty feet away.

Not much else realy sorry ;-)

Winston SmithNovember 18, 2017 12:00 PM

@tyr

My link didn't include the details of the content of that US military leak. Good find, thank you. Anyone who thought that their social media posts were only viewed by friends should understand that "friends" is essentially equated with "public", or worse, the Eye of Sauron (in my idealistic 'privacy advocate' mind, at least).

The article also mentioned that one of the explicit purposes for the US military's interest in social media is to leverage it as a propaganda tool, or rather, an anti-2nd-world-radicalization platform. If effective, this sort of operation would be more efficient for a nation's interests than engaging in conventional war. The practical truth is that nothing has changed since the days of the Roman empire, only the technology, no? Que sera.

To my second post, the link was bad:

AI is now officially a religion. The security and privacy ramifications are substantial if this vision comes to pass. I think it will, eventually; if robots are analogous to our corporeal bodies, then AI is analogous to the mind. One day, both will easily outperform humans.

This movement detailed below is a way to welcome our new overlords (through appeasement?) assuming they desire to be worshipped. Or maybe it's a cynical business plot to capture the first mover advantage in a new market. Probably the latter to some extent since the gods haven't even been created yet and we don't yet know their motives.

https://www.dezeen.com/2017/10/11/anthony-levandowski-engineer-religion-artificial-intelligence-ai-god-way-of-the-future/

AnonymousNovember 18, 2017 12:06 PM

"Oh, rumour has it a model T ford car can not be hacked by an ten year old with a harmonica from fifty feet away."

I genuinely laughed at that comment. Thank you, Clive Robinson.

On another positive note, this forum exists... Which is truly a positive development in the overall state of security/privacy. Sincerely.

Winston SmithNovember 18, 2017 12:08 PM

"Oh, rumour has it a model T ford car can not be hacked by an ten year old with a harmonica from fifty feet away."

I genuinely laughed at that comment. Thank you, Clive Robinson.

On another positive note, this forum exists... Which is truly a positive development in the overall state of security/privacy. Sincerely.

albertNovember 18, 2017 2:13 PM


"In Medieval Times, how were punners punished?" (see what I did there)

"They were drawn and quoted."

-------

"What is a mouse when it spins?"

Answer in the next Squid Blog.....


-------
This is one one can actually look up. Since y'all were 0 for 2, I made it a little easier. I gave you a Nelson instead.

. .. . .. --- ....

WaelNovember 18, 2017 2:21 PM

@albert,

This is one one can actually look up.

Open-book test. We must be pretty pathetic! May I ask my friend?

albertNovember 18, 2017 2:41 PM

@Wael,
You may ask a friend.
..
@Winston,
"AI is now officially a religion." I like the sound of that. You meant 'Ai'? I'm so disappointed.

We won't really need Ai in the future, except in the IoT. When you have a nation (a world?) of fleshybots, 'thinking' becomes unnecessary, and even dangerous. Robert Sapolsky didn't say so, but he implies that someday, specific undesirable behavior may controllable with drugs. The next step is genetic modification (GMH) to ensure 'consistent' and 'reliable' behavior.

IT IS ONLY THEN, THAT WE WILL ACHIEVE ULTIMATE UTOPIA!!! [fights to restrain right arm]
..

. .. . .. --- ....

neillNovember 18, 2017 5:54 PM

@Iggy

i was just playing with john glenn's remark made during his historic flight when he said "ZERO G's and i feel fine"

just deleting your photos will not get them off FB servers ... but feeding them more will dilute their datasets, possibly to the point where they are no longer valuable

e.g. 3 pix with your face tagged = it's you
300 pix with faces = ???

Clive RobinsonNovember 18, 2017 5:59 PM

@ Albert,

They were drawn and quoted.

The old joke said "Hand drawn and quoted" to match "Hung drawn and quatered".

A process I have described befor along with gelding and gouging, and one or two other entertainments from the time...

However the one that sticks most in my mind is "boiling alive" not because of the process but the reason given for the punishment originally. A cook allegedly poisoned a noble man and his family and the King decreed that "as he had killed by cooking he in turn should be killed by cooking" on the "eye for an eye" principle.

65535November 18, 2017 8:05 PM

Here is a discussion between Anders, Clive, and 65535 about the use of Win2K pro or Win2K server as an alternative to Intel's new chips including skylake and newer intel processors which seem to have a relatively big back door via a successful proof of concept USB-JTAG hack associate with scamming Intel's ME/AMT out of band system. This hack can take over the Intel ME system and the entire MS OS. It should be fixed.

Anders and Clive R. use Win2k systems to avoid many hacks. We were discussing the possibility of using Win2K as a useable solution to problem of many of new hacks. The question about Win2K feasibility is fairly well hashed out but some question remain [from the previous squid thread].

Anders gets the discussion rolling:

@Clive Robinson

"why I repeatedly talk about using pre 2005 or even 2000 hardware for security reasons"- Clive

"I hear you. Actually i'm currently writing this answer to you on 1998 PC running Windows 2000. Most modern malware don't even start on W2K."-Anders

https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6763985

@ Clive R. and Anders

With all of the above said, the question remains could you use Win2k Pro or Win2K in any small business or home behind a fire wall? Using Win2K of any version seems to possibly be less risk than say a new Windows phone on the network or even Windows 10 Pro on the network. Is the risk/reward favorable to using Win2k behind a NAT firewall? Yes? No?

[please don't say it depends or maybe - take a chance with yes or no]

https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6764308

[the above post will link you to most of the discussion on Win2K usage]

Anders [answers]

@65536

"With all of the above said, the question remains could you use Win2k Pro or Win2K in any small business or home behind a fire wall? Using Win2K of any version seems to possibly be less risk than say a new Windows phone on the network or even Windows 10 Pro on the network. Is the risk/reward favorable to using Win2k behind a NAT firewall? Yes? No?"-65535

YES -Anders

https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6764323

Clive's last post on his Win2K server setup with datadiodes.

https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6764387

https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6764308

[To repeat, the above post will link you to most of the discussion on Win2K usage]

Any comments on Win2K Pro or Server version as a method of avoiding being scammed?

65535November 18, 2017 8:20 PM

This is the hack that started the above discussion. It is a fair big hole in the ME part of Intel's chips.

Proof of concept attack via JTAG - USB hack:

"Attack allows execution of unsigned code via USB"

The Intel Management Engine goes unnoticed by most users, but the subsystem plays a very important role in Intel-based systems. Since 2008, nearly every CPU released by the company comes with the IME which some call a computer within your computer... Positive Technologies, can execute unsigned code on nearly any computer running the IME through USB. The attack works by exploiting the JTAG debugging ports built into the computer. Many devices including the IME and USB are connected to these ports, but they are supposed to be segmented. The researchers have discovered a way to get past these barriers and execute their code from a USB stick....[Yet] For now this is just a proof of concept that only affects Skylake (2015) and newer platforms." -Techspot

https://www.techspot.com/news/71836-nearly-every-intel-cpu-since-2008-found-vulnerable.html

hmmNovember 18, 2017 9:37 PM

What about remote exploit of default IME configurations in the wild?
They originally didn't even require any password. RTN key without pw got IME root. (!!)

Imagine all kinds of mickey mouse obscurity magic packet crap is enabled by default?
Someone is fuzzing the hell out of it as we speak. What happens when they get it?
Intel CPU-ring level wormware that nobody can secure themselves from?

Nobody would have any way of noticing in OS land. Careful net snorting maybe at the firewall/NAP/router level, and then you'd have individual malware-specific things to look for right?

So unless you're routing all your packets through some cloud analysis service that knows about that particular malware traffic pattern, you're going to see bupkis by default. And they're not going to know about it until they finally do - maybe months? Years? And even if they/you do spot it, there's no strong guarantee you can clear it out without RMA'ing your hardware.

Who knows it isn't happening right now?


rNovember 19, 2017 6:25 AM

Yeah so, by now you've all seen the glowing reviews about the new firefox right?

I updated my many Android apps last night, get up this morning and noscript no longer works.

You've been warmed. ;)

ThothNovember 19, 2017 9:09 AM

@Peter

Note: It is not so much of lowest bidder. The truth is the entire smart card industry is dominated with a selected few elite players and the rest are simply not going to have a chance to bid their wares.

The selected elites that everyone will rush to is the NXP, Gemalto, Infineon as the top three card suppliers. Every card issuer would naturally gravitate to the top three because they are the defacto chip card supplier. It is literally ann industry's monopoly.

Look at the authors of the CC EAL and other security certification criteria for smart card certification and you will almost always see the big three mentioned above. They made the chips and they also made the certification criteria papers. How is this even a fair game for others who want to enter the market ?

In fact, the NXP and Infineon chips are one of the more pricier pieces and this is contrary to your claims of lower bidder wins. In this situation, there is really not much to bid at all as the entire industry is literally run by the trio and there are some anti-trust suites going on against them but I guess these anti-trust suites are useless.

Gemalto does not make it's own chips and takes supply from either NXP or Infineon. Thus, the smart card chip game shrinks to just NXP, Infineon and STMicroelectronics which are the top three suppliers of smart card chip with ST being the least well known to my knowledge. Gemalto works more on the product integrator level where they purchase batches of chips and then develop their own firmware for the chips.

Clive RobinsonNovember 19, 2017 9:25 AM

@ 65535,

Copying across your last from the previous squid,

When is USB1 or USB2 or USB3 over a serial connector such as the straight DB9 [DE9] null modem or straight, better considering the building complexities of USB? I have many other questions.

I'll be up front about it I don't like USB any of them... Simply because they are way way to difficult to instrument in their own right and system drivers are lets just say not unknown for vulnerabilities. However since the late 90's you don't have much choice but to use them as the other interface types got phased out and became USB devices in their own right...

But USB interfaces have one advantage --if you can mitigate the disadvantages-- in that you can hang within reason any number of serial ports off of a hub etc. So if you have a need of building a terminal concentrator you can do it at $20 a hub and $15 a serial port which is a lot cheaper than the ~$10,000 --inflation adjusted-- price I paid for an eight port serial card for an early 486 box running Xenix.

So to use the old expression "Beggers can not be chosers" when it comes to USB and as far as the industry is concerned we are either beggers or we are to be fleeced, there's no middle ground currently with off the shelf parts [1].

    The important point is that what it boils down to is you are mitigating the USB disadvantages by stepping the communications rate down to a level where you can feasably instrument it using low cost Micro Controller Unit (MCU) System On a Chip (Soc) devices. You thus do the data diode in a way you can actually cross check with a simple low cost Oscilloscope and voltmeter.

Something that you most definately can not do currently with other options such as PC mother boards where you are "locked out" by the so called Ring-3 and TPM technologies where you own diddly squat.

The advantge of most MCUs is that they do not have the encumbrance of such stuf like Intel's ME or it's equivalent in higher performance CPUs from AMD or a number of the higher end ARM SoCs etc. Also once you have mastered the basics with the MCU you can then build your own "test instrument" to check there are "no funnies on the line" so effectively replacing the need for a storage oscilloscope or Logic Analyser. As the instrumentation is done in a way an attacker can not see unless physically present, it gives you an advantage over them because you "own it" not them.

Further there are other things you can do like galvanic issolation (important for EmSec as well as EMC). Using cheap plastic optical fiber used in Music stidios etc and thus are easily accessable at moderate price. This then enables you to build more complex systems including doing your own crypto in an issolated way (see other past discussions involving Marcus, Thoth, Figureitout and myself).

Thus people attending the likes of "Maker Groups" can get into much higher levels of security without getting "fleeced by the gigabit crowd who have to pay a marketing guys salary out of maybe ten sales a year. Better yet you don't also have to give the source code up for "type approvals" which means the SigInt agencies don't get to see it. Oh and it's quite unlikely that you will have to put in some form of NSL backdoor because it's "comms equipment" covered by CALE etc decided by some secret court judge...

Oh and for those that want to run commercial OS's before the telemetary and other security rot started, there are still other ways into "older x86" chips for now and that is the PC104 industrial control cards...

That said though for comms stuff I would look at using lower spec ARM on PC104 (about 486 or above comparable). Because firstly they use one heck of a lot less power and thus are inhetantly more reliable. Secondly and importantly some have become "Space Qualified" parts which modern Intel chips almost certainly never will. One aspect of "space Qualified" parts is that they are Hi-Rel parts with likewise high availability. Because you can not just pop over to a satellite and hit the reset button in space in it's 20-25year expected operational life... Which for many security concious peoples purposes means you can seal them up in tamper evident/proof containers with minimal external access (ie better physical security[3]).

Funily enough yesterday saw the launch of an AMSAT satellite in a 1U (10x10x10CM) format[4] the MCU selected back in 2010ish to be at the heart of it is an ST Microelectronics STM32L very low power ARM cortex chip,

http://www.stmicroelectronics.com.cn/en/microcontrollers/stm32-32-bit-arm-cortex-mcus.html

As you can see from the presentation for the Satellite the tools used are all open source,

http://ww2.amsat.org/wordpress/wp-content/uploads/2013/03/2012-Symposium-Fox-Overview.pdf

Development boards for these sorts of MCU are quite inexpensive, but they are overkill for just "an intelligent serial data diode" thus more suited to instumentation and more complex file formats etc.

But that said the price differential is getting smaller by the day. For instance whilst this all in one Eval board is under $200,

https://www.digikey.com/product-detail/en/STM32072B-EVAL/497-14097-ND/4502080?WT.z_slp_buy=stm_stm32-devkits

If you look at the bottom of the page you will find three bare bones boards from $9.4 - 11.3 with a debug tool at $22...

[1] Actually not quite true, if you are a little more adventurous than just buying off the shelf parts and prepared to do some work[2]. The Raspberry Pi has brought the price of *nix machines down into the "pocket money" price range with some as low as sub $10. I've been looking at using them and similar to do "networked test instruments" to make low cost electronic labs for educational purposes. You can hang a Raspberry Pi USB hub and eight serial ports off of a network connection with rather more power than a MicroVax under your control. Some Radio Amateurs have hung low cost (less than $20) SDR dongles off of them and made the equivalent of Panoramic Receivers and Spectrum Analysers out of them with performance similar to $5000 instruments thus have also made the equivalent of Radio Test Sets in a lunch box using other cheap dongles.

[2] As I noted on the previous squid thread there are security advantages in putting in some work of your own. Even though some would call it "security by obscurity" it's actually still valid security.

[3] I'm known to use low cost electronic safes with the mechanical override key disabled for one or two functions. Mad as it might seem they are a lot lot cheeper than getting an equivalent sized tamper resistant case and provided you are mindfull of the power used the fire resistant ones offer aditional advantages as well.

[4] The PC104 cards were one of the reasons claimed that CubeSats are the size they are. However for various reasons the cards are not quite PC104 compatible these days, some have smaller higher quality connectors, others have the connectots in different places for beter thermal and mechanical reasons, and some do not implement all the PC104 pin functionality. That said the engineering prototype on my bench does use PC104 correctly but will almost certainly change at a later stage due to parts upgrades from test to functional.

every crypto fallsNovember 19, 2017 9:42 AM

@Peter

This is more like a blind trust issue. You can't look inside the card chip and must just trust it. So you build the whole infrastructure around one product, you depend on it, you blindly trusting it and then the whole infrastructure just collapses and you don't even have a backup plan?

This is a textbook case of single point of failure and Estonians are even proud of that? Arrogance, i say...

AndersNovember 19, 2017 11:13 AM

@r

My advice, for time being stay away from FF 57 Quantum.
On my test system FF 57 hogged 7.7GB memory just with a few tabs,
FF 56 never ever exceeded 5GB memory margin with far more open tabs.
Also i constantly experienced unresponsive system, windows didn't
react for 10..15 seconds although i have 4 cores.

Switched back to FF 56 and all the problems disappeared, system is
again lightning fast.

TatütataNovember 19, 2017 1:17 PM

Re: Estonia

The truth is the entire smart card industry is dominated with a selected few elite players and the rest are simply not going to have a chance to bid their wares.

Gemalto is mentioned in a link above. Weren't they compromised by the NSA a few years ago? If the TLAs manage to get an access to SIM card generation systems, they could also have a shot at other types of credentials.

Re: FF57

I have no major objections against it - yet.

If it uses more CPU it might be simply because it became better at threading. Right now I have ~60 different tabs opened in 14 different windows and all FF related processes consume about 2Gb. That's nothing in comparison with the egregious FF memory leaks I experienced in the past, where I needed a sixth sense to kill FF just before it brought down the OS with it. (The computer sat there idle but at some point FF just sprang a gasket unprovoked and began gobbling up memory). Opera is also opened, and is far more expansive for a much lighter load.

One peeve I have is the appearance of several "Web Content" processes. Is that a replacement for the previous plugin container process? I can't pkill it without typing the process name in full, as the space character embedded in the process name seems to prevent autocomplete with tab under bash. There are also other another process weirdly called "file:// Content" spawned by FF.

A blank new tab won't open in my personal homepage anymore. AGAIN. Sigh. Why do all these browsers insist on profiling you and spit back your most visited pages in your face?

rNovember 19, 2017 1:26 PM

Re: ff upgrade

Android version disables noscript.

I keep 100+ open thanks to cl but noscript being disabled is a negative vote, I'll wait for reformulation haven't tried umatrix/etc on Android but for the meen I'm going back to opera mini -js. The time for elinks draws near.

AndersNovember 19, 2017 3:20 PM

@What now

Read this. I believe this way more than Kaspersky's own report (which is intended to cover their asses).

https://arstechnica.com/information-technology/2017/10/russian-hackers-reportedly-used-kaspersky-av-to-search-for-nsa-secrets/

"Israeli intelligence officers informed the NSA that, in the course of their Kaspersky hack, they uncovered evidence that Russian government hackers were using Kaspersky's access to aggressively scan for American government classified programs and pulling any findings back to Russian intelligence systems. [Israeli intelligence] provided their NSA counterparts with solid evidence of the Kremlin campaign in the form of screenshots and other documentation, according to the people briefed on the events."

Clive RobinsonNovember 19, 2017 6:01 PM

@ What Now,

As Marcy points out there is much that is wrong with the US narrative, especially on time lines.

The question that arises is not just "Why" but also "Why now, not then?"

Put simply the US Government or an entity within it are trying to cover something up or trying to create a situation for some reason[1].

The "unnamed insiders" clearly have their stories wrong, which suggests they actually have no first hand knowledge of events but have actually been briefed from on high about what to say and the briefing details are wrong for some reason. Which suggests that the "Israeli Screen shots" are just as bogus.

In short there is a high stakes poker game going on here and Kaspersky is playing not just against the US Government, but the Russian and most European ones as well. Thus the question of what cards he is holding, some are fairly obviously real. For instance he has given sufficient information for the supposed NSA "homeworker" to be be identified by others outside the US Gov agencies. So it can be shown who the homeworker realy is if they exist or shown as a setup if they don't. The question is will some one in the ISP show their logs or not and if they do to whom... Kaspersky is also holding real cards that he may use to bluff out a little. That is he's made it clear that NSA work in progress has been recorded, he could publish the entire list and show when and where the NSA have been digging to cause diplomatic issues. Thus start another "Mommey Merkel's phone's been owned" type embarrassment for the NSA and the USG. He may also be bluffing up other things via sub context. Eiher way it's a fairly astute piece of PR work that has wrong footed quite a few up on the hill...

It might also be good advertising. Dispite US protestations they do not do economic espionage, most outside the US who have heard them don't believe them. Thus lost USG sales might well be balanced by increased sales in the rest of the Western world. Especially when other mainly US based AV vendors have not said a word about any of this NSA activity.

The one thing I will note is that nobody has come out and said just how the Kaspersky software might have been "got at" by third parties. There is obviously a command and control capability from Kaspersky's mother ship but it's security has not been evaluated publicaly. So we still do not know if the Russian FSB or SigInt entities were either passively or actively involved with the command and control capability.

It's known that Kaspersky had a certain "training" background and quite a few that the company has employed have had the same or similar training background. Thus the qurstion arises as to if one or more employees have "old loyalties" that are stronger than those to Kaspetsky. Thus an insider attack to "lift crypto keys" or even open a backdoor is a definate possability...

So hopefully the entertainment will last for another bowl or two of popcorn.

[1] And no I don't think it's "Trumps in a russian bed" or "the reds hacked the election" but something else.

Tony TurpinNovember 19, 2017 6:06 PM

Spain, the EU and NATO say Russia is making a concerted effort to spread false news and hype up the Catalan crisis using thousands of fake social media accounts in the hope of destabilizing Europe (with limited success, according to the director of future conflict and cybersecurity at the International Institute for Strategic Studies).

Clive RobinsonNovember 19, 2017 7:14 PM

@ Winston Smith,

I genuinely laughed at that comment

I hope you were not the only one, but thanks for letting me know I've managed to lift somebodies spirits a little.

Likewise thanks to our host Bruce who has made not just the odd joke possible but much else besides.

Oh if you look carefully somewhere in this blog is the Moderator being "shocked" at which earned me a yellow card. I thought I had got away with it but @Wael asked me to explain one of the points and thus I got caught...

WaelNovember 19, 2017 7:32 PM

@Clive Robinson, CC: @Winston Smith,

asked me to explain one of the points and thus I got caught...

You payed me back in full. What was the story about again? The moor and the woman looking at a picture on the wall? Wanna try to explain in it again? ;)

Hail to the KingNovember 19, 2017 7:36 PM

@Clive Robinson

I hope you were not the only one, but thanks for letting me know I've managed to lift somebodies spirits a little.

I smiled a wry smile, couldn't come up with a stronger response than observing Nick P also recommends pre 2008 hardware :)

WaelNovember 19, 2017 8:10 PM

@Clive Robinson,

"Oh, rumour has it a model T ford car can not be hacked by an ten year old with a harmonica from fifty feet away."

I almost smiled until I met my pet peeve. Spelling, I accept. Grammar, too?
Care to explain this to me and renew your yellow card? It's about to expire ;)

Clive RobinsonNovember 19, 2017 8:22 PM

@ Tony Turpin,

Catalonias problems are shall we say problematic for various reasons.

However Spain's problems have got a whole lot worse with the lead on prosecuting the Catalonia politicians galavanting of abroad to South America and suddenly dying,

https://mobile.nytimes.com/2017/11/19/world/europe/spain-attorney-general.html

But to throw more grist to the mill is the fact that the EU Commision have the problem that it has Catalonian politicians on it's home ground and Spain has brought the European Arrest Warrant system into disrepute by issuing a warrant for the politicians for what are clearly "politicaly inspired" reasons, brought about by the now deceased Spanish Attorney General...

But to make it worse Belgium is a country with it's own seperatist issues that have been rumbling on for years with the "lid of the pot just keeping it from boiling over". Well the prescence of the Catalonian politicians has given a channel for the seperatists in Belgium to give forth by proxy...

http://www.bbc.co.uk/news/world-europe-42023498

What ever anyone else might say to through wood on the pyre the two parties holding the burning matches up above the proverbial powder keg are the Spanish Government and the EU Commission. The call for a snap ellection on the Winter Equinox by the Spanish Prime Minister is probably not going to be accepted which ever way it goes, thus is more likely to foster resentment and more enmity than bring people together.

As for what fourteen under funded people claim about Russia it's not going to play well with other European Nations who already see the US export it's political diatribe via NATO and the Internet.

To say it's all a mess is an understatement, to say it will lead to a civil war would have been an overstatment if it were not for Spains activities over the previous election two months ago. After all it's hard to claim you are democratic when you send in shiploads of armed police officers to excert your will over those of the democraticaly elected and autonomous local government,

http://www.telegraph.co.uk/news/2017/09/21/boats-spanish-military-police-blocked-catalan-ports-unrest-grows/

WaelNovember 19, 2017 8:27 PM

However Spain's problems have got a whole lot worse with the lead on prosecuting the Catalonia...

My goodness! I'll get the popcorn going...

tyrNovember 19, 2017 9:13 PM


@Clive, Wael

And the world was so hopeful that the
Franco era was the end of Spanish Fascism.
It was all well and good until someone was
silly enough to try democracy. Varoufakis
(Greek Finance minister for a bit) has had
some interesting things to say about EU
leaders and their attitudes on democracy.
It will be interesting to see if Podemos
tosses a sabot into the Spanish election
again.

Compared to the last Spanish Civil war this
one has been pretty tame so far.


Clive RobinsonNovember 19, 2017 9:30 PM

@ Wael,

Care to explain this to me and renew your yellow card?

It's easy enough I originally wrote "an eleven" but as I was finishing it, the story about the ten year old opening his mum's iPhone by --one assumess-- a cheeky grin poped into mind so I changed it to ten.

Now as I know you are young and innocent, but a Model T was the first factory production line car. Shortly after Ford stopped making them life got a little tough in the US for one reason or another, thus a harmonica or mouth organ became a much cherished possession of boys of the time. Many of who later took them into battle, and remembrance day was last week. I guess you are probably not old enough to remember the Capt Chrunch "Bosun's whistle" that just happened to produce a tone of 2600Hz that was also used for "in band" signalling on the US telephones. These were likewise treasured by boys who used them to "freek phone" long distance for free. This was in the 60s/70s and gave rise to the later MIT Railway Club "hacking ethos".

So there I've explained it all and now it's not ammusing any more :(

As for a "Moor and a ... picture on a wall" it sounds more like one of yours than mine. I suspect it was me being less than complementary about "Human Remains Managers", I'm known to have an adverse thing about them, the meer thought of them brings me out in a rash, and due to their numbers there is not enough wax in the world. However I think the story about an office girls night out with the quiet girl admitting her boy friend was a train spotter the Moderator and Bruce let through.

Clive RobinsonNovember 19, 2017 9:50 PM

@ Tyr,

Compared to the last Spanish Civil war this one has been pretty tame so far.

I sincerly hope it stays that way. The stupid thing is it was very predictable months ago for a whole load of economic reasons.

It's funny that you mentioned Varoufakis the Greek Finance minister, he spotted that Spain's financial troubles would give rise to this sort of problem quite some time ago and did not make himself popular by telling it to the media. He has also more recently made himself unpopular with the current UK PM over Brexit. His advice makes way way more sense than any nonsense comming out of No10 or the three stooges.

Varoufakis's views on the EU council of ministers and their authoritarian economics that originated with pre WWII German economic thinking, now does not appear any where near as doom saying as they once were...

WaelNovember 19, 2017 9:57 PM

@tyr,

And the world was so hopeful...

I prefer to be a spectator on this topic :)

@Clive Robinson,

but a Model T was the first factory production line car...

Clever. I know about Model T, black-boxing, blue-boxing, phreaking, ... Just didn't make the harmonica connection.

So there I've explained it all and now it's not ammusing any more :(

Perhaps it's more amusing now. I doubt I was the only one who didn't get it.

Apathy SchmapathyNovember 19, 2017 11:09 PM

You may be sick (and @tired ?) of worrying about online privacy, but 'surveillance apathy' is also a problem - Electronic Frontiers Australia
https://www.efa.org.au/2017/11/10/surveillance-apathy/

I do caution a phrase in the article though:

... DuckDuckGo or Tor Browser allow users to browse without being tracked.

At least these would seem to improve "security hygiene", but are not a panacea. Of course not news for regular visitors here.

The real downfall is that such articles really don't get mainstream airtime. People have to want to care first, so ironically this leaves many people apathetic about their apathy.

"We don't even care... whether or not we care." - Morla, The Neverending Story (1984)

JG4November 19, 2017 11:26 PM


Thanks for the excellent discussion. I've been meaning to upload some pictures of open-source experiments. Preferably scrubbed ones. Which leads to two good questions. What is the most convenient anonymous photo upload site? What will scrub not just the EXIF data, but the deep state watermarkings? There should be some very powerful approaches to truncating series, in much the same way that photo compression can be done by truncating Fourier series, but in other orthogonal basis sets. Some of those basis sets can be used to solve the Facebook revenge porn problem, without everyone being "dumb fucks."

Fixing the TOR and TAILS codebases and toolchains won't fix the system design flaws, but at least it is good practice in getting things more right. I'll be happy if TAILS defeats any of the commercial surveillance. The deep state probably have brought the five horsemen in as partners, including sharing of the TOR and TAILS flaws. TOR and TAILS still serve as symbolic removal of consent.

Have your cake and eat it, too!
https://tails.boum.org/news/index.en.html
Reproducible Tails builds
...
What's a reproducible build?
Reproducible builds are a set of software development practices that create a verifiable path from human readable source code to the binary code used by computers. (quoted from https://reproducible-builds.org/)
In other words, with reproducible builds, each cooking process of the same recipe is exactly repeatable.

someone brought up the Spanish Civil War. can't recall if this was posted here, but it is likely. or I may have posted it last year.

http://www.tomdispatch.com/blog/176117/tomgram%3A_adam_hochschild%2C_a_corporation_goes_to_war/
...
How to Sink a Republic
President Roosevelt continued to maintain a studied neutrality toward the Spanish Civil War that he would later regret. Texaco, on the other hand, went to war.
In recent years, in the archives of the Nationalist oil monopoly, a Spanish scholar, Guillem Martínez Molinos, made a discovery. Not only did Texaco ship its oil illegally to Franco, but that oil was priced as if the Nationalists had transported it, not the company’s fleet of tankers.
Nor was that the end of the gifts Rieber offered. Mussolini had put Italian submarines in the Mediterranean to work attacking ships carrying supplies to Republican Spain. Franco had his own vessels and planes doing this as well. Commanders directing these submarines, bombers, and surface ships were always remarkably well informed on the travels of tankers bound for the Spanish Republic. These were, of course, a prime target for the Nationalists and during the war at least 29 of them were either damaged, sunk, or captured. The risk became so great that, in the summer of 1937, insurance rates for tankers in the Mediterranean abruptly quadrupled. One reason those waters became so dangerous: the Nationalists had access to Texaco’s international maritime intelligence network.
...[it's a fascinating read]

can't recall if posted this before, but it's an interesting read

Why You’ve Never Heard of a Charter as Important as the Magna Carta
https://www.nakedcapitalism.com/2017/11/youve-never-heard-charter-important-magna-carta.html
Posted on November 6, 2017 by Yves Smith
By Dr Guy Standing, Fellow of the UK Academy of Social Sciences, and Professorial Research Associate, School of Oriental and African Studies, University of London. He was formerly Professor of Economic Security at the University of Bath. Originally published at openDemocracy
The Charter of the Forest was sealed 800 years ago today. Its defence of the property-less and of ‘the commons’, means the Right would prefer to ignore it – and progressives need to celebrate and renew it.
...

there was some good content at NakedCapitalism today

RachelNovember 20, 2017 12:58 AM

r Anders Tautata

a reminder about the ghacks about:config file started by Pants whom also reads here. It is an edit to the default settings allowing for greater security and privacy. Everything is listed so you can do it manually if you prefer. Regularly updated.

65535November 20, 2017 2:39 AM

@Clive R.

Good post.

"I'll be up front about it I don't like USB any of them... Simply because they are way way to difficult to instrument in their own right and system drivers are lets just say not unknown for vulnerabilities... But USB interfaces have one advantage --if you can mitigate the disadvantages-- in that you can hang within reason any number of serial ports off of a hub etc. So if you have a need of building a terminal concentrator you can do it at $20 a hub and $15 a serial port which is a lot cheaper than the ~$10,000 --inflation adjusted-- price I paid for an eight port serial card for an early 486 box running Xenix."-Cliver R.

Interesting point. I like the low cost part.

"...it boils down to is you are mitigating the USB disadvantages by stepping the communications rate down to a level where you can feasably instrument it using low cost Micro Controller Unit (MCU) System On a Chip (Soc) devices. You thus do the data diode in a way you can actually cross check with a simple low cost Oscilloscope and voltmeter."-Clive R.

I did at one time try to buy a used Oscilloscope i did not work because of age. Good ones now run from 150 USD upto 16,000 USD. I do guess there is software ones but I am not sure if you are talking about those. Hence, I'll have to wait for a cheap one to come along.

The rest of you post is intruding. I would not want to blow up yout data diodes rig by exposing the details unless you want to. I all say more in another post.

@ Ander and others

This Firefox quantum problem is causing my clients and I a great deal of problems. Anders is correct FF quantum hogs memory. The NoScript the legacy disabling thing is not good. I hope Noscript pushes a new version out soon.

Most of my clients auto-update FF quantum and find that NoSript is no longer working. A MS box without NoScript is rather dangerous. I have had some success when the customer made a restore point. I then just roll the box back to FF 56 but that appears to not be an option for all. I am going to head out early to try to fix the FF 57 problem. I'll come back to this thread later.

Clive RobinsonNovember 20, 2017 3:20 AM

@ Jasper,

The article you link to is either baddly written or has had one or two facts left out.

Firstly if you record every packet entering or leaving a network node, the only thing you realy know, is which is the node it's comming from or going to. That is the next node in line.

You have no idea what the next node in line did with the data only what it tells you.

As the NSA well know and have done, you can inject fake packets into a node and they carry on as though they are the real traffic. They have done and presumably still do this to get malware onto peoples computers. It works with ordinary computers because the TCP/IP stacks drop duplicate packets by design. There are some slides around that show the "Codeword" name etc.

The NSA can do this because either they have been given access to a node or have hacked into a node.

If you have hacked into a node not just injecting traffic becomes possible also pulling out / blocking it silently becomes possible as does modifying the packet headers etc.

This is just one reason why I say attribution is hard.

Even if you have access to both end points and see the traffic leave and see it arive you still do not know what has happened inbetween. Data can be copied invisably off to another network, which is what the NSA does with those boxes they have put into AT&T switch rooms or have spliced into the network. It is after all how the NSA got into Google, via their unencrypted links between their data centers...

Thus if I was a country A and I wanted it to look like country B I would hack a node in some convenient point. I would then hack some computer in country B and run the attack/exfiltration from there and make a copy of the data at the hacked node. You would see the data leave the target of the attack arive at the computer running the attack, and assume it must be country B. But what you have not seen is the data get copied at the hacked node and get sent on to country A.

These are all tricks we know work and we also know that the NSA and other FiveEyes countries straddle the main Internet inter conection nodes so it is easiest for them to do as far as node placment is concerned.

But there is another issue to think about "Who makes the boxes the NSA et al use in the Internet nodes?" it could equally well be the company. After all their box gets to decide what packets it records / copies and which it does not. Thus that puts the company in the same positon as the NSA etc who use their boxes... Likewise if you know how to hack the box it puts you in the same position... But it also gives you the ability to send false data back to the NSA etc.

The real problem is the technical people know this and treat it as a given. However the people further up the tree don't want such skepticism to "Kill the Golden Goose" that lays their big fat pay checks every month. So the knowledge does not get passed up the tree... So when someone further up gets a piece of intel from this method they think it's a golden source. The reason red/false flag opetations work is the person running them takes care to establish the source but also control the opponents ability to check the source in other ways. Thus the opponent is luled into beliving the source is golden. It's then that the person running the operation starts to inject small pieces of false information in with the good with the aim of shifting the opponents view point.

The Russians did this to both the UK and USA when they learned --through a mole-- that the UKUSA combind team were going to tunnel out from Berlin to get at a telephone cable close to the wall in East Germany that carried a lot of low and medium grade traffic for the Russian block western forces. The Russians decided to let the low and medium traffic continue, which the UKUSA could verify, but also inject some fake high level traffic that the knew the UKUSA could not verify unless they to had moles in high places on the Russian side. The Russians kept this going for some time untill they quite deliberatly staged the finding of the tunnels to get significant political capital. It had also by this time caused the UKUSA intel viewpoint to not just be tainted but also it had stopped them opening other sources due to the golden assumption... This happened during the cold war and you can look it up on the web if you are skeptical, it's reasonably well documented historicaly.

The moral is you realy never know what a source is telling you and if that comes from a technical method rather than a human source you should not fall into the trap of believing what you get.

Oh one other thing a lot of atribution is verified by the methods the attackers use, that is their attack tools. We know that the CIA are alleged to have a toolkit that uses these attack tools as part of a false flag opetational policy. It would be a little daft not to think that other IC / SigInt entities around the world could not do the same thing.

Thus whilst the NSA may well have something, the confidence in it if it is purely from a technical source could well be low.

I'm not saying that the "Military Industrial Intelligence Cartel are not on the make, but it could just be opportunistic rather than "Having a Fund Raiser" via deception etc.

gruNovember 20, 2017 6:55 AM

Warning: OT (and a long rant!)

>Spain's problems have got a whole lot worse with the lead on prosecuting the Catalonia politicians galavanting of abroad to South America and suddenly dying

Gallivanting? He was attending an international law conference (that must have been quite a wine reception before the talks if you consider that gallivanting!). In addition, to my knowledge, no political party in Spain (from extreme left wing to the most conservative) has suggested that there has been any foul play. The man had poor health before he traveled and his death is no great surprise. As for the judiciary process, a new attorney general will be put in place, so no big deal.

>Spain has brought the European Arrest Warrant system into disrepute by issuing a warrant for the politicians for what are clearly "politicaly inspired" reasons

I disagree. A closer look at the problem makes it clear that the arrest warrant (ordered by a judge called Lamela, not by the Spanish government) is against the the government's interests. The brouhaha is dying down in Catalonia (demonstrations are becoming less well attended, key Catalan separatist politicians have publicly accepted article 155, and there is some resentment among pro-independence groups about their politicians flying to Brussels after asking citizens to face the police at home), so the arrest warrants come at a very bad time for Madrid, giving the pro-independence movement a breath of fresh air (reviving the "oppression and Francoist tactics" rhetoric) in the run-up to December's elections. Polls predict poor results for the pro-independence groups, who can't agree on a new coalition (thus reducing their expected influence on the Catalan parliament), so the best strategy for Madrid at this stage would have been to sit it out. Alas, they have no choice, because the arrest warrants come from judge Lamela, who, as a result of division of powers, makes her own decisions.

With regard to the "politically inspired" persecution, that is twaddle. There have been pro-independence political parties in Catalonia since the early 1980s. They are, of course, legal, open and free to voice their political views. Catalonia has been governed by pro-independence political parties for decades. In fact, some of these parties (like Convergencia i Unio) have even formed coalitions with Spain's Popular Party in the past (helping them get a majority in Madrid's parliament), and, thanks to the Spanish constitution (which these pro-independence parties publicly reject in their agendas) they are funded by tax money from the whole of Spain, which is not without its irony. The idea that people are being persecuted for their views in Catalonia is a very convenient misrepresentation. A more accurate picture is that some politicians are being arrested for misuse of public funds and consciously acting against the precepts established in the constitution. This is not something the Spanish government has decided. This has been decreed by the Catalan courts (yup, the judiciary system of Catalonia itself) in the first instance, and corroborated by Spain's supreme court. By the way, it is important to distinguish between Catalonia and Catalan pro-independence parties. Although pro-independence groups like to refer to themselves as "the people" and "true Catalans", there are plenty of political parties and social movements that are against independence in Catalonia (e.g. the Catalan party "Ciudadanos", who is actually expected to get a significant increase in votes in the coming elections, according to polls). So these court proceedings are not just "attacking" part of the Catalan population, they are also defending the rights and interests of the other half.

>But to make it worse Belgium is a country with it's own seperatist issues that have been rumbling on for years with the "lid of the pot just keeping it from boiling over".

Yup, a big miscalculation on the part of Puigdemont. Their best bet was to gather support in Europe by presenting themselves as the underdogs, fleeing from an oppressive, Francoist regime. But despite some support from a few politicians in the pro-independence groups, Belgium isn't happy with the way Puigdemont has made the shit hit the fan. Junker and Merkel aren't mincing their words either about separatism in Europe.

>The call for a snap ellection on the Winter Equinox by the Spanish Prime Minister is probably not going to be accepted which ever way it goes

I don't see that at all. All political parties in Catalonia, including the most radical groups, e.g. CUP (anti-system) and Junts pel Si (hardcore separatists) have already confirmed that they will run.

>After all it's hard to claim you are democratic when you send in shiploads of armed police officers to excert your will over those of the democraticaly elected and autonomous local government

Yup, a big miscalculation on the part of Spain's Home office. A better strategy, in hindsight, would have been to allow them to discredit themselves by exposing the charade that was the botched referendum, which was boycotted by 60% of Catalans and failed to meet the minimum standards of the international observers that had been employed by the very organizers.

Bob PaddockNovember 20, 2017 6:57 AM

FDA approves first 'Digital Pill' to track compliance

First steps to forced compliance?

On the other side are those with mental issues where they don't remember if they took their medication or stop because "I feel good". Helpful to a care giver.

What could possibly go wrong here?

FDA News Release:

FDA approves pill with sensor that digitally tracks if patients have
ingested their medication

New tool for patients taking Abilify

FDA approves Abilify MyCite, a pill with a sensor that digitally
tracks if patients have ingested their medication

Release

The U.S. Food and Drug Administration today approved the first drug in
the U.S. with a digital ingestion tracking system. Abilify MyCite
(aripiprazole tablets with sensor) has an ingestible sensor embedded
in the pill that records that the medication was taken. The product is
approved for the treatment of schizophrenia, acute treatment of manic
and mixed episodes associated with bipolar I disorder and for use as
an add-on treatment for depression in adults.

The system works by sending a message from the pill’s sensor to a
wearable patch. The patch transmits the information to a mobile
application so that patients can track the ingestion of the medication
on their smart phone. Patients can also permit their caregivers and
physician to access the information through a web-based portal.

“Being able to track ingestion of medications prescribed for mental
illness may be useful for some patients,” said Mitchell Mathis, M.D.,
director of the Division of Psychiatry Products in the FDA’s Center
for Drug Evaluation and Research. “The FDA supports the development
and use of new technology in prescription drugs and is committed to
working with companies to understand how technology might benefit
patients and prescribers.”

It is important to note that Abilify MyCite’s prescribing information
(labeling) notes that the ability of the product to improve patient
compliance with their treatment regimen has not been shown. Abilify
MyCite should not be used to track drug ingestion in “real-time” or
during an emergency because detection may be delayed or may not occur.

Schizophrenia is a chronic, severe and disabling brain disorder. About
1 percent of Americans have this illness. Typically, symptoms are
first seen in adults younger than 30 years of age. Symptoms of those
with schizophrenia include hearing voices, believing other people are
reading their minds or controlling their thoughts, and being
suspicious or withdrawn. Bipolar disorder, also known as
manic-depressive illness, is another brain disorder that causes
unusual shifts in mood, energy, activity levels and the ability to
carry out day-to-day tasks. The symptoms of bipolar disorder include
alternating periods of depression and high or irritable mood,
increased activity and restlessness, racing thoughts, talking fast,
impulsive behavior and a decreased need for sleep.

Abilify MyCite contains a Boxed Warning alerting health care
professionals that elderly patients with dementia-related psychosis
treated with antipsychotic drugs are at an increased risk of death.
Abilify MyCite is not approved to treat patients with dementia-related
psychosis. The Boxed Warning also warns about an increased risk of
suicidal thinking and behavior in children, adolescents and young
adults taking antidepressants. The safety and effectiveness of Abilify
MyCite have not been established in pediatric patients. Patients
should be monitored for worsening and emergence of suicidal thoughts
and behaviors. Abilify MyCite must be dispensed with a patient
Medication Guide that describes important information about the drug’s
uses and risks.

In the clinical trials for Abilify, the most common side effects
reported by adults taking Abilify were nausea, vomiting, constipation,
headache, dizziness, uncontrollable limb and body movements
(akathisia), anxiety, insomnia, and restlessness. Skin irritation at
the site of the MyCite patch placement may occur in some patients.

Prior to initial patient use of the product, the patient’s health care
professional should facilitate use of the drug, patch and app to
ensure the patient is capable and willing to use the system.

Abilify was first approved by the FDA in 2002 to treat schizophrenia.
The ingestible sensor used in Abilify MyCite was first permitted for
marketing by the FDA in 2012.

The FDA granted the approval of Abilify MyCite to Otsuka
Pharmaceutical Co., Ltd. The sensor technology and patch are made by
Proteus Digital Health.

The FDA, an agency within the U.S. Department of Health and Human
Services, protects the public health by assuring the safety,
effectiveness, and security of human and veterinary drugs, vaccines
and other biological products for human use, and medical devices. The
agency also is responsible for the safety and security of our nation’s
food supply, cosmetics, dietary supplements, products that give off
electronic radiation, and for regulating tobacco products.

###

Page Last Updated: 11/14/2017

Copa CabanaNovember 20, 2017 7:18 AM

@Bob Paddock

Can the sensor also detect whether the pill has been ingested by my room mate or pet Chihuahua? ;-)

Bob PaddockNovember 20, 2017 7:39 AM

Clive wrote:

I guess you are probably not old enough to remember the Capt Chrunch "Bosun's whistle" that just happened to produce a tone of 2600Hz that was also used for "in band" signalling on the US telephones. These were likewise treasured by boys who used them to "freek phone" long distance for free. This was in the 60s/70s and gave rise to the later MIT Railway Club "hacking ethos".

Blue Boxes are also how Apple got its start. The Large Scale Integration Museum (LSIM), on the second floor of the Large Scale System Museum (LSSM) documents that history, along with some Apple-I replicas they built.

Dave McGuire President/Curator of the LSSM and Cory for the LSIM. It is located in New Kensington Pennsylvania, which is about thirty minutes North of Pittsburgh PA.

First floor is Big Iron from the 50's to the late 90's, most all of which run. Mostly DECs, some IBMs and some that you have never heard of. Dave loves to fire them up and show them off.

The second floor has the mini/micros from Apple-I replicas, complete with the Blue Box history of how Apple got its start by hacking Ma'Bell, to the ones we all know and love(ed). Ever see a working LISA-I? Most all of the machines in Museum are fully functional. It has even become an international repair shop, for mostly DEC, for Big Iron.

There are probably a few machines here that not even Clive has used.

There are three quick walk-through videos of the place on my YouTube channel.

Contact Dave and Cory they love to show off the place.

Lots of discussions here about using old machines for Security, few get older than these...


JG4November 20, 2017 7:39 AM


https://www.nakedcapitalism.com/2017/11/links-112017-2.html

...

Facebook is a bigger threat to privacy than is Aadhaar, says tech entrepreneur Vivek Wadhwa The Economic Times. Includes this splendid — but double-edged — rant from Wadhwa:
Forget about disclosures, there are no rules or regulations in the tech industry. They want to get away with whatever they can get away with. This is the group think in Silicon Valley: they think they are gods over there, and everything they do is perfect. They don’t even understand the damage they are causing. Zuckerberg is genuinely deluded about what he is doing: he did not believe that he is impacting the elections. These are a bunch of kids who don’t have the experience and are building these nuclear weapons-like technologies without understanding their implications. This is why India needs to do it on its own and not depend on Silicon Valley.
Or just maybe Zuckerberg knows what the valuation of his company should really be?

...

Hackers could take control of cars and kill millions, ministers warned The Times. “A spokeswoman for the Society of Motor Manufacturers and Traders said: ‘Billions are invested to stay ahead of criminals and new cars have never been more secure. They are already being equipped with the means to prevent remote hacking through regular software upgrades as well as encryption, layering, and alarms and immobilisers.'” So that’s alright, then. Especially the “regular software upgrades” part.

...

RachelNovember 20, 2017 9:23 AM

Clive

I hung out with Captain Crunch for an evening about 20 years ago by accident - he whom discovered the 2600hz tone in the free whistle in the breakfast cereal. I can't remember his real name but others still deferred to him as The Captain. ( as they do yourself, I believe)
sweet guy, ageing peacenik. gave me a kinesiological 'tune up' which made me visibly stronger by over two times ( i couldnt resist his weight before, then after I could) he was regularly beaten up in jail for refusing to violate the phreaker code and teach inmates how to get free calls from the payphone.

JohnnySNovember 20, 2017 9:54 AM

@r

The "new" Firefox does not run Noscript, but the "Firefox ESR" release does. That's the FF version that is supposed to be for organizations who want to centrally control and manage multiple systems running FF.

The "noscript.net" site states that they will have a version of NS for the "new" FF soon, but for now it might be best to go to FF ESR until that new NS version is out and well tested.

Apparently Debian has a package for FF ESR but Ubuntu does not: There's a discussion here:

https://askubuntu.com/questions/894871/how-do-i-install-firefox-52-esr-on-16-04/928289#928289

Bob PaddockNovember 20, 2017 10:15 AM

@Rachel

His name is John Draper.

I had a friend that was also named John Draper that worked for MCI.
He was always amused with the strange looks he'd get at conferences from people old enough to remember the Phone Freaking days when the read his name tag.

RachelNovember 20, 2017 10:23 AM

Bob

thanks, yes I just read his wikipedia. very interesting indeed. No doubt well known personally and professionally to many here

JG4November 20, 2017 10:57 AM


@the usual suspects

I thought that I had posted a couple of links about Wozniak being influenced by Captain Crunch and that the rise of Apple could be traced at least partly to that interaction. You can see some of it by searching Wozniak and JG4. I may have remarked before that some search tools have proximity flags that you can search for occurrences within the same sentence, or even within n words, or within the same paragraph. That would be handy with squid posts, because it would allow finer discrimination. I'm too lazy to see if duckduck can do that. Overnight, I thought of some other software tool that I need, but I've forgotten what it is.


RachelNovember 20, 2017 11:19 AM

JG4

hello, friend. you did post a link like that about Woz. but it went nowhere, or, at least not to what you said. I recall because your description was enthralling. it was a couple months back.

Clive RobinsonNovember 20, 2017 5:00 PM

@ gru,

Gallivanting? He was attending an international law conference (that must have been quite a wine reception before the talks if you consider that gallivanting!)

As I understand it he was attending the 25th General Assembly of the Ibero-American Association of Public Prosecutors held this year in sunny Argentina.

The association is a bit of an oddity, in that originally it was not "Ibero-American" but just American and included just about every country south of the Texas Boarder. Quite some time after it got going Spain and Portugal joined. Depending on your view point the "Ibero" linkage is a case of the old deposed empire being invited back to join the club, or it's a commonality of language and heritage thus vested interests.

Officially it's purpose is aimed at establishing closer ties of cooperation, solidarity and professional enrichment between the ibero-American prosecutors.

However as with many "General Assemblies" the "Professional Enrichment" is the key, or as others would put it "Networking time" and "Time to asses your political rivals within the association over a glass of veno"...

As for "Galivanting" it's a word that gets used when people are in effect seen as "slacking off during a crisis". Having just looked at various English language news outlets the most restrained is "Sputnik News" which if the "Russian Accusations" of state level interferance had solid foundation you would expect something entirely different (note the accusation comes from an underfunded oddity in the EU and consists of only 14 people, and has many of the administrative signs of "not being wanted" by the parent organisation).

The reason I say "crisis" though it is not my choice of word, but in effect what MSM has called Spain's Constitutional Crisis, based on the words of not just of Spain's leaders but some of those in the EU Council of Ministers.

As for the Attorney General himself you will find many of the English language news outlets saying of him a variation of,

    Maza was one of the leading figures in the Spanish state’s attempts to thwart Catalonia’s push for independence. On October 30, following a declaration of independence, Maza filled rebellion charges against the Catalan government and those Parliament bureau members who allowed the vote on the declaration of independence to take place. In total, 20 were accused, including deposed president Carles Puigdemont, his ministers and the president of the chamber Carme Forcadell. Maza also filed charges of sedition and misuse of public funds, amongst others.

Thus he was apparently a leading figure in Spain's response and effectively named as the driving force against what are "Politicaly inspired" charges. But importantly for his detractors he was away from the crisis. If you think bsck to Deep Water Horizon the UK exec took a few days off and was pilloried in the US and other Western MSM. It's easy to spin out as being "not at the helm" or equivalent, by detractors.

Whilst I do not think there is any foul play, there will be those that will talk about it to fill column inches. My point about "Spain's problems have got a whole lot worse" is that the many detractors will jump on it in various ways as I've just described. It's kind of "Pokitics 101" about "not letting a crisis real or otherwise go to waste".

What it does alow is for the Spanish PM to "pull back the horns" on those prosecutions. Irrespective of the supposed and debatable waste of resources the other charges are going to be seen (and are) as Politicaly Inspired. The best thing the PM can do is stop them or kick them in the long grass as they realy are very unproductive at the least and the world press does see them as Politically inspired which is going to cause Spain pain. There is enough comments about two and a half thousand companies moving dur to the Catalan call for independence, it does not take much imagination to realise that the Spanish Government response is as much to blaim. Spain is not in a fiscally robust enough state to have an economic down turn due to businesses sailing for safe harbour else where.

By the way, it is important to distinguish between Catalonia and Catalan pro-independence parties. Although pro-independence groups like to refer to themselves as "the people" and "true Catalans", there are plenty of political parties and social movements that are against independence in Catalonia

It goes without saying that for the average person in Catalonia the real question is "What's in it for me" and at other times they would not even have thought of that. In the UK Brexit was assumed by many to be an irelivance and that the majority would be pro-Europe not exit. But that's not how it turned out. On the day many voted for what are almost trivial reasons and it surfaced as a mixture of grumbles and "sending a message". For instance "immigrants / refugees" the areas where that was given as the reason for the exit vote have the least amount of immigrants and refugees, those with the most were very strongly remain in Europe. Again the areas that gain most from EU subsidies were those who had the highest leave votes, surely they don't expect the UK Gov to keep giving them subsides...

Humans are humans and do contrary way more often than you would think possible let alone sensible. In essence they vote with emotion not common sense, even though they wouldn't see it that way. We saw it in the US Election and Brexit. People in the US have taken the Orwelian out of making and blaiming a faux existential threat of the old "Reds Under the Beds" or "Unamerican activities" variety. Brexit was a whole different kettle of fish, you actually had US companies that are associated with PayPal's Peter Theil such as Plantair and Cambridge Analytica actually claiming they swung Brexit, by almost exactly the same tactics the US existential threat of Russia are claimed to be doing...

One thing you can say about Catalonia is it's thought to be the city folks that are anti seperation whilst the urban and country dwellers are pro seperation. However it might well turn out that like Brexit the polsters are reading it wrong. But it's certainly trie that the Proportional Representation system the use there has something wrong with it. Because it appears to take nearly 45,000 votes to get a city representing politician in whilst 20,000 or less to get a country/urban representing politician. Which means that the representation is badly skewede... Which means it's unsuprising to find so many seperatist ministers in Catalan.

With regards,

I don't see that at all. All political parties in Catalonia, including the most radical groups, e.g. CUP (anti-system) and Junts pel Si (hardcore separatists) have already confirmed that they will run.

I think you are not getting what I'm pointing out. By not accepting I mean you will get the same sort of response as was seen after the Presidential elections in the US and similar in Britain over Brexit.

To see why think back to recent European elections, a far right party nearly won but due to non political reasons the election had to be re-held. During that time people woke up and realised that trying to send a message by tactical voting had nearly brought ruin on them all. This the second election produced very markedly different results.

Which is pretty much what I'm expecting to see in a months time. In the UK we call this political change of heart "Buyers Remorse" and I suspect if we were to hold a new referendum on EU membership to day the vote would be fairly solidly remain, because people have had the oportunity to see not just the SNAFU behaviour of the encumbrant politicos but also get to see not just "Market revenge" but also "EU Council of Ministers revenge" as well. Their view as seen through their actions is that Britain should be not just horrendously punnished for it's temerity to in effect call the ministers out, but also to be broken and "rent assunder" then where possible asset stripped for the benifit of a few on Germany and Northern France.

Worse the EU ministers are quite deliberately making it public so people can see not just any pretence at "justice being done" being a nonsense. But to actively disincentivise any other Nation trying to pull the rip-cord out of the EU from under the Council of Ministers authoraterian economic and social model which is little different to that thought up in Germany in the late 1930's

Clive RobinsonNovember 20, 2017 5:16 PM

@ Anders,

Q: Why Munich Linux project died?

That shield is just horrendous. What could be worse for "Modern leading edge technology" than to be contrasted with the symbol of a Medieval Burger Master holding out his hands for gratuities etc.

Free Banana InternationalNovember 20, 2017 7:10 PM

Some hacker group once said they had collected every known database on the net. You may have asked why would anyone do that?

Everyone has done something at some point in their life.

If they haven't got to you yet, don't worry, they will.

tyrNovember 20, 2017 8:06 PM


@Clive. Wael

My favourite Model T stories are that
when Henry proposed selling everyone a
car someone noted that there weren't
any roads in a lot of the country. He
replied that it might be a problem.

The second is that my dad drove one on
the dry lakes at 119 MPH through the
mile both ways. I heard the story before
I had seen one up close. Insanity may
be hereditary after all.

He was saved from racing car death by
getting into aviation in 1923. : ^ )

WaelNovember 20, 2017 9:02 PM

@tyr, @Clive Robinson,

He replied that it might be a problem.

Unlike someone who thought 64MB is plenty!

Didn't know Model T could do 119! Was it skidding ? ;)

He was saved from racing car death by getting into aviation in 1923. : ^ )

X-14?

Nick PNovember 20, 2017 10:04 PM

GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies

Finally comes full circle. In the past, there were rules saying you couldn’t bring certain cell phones within close distance of a STU-III secure telephone because the signals from cellphone would bounce the secrets out of STU-III’s memory. Anyone just walking close to one with a cell on compromised that phone. Now, they’re using an emanation attack to leak secrets directly to a nearby cell phone.

Also, it’s Elovici’s people again. Anyone that likes this stuff should look at basically anything they do. They’re the reigning champs of the public sphere. Hard to say how far behind or ahead since most attacks like this are classified in U.S., U.K., and Russia.

WaelNovember 20, 2017 11:03 PM

@Ratio,

On the other hand, the words إله and إلاهة are masculine and feminine, and can be pluralized.

Correct.

Can you say “the god” (male) without saying exactly “God”?

Of course! الإلَهُ: The god. It's written differently and pronounced differently. This one is pronounced: Al Illah. Check an online Arabic dictionary. Here is one: https://www.almaany.com/ar/dict/ar-ar/
And if you understand spoken Arabic, then listen to Dr. Fadel Al Samaraii, arguably the top living Arabic grammarian.

It gets kinda fuzzy, if you see what I'm saying.

I know what you're saying. Fuzzy only in the eyes of those who aren't aware of language roots and rules of word derivations.

WaelNovember 20, 2017 11:47 PM

@Nick P,

Oceans razor
https://youtu.be/O2jkV4BsN6U

@Nick P,

Too many problems with their method: I don't have the time to write in detail now, but we can start with the meaning of air-gapped, the shielding a computer has (given it must meet FCC regulations,) the fact that they're using a cell phone as a receiver (with a root kit!) their incorrect description or lack of description of the RIL (Radio Interface Layer,)... And the "undetectable" transmitter!!! Now where did I put my BS meter!

If they skipped the LTE / GSM part, I'd be more likely to believe the story.

WaelNovember 20, 2017 11:52 PM

@Nick P,

Ignore the first two lines, they were left over in my editor (a book mark that I hadn't finished watching) mis-spelled Occam's razor, too! I think it's somewhere in the video link...

Was just wondering if life is real ;)

Clive RobinsonNovember 21, 2017 3:45 AM

@ Nick P,

Also, it’s Elovici’s people again

Err have you missed out a link to another paper?

It's just that the paper you give a link to goes back to work that was done around three years ago, and is kind of a repeate of stuff done at the UK's Cambridge Labs several years prior to that.

Also I did work that I've mentioned before back in the 1980s/1990s that demonstrates the same basic principles. Further it appears, having chatted with other curious engineers, I was not the only one. In atleast one case one engineer had written a paper on it back in the Thatcher-Reagun years but could not get it published...

I know from later events that certainly the UK Gov all the way up to Thatcher knew about the implication of RF Cross modulation effects because she inked a ban on the use of early cell phones in secure areas in the mid to late 1980's.

It realy looks like we've had to wait a third of a century for the academic community to get papers published. Which begs the question Why?

Clive RobinsonNovember 21, 2017 6:18 AM

@ z80,

Intel security advisory regarding the Intel ME/PSP/TXE bugs.

As it appears to cover processors that are used in some Android tablets/pads, the though occurrs to me "How long before it's used to root these Android devices?"...

Oh and when do we start the count down clock now I've said it ;-)

And do we stop it on a proof of concept paper or rooting instructions / exploit it the wild...

WaelNovember 21, 2017 7:19 AM

@Clive Robinson,

Err have you missed out a link to another paper?

@Nick P has been pulling a bunch of hit-n-runs lately. I think we annoyed him. How should I put it? He thinks we are irksome crowd! ;) I want to see that link. And I am more than familiar with cross-modulation before I read any of these papers, btw.

Clive RobinsonNovember 21, 2017 7:53 AM

@ Wael,

And I am more than familiar with cross-modulation before I read any of these papers, btw.

Yes I'm aware that you know it's one of "The Roots of All Evil Side Channels", of which there are rather more than the horsemen of the Apocalypse...

Speaking of knowledge, I note 255 has not yet replied to your OTP challenge ;-)

WaelNovember 21, 2017 8:04 AM

@Clive Robinson, CC: @ 225,

Speaking of knowledge, I note 255 has not yet replied to your OTP challenge ;-)

He replied with a 'W'. I guess his cipher of choice produced non printable characters ;)

Give it up @225. You're fighting a lost cause. You'll have other opportunities in the future.

Clive RobinsonNovember 21, 2017 8:11 AM

@ Wael,

I've just noticed the time are you "away from base" or is the usual mistress being harsh again?

If the latter she's been getting at me again since I got "bluetooth" enabled :-(

I'm currently on two trips a day to the land of nod because of her and it's not just anoying it's stopping me getting a full day in with the old nose to the grind stone...

Clive RobinsonNovember 21, 2017 8:43 AM

@ Bruce,

This data security story has been bubbling up from earlier this year but it's got to the point where it is worth looking into an example of why proper oversight is a must,

http://www.telegraph.co.uk/news/2017/11/21/forensics-lab-test-tampering-probe-identifies-10000-criminal/

    An investigation into alleged data manipulation at a forensics laboratory has identified more than 10,000 cases which "may have been affected", the National Police Chiefs' Council has said.

    The NPCC said three-quarters of the cases, across 42 police forces, were traffic offences such as drug driving, with the rest including violent crime, sexual offences and unexplained deaths.

If you read the artical it's lite on details, but does say the two alleged manipulators of the data also worked at a second lab, bring that lab under suspicion as well.

Importantly it shows just how difficult it is to control "data" thus how easy it is to manipulate.

From other stories and piecing bits together it appears it is not the samples that have been tampered with nor the test result outputs. Which suggests they tampered with either the data entry or the testing process it's self somehow (to little info to tell). Giving the typical "Garbage in Gatbage out" programmers and engineers are supposed to be implicitly aware of, which would suggest auditors should be as well.

But it has real implications not just for defendants but others involved.

Whilst the UK does not have plee barganing as such it does have a tarrif reduction system that gives less jail time if someone "admits" to a crime, ostensibly to save court time and costs.

Thus somebody told there is evidence against them --even though it is false-- can be pushed into admiting a crime they did not actually commit.

Unfortunatly if they have "admited" they can not go back and claim innocence because that would then make them guilty of purjury... Which could give them a further six years of imprisonment time, but also ruin most of their future life prospects...

WaelNovember 21, 2017 8:45 AM

@Clive Robinson,

Not away from base. The mistress is visiting, and she's coming with a vengeance. 2 - 3 hours a day is all I get now. Could be the bluish screen color temperature, I'll try to work with the color temperature to see the effect. I also have a backlog of work things that have to be finished, and it's a huge list. Need to get it off my back so I start the year with a smaller task list.

I'm currently on two trips a day to the land of nod...

I can tell from the way you write that you're not getting enough sleep, or rather enough REM sleep.

vas pupNovember 21, 2017 12:29 PM

@all on electronic pill.
Any technology and this one in particular could be used for good and for evil. Old folks with dementia (light) could benefit for such pills for other pill-type medications they are taking. Actual recording of time stamp when pill was dissolved in the stomach could confirm they actually take pill - for them, their medical assistants, etc.
Same for taking birth control pill - signal sent to female and her partner. The key is cost. Big Pharma will utilize prospective super profit. No doubt.

@all on neural networks:
New way to write magnetic info could pave the way for hardware neural networks
https://www.sciencedaily.com/releases/2017/11/171120141501.htm


Clive RobinsonNovember 21, 2017 2:48 PM

Play it again Linus

As some of you are aware Linus Torvalds has his "Casablanca Moments" when he turns around and rants in language most intemperate... And he's fired of one or two salvos at Security People... Well he's done it again

https://www.theregister.co.uk/2017/11/20/security_people_are_morons_says_linus_torvalds/

I will let others judge the merits of his latest missives and the language used...

Oh I guess I should say might be risky for the workplace if you have "sensitive types" around. As some of the expleatives have only been partialy bleeped with asterisks.

WaelNovember 21, 2017 3:03 PM

@Clive Robinson,

I will let others judge the merits of his latest missives and the language used...

Classy Google team vs. ****** ***** ***. My response: FreeBSD rocks.

since I got "bluetooth" enabled :-(

I don't mean to be rude. But... ummmmm... send me your MAC address, and I'll send you a Christmas gift :) That way you can protect your device from you by following proper EG best practices! @Rachel is collecting the money.

full day in with the old nose to the grind stone...

Same posture as in Full Metal Jacket. Not good. Get well soon and dump the mistress!

Clive RobinsonNovember 21, 2017 3:15 PM

MS have bust ASLR in Win 8/10

Microsoft has broken the way the Address Stack Layout Randomization works in Windows 8 and 10.

https://www.theregister.co.uk/2017/11/21/microsoft_windows_8_address_space_layout_randomisation_weakness/

ASLR is recognised as a desirable security feature that can as a consequence can make debugging difficult during development and maintenance, hence there are registry settings to turn it on and off.

For some reason Microsoft has two settings in the registry. From the behaviour described it appears one turns the ASLR function on, and the second turns on and off the entropy used for the randomization. And it is this second bit that has become effectively set to inactive, as well as being difficult to turn on from the standard interfaces...

So registry hacks all round then...

I wonder if the "Win 9" team in downtown Redmond caught the problem ;-)

http://newsthump.com/2015/01/21/microsofts-windows-9-development-team-pretty-sure-theres-been-a-mistake/


WaelNovember 21, 2017 3:28 PM

@Clive Robinson,

Lead Windows 9 developer Simon Williams told us, “I’m sure all this stuff about Windows 10 is just a smokescreen – I mean, who goes from 8 to 10? No-one sensible, that’s who.”

A prophetic article from 2015! Seriously? Didn't someone just do that recently?

Hint:

“You’re going to love what we’ve done. Especially the facelift for our friend ‘clippy’.”

Strange world.

Clive RobinsonNovember 21, 2017 4:01 PM

@ Wael,

send me your MAC address, and I'll send you a Christmas gift :)

That image should have a caption of,

    Oh look Ma, work just gave me a wonderful stool to get to work on, so I thought I'd put my feet up.

Clive RobinsonNovember 21, 2017 4:41 PM

And for those in need of a laugh at the Brits...

https://rochdaleherald.co.uk/2017/11/19/british-man-can-speak-french-burned-witch/

Rochdale is a real town "tup in grim naugh' England, and that area apparently had the highest percentage voting "leave" in the Brexit referendum... So to give it the best try reading if with a faux Yorkshire accent, and if you don't know what that sounds like look up "Compo and Clegg" with "last of the sumner wine" on Utube...

Which FirefoxNovember 21, 2017 4:52 PM

"BTW, NoScript for FF 57 is out."

For security, and in general, is Firefox (FF) esr 52.5.0 preferable to FF 57?

Clive RobinsonNovember 21, 2017 6:33 PM

Apple get another phone Warrant

Another shooting spree another dead shooter with a locked iPhone and Apple get hit with a warrant again, this time from the Texas Rangers, long after the event[2].

https://www.theregister.co.uk/2017/11/20/warrant_texas_shooter_iphone/

Again this is almost certainly political grandstanding by authorities cynically using the grief of those who have suffered as blackmail to force an issue.

Apple will be put in the position of bad guy yet again. And no doubt yet again the authorities will throw millions of tax payer dollars at any opposition by Apple.

Likewise the FBI, DoJ etc will start not just their rhetoric but also leaning on politicals for legislation again using the usuall grieving relatives blackmail tactics.

The real question that people should be asking is what are the Silicon Valley Companies and other high tech firms going to do?

Well there are various things to stop these warrants being effective, primarily by moving chunks of the design process "off shore" as a form of "out sourcing"

This will have negative effects on the US economy way worse than most people will be able to see.

Thus the secondary question of "Is the cost worth it?" and the actual answer is almost certainly no in this case. Because the likelyhood of their being anything on the phone that will make a difference is minimal at best, because the shooter appears to have been a loner with longterm issues including a history of violence[1]. He killed himself and thus can not be brought into court etc, thus the evidence of his actions already gathered is more than sufficient for any further legal requirments.

The issue of how he obtained the weapons he used is probably not difficult to solve. Because there are well known methods of purchasing legal weapons from legal sellers that in effect legaly negate the background checks that might just prohibit sales to those who are not legaly alowed to own guns.

Importantly though it was known by authorities long before hand that he had weapons even though he should not have. Because reports from his neighbours about his firing of guns where he lived were made to the authorities and should have been easily cross checked against the appropriate records. So as is probably going to be said but not actioned in future is "it was a lost opportunity"...

[1]http://www.bbc.co.uk/news/world-us-canada-41884342

[2] Various news sources have made comment that the authorities had both the phone and the owners finger and imply that the authorities should have unlocked the phone then and there before the timed lockout occured.

TatütataNovember 21, 2017 9:24 PM

Clive,

Read the story, then see the sponsored link title at the bottom

The links offered depend on your browsing history and/or where you're browsing from. I'm quite sure that what I'm seeing is not what you're seeing.

I'm curious of how the pilot defined the contours of his stunt. Was a flight plan programmed using a GPS? Or was accomplice on the ground guiding him by radio?

The US of yesteryear I remember bore on her government envelopes and official vehicles a warning stating "penalty for private use $300". I suppose the amount went up since...

I don't think doodling in the sky counts as a legit mission or training, so that fellow might have to reimburse the cost of fueling and operating that mother of all phallic extensions. (That is, if members of the executive branch of gubmint set the right example).

Clive RobinsonNovember 21, 2017 10:31 PM

@ Tatütata,

I'm quite sure that what I'm seeing is not what you're seeing.

Yes it's changed for me as well now and is nolonger funny. Originally it was something like "Thrust successfully into end to end cloud telephony" only funnier

RachelNovember 22, 2017 1:45 AM

Guardian just reported Uber covered up a breach of 57m drivers and users data Oct 2016. The hackers were paid off and Uber kept it a secret. Oops

RatioNovember 22, 2017 5:39 AM

@Wael,

Can you say “the god” (male) without saying exactly “God”?

Of course! الإلَهُ: The god. It's written differently and pronounced differently.

I should have written “effectively” instead of “exactly”. Sorry.

It is my understanding that etymologically the word الله (“God”) is a contraction of الإله (“the [male] god”). I know there's no universal agreement on this point —and I can see why people might prefer other explanations for reasons that don't have much to do with linguistics— but AFAICT this is the prevailing view among scholars. I'm assuming you disagree (and that's fine, of course).

I'll raise my eyebrow ever so slightly and ignore the rest. Guess I should instead have mentioned a curious little story about Obama (in response to a related point you made). Maybe next time. :-)

Google Always Tracking Android LocationNovember 22, 2017 7:11 AM

Many people realize that smartphones track their locations. But what if you actively turn off location services, haven’t used any apps, and haven’t even inserted a carrier SIM card?

Even if you take all of those precautions, phones running Android software gather data about your location and send it back to Google when they’re connected to the internet, a Quartz investigation has revealed.
https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled/

Another HUGE deception and violation of trust and deserves a Bruce blog post.

JG4November 22, 2017 8:36 AM


a good day to reflect on the Rosetta stone of US policy since 1963

hopefully four links is under the limit

https://www.nakedcapitalism.com/2017/11/links-112217.html
...
Big Brother is Watching You Watch

Intel: We’ve found severe bugs in secretive Management Engine, affecting millions ZDNet (Chuck L)

Plant spies: DARPA’s plan to create organic surveillance sensors New Atlas (David L). Depressing.

...

Police State Watch

Cops Thought Innocent Man Shoplifted a Shirt, So 50 SWAT Cops Tore Down His House Free Thought Project (Judy B). Even with the victim not helping his situation, this does seem a tad excessive.

Crowd-control weapons: “These weapons should not be interpreted as less than lethal” operDemocracy

CallMeLateForSupperNovember 22, 2017 11:34 AM

@Bob Paddock

Tnx for surfacing the existance of Large Scale System Museum. I added it to my Diversions folder, filed under Road Trip Candidates.

JG4November 22, 2017 4:34 PM


I probably said before that applying first sale doctrine to software and firmware is a good idea. There is a lot of value in building communities. btw, Thanks to Clive for mentioning grugq again. Someone posted some of grugq's work (OPSEC?) in 2014 or 2015. The entire litany should be on one of the FAQ pages under resources.

https://www.nakedcapitalism.com/2017/11/200pm-water-cooler-11222017.html
...

“Repair Cafés Aim to Save Broken Items, Enhance Community” [Seven Days]. “On a recent Saturday, small groups of people huddled inside the Charlotte Town Hall to collectively troubleshoot their neighbors’ problems. But, unlike the questions that typically arise in this building about zoning, property taxes and building permits, these residents were tackling more mundane issues. Among them: Why doesn’t this lamp switch work? Can this old sewing machine be fixed? How do you replace the zipper on a winter coat?” This is even better than our thrift shop (which is the only place I can still buy a decent man’s dress shirt). And it never occurred to me that the “right to repair” (see, e.g., J-LS here) could help build communities.

“Meet the Man Who Has Lived Alone on This Island for 28 Years” [National Geographic]. Carrying the INTJ thing a bit far?

WaelNovember 23, 2017 6:59 AM

@Ratio,

Guess I should instead have mentioned a curious little story about Obama (in response to a related point you made). Maybe next time. :-)

Lay it on me!

RatioNovember 23, 2017 4:04 PM

@Wael,

We had this discussion in the past.

I had a feeling of déjà vu, but it didn't occur to me to use the search box and find out why. No change in our positions, I see. :-)

Lay it on me!

I asked if you were saying that words like هو (or, hypothetically, هي) are no indications of a male (or female) god in response to you saying that “God has no gender” and that we were just running into the limits of (the English) language.

Afterwards I remembered the following curious little story about Obama. Apparently, some Afghans were especially —overly?— enthusiastic about the prospect of an Obama presidency. You see, the name Obama is (unsurprisingly) written اوباما, and in Dari the homophonic او با ما literally means “he with us”. That has to be a sign, right?

So why did I think of that? Well, maybe they should have waited for a Michelle Obama presidency: او با ما also means “she with us“. You could say that words like او shlould not be taken as indications of a male presidency… ;-)

(This doesn't seem to work in Pashto, which maybe is another sign they should take into consideration. I wish I knew where I got this story from, so I could check the details. So much for my google-fu…)

WaelNovember 23, 2017 5:59 PM

@Ratio,

No change in our positions, I see. :-)

No. It's not something that I think about a lot - makes no difference to me. It may make a big difference to others.

were just running into the limits of (the English) language.

I was referring to Languages in general, including Arabic. Oh, by the way, this isn't limited to personal pronouns; it's also manifested in the masculine verbs used. For example: Youread, instead of Touread ('He wants' as opposed to 'She wants'...)

enthusiastic about the prospect of an Obama presidency.

They thought he was Muslim ;)

Obama is (unsurprisingly) written اوباما, and in Dari the homophonic او با ما literally means “he with us”. That has to be a sign, right?

Right! They just didn't read the sign correctly. They missed the word 'drone'.

So why did I think of that? Well, maybe they should have waited for a Michelle Obama presidency: او با ما [...] You could say that words like او shlould not be taken as indications of a male presidency… ;-)

Very clever!? Or bomb us! same theme as 'drone'. "Obama with us; bomb us!"

So much for my google-fu...

No need. Better this way.

RatioNovember 23, 2017 8:00 PM

@Wael,

It's not something that I think about a lot - makes no difference to me.

Same.

I was referring to Languages in general, including Arabic.

I know you were. My point was that some languages (but not English) have personal pronouns that don't indicate gender. That's why I thought of the Obama thing.

Oh, by the way, this isn't limited to personal pronouns; it's also manifested in the masculine verbs used.

I know, I just didn't have an example handy while I did remember the examples I gave.

They thought he was Muslim ;)

There's that, too, I guess. :-)

They missed the word 'drone'.

Well, you take away the drones, you've still got the neighbors. Those two points are *cough* not entirely unrelated… I honestly don't know which is worse.

(By the way, the word “drone” in Dari appears to be پهپاد, an acronym that expands to پرنده هدایت‌پذیر از دور, meaning something like “bird receiving guidance from afar”. “Drone in Pashto” is more to the point: بې پيلوټه الوتکه just means “pilotless aircraft”.)

WaelNovember 23, 2017 10:43 PM

@Ratio,

By the way, the word “drone” in Dari...

I don't know anything about Dari, but I looked at the link and recognized some Arabic words. I'd say 12 - 15% of the words are Arabic. Looked at the Pashto (another language I was never interested in) link, and I'd say .5 - 1% of the words were Arabic. Not surprising, though... Here: English-subtitled Dr. Mustafa Mahmoud[1] on the origin of Languages. It's only a short clip... And since you mentioned the pyramids, this maybe of interest to you: The pyramids. I personally don't buy the part about anti-gravity, but I learned a few things about Sir Isaac Newton. Huh?

[1] You may or may not want to add some his relevant books to your reading list.

Clive RobinsonNovember 24, 2017 8:34 AM

@ Bruce and the usual suspects,

If you add a little lateral thinking this paper might be of interest,

    KV-Direct: High-performance in-memory key-value store with programmable NIC

https://lrita.github.io/images/blog/kv-direct.pdf

It implements a quite rapid and energy efficient way to implement a Key-Value store[1]

    With 10 programmable NIC cards in a commodity server, we achieve 1.22 billion KV operations per second, which is almost an order-of-magnitude improvement over existing systems, setting a new milestone for a general-purpose in-memory key-value store.

Which is quick, but also of importance is that at around 3x more power efficient than other systems KV-Direct is the first general purpose KV system to achieve 1 million KVstore operations per watt on what are commodity servers.

Which as most of this is done on the 10 NICs, the server CPU is not doing a lot Thus it can also be used to run other functions at the same time. So you can quite easily make the case that it is getting on for being on for 9-10x more efficient power wise than sttaight CPU-based commodity systems.

As the authors note,

More recently, as both the single core frequency scaling and multi-core architecture scaling are slowing down, a new research trend in distributed systems is to leverage Remote Direct Memory Access (RDMA) technology on NIC to reduce network processing cost.

Which is what they have done with the 10 FPGA NICs.

One thing the aurhors are aiming for is vector array operations, which in recent years have moved to the likes of high performance graphics processing units. Which are also available as commodity components. The problem with this currently being the PCI bus which now becomes the system bottle neck.

It will be interesting to see where KVstores with the value being the sort of data suitable for GPU Vector processing will go. It's one of the things AI and Big Data can make a lot of use of.

[1] Think of a KVstore as an associative array of very large size, a simple example might be a Rainbow Table for instance or a generalised password cracking DB. But it can also be more general with the value being complex data or a pointer to complex data of the forms that vector processing or object processing can use.

RatioNovember 24, 2017 1:56 PM

Egypt mosque attack: death toll raised to 235:

At least 235 people have been killed and scores more injured in a bomb and gun assault on a mosque in Egypt’s north Sinai, in one of the deadliest attacks in the country in recent memory.

The attack marks a major escalation in Cairo’s battle with regional insurgents. The death toll, reported by state media, rose repeatedly on Friday afternoon as more details emerged.

A bomb ripped through the mosque as Friday prayers were finishing, then militants in four off-road vehicles approached and opened fire on worshippers, a military source told the Guardian.

More than 50 ambulances ferried casualties from al-Rawdah mosque in Bir al-Abed, about 40km west of the city of Arish, to nearby hospitals. At least 130 people were injured.

No group claimed responsibility for the assault, but it was the deadliest yet in a region where for the past three years Egyptian security forces have battled an Islamic State insurgency that has killed hundreds of police and soldiers.

[...]

The mosque belongs to a Sufi order – a mystical branch of Islam whose followers are regarded by hardline Islamists as apostates because they revere saints and shrines.

The attack came days before the annual celebrations of the prophet Muhammad’s birthday, which is celebrated by Muslims in Egypt. Festivals are being held by Sufi-affiliated mosques around the country.

The seven step program:

  1. “Saints and shrines.” (other triggering options are available upon request)
  2. “You unbelievers!”
  3. (carnage)
  4. hashtag “je suis Égypte” / “أنا مصر” (adjust according to location of carnage)
  5. thoughts and prayers
  6. Very Serious Experts explain that what happened was caused by socioeconomics, geopolitics, etc. Literally anything but ideology.
  7. (repeat ad nauseam)

WaelNovember 25, 2017 1:51 PM

@Ratio,

I know you have certain intersts in Sayyid Qutb. I knew, later on, that he wrote for the "Egyptian Crown" newspaper Why I becsame a Freemason. Don't know what that means from an ideological perspective or how it affected his thinking or motives. Complex subject with several facets. I gave up on it -- too much work to find out the truth, and too many points of view to investigate. My view: His life and he's gone. He's accountable for it; I am accountable for the actions that my intellect dictates.

Searched for "hashtag “je suis Égypte” / “أنا مصر" and got a Facebook link... Some comments:

Saw Akhenaton: The crying head - speaking to god. Such a touching portrayal! Probably you don't want me to discuss more details into his story...

On linguistics:
Pens and black ink dating to 3200 BC. They attribute the first one who wrote with a pen to "Gehoti" or "Tutey" or "Tut"... I know other sources that said it's not that person, but a different one. I know that Arabic is 4000 to 6000 years older than Hebrew. A language that has 16,000 three letter roots as opposed to 2500 roots. Very rich in vocabulary and descriptive words. For example, words that describe the Camel and actions and situations related to camels amount to 5644 words. 200 words that describe various types of desasters, 20 words that describe the levels of love, and around 200 different names for a snake. Of course, the lion has 500 names. Do you remember Abbas Mahmoud Al Aqqad and Taha Houssaein, and Naguib Mahfouz? They only used 4% of the Arabic vocabulary in all thier works combined. The grammar is another story, just as rich! Anyway, That's not the topic that you probably intended to discuss, but that's what will happen when you send a link coupled with few comments :)

More on languages:
House of life character. You see any resemblance to a certain Chinese character "中"? A little far-fetched, but the resemblance is there. Perhaps a coincidence.

Now:

Very Serious Experts explain that what happened was caused by socioeconomics, geopolitics, etc. Literally anything but ideology.

I'll bite. Probably true -- study the Chivelry and generosity of Salah El Deen (whom the west calls Saladeen) towards his enimies that killed... well, you search.

(repeat ad nauseam)

Let's not. Is ISIS the root cause or the mechanism used by certain powers to achieve a vision for the ME? Who's behind ISIS, who's financing therm and supplying them with training, medical help and weapons? And why is it that an organization which claims to be driven by Islam is consistntly targetting Muslim and Arab communities? Yea, they do some things in the west, but that's dwarfed by what they do in the ME. Cui bono?

There! I gave you a lot to play with -- at a very high level, btw. Pick your weapon. Oh, Why is the LED off?

RatioDecember 4, 2017 10:26 AM

@Wael,

(No Facebook for me, so I haven't seen most of what you linked to.)

I know you have certain intersts in Sayyid Qutb.

Some of his writing seems to be relevant for recent history and current events. That said, I still haven't gotten around to reading even the couple dozen pages of “The America That I Have Seen”. Any day now…

As for Qutb and Freemasonry, it doesn't really matter to me. (A quick search for the article “Why I Became a Freemason” doesn't turn up anything, so that's the end of that. That's about as much effort as I plan to expend.) As far as I'm concerned, it's about his ideas and the people inspired by them, not what led him to having those ideas in the first place.

Searched for "hashtag “je suis Égypte” / “أنا مصر”

The exact spelling of the obligatory “solidarity” hashtag varies.

(I'll have to skip your little nuggets of Facebook gold.)

I'll bite. Probably true -- study the Chivelry and generosity of Salah El Deen (whom the west calls Saladeen)

Yeah, I know about Saladin. That said, it's not clear to me what he has to do with the (ideological) reasons 311 people were massacred in Egypt a little over a week ago. How does that work?

Is ISIS the root cause or the mechanism used by certain powers to achieve a vision for the ME? Who's behind ISIS, who's financing therm and supplying them with training, medical help and weapons?

ISIS is a symptom, as are other groups like it. And it's not just about the Middle East or even the Greater Middle East, although it's definitely more intense there.

And why is it that an organization which claims to be driven by Islam is consistntly targetting Muslim and Arab communities? Yea, they do some things in the west, but that's dwarfed by what they do in the ME. Cui bono?

(Arabs and Muslims are two distinct categories, as you well know.)

How about Islamic State beheading 15 of its own fighters in Afghanistan's Nangarhar province on the day before the attack in Egypt? Is a cui bono in order?

Why do groups (like ISIS) that claim to be driven by Islam target people that claim to be Muslims? Here are some articles that have appeared since the attack. (Those that have a single letter suffix are related articles.) Any clues?

Do I really need to dig out the quotes and spell it out? Just take a minute to ponder, for example, what's described in articles 5 through 7, and you'll see that things are deeply wrong on multiple levels.

Why is the LED off?

While the supplied manual claims it's written in clear everyday language and contains no errors, for some reason people take the instructions to mean all sorts of things that don't result in a LED that's actually on. There are also disputes about what being on actually means: your “on” may be someone else's ”off”, and vice versa.

Oblique enough for ya?

WaelDecember 4, 2017 11:39 AM

@Ratio,

I prefer to skip this topic, if it's okay with you. Endless discussion.

Oblique enough for ya?

Too oblique. The point is there could be several reasons: battery dead, wire broken, LED burnt out, LED reverse-biased,... Meaning one needs to look at the probable causes instead of explicitly making assumptions. Applies to many issues.

RatioDecember 4, 2017 1:16 PM

@Wael,

I prefer to skip this topic, if it's okay with you.

Sure. I was just (belatedly) responding to your comment, but if you're no longer interested, that's fine.

Too oblique. The point is there could be several reasons: battery dead, wire broken, LED burnt out, LED reverse-biased,... Meaning one needs to look at the probable causes instead of explicitly making assumptions. Applies to many issues.

That's all great, but how does that analogy map back onto people and their (binary, “on” or “off”) understanding of religion? Don't these distinct physical causes in your analogy stand for one and the same thing? I simply suggested that there are other issues you may have to consider if you really want to answer your question, or to decide if that's even the right question to ask.

By the way, assumptions are best made explicit(ly). Even when done obliquely.

WaelDecember 4, 2017 2:52 PM

@Ratio,

but if you're no longer interested, that's fine.

I just don't know how to respond to something unclear and open ended.

but how does that analogy map back onto people and their (binary, “on” or “off”) understanding of religion?

It applies to "Does amusing nutters...". Several possibilities: Scripture is plain wrong, nutters misunderstood it or twisted it to serve their purpose, something lost in translation, or the people quoting it are plain stupid, etc... In the case of the flat-earthers quoting their favorite scriptures, which one is it (why is the LED off?) You imply their favorite scripture is plain wrong (which may or may not be the case) without exploring the other possibilities. That's what I meant. You're saying the LED is off because the battery is dead.

and you'll see that things are deeply wrong on multiple levels.

So you don't want to read 12 pages (let alone his other books,) and don't want to read about the circumstances of the era he lived in or how he was executed, and expect to have a meaningful discussion about why some are inspired by him? I don't think that will work. That's the reason I said let's skip -- some call that an act of mercy ;) As for the other links... Just state what you see wrong if you want to discuss.

I do like to discuss "Stuff" with you. But lately you've been mysterious! You trying to profile me, chief? Just ask and I'll tell you!

RatioDecember 4, 2017 8:01 PM

@Wael,

Several possibilities: Scripture is plain wrong, nutters misunderstood it or twisted it to serve their purpose, something lost in translation, or the people quoting it are plain stupid, etc.

In the general, the possibilities are: (1) scripture is factually incorrect, (2) scripture is misunderstood, (3) scripture as understood is misrepresented, and combinations of these. For example: scripture says U, which is understood as V, which is translated as W, which is understood as X, which is presented as Y, which is understood as Z. This doesn't seem the most useful way of thinking about the issue as per your analogy. (Plus, how do the parts of your analogy map onto this? I can't get it to make sense.)

To me, your analogy suggested these possibilities: (a) scripture is factually incorrect, (b) people are wrong about scripture. The battery, wires, and LED map to scripture, understanding of scripture, and truth, respectively. (Yes, this particular mapping is obviously flawed, but so is the analogy. I honestly don't think I'm making things worse here.) Now, I —apparently mistakenly— took you to be dismissing out of hand the possibilty that scripture would contain any factual errors, leaving just one possibility, and I accidentally widened the scope of the “truth” we were talking about. Hence my response.

In the case of the flat-earthers quoting their favorite scriptures, which one is it (why is the LED off?) You imply their favorite scripture is plain wrong (which may or may not be the case) without exploring the other possibilities. That's what I meant. You're saying the LED is off because the battery is dead.

Yes, that is what I'm saying, after looking at the text itself.

I don't know what else (you'd like me) to say on this point.

So you don't want to read 12 pages (let alone his other books,) and don't want to read about the circumstances of the era he lived in or how he was executed, and expect to have a meaningful discussion about why some are inspired by him? I don't think that will work. That's the reason I said let's skip -- some call that an act of mercy ;)

Whoa, hang on just a sec. I haven't had time (or taken the time) to sit down and read the ~25 pages of The America That I Have Seen, much less the ~400 pages of Milestones. I have been (and still am) looking for a book on that era in Egypt, and you know this. Had I found a book that looked promising, it too would be in a pile of books to read that runs in the triple digits.

Meaningful discussion on the attack on the Rawda mosque and related matters, which was the topic, can in fact be had without any reference to Sayyid Qutb. On the other hand, this clearly isn't the way to go about it; I'll give you that.

As for the other links... Just state what you see wrong if you want to discuss.

Hmm, yeah, on second thought, let's not.

I do like to discuss "Stuff" with you. But lately you've been mysterious! You trying to profile me, chief? Just ask and I'll tell you!

Well, this has been a bit less enjoyable than other times so far. (If anything I've been mostly absent, which is hardly being mysterious in my book. Unless you're saying that interferes with your futile attempts at profiling my ankles, hoping to discover a certain nose, of course. In which case, here's to life's great mysteries!) No profiling here: I'll just ask you. And you may, or may not, tell me the answer. Nice and simple. :-)

WaelDecember 4, 2017 8:49 PM

@Ratio,

I'll reply out of order...

Well, this has been a bit less enjoyable than other times so far.

My bad! Let's change that.

Yes, that is what I'm saying, after looking at the text itself.

Yes, some do have those sort of errors.

I don't know what else (you'd like me) to say on this point.

Probably not much. I think we're aligned.

Whoa, hang on just a sec. I haven't had time (or taken the time) to sit down and read the ~25 pages of The America That I Have Seen, much less the ~400 pages of Milestones.

OK - when you have had the time we can get back to it. I read both and a few more of his books.

I have been (and still am) looking for a book on that era in Egypt, and you know this

I gave you some references!

Meaningful discussion on the attack on the Rawda mosque and related matters

There is no justification to that attack or the others you listed. A terrorist attack cannot be justified! You know that and I know that. By the way, that Sufi sect is a branch of sunni Islam. Not much difference in the core beleifs.

Hmm, yeah, on second thought, let's not

If the reason is you're concerned you'll offend me, then don't let that hinder you. I know you're polite and objective.

Unless you're saying that interferes with your futile attempts at profiling my ankles,

LOL! You still remember? Were you able to "decipher" the limmerick?

hoping to discover a certain nose, of course.

Na! Just kidding about that!

I'll just ask you. And you may, or may not, tell me the answer. Nice and simple. :-)

I'll tell you if I understand what you want. If I can't for some reason I'll also tell you.

RatioDecember 7, 2017 5:06 AM

@Wael,

Yes, some [scriptures] do have those sort of errors.

That's the part you can get unanimous agreement on. Now let's see which ones we're talking about… ;-)

I gave you some references [re. Egypt in, say, 1850–1950]!

Yes, you did. Thank you. I just haven't followed up yet. (My days need waaayyy more hours currently, see timestamp of this comment. *sigh*)

If the reason is you're concerned you'll offend me, then don't let that hinder you.

No, not at all. Besides, offense is taken, not given. But that doesn't mean that every possible conversation is worth having at every possible opportunity, and I felt this one maybe wasn't this time. Your call.

Were you able to "decipher" the limmerick?

Don't know about the limerick, but a limerick, yes.

Just kidding about that!

Hah, you can keep repeating that line till you're blue in the nose. Face! I mean, face!

(barely audible approach of shuffling socks; muffled noises)

(panting) … “What the…?! Pups aren't supposed to have nine lives!”

(thud; whimper) … (echoes of metal clanging, socks shuffling away)

(silence)

WaelDecember 7, 2017 9:34 AM

@Ratio,

Now let's see which ones we're talking about… ;-)

That's an endeavor you'll have to take on your own.

see timestamp of this comment. *sigh*)

Yea, I noticed. Six minutes off ;)

offense is taken, not given.

Hollow words that mean nothing. Offense is taken? Are you freaking kidding me? Don't quiz me!

But that doesn't mean that every possible conversation is worth having at every possible opportunity, and I felt this one maybe wasn't this time. Your call.

My call is don't post links to topics you don't want to discuss. Will phorgive you this time.

Don't know about the limerick, but a limerick, yes.

+ 0.1415

Hah, you can keep repeating that line till you're blue in the nose. Face! I mean, face!

@ianf? You're still alive, dude? And there I was thinking a big Italian rock fell on your thick skull!

barely audible approach of shuffling socks

Hopefully he won't get shot twice like his brother of late. But I think this guy is a little more resilient -- and will be vulgar at times.

RatioDecember 8, 2017 7:51 AM

@Wael,

Offense is taken? Are you freaking kidding me?

No. Offense exists if and only if someone takes offense. Disagree? Make your case.

My call is don't post links to topics you don't want to discuss.

Yeah, that be like commenting on a topic and then saying you'd rather skip it when you get a response. Unforgivable!

(That's what they call it when there's nothing to forgive, right?)

If you want to discuss it, we'll discuss it. If not, we don't. Fair enough?

I'll even throw in some puns (↓), just for you, as a token of goodwill. :-)

But I think this guy is a little more resilient -- and will be vulgar at times.

I thought your new guy was dedicated to maintaining his stiff upper2 lip for eternities on end? Looks like steering clear of blue humor is gonna get harder and harder…

WaelDecember 8, 2017 9:39 AM

@Ratio,

Disagree? Make your case.

First of all: the definition of the word 'offend'

Second:

Offense exists if and only if someone takes offense.

if and only if -->
1) Offense exists if someone takes offense
2) If someone takes offense, then offense exists

This is debatable on some levels. I want to take a short-cut. If we agree that your quote is a legitimate one -- which I don't believe is the case, then it applies to two people involved in a dialogue. Now if you expand this to a discussion that involves manny different participants with different perspectives, belief systems, cultural norms, etc... then clearly someone will be offended (or take offense.) My case: Go out in public and say something derogatory targeting a choice minority group. Say it on TV, for example... When you loose your job or get sued, can you use the blockquoted statement above as your defense? I think not; you'll pay a price. In fact, your statement could be offensive even if no one took offense because it violates some basic etiquette, rules, or common sense. I don't want to demostrate with a concrete example because I'll pay a price.


Yeah, that be like commenting on a topic and then saying you'd rather skip it when you get a response.

Makes sense -- accepted.

If you want to discuss it, we'll discuss it. If not, we don't. Fair enough?

I only wanted to get a glimpse of the levels of what you see wrong there. I have an idea but didn't want to put words in your mouth. I'm sure the topic will come up again in the very near future. We can skip it temporarily. When the topic arises again, it would be good to share a more descriptive overview of your perspective so we reduce assumptions and save a few iterations.

I'll even throw in some puns (↓), just for you, as a token of goodwill. :-)

Never questioned your good will. Disagreement is one thing and questioning good will is another.

I thought your new guy was dedicated to maintaining his stiff upper2 lip for eternities on end?

I shopped around several weeks for a good brandname. This is the one that looked cute, but I honestly liked his late brother a lot more. Still puzzles me why someone decided to dispose of him. Two shots to the head refers to two separate attempts at assault, by the way. The first one was annoying and gave him only a headache; the second one was fatal.

Looks like steering clear of blue humor is gonna get harder and harder…

That's the idea. Think of it as preparing a framework or a building block. How's that for strategic thinking?

RatioDecember 10, 2017 8:00 PM

@Wael,

First of all: the definition of the word 'offend'

That says that to offend is “to cause (a person or group) to feel hurt, angry, or upset by something said or done”.

Second: [“offense exists if and only if someone takes offense” means]
1) Offense exists if someone takes offense
2) If someone takes offense, then offense exists

That's the same thing twice: (1) is a ← b, and (2) is b → a. What's missing is the other direction (either as b ← a or as a → b): if offense exists, then someone takes offense. In other words, if there is an offense there better be someone offended, because otherwise how does that qualify as an offense?

I want to take a short-cut. [...] Go out in public and say something derogatory targeting a choice minority group. Say it on TV, for example... When you loose your job or get sued, can you use the blockquoted statement above as your defense?

No, I don't see how it's relevant to a defense either way.

(It's a quote used as shorthand, FWIW, but that needs a shared context that wasn't there. What about the discussion on Reddit did you want to draw my attention to as a “shortcut”? All of it? *LOL*)

In fact, your statement could be offensive even if no one took offense because it violates some basic etiquette, rules, or common sense.

Offensive as in causing feelings, just not in, you know, people? That doesn't seem to work.

Look, all I'm saying is (a) if someone wants to be offended by you, there's nothing you can do or not do to prevent them from succeeding, and (b) if someone just doesn't feel hurt, angry, or upset, there's no way you'll offend them. The ultimate decision is theirs, not yours.

Does that mean you should treat people badly, because, hey, if they get upset that's their problem? (Somewhat related: why don't those who don't believe in Heaven and Hell all act atrociously all the time if there are no consequences?) Why would you want to? How about being nice just for the sake of being nice?

Does that all make sense?

I only wanted to get a glimpse of the levels of what you see wrong there. I have an idea but didn't want to put words in your mouth. I'm sure the topic will come up again in the very near future. We can skip it temporarily. When the topic arises again, it would be good to share a more descriptive overview of your perspective so we reduce assumptions and save a few iterations.

Could you tell me what exactly you'd like me to comment on, so we can start saving iterations?


Two shots to the head refers to two separate attempts at assault, by the way. The first one was annoying and gave him only a headache; the second one was fatal.

Come on, just revive the old stoner. Are you sure the second one was fatal? He could be convalescing on some tropical island for all you know.

WaelDecember 10, 2017 8:36 PM

@Ratio,

Could you tell me what exactly you'd like me to comment on, so we can start saving iterations?

This:

what's described in articles 5 through 7, and you'll see that things are deeply wrong on multiple levels.

As for..

He could be convalescing on some tropical island for all you know.

You're right! He's in a comma. Maybe he'll survive. Don't like his blue brother. And since his cover blew up, I wouldn't terribly mind if others use him too! A new concept: a generic sockpuppet for all. The best we can do under the circumstances.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.