Fingerprinting Digital Documents

In this era of electronic leakers, remember that zero-width spaces and homoglyph substitution can fingerprint individual instances of files.

Posted on January 11, 2018 at 12:50 PM • 113 Comments

Comments

&nobusspaceJanuary 11, 2018 1:44 PM

They're often not even visible in contexts where software experts would expect them to be, like on a programming terminal.

I let it go when this popped up in the squid but well ... really?

CelosJanuary 11, 2018 2:01 PM

Indeed. Or historically other things like tiny defects in specific letters by using specially prepared typewriters for each copy. Hence anybody that is halfway competent has always copied leaked documents by manually retyping everything. It seems this basic skills have been lost in many cases, see for example the "Reality Winner" fiasco. Of course, it is still possible to watermark by equivalent wording, but that is much harder and much more obvious if you have access to more than one copy.

hmmJanuary 11, 2018 2:58 PM

This is why I avoid documents like the plague. Give me a good ol' oral transliteration any day.

Bob PaddockJanuary 11, 2018 3:19 PM

Making a cellphone 'fingerprint' form a single camera image:

ABC:Enabling Smart phone Authentication with Built-in Camera

Abstract—In this paper, we propose ABC, a real-time smartphone Authentication protocol utilizing the photo-response nonuniformity (PRNU) of the Built-in Camera. In contrast to previous works that require tens of images to build reliable PRNU features for conventional cameras, we are the first to observe that one image alone can uniquely identify a smartphone due to the unique PRNU of a smartphone image sensor. This new discovery makes the use of PRNU practical for smartphone authentication. While most existing hardware fingerprints are vulnerable against forgery attacks, ABC defeats forgery attacks by verifying a smartphone’s PRNU identity through a challenge response protocol using a visible light communication channel. A user captures two time-variant QR codes and sends the two images to a server, which verifies the identity by fingerprint and image content matching. The time-variant QR codes can also defeat replay attacks. Our experiments with 16,000 images over 40 smartphones show that ABC can efficiently authenticate user devices with an error rate less than 0.5%.

Impossibly StupidJanuary 11, 2018 5:24 PM

@Celos

but that is much harder and much more obvious if you have access to more than one copy.

All uniquing info becomes more obvious when you have multiple copies you can easily compare. The trick at that point becomes embedding enough extra bits to identify any attempt to falsify/remove the fingerprint (i.e., only a "partial print" should be able to be recovered from any T available files out the N total). I'm not sure there is mathematically any good way to reference the original and still ensure you've stripped out all the secrets identifiers. Maybe some very fuzzy processing, like translating it to a foreign language and then back, using custom substitution dictionaries and word spinners, etc.

Dr. I. Needtob AtheJanuary 11, 2018 7:56 PM

I first read that fastforwardlabs.com article with Firefox and saw several cases of words run together, scattered throughout the text. Then I looked at the same article with Chrome and the previously missing spaces were back where they belonged. So whatever trick they were trying to pull worked with Chrome but not with Firefox.

meJanuary 12, 2018 2:09 AM

isn't easier and more effective to replace some words with other that has similar meaning?
for example:
"we have to go at mountain."
"we have to climb the mountain."
"we need to go at mountain;"

if three different persons read this it will make sense for everyone but they are different.
and this will resist rewriting or print+ocr+to lower case all

Clive RobinsonJanuary 12, 2018 2:29 AM

@ Impossibly Stupid, Celos,

I'm not sure there is mathematically any good way to reference the original and still ensure you've stripped out all the secrets identifiers.

If you consider a document consits of information layers, from the bit level upwards then you would have to look at each layer seperatly and in combination. It helps however to think of each layer as an extended Shannon Channel[1] when analysing things. Importantly Shannon's work tells us what the limits are in any layer for a covert channel. However when considering multiple layers you have to move to the MIMO models.

If you folks are old enough to have been through the Digital Watermarking[2] (DWM) War back in the late 1990's into the early 2000's, that worked in layeres each getting added by defenders as attackers found ways around them. However the problem the defenders ran into was that in a file format the channel parameters are in effect frozen, whilst the information content could be varied without it being perceptable to humans. Thus DWN failed to work against certain attacks.

In putting caneries in documents the defenders have the ability not just to use the spare channel capacity for a covert channel they can also modify the information input.

One such change would be the use of a thesaurus for word substitution another is the writing style. Such as "that is" "that that" and "that which" can be used in an interchangable way. And it is in this stylistic level where the defender gains an extra advantage.

If a whistle blower takes a document and deleates or removes the non printing canary layers, then when putting the original and copy documents side by side gives to a human reader an identical document, that the originator of the document would have no deniability on. However as they work through with a thesaurus or change the style, they change the visable doccument thus giving the originator not just deniability but an alert of a whistleblower when a journalist trys to get verification.

It is susspected that some lawyers have used such deniability already with corporate clients.

Thus journalistic integrity has two sides that of protecting the source and that of verifying authenticity. It's a situation that favours the originator not the whistleblower.

Thus the whistleblower needs to in effect frame a colleague to protect themselves. It's something the originators like the NSA and a well known film company have exploited ruthlessly.

It was a point that was not lost on Edward Snowden, which he first "used colleagues" then realised what that ment so "outed" himself. However even so we have good reason to believe that those colleagues he did use did not go free from sanctions by the vengeful senior hierarchy.

Which is in line with "Uncle Sam Policy" of "throwing under the bus" any nation, corporation, company citizen or other person innocent or otherwise "as an example" to others. Unless of course they have certain traits, then they become almost untouchable for any crime from over due parking fines to genocide. Which is why the US has that bit of legislation about sending in the troops to rescue any such US person from a valid Human Rights abuse trial...

The problem with this mentality is "blowback" or "what goes around comes around" 9/11 showed that the idea of Exceptionalism by Issolationism protection nolonger works. The NSA apparently has not just recruitment but staff moral issues... The list no doubt goes on and will get worse.

Oh and Whistleblowers will wise up to who they give their documents to. Many foreign journalists acutely aware of espionage issues with the US will not attempt to verify in the same way as would US journalists, thus will asses veracity via different methods prior to publishing, thus the story will break without the originator being fore warned.

Which is why the Intercept and the journalist who sent a copy of the source document back to the US originator still stuns me.

Yes I know the Intercept have to be cautious about US entities running false flag / discredit opperations against them, but there are other ways to get verification.

[1] Claude Shannon came up with a model for a communications channel to work out efective information rates in the presence of noise. In essence you have three components to consider, the channel capcity normally given as Bandwidth the level of the desired signal at the receiver input and likwise the noise. Importantly in a practical system there is usually a large margin between the theoretical limit of a channel and that used to convey information. This excess capacity can be used to provide Forward Error Detection and Correction or as a covert channel. Shannon expanded the basic channel ideas and others have done likewise to account for new issues such as various types of jamming that can be analyzed as multiple parallel channels with bleed or cross channel symbol interferance.

[2] In essence DWN exploited redundancy in an image and added faux noise to it. It used similar techniques as Low Probability of Intercept (LPI) radio Direct Sequence Spread Spectrum systems.


[3] You can read about some methods of attacking DSSS LPI systems in this 2005 thesis https://etd.lib.metu.edu.tr/upload/2/12606906/index.pdf obviously things have moved on in a decade which is why MIMO systems are replacing DSSS, FHSS and hybrid systems for certain covert communications techniques.

WinterJanuary 12, 2018 3:42 AM

My work flow would be:
Print > OCR > spell-check&correct > Automatic translation to new language > Correct > Translate back > Correct

I would use suitable caution when applying the translators to prevent "them" tracing me over the translators.

hmmJanuary 12, 2018 4:15 AM

This is the digital equivalence of kidnappers using cut up newspaper letterheads.

Just have Siri read it out loud and Alexa A2T interpret it, then run it back and forth through google translate a few rounds between Russian, Gaelic, Klingon and Esperanto... Anyone who can get anything signal out of the noise is your spy and/or Scottish.

Documents are evil, never trust them. Vessels of ill import.

echoJanuary 12, 2018 8:02 AM

The essays indicate a workflow of write original copy, veryify via multiple sources, and retain a copy for evidence in a fair trial held in the public interest?

After receiving a document it could contain watermarks and acanaries and active components so you would filter on an isolated machine? DRM and prevention of printing may be an issue. Ultimately this heads in the direction of obtaining plain text. Methods include an electronic copy of the data stream or OCR. Is it possible for OCR to be compromised?

I'm not completely convinced about multiple rounds of language translation. This would either not make sense or be reversible?

What about software designed to identify plagiarised works?

Reading about the Malthusian trap before Christmas was interesting. The Treaty of Paris (1783) is an eye opener too.

Clive RobinsonJanuary 12, 2018 9:58 AM

@ hmm,

Anyone who can get anything signal out of the noise is your spy and/or Scottish.

Do yer ken why that is nowt fair, or do yer need yer taties blued?

There will be those that take exception to your allegations of speaking some foreign language amongst those north of the boarder. Just remember Wee D'nald McTrumpie claims Scottish heritage, though they defiantly would not call him a son of Scottland...

For all their flame and bluster they are sensitive souls at heart, and as the old joke goes "I know and my wife gives me permission to say so! Ouch" ;-)

GlyphJanuary 12, 2018 12:44 PM

Perhaps web browsers (or browser plugins) can be made to filter such content? Just add a toggle to enforce user-defined character set prior to loading and display. How does TOR Project deal with this tactic?

Impossibly StupidJanuary 12, 2018 12:51 PM

@Clive Robinson

If you consider a document consits of information layers, from the bit level upwards then you would have to look at each layer seperatly and in combination.

And that assumes you know what all the "layers" are, which should not be seen as a given. If you compare just two versions of a document, all you can do is determine how they differ, if they differ. Alter or strip away that info and what you have left could still refer to some version of an "original" document that has been marked (albeit to to a lesser precision than either of the two copies you're comparing). That could still be enough to start an investigation that quickly closes in on your mole.

9/11 showed that the idea of Exceptionalism by Issolationism protection nolonger works.

What? There's little about US policies that have been isolationist since it became a super power. It has constantly meddled in the affairs of other nations. Some would argue that attacks like 9/11 are a direct consequence of US imperialism/colonialism. Nobody would have any good reason to scream "Death to America" if the US were just quietly keeping to itself.

But that is getting way off topic, and risks hmmm going off on another conspiratorial rant. Please link to a blog of your own that discusses such issues if you want the conversation to continue along those lines.

Bob PaddockJanuary 12, 2018 1:08 PM

How do we know that each page of paper itself was not tagged with a nano sized identifying material when it was manufactured?

hmmJanuary 12, 2018 7:21 PM

@ Clive

"though they defiantly would not call him a son of Scottland..."

Pure dead right he's not a TRUE Scotsman - The wee hen that never layed away, starched bolloks!
Clatty crabbit Donnie's all bum n' parsley. Awae an bile th' roaster, heid’s full o’ mince.

Sh!teholes, sheesh in a sheep thae's nae Presidential - Not anywhaer! Bile it awae, th' numpty. Cheers.

Tony H.January 14, 2018 1:24 AM

@me

isn't easier and more effective to replace some words with other that has similar meaning?
for example:
"we have to go at mountain."
"we have to climb the mountain."
"we need to go at mountain;"
if three different persons read this it will make sense for everyone but they are different.
and this will resist rewriting or print+ocr+to lower case all

You are in a maze of twisty little passages, all different.
You are in a twisty maze of little passages, all different.
You are in a little twisty maze of passages, all different.
You are in a twisty little maze of passages, all different.
You are in a maze of little twisty passages, all different.
You are in a little maze of twisty passages, all different.
You are in a maze of twisting little passages, all different.
You are in a twisting maze of little passages, all different.
You are in a maze of little twisting passages, all different.
You are in a little maze of twisting passages, all different.
You are in a twisting little maze of passages, all different.

You are in a maze of twisty little passages, all alike.

WaelJanuary 18, 2018 1:35 AM

@Clive Robinson,

Moving comment to this thread as it's directly related to this topic. It's also related to the Unicode URL Hack thread.

I suspect @ianf is long gone...

For sure. I just had to make good on my word.

Unless that "Magnas Opus" ianf promised is taking more time than "he" first thought... In which case I'm probably not going to read it either way.

How could you! You started this topic recently! Don't make me believe that you have a nasty habit of starting a topic and not participate in it. You've done it before and you paid a price. Remember: there is a price to be paid if you raise my blood pressure ;)

It's really not meant for @ianf. It's for everyone. If I had more money I would up the prize. Moving the comment here is a subtle hint. The second hint is free as well, so I'll decipher the first part of the poem for free (prize is still $100 and not $95:)

Steganography ain't lame, Notepad is the trend; Cryptography's the game, But vi's your friend!

Meaning: Steganography is the first word mentioned in the "poem" so it must be a major component of the puzzle, and it is. The masterpiece poetry also says regular common text editors like Notepad and such won't help in this puzzle. The second part also mentions Cryptography. So the hidden message is protected with Steganography and Cryptography. The hidden message is a limerick. There... No more free hints.

If no one takes a stab at it then I'll post the "Kick-ass Guide For Secret Communications" with a step by step procedure to composing these sort of hidden messages. Could be useful in the future for "Secret Communications" here.

WaelJanuary 18, 2018 10:40 AM

There are two usual suspects that eat up this kind of thing. Let's see if a little taunting encourages them.

If no one takes a stab at it then...

@Ratio, @Anura...

What's up, too challenging for you? I'll give you one more free hint if you like! You could be a little richer and buy a new bigger popcorn machine to complete the entertainment experience while you follow all the incoming fascinating comments and news / fake news :)

Don't disappoint me now...

WaelJanuary 18, 2018 7:59 PM

@Ratio,

Are you an impostor? Let’s see how you beehive first, so I can authenticate you. ;-)

I'm not a خلية نحل, ok? Now that you bit, I'll give you another hint:
curl https://www.schneier.com/blog/archives/2016/06/friday_squid_bl_530.html#c6768390 > comment.txt

See what the file looks like where my comment is. There! I de-steganographiezed it for you. Find the key and the encoding and you're good to go. Next hint will be $5 -- and that could be very costly. There once was a guy who spent his fortune on a pizza. A $5 hint could be worth a million dollars five years from now :)

Did I beehive appropriately?

WaelJanuary 18, 2018 8:26 PM

@Ratio,

Next hint will be $5 ...

I take that back. No more hints, it's almost trivial now because I deciphered the second line of the poem. If you copy and paste the whole comment into a no frills text editor, you won't see the special characters (as designed, of course.) If you paste it into vi you'll see them. Alternatively, you could use the curl command as described above and view the hidden message in a regular text editor. This was the more explicit meaning of

Cryptography's the game, But vi's your friend!

Your task, should you accept it is to decipher the next line:

Don't run out of steam; Remember, and you'll be done; The key's the rhyme scheme, Replace B with zero and A with one

Tick-Tock...

Signed: The real Wael (yea, that'll work)

PS: If the solution is not accompanied with a wallet address the prize will be forfeited -- you have been cautioned.

RatioJanuary 18, 2018 8:49 PM

@Wael,

I'm not a خلية نحل, ok?

Of course not. That would be @جوستينا. :-)

Did I beehive appropriately?

لا-)

The ‌b‌roblem is I can’t curl, vi, etc. at the moment, but I think I’ve got another way…

Signed: The real Wael (yea, that'll work)

وائل الصحيح :-O That actually worked. ;-)

WaelJanuary 18, 2018 9:27 PM

@Ratio,

The ‌b‌roblem is

I'll remember that!

but I think I’ve got another way…

There are several ways. You may view bage source if you can from where you are...

RatioJanuary 18, 2018 10:06 PM

@Wael,

I'll remember that!

*LOL*    Now I really know it’s you. :-)

You may view bage source if you can from where you are...

B‍‍‌‌‍‌‌‌‍‌ossibly. (Actually, no.) Can you?

How to process this puppy? Lessee…

WaelJanuary 18, 2018 11:47 PM

@Ratio,

B‍‍‌‌‍‌‌‌‍‌ossibly. (Actually, no.) Can you?

Actually, yes. It's in a long line. Yes I can. Verified before I said it.

Clive RobinsonJanuary 19, 2018 1:49 AM

@ Wael, Ratio,

See what the file looks like where my comment is.

Back in times past prior to "I An Not French" leaving here for places unknown we had a little spat about hiding in plain sight using pairs of HTML tags.

Thus as I said at the time you could use say the "i" italics flag with the "ul" list tag in four diferent ways thus giving you the equivalent of two bits of hidden data. The only problem was finding and using a web server that did not mung whitespace etc.

So without looking my first thought if it was not a symantic or "shared knowledge" piece of stego it would be by use of HTML tags as that's easy for a "hand edit" in notepad etc without needing to remember unicode character listings etc. Also your hint suggests that a look at a simple listing would work, thus HTML flags would be visable.

Any way it's Friday morning on a cold day in London Town where even the "flying rat" pigeons are looking hung down and brung down. I fully expect one of them to curl a wing tip and cough cough into it like some aged smoker puffing their day away.

WaelJanuary 19, 2018 4:32 AM

@Clive Robinson, @ Ratio,

we had a little spat about hiding in plain sight using pairs of HTML tags.

Yup. I remember that although I'm too tired to find the link.

So without looking my first thought if it was not a symantic or "shared knowledge"

Neither.

Any way it's Friday morning on a cold day in London Town where even the "flying rat" pigeons are looking hung down and brung down.

Eat a couple of them, but substitute green wheat for rice, which is a more authentic dish. Dry green wheat is called "Freek", although some other regions call it "freekeh". So I could actually say: eat a freakin' stuffed pigeon :) They are delicious. I use the second recipe for Cornish hens and quail since I don't want to get caught catching rats-with-wings in the city ;)

Speaking of food, the other day I made the best falafel from scratch. This is the real falafel (green inside, not yellow) - a recipe probably as old as the pigeon recipe :)

JG4January 19, 2018 7:09 AM


Did anyone catch that one of my comments earlier in the week showed a block of text from nakedcapitalism that drove a spell-checker nuts? It would be awesome if one of the titans would run that piece through vi and let me know what is going on.

I think that flying rats in cities are polluted with industrial chemicals, so I caution against eating them. In fact, cities and the interior of buildings are contaminated with industrial chemicals.

don't have the link handy, but I recall reading where they collapsed a major roof with many tons of chicken bones from the nearby dump. here's enough evidence that could happen.

http://www.colonialpest.com/seagulls-garbage-dumps-and-rooftops/

https://www.manchestereveningnews.co.uk/news/greater-manchester-news/mcdonalds-loving-seagulls-cause-manchester-12048657

a few gems in the usual compendium

https://www.nakedcapitalism.com/2018/01/links-11918.html

...

Anyone who claims that machine learning will save money in high-stakes government decision-making is lying Boing Boing (DL). Must-read.

Crime-Predicting Algorithms May Not Fare Much Better Than Untrained Humans Wired

...

New Cold War

Fear and Droning: Manufacturing Consent for War as a Public-Private Partnership Nina Illingworth

...

CIA rendition flights from rustic North Carolina called to account by citizens Guardian (Re Silc). Well worth a read. “I baked their gingerbread houses for Christmas.”

...

RatioJanuary 19, 2018 8:06 AM

@Wael,

Your A-B mapping looks wrong. I divided the input in segments of the obvious size. The number of distinct segments hints at a next move, but there’s no straightforward way to get where it looks like I need to go first. If I flip all the inputs, everything seems to fall into place. (After that all I’ve got so far is gibberish.) Does this look OK to you?

37 43 7a 56 …

RatioJanuary 19, 2018 10:49 AM

@Wael,

I have ‍ and ‌ as A and B, because the code starts with “ZWJ ZWJ ZWNJ ZWNJ”. You said to “replace B with zero and A with one”, but I use A → 0 and B → 1. (That’s how I ended up with the first four bytes I gave above.)

This is before I get to gibberish:

7CzVhqvZZnkzXwlO3FF9bd7bv9dS3ydl+DmJHhZoO8Vfmgp6kd23qISfDAehc9F79ONwCKDAYjHFnZ5odq0JC2M1i8o4XUyGC3fv2dsbYzadP6zlL+aPQvAv6GC5h5YfE7BuGjOahID1OFZKDAyOkAps1O/8xj61/mfQXnWEXIZ9frvytVWD+PPSJfFgdVSPUV9GKgtvQuj+zbnspsKLufLtsuAymxHRN1dxDTB8hww=

Base-64 decoding is the obvious next move, but doing that seems to yield gibberish. That’s as far as I got on a tiny screen. (I’ll see if I can whip up some code to do the decoding later.)

WaelJanuary 19, 2018 11:15 AM

@Ratio,

Gibberish looks fine! You basically had two choices regarding mappings of {ZWJ, ZWNJ} to {0,1}, that's why the poem did not cover this mapping since the search space is so small. You got unlucky and tried the wrong mapping first but flipped it around and got the correct mapping -- all as expected.

Now regarding the A-B mapping: Read the poem carefully. Does the poem say:

Don't run out of steam; Remember, and you'll be done; The input's the rhyme scheme, Replace B with zero and A with one

Or does it say:

Don't run out of steam; Remember, and you'll be done; The key's the rhyme scheme, Replace B with zero and A with one

The hidden message is now visible, it's still encrypted. You need to find the key and the algorithm then decrypt it. Very good.. You're almost there :)

PS: You are now the only candidate eligible for the prize. Not going to let someone piggyback on your work and eat your freakin' lunch.

WaelJanuary 19, 2018 11:59 AM

@Ratio,

(I’ll see if I can whip up some code to do the decoding later.)

Don't make it too hard on yourself; the poem tells you exactly what you need to do ;)

RatioJanuary 19, 2018 12:03 PM

@Wael,

Now regarding the A-B mapping: Read the poem carefully.

I’d taken “key” to mean “crux”, and sorta stopped reading. *LOL* Next time…

You need to find the key and the algorithm then decrypt it.

Re-reading the poem, it all makes sense and I think I’ve got all the pieces. Playtime’s over, though. ;-)

Clive RobinsonJanuary 19, 2018 10:07 PM

@ Wael,

Sorry for the late response, I'm a little on the down side myself, I've got a dry cough from the bottom of the lungs and it's knocked me sodwards[1], but I'm still topsides :-)

So back to more important things,

Eat a couple of them, but substitute green wheat for rice, which is a more authentic dish.

What you call "squab" we would call "wood pigeon" or just "woodies" that I shoot in my garden from time to time. Not the "rock dove" vermin we have infesting our towns and cities, that I would not feed to the neighbors cat even though we have a mutual hate for each other :@

The stuffing is similar to one made with rice, dates, preserved lemon[2] and cinnamon, that allegedly comes from Morocco. A friends mother makes it when I giver her a brace of woodies from the garden. She also adds just a very little harisa in to lift it up. It's "a dish of spring" that has the power to make your mind leap above the grey and the damp to those pleasant roof tops and courtyards in old "Moorish" towns around the Mediterainian. I asked her once why rice in the stuffing and not cracked bulgar wheat, and she said in effect that the taste of cracked wheat is to earthy and detracted from the lightness of the dish so you could not taste the hint of rose water.

But I shall have to track down the Freek and try it out in a salad first to see what it's qualities are like.

[1] No not a spelling mistake for once ;-) genuine old English word "sod" being the top layer of soil you might call "turf". Thus equivalent of it knocked me "to the ground" which this wracking cough does. It starts with a cough that goes "full body", thence to a bark, to rattle with twitchy jerking feet then gasping wheeze, to just gasping gulp like a fish out of water. It makes smokers hack sound like a polite little request for attention in comparison and it makes doctors look quite alarmed to see me flailing on the exam bed just after they tell me to take a deep breath to listen for fluid in the lungs...

[2] Not the normal lemons you can brine youtself at home, no these are those little hard lemons not much bigger than golf balls and nearly as hard that would be inedible if you did not preserve them for a month or so first. However they reward you with a real lemony perfume almost like standing next to a tree in full bloom.

Clive RobinsonJanuary 19, 2018 10:43 PM

@ JG4,

I recall reading where they collapsed a major roof with many tons of chicken bones from the nearby dump

Yeah Seagulls are actually taking over from pigeons, more flying dogs than rats. Like Canadian Geese they are not something that you would eat out of choice. I've actually had a full on fight with a seagull that was attacking a child and frightening her mother. They are not just vicious they are bold as well and this one had drawn blood. However once I had a firm grip on it's wind pipe it quietend down sufficient to get it away from the high street and spectators. Personally I'd have quite happily wrung it's neck but people get all squeamish about that sort of thing, saying it was not doing any harm when it had just nearly bitten a childs finger off...

In the UK we used to have weekly refuse collections but the Government decided that once every two weeks was OK, which it is not... Since then the levels of ordinary vermin such as flies, mice and rats has shot up, but also second tier vermin such as foxes, seagulls, squirrels and feral pets coming into direct contact with humans even in their homes. Often it's young children getting attacked you hear about because the over populating vermin see them as a fresh food source... It's also encoraged an increase in "fly tipping" and other anti-social behaviour such as setting bins on fire...

WaelJanuary 19, 2018 10:53 PM

I've got a dry cough from the bottom of the lungs and it's knocked me sodwards

Get better soon. I'm still not a 100%, either.

What you call "squab" we would call "wood pigeon" or just "woodies"

Hmmmm. I wish you hadn't gone there! You're asking for a yellow card!

Par for the course! One Pigeon is supposed to be equivalent to 120mg of the blue stuff -- you know, Vitamin V, and it doesn't give you a headache either (not that I would know - I just heard.) Not surprised it's called by that in the UK, according to Wikipedia...

Colloquially and in slang, erection is known by many informal terms. Commonly encountered English terms include '******', '*****', '*****' and 'woody'.

So... Plan for a rowdy night.

The stuffing is similar to one made with rice, dates, preserved lemon[2] and cinnamon

I only like cinnamon in deserts. Had enough rose water that I am sick of it.

But I shall have to track down the Freek and try it out in a salad first to see what it's qualities are like.

Good stuff, they call it "super food" these days. It does have a taste that can overwhelm mild-tasting foods.

genuine old English word "sod" being the top layer of soil you might call "turf"

My neighbor, Charlie, is ninety-some years old and goes for a daily walk with his nurse. Whenever I see him and ask him "how are you doing Charlie," his response is always "still above the sod" :)

bed just after they tell me to take a deep breath to listen for fluid in the lungs.

Have you been baptized (waterboarded) recently?

WaelJanuary 20, 2018 10:45 AM

@Ratio,

Playtime’s over, though. ;-)

It ain't over till you post the cleartext message.

Don't run out of steam; Remember, and you'll be done; The key's the rhyme scheme, Replace B with zero and A with one

...

Know that I keep my word; I have class. On Schneier's Blog of Cryptology... My limerick immortalized your *ss With an inscription of your Eulogy

Rhyme Scheme... Limerick.... ? (Psssst: Google Fu might help here.)

WaelOctober 11, 2018 1:33 AM

@Ratio,

Hmm. Apparently something changed on https://aesencryption.net . It's no longer able to decrypt the gibberish... I found out today but it did work until a few months ago. Next time I won't say OpenSSL is a loosing bet ;)

For people without glasses: three steps (you may need it in the future.)

One:
Get the hidden code and parse it out, convert it to binary:

curl -s https://www.schneier.com/blog/archives/2016/06/friday_squid_bl_530.html#c6768390 | awk '/c6768390/{flag=1;next}/class="comment by/{flag=0}flag' | awk -v RS='&[j-z]+;' 'RT{gsub(//,"",RT);printf RT}' | sed 's/‌/1/g; s/‍/0/g' | sed 's/.\{8\}/& /g'

Two
Copy the output and paste it into a binary-numbers to text converter, such as this one:
http://www.unit-conversion.info/texttools/convert-text-to-binary/

Three
Then copy the resulting encrypted text to decrypt it here:
https://aesencryption.net but it no longer decrypts it. Perhaps it was never meant to be posted here, so I won't do that.

PS: The above is a quick and dirty script -- you can probably optimize it... I was tempted to stick steps 2 and 3 in the script, but that would be dangerous.

WaelOctober 11, 2018 8:59 AM

@Clive Robinson,

Yes, did you look through their first code snipit and find it's "hard coded" IV?

I had a feeling it's something like that, but I did not follow up on it. One can't depend on the consistency of external URL links. Anyway, the cleartext:

There once was a guy named ianf
Who messed with wrong blog staff
Clive and I tore him a few new ones
So he ran away from the nuisance
And joined his banned fellow Riffraff

World-class literature, ma man!

WaelOctober 11, 2018 9:32 AM

@Weather,

What does that thing you posted do

Removes manure from the eyes to heal your blindness and opens your eyes to new horizons; enables you to 'read between the lines'. 'Mature enough' for you?

Weal

I'll pretend I didn't see that.

WaelOctober 11, 2018 3:44 PM

@Weather,

but you can use "view page source" in the browser

Sure you can! You can also copy and paste in a hex editor, or use curl or wget, etc... Question is: what will you do after you "view page source"? All you'll know is that there's something 'hidden', and if it's encrypted, then that'll be the limit of your knowledge.

Or you can use a script to automate the tedious task of revealing the text (I thought of a browser extension / plugin, but I don't have the time or the desire.) This whole exercise was to demonstrate, among other things, that one can sign the post without distraction and readers can run a script like the one I posted to verify the signature. One could also deliver a binary payload -- executable or otherwise -- if you know what I mean ;) Give it sometime and some researcher will discover this attack vector...

That was a month ago :D

I'm well aware of that. Now we're even ;)

@Bong-Smoking Primitive Monkey-Brained Spook,

As if you wrote it in a few minutes.

Put the bong down, Monkey Brain. By the way:

curl -s https://www.schneier.com/blog/archives/2016/06/friday_squid_bl_530.html#c6768390 | awk '/c6768390/{flag=1;next}/class="comment by/{flag=0}flag' | awk -v RS='&[j-z]+;' 'RT{gsub(//,"",RT);printf RT}' | sed 's/‌/1/g; s/‍/0/g' | sed 's/.\{8\}/& /g'

[j-z] should be [j,w,n,z]. They both work but this is more accurate.

Clive RobinsonOctober 11, 2018 4:08 PM

@ Wael,

You might know that in the UK parliment is something known as the "Woolsack" which is the official seat of the Lord Chancellor or when sitting in the House of lords.

Thus the poor old woolsack gets crushed by the tail end of weighty matters... I wonder why you are doing the same to the woolsock?

WaelOctober 11, 2018 4:23 PM

@Clive Robinson,

Thus the poor old woolsack gets crushed by the tail end...

Two reasons: Correct mistakes, maintain perception of distance, unless you want to grease him for good this time.

Clive RobinsonOctober 11, 2018 4:52 PM

@ Wael,

The wheels are well enough greased on the bus, no need for anyone to have to go under there to add more, it would just create a mess.

RatioOctober 11, 2018 5:00 PM

@Wael,

I completely forgot about your poetry!

For people without glasses: three steps (you may need it in the future.)

Uh-oh.

One: Get the hidden code and parse it out, convert it to binary

Suggested simplification (untested):

curl -s ① |
sed -n '/②/,/③/p' |
perl -0777 -ne 'print join("", map(length, /&zw(n?)j;/))' |
sed 's/.\{8\}/& /g'

That is, download URL ①, extract the region of text from the line matching ② to the line matching ③, and convert all occurrences of ZWNJ and ZWJ to 1 and 0. Pattern ② could be:

<article><div class="comment [^"]+" id="c6768390">

… and pattern ③ could be:

<\/article>

(Maybe add a helping of backslashes just to be safe.)

Two: Copy the output and paste it into a binary-numbers to text converter

Turning groups of eight ones and zeros into a string of bytes shouldn’t be too hard in Perl (oct, chr, …). I’ll leave that to you. :-)

Three: Then copy the resulting encrypted text to decrypt it

… until that no longer works, of course. ;-)

PS: The above is a quick and dirty script -- you can probably optimize it...

I’m hand-rolling assembly as we speak. (Formal methods all the way, don’t worry.)

WaelOctober 11, 2018 5:59 PM

@Ratio,

Suggested simplification (untested):

I'll test it at some point... I used perl for constructing the message and awk for deconstructing it.

I’ll leave that to you. :-)

I didn't have the bandwidth. Ideally it should be a single script that does extraction, encoding, decoding, encryption, and decryption that one runs without the need to go to external URLs, , ...

until that no longer works, of course. ;-)

Yea, rub it in. I want 'my crow' barbecued, and stuffed with freek please! In other words: give me the freaking crow.

Uh-oh.

She looked at me with big brown eyes and said:
You ain't seen nothin' yet ;)

WaelOctober 11, 2018 6:28 PM

@Ratio,

I’m hand-rolling assembly as we speak. (Formal methods all the way, don’t worry.)

Oh, no! A bucket and a half of code! Thought that was history now ;)

Clive RobinsonOctober 11, 2018 7:58 PM

@ Wael,

Yea, rub it in. I want 'my crow' barbecued, and stuffed with freek please!

I would prefer it be stuffed with cooked potatoes and garlic mashed with a little honey with a pinch of ginger. With overnight soaked raisins and a little fresh fenugreek (Greek hay). After searing the crow on a charcoal brasier wrap it in a pastry shell which contains a little rosemary or simillar herb and butter. Bake slowly in a moderate oven.

When cooked serve with a strong green salad and anything else with good flavour that would be palatable just to cover the dam bitterness of crow ;-)

Of other note the "blackbird" of "four and twenty blackbirds cooked in a pie" nursery rhyme are actually young crows or other corvoids caught by the process of "rooking". Put simply to learn to fly the young bird has to "fall from the tree" they can easily be caught by just knocking them of the branch they are on and stuffing them in.a sack...

Actual recipies for "game pies" from the time usually included grapes and wine etc. They were not what we would call a pie in the modern sense. The simple flour and water pastry crust was not ment to be eaten but as a lid to "seal the pot" to keep in as much moisture as possible in what was in effect a very thick stew.

But if you ask anyone who has actually eaten young crow, like Canadian geese and Swan it's something they would probably give a miss to a second time around in favour of a nice roast chicken or even cold hard boild egg... Trust me when I say it's a "poor mans food" that even the rich would not consider turning into a luxury unlike caviar or smoked salmon.

Normally I'm in favour of poor mans food but crow falls into that trench of culinary horrors that is "neither fish nor fowl" but is the worst of both.

RatioOctober 11, 2018 8:00 PM

@Wael,

I'll test it at some point...

The sed range thing is obvious once you know the construct exists. (To make it work, you need to either add the -E flag or change ② from [^"]+ to [^"][^"]*, I think.)

The idea behind the Perl thing is to process the whole comment as a single record (hence the -0777), match all occurrences of ZWNJ and ZWJ, while capturing "n" or "", and mapping them to 1 and 0 (which, by an amazing coincidence, just happens to be the length of the string captured).

Ideally it should be a single script that does extraction, encoding, decoding, encryption, and decryption that one runs without the need to go to external URLs, , ...

Ideally someone else would write that for us. ;-)

I want 'my crow' barbecued, and stuffed with freek please!

Super freek,
Crow stuffed with super freek,

Stop! Hammer time!

(Hey, you started it!)

A bucket and a half of code!

And a bucket and a half it was! A certified expert, I tell ya! *snort* ;-)

Bong-Smoking Primitive Monkey-Brained SpookOctober 11, 2018 10:53 PM

@Clive Robinson:

just to cover the dam bitterness of crow ;-)

So you actually ate a goddamn crow? god dayum!

AnuraOctober 11, 2018 11:54 PM

It does not matter. The damage has been done. The great old ones have awakened. The end is nigh.

WaelOctober 12, 2018 12:08 AM

@Anura,

It does not matter. The damage has been done. The great old ones have awakened. The end is nigh.

Oh, come now! Be a sport and stop singing sad songs! I'll Swallow My Pride and accept step 2 in perl script. Or you can try @Clive Robinson's 'Crow Recipe' :)

WaelOctober 12, 2018 1:22 AM

@Ratio,

Ideally someone else would write that for us. ;-)

I hear @Anura can whip out 5 KLOC south of 10 minutes!
[...], I tell ya! *snort* :-)

Clive RobinsonOctober 12, 2018 4:41 AM

@ All present,

I've tried page scraping HTML with regex in the past and you end up building your own twisty little rabbit hole behind you...

The process is quite simple

1, With simple clean well structured HTML you write an apparently working regex. You smile and feel content.

2, Somebody presents you with a slightly different version (that just for arguments sake uses slightly weird white space) so a small frown appears

3, So you write an addon to your regex to trap it and convert it to your idea of a simple clean well structured HTML. All is well your frown fades.

4, Somebody else presents a yet slightly different version so go to step 3....

Due to the natute of HTML step 4 will occure in an infinity of ways. So step 3 happens every time and that tunnel of fixups behind your once simple regex builds ever longer. The one that oft kills is nesting of HTML tags within tags.

Eventually something will break, like not enough heap space or time slows down for your original regex...

But in the process those little frowns will mighty furrows make and force your hair to recead and your eyebrows to sag and a haunted demeanor to arise around you such that even small children will hide in your presence...

Ultimately it's the fate of nearly all regex to freeform or near free form input. I first learned this when trying to do an apparently simple "search and change word" in simple text documents. Hyphenation[1] across line breaks is hard, but can be done. But it's near impossible with page breaks, because people add "page numbers", "titles", "page headers and footers", "section headers", "tables", and yet more... Which humans just ignore due to the simple "visual 2D clues" that regex's will never see...

But IMPORTANTL don't let regex issues stop you prototyping an idea quickly and efficiently. Just remember it will break in a production system[2].

[1] I've bumped into the problem so often I've used the "hyphenation" question in job interviews, and it genuinely makes people sweat and develop a haunted look. Trust me when I say I am not a nasty person, it's why I stopped using it, it began to feel like torture and colleagues used to joke about what I was doing to potential recruits... I have a simpler nicer question these days that does not require the recruit to even know a programing language to test their problem solving and thinking skills, and it too has no "right answer"...

[2] I guess you all know one of the truisms about "fool proof"...

Clive RobinsonOctober 12, 2018 5:19 AM

@ BSPMBS,

So you actually ate a goddamn crow?

Yes, I have an intetest in "industrial history" or more precisely how people did things in times past. They are rarely if ever written down so you have to take what clues you can and experiment yoir way through.

What we ate in times past in terms of basic ingredients is known, sometimes you get a list but they were written as aids to memory not a guide to process them.

Even today we hide such information for instance seeing the base list of ingredients in the Chorly Wood bread making process will not give you a light fluffy loaf. Because what do you do with the chicken feathers or animal hair?

Likewise various sauces, the Romans used "rotted fish sauce" but most would be squeamish to try it, yet are quite happy to eat oriental food that uses "fish sauce", or "anchovy essence" in steak pie, or just Worcestershire sauce on cheese on toast. What about "rotted bean and grain sauce"? Well you might know that as Soy Sauce, but the secret to making it is in the process not the base ingredients.

So yes when you find purchasing records for the kitchin of a large house / palace etc and you come across "rooks" but know they are "crows" and a game bird pie ingredient list that uses amongst other things "withered grapes" you need to get creative...

And yes you can make young crow's caught by rooking edible even pleasent by modern standards, but it's a lot of work. You can not make crows that have flighted for a while taste nice. Because the taste of what they eat taints their flesh...

It's why we don't eat seagulls for instance, and why we hang some game so "flavour can rot in".

Many of our modern taste likes such as cheese, pickles, breads, and alcoholic beverages only happen due to a controled "rotting" process. Others such as smoked or salted meats fishes and cheeses by trying to stop a rotting process, sometimes by encoraging a different rotting process to happen first...

Arguably we learnt to cook from scavenging animals and seeds left after forest or similar fires. Likewise preserving from trying to hide meat under water and hiding fruit in caves and holes in the ground.

In short "fresh food" is actually quite dull to taste and unexciting, we need it to rot a bit or add small amounts of poisonous plants (herbs and spices" to make it taste interesting.

Bong-Smoking Primitive Monkey-Brained SpookOctober 12, 2018 7:03 AM

@Clive Robinson:

What we ate in times past in terms of basic ingredients is known...

Interesting take on food industrial history. Lost my appetite.

WaelOctober 12, 2018 11:33 AM

@Anura,

Cute song[1]. This a song about a "whale", almost sounds like my name. At least what people call me. One part out of two finished. For the second part, what will it be now: a nice 'perl script' or a damn bitter 'crow meal'?

[1] This made me happier, though!

RatioOctober 12, 2018 5:00 PM

@Anura,

Shame on you both.

Not HTML, just plain text that happens to contain many angle brackets!

@Wael,

At least what people call me.

No uh-oh for ya?

Clive RobinsonOctober 12, 2018 7:05 PM

@ Wael,

At least what people call me.

Having once had the "top line" spell checker on an android phone change your name, it occurs to me I have actually never tried to prononce your name out loud.

I've kind of assumed in my head it's Wait and heel so Way-eel. But in honesty I've not a clue.

WaelOctober 12, 2018 7:45 PM

@Clive Robinson,

Go to google translate and translate "Wael" into Arabic, then press the speaker icon on the Arabic pane. The lady pronounces it well, almost perfect. Sounds like Wa iL

RatioOctober 12, 2018 8:00 PM

@Wael,

The lady pronounces it well, almost perfect. Sounds like Wa iL

Perfect = uh-oh for ya! (Hint: 0626)

WaelOctober 13, 2018 5:27 AM

@Ratio,

Uh-oh! You'll need your low-diopter Kaleidoscope for this one!
For the obtuse, de-steganography script to follow shortly.
Be thankful this's not encrypted :)
Hopefully it'll work the first time and there's no copy/paste errors; I had no time to work on the composition script.‍‌‍‍‍‍‍‌‍‌‌‍‌‌‍‌‍‌‌‍‍‍‍‌‍‌‌‌‌‍‌‍‍‌‌‍‌‍‍‌‍‌‌‍‌‌‌‍‍‌‌‍‍‌‌‌‍‍‌‍‍‍‍‍‍‌‌‍‍‌‌‍‍‌‌‍‍‍‍‌‍‌‌‌‍‍‌‍‍‌‌‍‍‍‌‌‍‌‌‍‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‍‌‍‍‍‍‌‌‍‌‌‌‌‍‌‌‌‍‌‌‌‍‍‌‍‍‍‍‍‍‌‌‌‍‍‌‌‍‌‌‌‍‌‌‌‍‌‌‍‍‌‍‌‍‌‌‍‍‌‍‌‍‌‌‌‍‌‍‍‍‍‌‍‍‍‍‍‍‌‌‌‍‌‍‍‍‌‌‍‌‍‍‍‍‌‌‍‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‌‍‌‍‌‍‌‌‍‌‌‍‍‍‌‌‌‍‌‍‍‍‌‌‌‍‍‌‍‍‌‌‍‍‍‍‌‍‌‌‌‍‍‌‌‍‌‌‍‌‌‌‌‍‌‌‌‍‌‍‌‍‌‌‍‌‌‌‍‍‌‌‍‍‌‍‍‍‍‌‍‌‌‌‍‍‍‌‍‍‍‍‍‍‍‍‍‌‌‍‌‍‍‍‍‌‍‌‍‍‌‍‍‍‌‌‍‍‌‌‍‌‌‌‌‍‌‌‍‌‌‍‍‍‌‌‍‌‌‍‍‍‌‌‍‌‌‌‌‍‌‌‌‍‌‌‌‍‍‌‍‍‍‍‍‍‌‌‌‍‌‍‍‍‌‌‍‌‍‍‍‍‌‌‍‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‍‌‌‍‍‍‌‌‍‌‍‍‌‍‌‌‍‌‌‌‍‍‌‌‍‌‍‌‌‍‍‌‍‌‌‍‍‍‍‌‍‍‍‍‍‍‌‍‍‍‍‍‍‍‌‍‌‍‍‌‍‍‌‌‍‍‍‍‌‍‌‌‌‍‌‍‍‍‌‌‍‌‍‍‌‍‌‌‍‌‌‌‌‍‍‌‍‍‍‍‍‍‍‌‍‌‌‍‌‍‍‌‍‌‌‍‌‍‍‌‍‍‍‍‍‍‌‌‌‍‍‌‌‍‌‌‍‌‌‌‌‍‌‌‍‌‌‌‍‍‌‌‍‍‌‌‌‍‍‌‍‍‍‍‍‍‌‌‍‌‍‍‌‍‌‌‌‍‍‌‌‍‍‌‍‍‍‍‍‍‌‌‍‍‌‌‍‍‌‌‍‌‌‌‌‍‌‌‌‍‍‌‍‍‍‌‍‍‍‍‍‍‌‌‌‌‍‍‌‍‌‌‍‌‌‌‌‍‌‌‌‍‌‍‌‍‍‌‍‌‌‌‍‍‍‍‍‌‌‍‌‍‍‍‍‌‍‌‍‍‌‍‍‌‌‌‍‍‌‌‍‌‌‌‌‍‍‌‍‍‍‍‍‍‌‌‍‍‌‌‍‍‌‌‌‍‍‌‍‍‌‌‍‍‌‍‌‍‌‌‍‍‍‍‌‍‌‌‍‌‍‌‌‍‌‌‍‌‍‍‌‍‌‌‍‌‌‌‍‍‌‌‍‍‌‌‌‍‍‌‍‍‍‍‍‍‌‌‌‍‍‍‍‍‌‌‍‍‌‍‌‍‌‌‌‍‍‌‍‍‌‌‍‌‌‍‍‍‍‌‍‍‍‍‍‍‌‌‌‍‍‌‌‍‌‌‍‍‍‌‌‍‌‌‌‍‍‌‍‍‌‌‍‌‍‍‌‍‌‌‌‍‍‍‍‍‌‌‌‍‌‍‍‍‍‌‍‌‌‍‍‍‍‌‍‍‍‍‍‍‌‌‍‌‌‌‍‍‌‌‍‌‌‌‌‍‌‌‌‍‍‌‍‍‍‌‍‍‍‍‍‍‌‌‍‍‍‍‌‍‍‌‍‍‍‍‍‍‌‌‍‍‍‌‌‍‌‌‍‍‌‍‌‍‌‌‌‍‍‌‍‍‌‌‌‍‌‍‍‍‌‌‍‌‍‍‌‍‌‌‍‍‌‌‍‍‌‌‍‌‍‍‌‍‌‌‍‍‌‍‌‍‌‌‍‍‌‍‍‍‍‌‍‍‍‍‍‍‌‌‍‍‌‍‌‍‌‌‌‌‍‍‍‍‌‌‌‍‍‍‍‍‌‌‍‍‌‍‌‍‌‌‌‍‍‌‍‍‌‌‌‍‌‍‍‍‍‌‍‌‌‍‍‍‍‌‍‍‍‍‍‍‌‍‍‌‍‍‌‍‍‌‍‍‍‍‍‍‌‌‌‍‌‍‍‍‌‌‍‍‌‍‌‍‌‌‍‌‌‍‍‍‌‌‍‌‌‍‍‍‍‌‍‍‍‍‍‍‌‌‌‌‍‍‌‍‌‌‍‍‍‍‌‍‍‌‍‍‍‍‌‍‍‌‍‍‍‍‍‍‍‌‍‌‍‌‍‍‌‌‌‍‍‌‌‍‌‌‍‌‌‌‍‍‌‌‍‌‌‌‌‍‌‌‌‍‍‌‍‍‌‌‌‍‌‍‍‍‍‌‍‌‍‌‍‍‍‌‍‍‍‍‍‍‍‌‌‌‍‌‌‍‍‌‍‌‌‍‌‍‍‌‍‌‍‍‌‍‍‍‍‌‌‍‌‍‍‍‍‌‍‌‍‍‌‍‌‍‌‍‍‍‌‌‍‌‍‍‍‍‌‌‍‍‌‍‌‍‌‌‌‍‍‌‍‍‌‌‍‍‌‍‌‍‍‌‍‍‍‍‍‍‌‌‍‍‌‌‌‍‌‌‍‌‌‌‌‍‌‌‍‍‌‍‌‍‌‌‌‍‍‌‌‍‍‌‍‍‍‍‍‍‌‌‍‌‌‍‌‍‌‌‌‌‍‍‌‍‍‌‍‍‍‍‍‍‌‍‍‍‌‌‍‍‌‌‌‍‍‌‍‍‌‌‍‌‍‍‌‍‌‌‍‍‌‍‍‍‌‌‍‍‍‍‌‍‌‌‌‌‍‍‌‍‍‌‍‍‍‍‍‍‌‌‍‍‌‍‌‍‌‌‌‍‌‌‍‍‌‌‍‍‌‍‌‍‌‌‍‌‌‌‍‍‌‌‍‌‍‍‌‍‌‌‍‌‌‌‍‍‌‌‍‍‌‌‌‍‍‌‍‍‍‍‌‍‍‍‍‌‌‍‌‍‍‍‍‌‍‌‍‍‌‌‍‌‍‍‍‍‌‌‌‍‌‍‍‍‌‌‌‍‌‍‍‍‌‌‌‍‍‍‍‍‌‌‌‍‍‌‌‍‍‌‌‌‍‌‍‍‍‌‍‌‌‌‌‍‍‌‍‌‌‌‌‍‌‌‌‍‌‌‌‍‌‌‌‍‌‌‌‍‌‌‌‍‌‌‌‍‍‌‍‌‌‌‍‍‌‌‌‍‍‌‌‍‌‌‍‍‍‌‌‍‌‌‍‌‍‍‍‍‌‌‍‌‌‌‍‍‌‌‍‍‌‍‌‍‌‌‍‌‍‍‌‍‌‌‍‍‌‍‌‍‌‌‌‍‍‌‍‍‍‌‍‌‌‌‍‍‌‌‍‍‍‌‌‍‌‌‍‌‌‌‌‍‌‌‍‌‌‍‌‍‍‌‍‌‌‌‌‍‌‌‍‍‍‌‍‍‌‌‍‌‌‍‍‍‌‌‍‌‌‌‌‍‌‌‍‍‌‌‌‍‍‌‍‌‌‌‌‍‌‌‍‍‍‍‌‍‌‌‌‍‍‌‍‍‌‌‍‍‍‌‌‍‌‌‍‌‍‍‍‍‌‌‍‌‍‍‌‍‌‌‌‍‌‌‍‍‌‌‍‍‌‍‌‍‌‌‌‍‍‌‌‍‍‌‍‌‌‌‌‍‍‌‌‍‍‌‍‍‍‌‌‍‍‍‍‍‍‌‌‍‍‍‌‍‍‌‌‍‌‌‌‍‍‌‍‌‌‌‌‍‍‌‌‍‍‍‍‍‍‌‌‍‍‍‌‍‍‌‍‌‌‌‌‍‌‌‍‍‌‌‍‍‌‌‌‍‍‌‍‍‌‌‍‌‍‍‌‍‌‌‍‍‌‍‍‍‌‌‍‍‍‍‌‍‌‌‌‌‍‍‌‍‌‍‌‌‌‌‌‍‌‌‌‍‍‌‌‍‌‌‌‍‍‍‌‍‌‌‌‍‌‍‌‍‌‌‍‌‍‍‌‍‌‌‍‍‌‍‍‍‌‍‌‌‌‌‌‍‌‌‍‍‍‌‍‍‌‌‍‌‌‍‍‍‌‍‌‌‌‌‌‍‍‌‌‍‌‍‌‍‍‌‌‍‌‌‍‍‍‌‌‍‍‍‌‍‍‌‍‌‌‌‍‍‌‌‍‌‍‍‍‍‌‌‌‍‌‍‍‍‌‌‍‌‌‍‌‍‌‌‍‌‌‍‍‍‍‌‍‍‍‌‌‍‌‌‍‍‍‌‌‍‍‌‌‍‌‌‍‍‍‌‌‍‌‌‌‍‍‌‌‍‌‍‍‍‍‌‌‍‍‌‌‍‍‌‌‌‍‍‌‍‍‌‌‍‍‌‌‍‍‌‌‍‍‍‌

WaelOctober 13, 2018 5:46 AM

Your low-power Kaleidoscope:

export SCANNED=$(curl -s https://www.schneier.com/blog/archives/2018/01/fingerprinting_6.html#c6783362 | awk '/c6783362/{flag=1;next}/class="comment by/{flag=0}flag' | awk -v RS='&[j,n,w,z]+;' 'RT{gsub(//,"",RT);printf RT}' | sed 's/&zwnj;/1/g; s/&zwj;/0/g' | sed 's/.\{8\}/& /g' | tr -d ' '); printf $(echo "obase=16;ibase=2;$SCANNED" | BC_LINE_LENGTH=2000 bc | sed 's/../\\x&/g')

Copy and paste in your terminal (Unix or similar tools installed.) Obviously the encoding is dreadful since we only used two symbols. There are a few more symbols that can be used -- around 7 or 8. Very close to implementing a signature scheme with simple scripts that can verify the authenticity of the poster. All one need to do is:

1: Post a public key here, or elsewhere, possibly with a cert
2: Sign the post with the private key, I guess
3: Make sure the signature includes the name of the poster, and the time-stamp (tricky.)
4: Append openssl command to the above script, and it's done!

Oh, the composition script needs to be built, and the encoding needs to be improved.

@Thoth,

You wanna take a stab at it? You seemed interested in this kind of thing. If you don't then I don't know when I'll have a chance.

WaelOctober 13, 2018 5:58 AM

Forgot the most important step! Skull getting dull [1]
5: Encode and embed the signature within the post (hidden signature.)

This way we don't clutter the screen.

[1] limerick Time, I guess:

There was a guy with a quantum-brain called @Ratio
Whose neurons were entangled...

Oh, Crap. I'm blanking out. Time to count some canaries before they die

RatioOctober 13, 2018 7:30 AM

@Wael,

You and your hints!

Here ya go:

0626 → 1101100010100110
0626 ~ 064A0654
064A0654 → 00000110010010100000011001010100

Ya got uh-oh to avoid all that gnashing and wailing.

Hopefully it'll work the first time and there's no copy/paste errors
ACK
sed 's/.\{8\}/& /g' | tr -d ' '

Make up your mind. :-P

WaelOctober 13, 2018 8:00 AM

@Ratio,

I'll look at it when I have a clear-mind. Right now, I'm trying to hibernate for like three hours. Then I need to finish some work.

Make up your mind. :-P

Script too long. Wanted to make it shorter, that's all.

*12345 canaries, 12346 canaries, two hours trying to sleep, dang, it's not working, better pick up a boring book :(*

WaelOctober 13, 2018 3:16 PM

@Ratio,

You mean it's not a perfect pronunciation because some people pronounce 'ئ' as 'ie'?
Well, the Google-Translate lady makes a subtle inaccuracy in the first and second letters.

RatioOctober 14, 2018 3:30 PM

@Wael,

Out with it

It was already out, visible as Unicode code points and UTF-8 bit strings:

     0626 → 11011000 10100110 → ئ
064A 0654 → 00000110 01001010
            00000110 01010100 → ئ
     064A → 00000110 01001010 → ي
     0654 → 00000110 01010100 → ‏ٔ‎

(U+0626 and U+064A U+0654 are canonical equivalent.)

If ya say “Wael” ya gotta have uh-oh to avoid gnashing and wailing.

(I’ve heard native speakers use two different pronunciations, but I always assumed you prefer the final syllable as “ell” not “eel.” Now I wonder, what would وائل look like with harakat?)

Wanted to make [script] shorter, that's all.

Hmmmm… what would be the shortest way to add spaces (sed) and subsequently delete them again (tr)? ;-)

WaelOctober 14, 2018 4:19 PM

@Ratio,

If ya say “Wael” ya gotta have uh-oh to avoid gnashing and wailing.

Uh ha. I see. Cute :)

I’ve heard native speakers use two different pronunciations

berhabs your ears were clogged, or they were not so native. There's only one proper way to pronounce it. Actually it's a bit more complex than that, and has to do with the multitude of Arabic proper languages (not dialects.) Arabic is an ensemble of languages, as I said in the past.

I always assumed you prefer the final syllable as “ell” not “eel.”

Prefer! Prefer? Let me tell you something: there's only one proper way to pronounce it. End of stroy :)

Now I wonder, what would وائل look like with harakat?)

وَائِلْ

what would be the shortest way to add spaces (sed) and subsequently delete them again (tr)? ;-)

My goodness, what was I thinking! Didn't even notice... I'll fix it next time.

RatioOctober 14, 2018 5:00 PM

@Wael,

berhabs your ears were clogged, or they were not so native.

Or berhabs they bronounced it two different ways.

there's only one proper way to pronounce it. End of stroy :)

Understood. I… misremembered. Yeah, that’s it. :-)

WeatherOctober 14, 2018 5:36 PM

Wael
You have a dulipcate from 0-32 chars, the second char that is dulipcated gets removed set that fixed at 256 bit( hence 60 maths to expand the things) sorry fuzz at the moment can't think what the first 8 chars were for, if the first 8 was a one it would get bruteforced, update later

Clive RobinsonOctober 14, 2018 6:36 PM

@ Wael (Wa-iL),

If and when you get around to sending the PubKey just remember there are two bit's you don't need to send. Just to save that extra bit of effort or two.

WaelOctober 14, 2018 6:47 PM

@Clive Robinson,

If and when you get around to sending the PubKey just remember there are two bit's you don't need to send

It's already here: Wael's test Public Key

just remember there are two bit's you don't need to send

Not following!

(Wa-iL)

Actually Wa 'el ;)

WaelOctober 14, 2018 7:48 PM

🔑 (attempt)
@Clive Robinson, cc: @Ratio,

I'm guessing your harsh mistress is having her way with you again?

She's been working an average of 20.5 hours a day for the past couple of weeks!

Oh and the bad "bite in the asp" joke yes I caught it, though I'm not sure who else did ;-)

You alawys do! Our neurons have somehow gotten entangled over the years -- You've got me pinned!
Ahem...

The price you pay is a question that I'll ask you soon.

When is: Perfect + Perfect = Imperfect?

That's not necessarily an easy question and is too ambiguous... I'll restate it: if one wants to achieve:
1: Perfect confidentiality -- Cryptography
2: Perfect stealthiness -- Steganography

And knowing that: Cryptography is the art of hiding the meaning of the message, whereas
Steganography is the art of hiding the existence of the message

Show whether the following proposition is true or false:

A mechanism that achieves both Perfect stealthiness and Perfect Confidentiality must necessarily involve Security through Obscurity.

@Ratio,

Or berhabs they bronounced it two different ways.

That possibility is aready assumed! You heard it two different ways, or they pronounced two differnt ways. Question is why did they pronouce it two differnt ways?

it would get bruteforced, update later

Okay. go ahead. Bruteforce AES, I won't hold my breath.
‍‌‌‌‍‍‍‌‍‌‌‌‍‍‌‌‍‌‍‍‍‌‍‍‍‌‍‍‍‌‌‌‍‌‍‍‍‍‌‌‍‌‍‌‌‍‍‍‍‌‌‍‍‍‌‌‍‌‌‌‍‍‍‌‍‍‌‌‍‌‍‍‍‌‍‌‌‍‍‍‍‌‌‍‍‍‍‌‍‌‍‍‌‍‍‍‍‌‍‍‌‌‌‍‍‌‍‍‍‍‌‌‍‍‌‌‍‍‌‍‍‌‍‍‍‌‍‍‍‌‍‌‍‍‌‌‍‌‍‍‌‍‌‌‍‍‌‌‍‍‌‌‍‌‍‌‌‍‌‍‍‌‌‍‌‌‌‌‍‌‍‍‌‍‍‌‍‌‌‌‍‍‍‍‍‌‍‌‍‌‌‍‍‌‍‍‍‌‌‍‍‌‍‍‍‌‍‍‍‌‍‍‍‌‌‍‍‌‍‍‌‍‍‍‍‌‌‌‌‍‍‍‍‍‌‌‍‌‍‌‍‌‍‍‌‍‌‌‍‌‌‌‍‍‌‌‍‌‍‍‍‍‍‌‍‌‌‍‍‌‍‍‍‌‍‌‍‌‍‍‍‌‍‌‍‌‌‌‍‌‌‍‍‍‍‌‍‌‍‍‍‍‌‍‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‍‌‍‍‌‍‌‌‍‌‌‌‍‌‍‌‍‍‌‌‍‌‍‍‍‌‌‍‌‍‍‍‍‌‌‌‌‍‌‍‍‌‌‌‌‍‍‌‍‌‍‌‍‌‍‍‍‌‍‍‌‍‌‍‍‌‌‌‌‍‍‌‍‍‌‍‌‍‌‌‍‌‌‍‌‌‍‌‍‌‌‍‍‍‌‌‍‌‍‍‌‌‍‌‍‌‌‌‌‍‍‍‍‍‌‌‍‌‌‌‍‌‍‌‍‌‌‍‍‌‌‌‍‍‌‍‍‍‌‍‌‌‌‌‍‌‌‍‍‌‍‌‍‍‌‌‍‌‍‍‍‌‌‍‌‌‌‌‍‌‍‌‍‌‌‍‍‌‌‌‍‌‌‌‍‌‌‌‍‍‌‍‍‍‍‍‌‍‌‍‍‌‌‌‌‍‍‍‍‌‍‍‍‌‍‌‍‌‌‍‍‌‌‌‍‌‍‍‍‌‌‌‍‌‌‌‌‍‍‌‍‌‌‍‍‌‍‌‍‌‌‌‍‍‍‌‍‌‌‍‌‌‌‍‍‍‌‌‍‌‌‌‍‌‍‌‍‌‌‍‍‌‌‍‌‌‌‍‍‌‌‍‍‌‍‍‍‌‍‍‍‌‍‍‍‍‌‌‍‍‌‌‍‍‌‍‌‍‌‌‍‌‍‍‌‌‍‌‍‍‌‌‍‍‌‍‍‌‍‌‌‍‍‍‍‌‌‍‍‍‌‌‍‌‍‌‍‍‌‍‍‌‍‌‍‍‍‍‍‍‌‌‍‍‍‌‍‌‌‌‌‍‌‍‍‌‌‌‍‌‍‍‍‍‌‌‍‌‌‍‍‌‌‌‌‍‍‍‍‌‍‌‍‌‍‌‍‌‌‌‍‍‌‌‍‌‍‌‍‍‍‍‍‌‍‌‌‍‍‍‍‌‍‌‌‍‌‍‍‌‍‍‌‍‍‌‍‍‌‌‍‌‍‍‍‌‌‌‍‌‌‍‍‌‌‌‌‍‍‍‍‌‌‌‍‌‌‍‍‌‌‌‍‌‍‍‍‌‍‌‍‌‌‌‍‌‍‍‍‍‌‌‍‍‌‍‌‍‌‌‍‍‌‌‌‍‍‌‍‌‌‌‍‍‌‍‍‌‌‍‍‍‌‍‍‌‌‍‍‍‍‌‍‌‍‍‍‌‍‌‍‍‌‍‌‍‌‌‍‌‍‍‍‍‌‍‍‌‌‌‍‍‍‌‍‌‍‍‌‌‌‍‍‌‌‌‌‍‌‍‍‌‌‍‌‌‍‌‍‌‌‍‌‍‍‌‍‌‌‌‌‍‌‍‍‌‌‌‍‍‌‌‍‌‍‍‌‍‍‌‍‌‍‌‍‌‍‌‍‌‍‍‌‌‍‌‍‍‌‌‍‍‍‌‍‌‍‌‍‌‍‍‍‌‍‌‍‍‌‍‍‌‍‌‌‍‍‌‍‌‍‍‍‍‌‍‍‌‌‌‍‌‍‌‍‍‌‌‍‌‍‍‍‍‍‍‌‍‌‍‍‌‌‌‍‍‍‌‍‌‍‍‍‍‌‌‍‌‌‍‍‍‍‌‍‍‌‌‍‌‌‍‍‌‍‌‌‍‌‍‍‌‍‌‌‍‍‍‍‌‍‌‌‍‍‍‍‌‌‍‍‍‍‌‍‌‌‍‌‌‌‌‍‌‍‌‍‍‍‍‍‌‍‍‌‍‍‍‍‌‌‍‍‍‌‍‍‌‌‌‌‍‍‌‍‌‍‍‍‍‌‍‍‌‍‍‍‌‌‌‍‌‌‌‍‌‌‍‍‌‍‌‍‌‌‌‍‍‌‌‍‌‍‍‍‌‍‌‍‍‌‌‍‌‌‍‌‌‍‌‍‌‍‍‍‌‍‌‍‌‍‍‌‍‌‌‍‌‌‌‌‍‍‍‍‌‍‍‌‍‍‍‍‍‌‍‌‍‌‌‍‌‍‌‍‌‍‌‍‌‍‌‍‌‍‍‍‌‍‍‌‍‌‌‍‍‌‌‍‍‌‍‍‌‍‌‌‍‍‌‍‌‍‌‍‌‍‍‍‍‌‌‍‍‌‌‍‍‌‌‍‌‍‌‍‌‍‍‌‌‌‌‍‌‍‍‍‌‌‌‍‍‌‍‌‍‌‌‍‌‌‍‍‍‍‌‍‌‍‍‍‌‍‍‍‌‍‍‍‌‌‍‍‌‍‍‌‍‌‌‍‌‌‍‍‌‌‍‍‌‌‌‍‍‍‍‍‍‌‌‍‌‍‌‍‍‌‍‌‍‌‌‍‌‌‌‍‌‍‍‍‍‌‌‌‍‍‍‍‌‌‌‍‍‍‌‍‌‍‍‍‌‌‍‍‌‌‍‌‍‍‌‍‌‍‍‍‍‌‌‍‌‍‍‌‌‌‍‍‌‌‌‍‍‌‍‍‌‍‌‍‌‌‍‍‌‍‌‍‌‍‌‍‌‍‍‍‍‍‌‍‌‌‍‍‌‌‍‍‍‌‍‌‍‌‌‍‌‌‌‍‌‌‍‍‌‌‌‍‍‍‍‍‌‍‌‍‌‍‌‍‌‍‌‌‍‍‌‍‍‌‌‍‍‍‍‍‍‌‌‍‌‌‍‍‌‍‍‍‌‍‌‍‍‍‍‌‍‌‍‍‌‌‍‌‍‌‍‍‍‌‌‍‍‌‌‍‌‌‌‍‌‍‍‍‍‌‌‌‍‍‍‍‌‍‌‍‌‍‍‍‌‍‍‌‍‌‌‍‌‌‌‌‍‍‌‍‌‍‌‍‍‌‌‍‌‌‌‌‍‌‍‍‍‌‍‌‌‌‌‍‌‍‍‍‌‌‌‍‌‌‍‌‌‍‍‍‍‌‌‌‍‍‍‍‌‌‌‍‌‍‌‍‌‌‌‍‍‌‌‍‌‌‍‍‍‌‌‍‌‍‍‍‍‍‌‍‌‌‌‍‍‍‌‍‌‌‌‌‍‍‍‍‌‌‍‌‌‍‍‍‌‌‍‌‌‌‍‍‌‍‍‌‍‍‍‍‍‌‌‍‌‌‍‍‌‍‍‍‌‍‍‍‍‌‌‌‍‍‌‍‍‌‌‍‍‌‍‍‌‌‍‍‍‍‌‍‌‍‍‍‌‍‌‍‌‌‍‌‍‌‍‍‌‌‍‌‌‍‍‍‌‍‍‍‍‌‌‍‌‌‍‌‌‍‍‍‌‍‌‍‌‌‍‍‌‌‍‌‌‍‌‍‌‍‌‌‍‍‌‍‌‍‍‌‌‌‍‍‌‌‌‍‌‍‍‍‌‌‍‍‌‌‌‍‌‍‌‍‌‌‌‍‌‍‍‌‌‍‌‍‌‍‍‍‌‌‌‍‌‌‍‌‌‍‌‍‍‌‍‌‌‌‌‍‌‌‌‍‍‌‌‍‌‌‌‍‍‍‍‍‌‌‍‍‌‍‌‍‌‌‍‌‌‍‍‍‌‌‍‍‍‌‍‍‌‌‍‌‍‍‌‍‌‌‍‌‌‌‌‍‌‍‌‍‍‍‍‍‍‌‌‍‍‌‌‍‌‍‍‍‍‌‌‍‌‌‍‍‌‍‍‍‍‌‌‍‌‌‍‍‍‌‍‌‌‌‌‍‍‌‌‍‌‌‍‍‍‌‌‍‌‍‌‍‌‌‌‍‍‍‍‍‌‌‌‍‍‍‌‍‌‍‍‍‌‍‍‍‍‌‌‍‌‍‍‍‌‍‍‍‌‍‍‍‍‌‌‍‍‌‍‍‍‍‍‌‍‌‍‍‌‍‍‌‍‍‍‍‌‍‍‌‍‍‌‍‌‌‍‌‍‌‌‍‌‌‍‌‍‍‌‍‌‍‍‍‍‍‌‍‌‌‌‌‍‍‍‍‌‍‍‌‌‌‌‍‌‍‍‌‍‌‌‍‌‌‌‍‌‌‍‍‌‌‌‍‌‌‌‍‍‌‌‍‍‍‌‍‌‌‌‍‌‍‌‍‍‌‌‌‍‍‍‍‌‍‍‌‌‍‍‍‌‍‌‍‍‌‍‍‌‍‍‍‍‌‌‍‍‌‍‌‍‌‌‍‌‍‌‌‍‍‌‍‌‍‍‌‌‌‌‍‍‌‌‌‍‍‍‍‍‌‌‍‌‌‌‍‍‌‌‍‌‍‌‍‌‍‍‍‍‌‍‍‌‍‍‍‌‍‍‍‌‌‍‍‍‍‌‍‌‌‍‌‍‌‍‍‌‌‌‍‍‍‌‍‌‍‌‌‍‍‍‍‍‌‌‍‍‍‌‍‌‌‍‌‍‌‌‍‌‌‍‍‍‌‌‍‌‌‌‍‌‍‌‍‌‌‍‌‍‍‌‍‌‍‍‌‍‌‍‍‌‍‍‍‍‍‌‍‌‍‍‌‌‌‍‍‌‍‌‍‍‌‍‍‌‌‍‌‌‌‌‍‌‍‍‍‍‌‍‍‌‍‍‍‍‌‍‍‌‍‍‍‍‍‌‍‌‌‌‌‍‍‌‍‌‌‍‍‍‌‌‍‌‌‌‍‌‍‌‍‍‌‌‍‌‍‌‍‌‍‍‌‌‍‍‍‌‍‌‍‍‌‌‍‌‍‍‌‍‌‌‍‌‍‌‌‍‍‌‍‌‍‍‌‌‍‌‍‍‌‌‍‌‌‍‍‌‌‍‍‍‌‍‍‍‌‌‍‍‌‌‍‌‌‌‍‌‍‌‍‌‌‍‌‌‌‌‍‌‍‌‍‌‍‍‍‌‌‍‌‍‍‌‍‌‍‍‍‍‌‌‍‌‌‌‍‌‌‍‍‌‌‍‌‍‍‍‍‌‌‍‍‌‍‍‍‌‍‌‍‌‌‌‍‌‍‍‍‌‌‌‍‌‍‌‍‌‌‌‍‍‍‍‌‍‌‍‍‌‌‌‌‍‍‍‍‌‍‍‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‍‌‍‍‌‍‍‍‍‌‍‍‍‌‌‍‍‌‍‍‌‌‌‌‍‍‌‍‌‍‌‍‌‍‌‍‌‌‍‍‌‌‌‍‌‌‍‌‍‍‌‍‌‌‍‍‌‍‍‍‌‍‍‌‍‍‌‍‌‍‌‍‍‌‌‍‍‌‌‍‌‌‌‍‌‍‍‌‌‌‍‍‌‌‍‍‌‌‍‍‌‌‍‍‍‍‌‍‌‍‍‍‌‍‌‍‌‍‍‌‍‍‍‍‌‍‍‌‌‍‍‍‌‌‍‍‍‍‌‍‌‍‌‍‍‌‍‍‌‍‌‍‌‍‌‍‌‍‌‌‍‍‌‍‍‌‍‌‌‌‌‍‌‍‌‌‍‌‍‍‍‌‌‌‍‍‌‍‌‌‍‌‌‍‍‍‌‍‌‍‍‌‍‍‌‌‍‍‌‍‌‍‌‌‍‌‍‍‍‍‌‌‍‌‌‌‌‍‌‌‌‍‍‌‌‍‍‌‌‍‍‍‍‍‌‌‍‌‌‌‌‍‌‌‍‌‍‌‌‍‌‌‍‌‌‍‌‍‍‌‌‍‌‍‍‍‌‌‌‍‌‌‌‍‍‌‌‍‍‍‍‍‌‌‍‌‌‌‌‍‌‌‍‍‍‌‍‍‌‍‌‍‍‍‌‍‌‍‍‍‍‌‌‍‌‌‍‍‍‌‍‍‌‍‌‍‍‍‌‍‌‌‌‌‍‍‍‍‌‌‍‌‌‍‌‍‌‍‍‌‍‍‌‍‍‌‍‌‍‌‌‍‍‌‌‍‍‍‍‍‌‌‍‍‌‍‍‍‌‍‍‍‌‍‌‍‌‌‌‍‌‍‌‍‍‌‌‍‌‍‌‍‌‌‍‍‍‌‍‍‌‌‍‌‌‍‌‍‍‌‌‍‌‍‍‍‍‌‌‍‌‌‍‍‌‌‍‍‍‍‌‍‍‌‌‍‌‍‍‍‌‌‍‌‍‍‌‍‌‌‍‍‍‌‍‍‌‍‍‌‍‌‌‍‍‍‍‌‍‌‍‍‌‍‌‌‍‍‌‍‌‍‌‍‌‍‍‍‌‍‍‍‍‌‌‍‌‍‍‍‍‌‌‍‌‌‍‌‌‌‍‍‌‍‍‍‍‍‌‍‌‌‌‍‌‌‌‍‌‌‍‌‌‌‌‍‌‍‍‌‍‌‍‍‌‍‍‍‌‌‍‍‌‌‌‍‍‌‌‍‌‍‍‍‍‍‌‍‌‍‍‍‌‍‍‍‌‌‌‍‍‍‌‍‍‌‌‍‍‌‌‍‌‌‌‍‍‍‌‍‌‌‌‍‍‍‌‍‌‌‍‍‌‌‌‍‌‍‍‌‌‍‍‍‌‌‍‌‌‌‌‍‌‍‍‍‍‌‍‍‌‍‍‌‍‍‍‍‌‍‌‍‌‌‍‍‌‍‌‍‌‍‌‍‍‌‍‌‍‌‌‍‍‌‍‌‍‌‌‍‌‌‍‍‍‌‍‍‌‍‍‍‌‌‌‍‌‌‍‌‌‌‍‍‍‌‍‌‌‌‌‍‍‌‌‍‍‌‌‍‌‌‍‌‌‌‌‍‌‍‍‍‌‌‌‍‌‍‌‍‍‍‌‍‌‌‌‌‍‍‍‍‌‌‌‍‌‍‌‍‌‍‌‍‍‌‍‍‌‍‌‍‍‍‍‍‌‌‍‌‌‌‍‍‌‍‌‍‌‍‌‍‌‌‌‍‍‌‍‍‌‌‍‌‍‍‌‍‌‌‌‍‌‌‌‍‌‍‌‍‍‌‌‍‌‍‌‍‍‍‍‍‍‌‍‌‌‌‌‍‌‌‌‌‍‍‌‍‌‍‌‍‍‍‍‍‌‍‍‌‍‌‍‍‍‌‌‍‍‍‌‍‌‌‌‍‌‌‍‍‍‌‌‍‍‌‌‍‌‍‍‌‍‌‍‍‌‌‌‍‍‌‌‍‌‍‌‍‍‌‌‍‍‌‌‍‍‌‍‍‌‌‌‍‌‍‌‍‌‌‌‍‍‌‍‍‌‍‍‌‌‌‌‍‌‌‌‍‍‍‍‍‍‌‍‌‍‌‌‍‌‍‍‌‍‍‍‍‌‍‌‌‍‌‍‍‍‌‌‌‍‍‌‍‍‍‍‌‍‌‍‍‌‍‍‌‍‍‍‍‌‌‍‌‌‌‍‍‌‌‌‌‍‌‍‍‌‍‌‌‍‍‍‍‌‍‍‌‍‍‌‍‌‍‍‌‌‍‌‍‌‌‌‍‍‍‌‍‍‌‌‌‍‍‍‍‌‍‍‌‍‍‍‍‍‌‍‌‌‌‌‍‌‌‌‍‍‌‌‍‍‌‌‍‍‌‌‍‌‍‍‌‍‍‍‍‌‍‌‍‍‌‍‍‌‌‍‍‍‌‍‍‌‍‌‌‍‍‌‍‌‌‍‌‌‌‌‍‌‍‍‌‍‍‍‍‌‍‌‍‌‍‍‍‌‍‍‍‌‌‍‍‌‍‍‍‌‍‌‍‌‍‌‌‍‌‍‍‌‌‍‌‌‍‌‍‌‌‍‍‍‌‌‍‌‌‍‌‌‌‍‍‌‌‌‌‍‌‍‍‌‍‍‍‌‍‍‍‌‍‌‍‍‍‍‍‌‍‍‌‌‍‌‍‌‍‌‌‍‍‌‍‌‍‍‌‌‌‍‍‍‌‌‌‍‍‍‍‌‍‌‍‍‍‍‍‍‌‍‌‍‌‌‍‌‌‌‍‍‌‍‍‌‌‍‍‍‌‍‍‌‍‍‌‍‍‍‍‌‍‍‍‌‌‍‍‌‌‍‌‍‍‍‍‌‍‍‌‌‍‌‍‌‍‍‌‌‍‌‍‌‌‍‍‌‌‌‍‌‌‌‌‍‌‍‍‌‍‌‍‍‍‍‍‍‌‌‍‍‍‍‍‌‌‌‍‍‍‌‍‌‌‍‌‌‌‍‍‌‍‍‌‍‌‌‍‌‍‍‍‍‌‌‍‌‌‍‌‌‍‌‍‌‍‍‌‍‌‍‍‌‍‍‍‌‌‌‍‍‌‌‍‍‌‌‍‌‍‌‌‍‍‍‍‌‍‍‍‌‌‌‍‌‌‍‍‌‌‌‍‍‌‌‍‌‌‍‍‌‍‌‍‌‌‍‍‌‍‍‌‌‌‌‍‍‌‌‍‍‌‍‍‌‌‍‍‍‍‌‍‍‌‍‌‌‌‌‍‌‍‌‍‍‌‍‍‌‌‍‍‌‌‌‍‍‍‍‌‍‌‍‍‌‍‍‌‌‍‌‍‌‍‌‍‌‌‌‍‌‍‌‍‌‌‍‍‌‍‌‍‌‌‍‍‌‌‍‌‍‌‍‍‌‌‍‍‌‌‍‍‌‍‌‍‍‍‌‍‌‌‌‌‍‌‍‍‌‌‌‍‍‌‍‍‌‌‍‌‌‍‌‍‌‌‌‍‌‌‌‍‌‌‌‍‍‌‌‍‌‍‍‌‌‍‌‍‌‌‍‌‌‍‌‍‌‍‍‌‍‌‌‍‌‌‌‍‌‌‌‍‌‌‌‌‍‍‍‍‌‍‌‍‌‌‍‍‌‍‍‌‍‍‌‍‍‌‌‌‍‍‌‍‍‌‌‍‌‍‌‍‌‍‍‌‍‍‌‍‌‍‍‍‍‍‌‍‌‌‍‌‌‍‌‍‌‌‌‍‌‍‌‍‍‌‌‍‍‍‌‍‌‌‌‍‍‌‍‍‌‍‍‌‍‌‍‍‍‌‌‍‍‌‍‍‌‍‍‍‍‍‌‍‌‍‌‍‍‍‌‍‌‌‍‌‌‌‌‍‍‌‍‌‌‌‌‍‌‍‌‍‍‌‍‍‌‌‌‌‍‍‌‍‌‌‍‌‍‍‌‍‍‌‌‍‌‍‌‍‌‍‌‍‍‍‌‍‌‍‌‍‌‌‍‍‌‍‌‍‌‌‌‍‌‍‌‍‍‍‌‍‌‌‍‌‌‍‌‍‌‌‍‌‌‍‌‍‌‍‍‌‍‌‍‍‌‍‍‍‍‌‌‍‌‌‍‌‍‌‍‍‌‍‍‌‌‍‌‍‌‍‍‍‍‍‌‍‌‍‍‍‌‌‍‍‌‌‍‌‍‌‍‍‍‌‌‌‍‍‌‍‍‌‌‍‌‌‌‍‍‌‍‌‍‌‌‍‌‌‌‍‍‌‌‍‌‍‌‌‍‍‍‍‍‌‌‍‍‍‌‍‌‌‍‍‌‌‌‍‌‍‌‍‍‍‌‍‌‌‌‍‌‌‌‍‌‌‌‍‍‍‍‍‍‌‌‌‍‍‍‍‌‌‍‌‍‍‍‍‌‍‍‌‍‍‍‍‌‌‍‌‍‌‌‍‍‍‍‌‍‌‍‍‌‍‍‍‌‌‍‍‌‌‍‌‌‌‍‍‌‌‌‌‍‍‍‍‌‌‌‍‌‍‍‍‌‍‍‍‍‌‍‍‌‌‌‍‌‍‍‍‌‍‍‌‍‌‍‍‌‍‍‌‍‌‍‍‌‍‍‍‌‍‍‍‌‍‍‍‍‌‍‍‌‍‍‍‍‌‌‍‌‍‍‌‌‌‍‍‌‍‍‍‌‍‍‍‌‍‍‌‌‍‌‍‌‍‌‍‍‌‌‍‌‌‌‍‍‌‍‍‍‌‌‍‍‍‌‍‌‍‍‍‌‍‌‍‌‌‌‍‍‍‌‍‌‌‍‍‍‍‌‍‌‍‍‌‌‌‍‍‍‌‌‍‌‍‍‍‌‍‍‍‌‌‌‍‌‌‌‍‍‍‍‍‌‍‌‌‍‍‍‍‌‍‍‍‍‌‌‍‍‌‌‍‍‌‍‍‌‍‍‌‌‌‍‍‌‌‍‍‍‍‌‍‌‌‌‍‍‌‌‍‌‍‌‍‍‌‌‍‌‌‌‍‍‌‌‍‍‌‌‍‌‍‌‍‌‍‌‌‍‍‍‍‌‌‌‍‍‌‍‍‍‌‌‍‌‌‌‍‌‌‍‌‍‍‌‍‌‍‍‌‌‍‍‍‌‍‌‍‍‍‍‍‌‌‍‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‍‍‍‌‍‌‍‍‌‍‍‍‍‌‍‍‌‌‍‌‍‌‍‍‌‌‌‌‍‌‍‌‌‍‍‌‍‌‍‌‍‍‍‍‍‌‌‌‌‍‌‍‍‌‌‌‍‍‍‍‍‌‍‍‌‌‌‍‍‌‌‌‍‍‌‍‍‌‌‍‌‍‌‌‍‌‍‍‌‌‍‌‍‌‌‌‍‍‌‌‍‌‌‌‌‍‍‍‍‌‌‍‍‌‍‍‍‌‍‍‌‌‌‌‍‍‌‌‍‌‌‍‍‌‍‌‌‍‍‌‍‌‍‌‌‍‍‍‍‌‍‍‌‍‍‍‍‌‌‍‌‍‌‍‍‍‌‍‌‌‌‌‍‌‍‌‍‌‍‍‍‍‍‍‌‍‌‍‍‌‌‌‍‍‌‍‍‌‍‌‌‍‌‍‍‌‌‍‌‌‌‌‍‌‍‍‌‍‍‌‍‌‍‌‍‌‍‌‍‍‌‌‌‍‍‍‍‍‌‌‍‍‌‌‍‌‌‍‌‍‍‍‍‌‌‍‍‌‌‍‍‌‌‍‍‌‌‍‍‍‌‍‌‍‌‌‍‌‍‍‌‍‌‌‍‌‍‍‍‍‌‍‍‌‌‍‍‌‌‌‍‌‌‍‌‍‌‌‍‌‌‌‍‌‌‌‍‌‍‍‌‌‌‌‍‌‍‌‌‍‍‌‍‍‌‍‌‌‌‌‍‌‌‍‍‌‌‍‍‍‌‍‌‌‌‌‍‌‌‌‍‌‌‍‍‌‌‍‍‌‍‍‍‌‍‌‌‍‍‍‍‌‌‍‌‍‍‌‍‌‍‌‍‍‌‌‍‌‍‍‌‌‍‌‍‌‌‍‌‌‍‌‍‌‍‍‌‍‍‍‍‌‍‍‍‍‌‍‍‌‍‍‍‌‌‌‍‌‍‌‍‍‍‍‍‍‌‌‍‍‍‌‍‌‌‌‍‍‌‌‍‍‌‌‍‌‍‍‍‍‌‌‌‍‍‍‍‌‍‍‍‍‍‌‍‌‍‍‌‍‌‌‍‌‍‌‌‍‌‍‍‌‍‍‌‌‌‍‍‌‍‌‍‌‍‌‍‍‌‌‌‍‍‍‍‌‍‍‌‍‍‌‍‍‌‌‌‌‍‌‍‍‍‍‌‍‌‍

Clive RobinsonOctober 14, 2018 10:57 PM

@ Wael,

Not following!

It's a little joke about saving effort (but not realy).

When you multiply two primes of three or above in the result two bits are set,

Odd x odd = odd LSBit set.
And for obvious reasons the MSBit as well.

Thus you don't need to send them as they are known...

But... the reality would be extra work in most cases, hence,

    Just to save that extra bit of effort or two.

As in "twice the effort" to not send them as to sending them.

I thought you were aware thar some early floating point libraries normalize between 1.0 and 2.0 to gain an extra bit of precision.

Because after normalisation the MSbit of all values is set[1]. Thus it can be "assumed", and the actuall MSbit used as a sign bit.

Where it does save effort is if the sign bit is calculated first it can short circuit some operations such as the more awkward addition and subtraction operations.

[1] It means that you can not have a value of zero unless you use another fix up trick of which there are a number available. Which as they to would be done before any operation again short circuits effort.

WaelOctober 14, 2018 11:11 PM

@Clive Robinson,

Got it. Damn, you scared me:

there are two bit's you don't need to send

When I read this, I was working on the scripts (on and off.) Then when I submitted the message, I noticed that I lost a couple of line feeds because I wasn't paying attention (also multi-tasking is a...) Thought: How in the world did he predict I'll loose two things :) But the message was already signed, so I could not change it ;)

I ended up going this to make up for the missing line-feeds:

echo -n -e '\x0a\x0a' >> message-body.txt # Fix my mistake

See the two x0a's? I thought you predicted that a few hours in the future -- LOL

Clive RobinsonOctober 14, 2018 11:42 PM

@ Wael,

I thought you predicted that a few hours in the future...

Shhhsh, you know the first rule ;-)

After all if it got out, every two bit market hustler would come for a piece of my mind, and quick as you could blink there would be nothing left...

Which would only leave me with one option in life "To become European President" (unless I can forge a birth certificate for "Jamaica Hospital, New York" as some one who looks like a Shetland Pony with a comb over is "alleged" to have done ;-)

Clive RobinsonOctober 15, 2018 3:30 AM

@ Wael,

A mechanism that achieves both Perfect stealthiness and Perfect Confidentiality must necessarily involve Security through Obscurity.

You owe me "Brekfast at Milliways".

First of you do not define "Security through Obscurity" which ordinarily might be described as, something that is kept obscure to keep it secure. Where obscure in general would mean "hiden from view" in some manner. Thus it is,

    Hiding in plain sight

Which is what I will work with.

Now lets examine your first premise,

    1: Perfect confidentiality -- Cryptography

Where you define "Cryptography" as,

    the art of hiding the meaning of the message.

By which I think you mean the "contents of a message" should be kept confidential whilst knowledge that a message has been sent or received is not (ie lets rule out traffic analysis).

Your second premise,

    2: Perfect stealthiness -- Steganography

Where you define "Steganography" as,

    the art of hiding the existence of the message.

By which I think you mean the message or knowledge of the message should be confidential even though a third party is aware of a communications. That is the communications contains a non confidential message and a confidential message.

Thus by combining the two you end up with,

1, An obvious communication.
2, With an obvious message.
3, With obvious contents.

But also,

4, A concealed message.
5, Where the contents are further concealed.

Thus 2-3 describe a "plain sight" message, and 4&5 describe a secret message "hiding within plain sight" within the communication 1.

Happy?

WaelOctober 15, 2018 4:25 AM

@Clive Robinson,

You owe me "Brekfast at Milliways".

Deal

The rest requires clear mind...

2 canaries, 4 canaries, 6 canaries... Get it? ;)

WaelOctober 15, 2018 1:37 PM

First of you do not define "Security through Obscurity"

Security of the system depends on secrecy of implementation. If the implementation is found, the system is no longer secure.

By which I think you mean the message or knowledge of the message should be confidential even though a third party is aware of a communications.

Acceptable.

That is the communications contains a non confidential message and a confidential message.

Not a necessary restriction. An observer knows there is communication taking place, but is unable to understand the content of the message. What's the effect of Meta-Data on both mechanisms?

Confidentiality is accomplished through two different schemes. Both of which aim the same thing!

Happy?

Umm. I withdraw the breakfast deal. You gotta earn it, ma man! Na! That's too harsh - I'll give you partial credit: Continental breakfast, it is.

Clive RobinsonOctober 16, 2018 5:29 AM

@ Wael,

Not a necessary restriction. An observer knows there is communication taking place, but is unable to understand the content of the message. What's the effect of Meta-Data on both mechanisms?

That's where you fall into a reasoning trap.

If an observer "is unable to understand the content of the message" then how they view it will change.

Thus you have,

1, Comms with non secret message.
2, Comms with a secret message.

The same difference between a postcard and a letter.

This substantialy changes the meta data in a third parties eyes.

So back over to you and an improved breakfast offer... Tiffany's is looking good ;-)

WaelOctober 16, 2018 11:18 AM

@Ratio,

Exactly! Just because they're native doesn't mean they pronounce it correctly!

Do you really want to get into Arabic proper variants and which tribes they trace to, which ones are considered eloquent and which ones are viewed as less than that? And we're not talking about dialects yet!

WaelOctober 16, 2018 11:27 AM

@Clive Robinson,

Tiffany's is looking good ;-)

This's turning into a high stakes deal. I'll need to carefully think about this - give me some time.

WaelOctober 19, 2018 10:34 AM

@Clive Robinson,

That's where you fall into a reasoning trap. [...] If an observer "is unable to understand the content of the message" then how they view it will change.

It seems you tripped over a functional-conceptual decomposition boundary. Encrypted traffic shows an observer that some communications is taking place, it also may leek information about the recipient and receiver, among other things. Steganogriphized traffic may not leek any information about the parties communicating and may allow for plausible deniability, too.

Steganography by itself depends on security by insecurity, but I'm not sure that must necessarily be the case. If you combine "Perfect Encryption" with "Perfect Steganography" then I question the proposition:"Security by Obscurity" becomes a necessity.

Tiffany's is looking good ;-)

In your dreams! Hamlet Cafe is the plan!

WaelOctober 23, 2018 11:38 AM

@Clive Robinson,

In your dreams! Hamlet Cafe is the plan!

Ok, I forgot to put a smiley :-) Your answer is acceptable. Tiffany's it is.

Clive RobinsonOctober 24, 2018 11:37 AM

@ Wael,

I didn't know you knew of the Hamlet... Last time I ate in there was when I was doing some work for London Greek Radio (LGR), that a friend helped set up on the engineering side when it was a Pirate Radio Station back in the early 80's.

LGR got their licence with quite a bit of help from somebody called Georgios Panayiotou who was an East Finchly lad who put in a lot of work behind the sceens to get them a licence in the late 80's. Georgios was a quite popular and influential lad at the time but most people knew him as the front man of the duo Wham or George Michael.

Back in the 80's I also used to work in the Seven Sisters road kind of around the corner, and the then owner of the Hamlet was related somehow to the owner of the company I worked for. If I remember correctly the Hamlet was also one of LGR's first advertisers.

However there was another restaurant on the opposite side of the road to where I worked which we used to only half jokingly call "the staff canteen". They were happy times, working during the day socialising in the evening either with my co-workers or some of the LGR bods, neither aware of the other as I fairly strictly compartmentalised my life for various reasons.

One funny incident that happened, some one I worked with lived in a block of flats, which he had no idear LGR were using the roof for the transmitter and antennas. I was their very early one morning with tools and cables in hand to help sort out a problem for LGR when around the corner walked my work colleague on his way home to go to bed. He nodded and said hi before going in. I breathed a sigh of relief thinking I'd got away without answering any questions, however Monday morning he asked infront of the boss... Let's just say it was an interesting conversation...

But the same co-work like myself only just avoided getting entangled in the supposed "Hacking of Prince Philip's Prestel Email account" in 1985 where Robert Schifreen and Steve Gold ended up getting dragged through the whole UK Court system untill where the Court of Appeal found them innocent and the House of Lord's declined the Crown's request to revisit the case.

I had been involved with the development of "bulk upload software" for Prestel which I was building on an Apple][. Prestel was owned by British Telecom (BT) who also owned "BT Gold" which also had it's woes. Due to an embarrassing incident on the BBC Micro Live show where the then co-founder of Acorn Computing Machines (ARM) Hermann Hauser had his account (ACN001) "hacked" by "Oz and Yug" which got lied about by BT spokes person's that the main stream press published the following day.

After discussions with others in the scene about the easily disprovable lies, I wrote a story correcting the facts that got put up in the editors space of Prestel's "Micronet 800" which was the hobby pages area BT hoped would make Prestel earn money.

Word quickly got back to BT Gold managers by a thoroughly unpleasent person by the name of Dave Babski who was supposadly Micronet 800's editor in charge. Thus BT demanded that I go and give them a demonstration of what I had said in my story...

Having been quite detailed in what I wrote and being involved with other work for BT, my "sixth sense" kicked in and I asked myself why they needed it demonstrated by me... I became deeply suspicious and said through intermediaries "No need to demo". BT in turn got more pushy so I got even more suspicious and told the intermediaries that if BT could not follow what I had written, that had already been confirmed by others that knew the Prime OS well, then a demonstration was not going to be of any use so I said "No Way jose". More pushback came so after chatting with my work colleague's girlfriend who was Dave Babski's "secretary" about the legal side of things she had told me there was "something iffy going on" and suggested that not only I asked about significant payment for my time as a consultant but importantly with a contract absolving me of any legal risk. When this got mentioned through the intermediaries the BT push back stopped abruptly... It was only later after what happed next that dots got joined together[1]...

Thus when the problem that happened with Prestel[2] came up I and others suggested to Robert and Steve that taking the problem they had found to Dave Babski was probably not a good idea and I told them and several others they were asking for trouble, having been through similar and becoming deeply suspicious of BT's motives (justafiably as it later turned out).

So even having been warned Robert and Steve went... they showed, they went home, Margaret Thatcher went balistic, they got arrested, they got found guilty of fraud. They then managed to appeal on the technicality that UK law did not cover what they had supposadly done and were thus successful. But... "The Crown" pushed back because of significant political interferance by "Mad Maggie and Co". But thankfully the House of Lord's kicked it back at the politicians saying if there is no law then as legislators do your job... The eventual result was the 1990 Computer Misuse Act. Which is a significantly flawed piece of legislation, that has led to other subsequent wrongfull convictions.

Steve died a couple of years back and Robert was working at Brighton Uni as a computer admin last time I checked.

Of all the stories up on the Internet and in books about the incident the one which has the least number of inaccuracies I've seen is,

https://www.theregister.co.uk/2015/03/26/prestel_hack_anniversary_prince_philip_computer_misuse/

Where the journalists atleast talked to some of those involved[3]...

Aside from "Maggie's War" down near the south pole the 1980's were fun times with new and exciting technology and plenty of "Paper and pen" computer journalists who were barely old enough to shave let alone drink getting their scoops from people likewise barely old enough to drink. I was seen by some as being "a little old for the scene" being in my very early 20's... Most of the journalists faded away into other careers as the glut of comp mags died away but some did other writterly things. One I chatted with quite often on the semi-social side as we were "old boys" on the scene started doing "comics" and later books, I'm told he's doing OK as an author. You might have read some of his stuff he goes by the name of Neil Gaiman.

People comming into computers now a third of a century later, see a several trillion dollar industry, with crazy entry requirments. They just don't realise just how small and humble it's beginings were and usually don't believe you even if you tell them. For a lucky few back then you could have a knowledgeable finger in every pie not just a fraction of one. Some like Steve who was a nurse came in from entirely unrelated proffessions and by being friendly informal and basically just likable to all got on and moved up as respected individuals.

[1] At the time BT was still in "public ownership" and was considered by the then PM Margaret thatcher and her cronies as the jewel in the crown of assets to be liquidated for truck loads of cash to fill the Treasury coffers and significantly enrich a favoured few... Thus the tyranical edict "Heads will roll if anything threatens the sell off" came out of No 10. Apparently marking BT managment look like the incompetent asses they were was now the equivalent of a capital crime... I had made them look like idiots even though my story had not been put up publically most computer journalists new all about it through other Micronet 800 editors. Which thankfully the traditional journalists did not. As I was friends with many computer journalists I managed to avoid that side of things. Also as I had not submitted the story from my home phone or a work phone and the intermediates had not given BT my number, they did not know who's phone to tap (something they did to both Robert and Steve that came out in the trial). What ever the actual cause I'd managed to evade the wrath of "Mad Maggie" who apparently did not learn from it or other trials that later blew up in her face and made her look a poor judge who was significantly out of touch with reality, which eventually got her knee capped by her own party (it's rumoured that Mad Maggie's legal failures were what made Tony Blair wreck a thousand years of jurisprudence and throw way to much power in the direction of the state).

[2] Put simply BT managment were incompetent and being driven by political imperative by the then Prime Minister to paint rosey pictures not reality. Thus no money was being spent on computer security which included not fixing glaring security failures. BT wanted teenagers to build and supply the tools that BT could not. As part of this they set up a test server known in the sceen as Pandora that teenagers writing bulk upload software and games etc could test their stuff on. What BT did was take "live backup tapes" and put them on Pandora then put the administrator password up for all to see... The other thing that admins could see was the plain text passwords of all of Prestel's users that included that of HRH Prince Philip... Opps major security blunder that everybody on the scene was laughing about. Robert being a journalist for "Acorn User" felt it was his duty not just to inform BT but also put preasure on them when they were ignoring the massive security hole they had created. Hence the meeting with Dave Babski that they had been repeatedly warned against even by Dave Babski's "secretary" that led to Robert and Steve's arrest...

[3] You would be supprised by just how many don't including researchers. Like the Head of the Business School at Kingston University, who just about a decade after the two events obviously decided reading a few Internet articles was sufficient research befor publishing it in a book[4]... What usually happens is that the "BT Gold" and "BT Prestel" events get conflated into one... Which I guess shows just how few people actually do "Primary Source" research...

[4] He later stood to become a Member of Parliment, the voters in that constituency obviously saw him coming and decided he was either useless or in it for himself or both, and said NO. I can not remember if he lost his deposit or not, but others tell me he did...

WaelOctober 24, 2018 9:54 PM

@Clive Robinson,

I didn't know you knew of the Hamlet

I didn't! Just Googled for the worst place to have breakfast in the UK.

Last time I ate in there was when I was doing some work for London Greek Radio (LGR),

precisely! The reviews aren't exactly encouraging so make it the last time and keep the good memories. Unless, of course, I happen to be in the UK and take you there ;)

... George Michael.

Interesting history! Learned a new thing.

Hamlet, LGR, Georgios Panayiotou, Wham, "the staff canteen", Prince Philip, Robert Schifreen, Steve Gold (who was a nurse,) UK Court system, House of Lord's, Apple][, BT Gold, BBC, Acorn Computing Machines (ARM), Hermann Hauser, Oz and Yug, Micronet 800, Dave Babski, Prime OS, Margaret Thatcher, UK law, "The Crown", Mad Maggie and Co, 1990 Computer Misuse Act, Brighton Uni, The Register, The South Pole, Neil Gaiman, Treasury coffers, No 10(?), asses, idiots, Tony Blair, computer security, teenagers, Pandora, software and games, live backup tapes, plain text passwords, HRH Prince Philip, Kingston University, Parliment

Good heavens, man! This is Indian movie material ;)
- Neil Gaiman: No But I'll look him up.
- No 10? I think I asked you before and forgot what your answer was.

Let's just say it was an interesting conversation...

Oh, no you don't. I want to hear it! Tell me, tell me!

Clive RobinsonOctober 25, 2018 3:06 AM

@ Wael,

No 10? I think I asked you before and forgot what your answer was.

Does this refresh your memory?

https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_599.html#c6764025

With regards,

Good heavens, man! This is Indian movie material ;)

Whilst Bollywood has more viewers than Hollywood by a big old margin, I suspect the real plot would be to OTT (Over The Top) even for them.

The 80's computer scene in London and other parts had two major factions,

Firstly the "Big Iron" types of ICL etc hanging of the UK Goverment teat just like the current MIC does in the US. The price they payed for this welfare was "Spook-Works Invasion" that is just as BT had a multitude of Secret Squirrels running around ensuring International Standards got "finessed" and MI5 got unlimited land line access to place "surveillance equipment" as and where they wanted. Which in turn gave GCHQ and thus SiS/MI6 and even parts of the Met Police and US IC similar privileges...

But also as Ferranti found with it's F100-L and later F200 CPU's the Spook-Works teat was a faustian bargin. Ferranti was a leading edge British design company at the time and almost a household name it was in the MSM news that much. They realised back long before US companies that 8 bit CPU was not going to give the power that was going to be needed on the desktop so set about designing a 16bit CPU which they did and it was in effect a "British First" in many ways in 1976. Unfortunately the Government Mil/spook bods decided that the British Military should also use it thus have "first call"... Thus it in effect got both the "Mil-Hardening" and "classified" treatment and by the time that got sorted out it was to little to late, the market had moved on. Just last year I was "old times" chatting with one of the lead designers and he is of the view that the F100-L was "killed off" by the US via the "spook-works" Five-Eyes "Special Relationship" as so much British Innovation had been prior to Mad Maggie Thatcher getting rid of one of the US Political holds over the UK. You can read some of what is left of the "official" story at,

https://revaldinho.github.io/f100l

Few remember it today but the UK had a "Brain Drain" issue due to the "Special Relationship" killing leading edge design in the UK, causing the tallent to leave the UK and work mainly in the US. Which is what the US Government wanted. In a way it's not much different to what China is doing to the US with their current monopoly hold on rare earth metals forcing US innovation, production and jobs to China, which I've been warning about for years here and other places.

But getting back to the 80's scene, the second faction were the "Mavericks". These were nearly all below the age of thirty and some were even still at school... They designed the "Home Computers" that kick started the 8bit Home Computer Revolution, they also designed the software and they appeared as an unstoppable uncontrolable force to the old school "Big Iron" and Government, which caused no end to infighting amongst Government departments. For a few years it was a wild ride, but the Home Market died off and although the UK was the leading edge of the Personal Digital Assistant (PDA) development the UK Government in various ways killed off the innovation there to. At the end of the day the only company that made it big was Acorn Research Machines (ARM) which again supprise supprise the UK Government has pushed out the door into Chinese hands thanks to the previous Chinese fawning UK Chancellor George "gidiot / white lines" Osbourne which even his own party used to publicly talk about his coke habit, one even bringing it up in a parlimentry question via the "cut the sugar in soft drinks" campaign. Thus with his two predlictions it's hardly supprising he got called by some "China White".

As the old saying has it "You couldn't make it up..."

Clive RobinsonOctober 25, 2018 3:16 AM

@ Doug Coulter,

If you are reading along, I once mentioned I had designed a "serial or 1bit CPU" that was designed to do things in an odd way. You said at the time it struck a cord with you.

Well now someone has found copies of the F100-L CPU hardware documentation etc and put it up on the web, you might want to flick through it, because it to was internally a form of serial CPU.

https://revaldinho.github.io/f100l

I guess at some point the two F100-L test wafers I know of are going to end up in a Public Museum.

WaelOctober 25, 2018 4:39 AM

@Clive Robinson,

Does this refresh your memory?

It most certainly does! The Bollywood story.... makes sense.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.